Besoin d'aide pour eradiquer les virus de mon ordi

Dernière réponse : 16 Août 2008 20:51 dans Sécurité

reds2501

9 Août 2008 09:49:39

Bonjour alors voila depuis une à deux semaines mon ordinateur est infesté de virus des pages de pubs qui s'ouvrent toute seul etc....

alors voila j'ai panda antivirus 2oo8 mais même après un scan ils trouvent des choses mais j'ai toujours les virus !

Merci de me venir en aide

Autres pages sur : besoin aide eradiquer virus ordi

| Etre averti des réponses
| Alerter

Répondre à reds2501

Lassé par la pub ? Créez un compte

reds2501

9 Août 2008 09:51:19

Voici un scan Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:49, on 09/08/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Réda\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [BM6b57b73a] Rundll32.exe "C:\WINDOWS\System32\xcfclcbl.dll",s
O4 - HKLM\..\Run: [686484a6] rundll32.exe "C:\WINDOWS\System32\beetotqi.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S1AE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7108 bytes

| Alerter

Répondre à reds2501

Egwene

9 Août 2008 09:57:08

Bonjour,

Je vais m'occuper de toi. Merci de prendre en compte que je suis bénévole, que j'ai une vie privée et que j'aide plusieurs internautes à la fois, donc merci d'être patient. Cependant, je ne lâche jamais un internaute tant que son PC n'est pas propre

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

ferme toutes les applications et fenêtres

double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :

tu devras cliquer 2 fois sur le OK des boîtes de dialogue
Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée

quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :

tu n'auras pas de boîte de dialogue (pas de OK)

quand le traitement est terminé, un fichier texte s'affiche :
main.txt <- ouvert en premier plan et en plein écran

copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post

copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)

n'oublie pas de réactiver les protections si elles ont été stoppées.

Ce que fait DSS :

crée un point de restauration dans Windows XP et Vista

nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs

vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

| Alerter

Répondre à Egwene

reds2501

9 Août 2008 10:13:18

Ok merci pour ton aide

main.txt

Deckard's System Scanner v20071014.68
Run by Réda on 2008-08-09 11:58:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
11: 2008-08-09 09:58:18 UTC - RP394 - Deckard's System Scanner Restore Point
10: 2008-08-09 02:12:58 UTC - RP393 - Installé Panda Antivirus + Firewall 2008
9: 2008-08-09 02:04:01 UTC - RP392 - Kaspersky Anti-Virus 7.0 a été supprimé.
8: 2008-08-07 23:47:25 UTC - RP391 - Last known good configuration
7: 2008-08-07 23:47:23 UTC - RP390 - Opération de restauration

-- First Restore Point --
1: 2008-08-07 23:47:23 UTC - RP384 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).

-- HijackThis (run as Réda.exe) ------------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-09 12:09:30
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Réda\Bureau\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O1 - Hosts: 216.239.37.101 www.kazaagold.com
O1 - Hosts: 216.239.37.101 www.k-lite.com
O2 - BHO: {0316cae0-6ef1-c549-0394-d74c05114c50} - {05c41150-c47d-4930-945c-1fe60eac6130} - C:\WINDOWS\system32\xpzogn.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6BEB1D14-BBE8-478A-AA39-F48073E2DCD7} - C:\WINDOWS\system32\cbXRIAQg.dll
O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\xml2u32h.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\System32\pmnnKDvs.dll (file missing)
O2 - BHO: Gold Manager - {D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} - C:\WINDOWS\system32\gldmng.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [BM6b57b73a] Rundll32.exe "C:\WINDOWS\System32\xcfclcbl.dll",s
O4 - HKLM\..\Run: [686484a6] rundll32.exe "C:\WINDOWS\System32\beetotqi.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S1AE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash...
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: pmnnKDvs - C:\WINDOWS\System32\pmnnKDvs.dll (file missing)
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\System32\winrkp32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\PavPrSrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN

--
End of file - 9467 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\program files\ivt corporation\bluesoleil\device\win2k\btnetfilter.sys
S3 catchme - c:\docume~1\rda~1\locals~1\temp\catchme.sys (file missing)
S3 EverestDriver (Lavalys EVEREST Kernel Driver) - c:\program files\lavalys\everest home edition\kerneld.wnt
S3 fbxusb (Carte réseau virtuelle FreeBox USB) - c:\windows\system32\drivers\fbxusb32.sys <Not Verified; FreeBox SA; Carte réseau virtuelle FreeBox USB pour Windows 2000/XP>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 11:40:42 80896 --a------ C:\WINDOWS\System32\beetotqi.dll
2008-08-09 11:37:41 2048 --a------ C:\WINDOWS\System32\pehkvlkf.exe
2008-08-09 11:34:59 96256 --a------ C:\WINDOWS\System32\xpzogn.dll
2008-08-09 11:34:57 96256 --a------ C:\WINDOWS\System32\ndmqjbod.dll
2008-08-09 11:31:47 90624 --a------ C:\WINDOWS\System32\xcfclcbl.dll
2008-08-09 04:17:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\sentinel
2008-08-09 04:15:24 281 --a------ C:\WINDOWS\System32\PavCPL.dat
2008-08-09 04:15:08 216924 --a------ C:\WINDOWS\System32\drivers\APPFCONT.DAT
2008-08-09 04:14:22 0 d-------- C:\WINDOWS\System32\PAV
2008-08-09 04:13:19 101888 --a------ C:\WINDOWS\System32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS>
2008-08-09 04:13:04 0 d-------- C:\Program Files\Panda Security
2008-08-09 04:08:48 0 d-------- C:\Program Files\Fichiers communs\Panda Software
2008-08-07 23:38:46 6742016 --a------ C:\Documents and Settings\Réda\ntuser.dat
2008-08-07 23:38:32 5586 --ahs---- C:\WINDOWS\System32\gQAIRXbc.ini2
2008-08-07 23:38:26 246784 --a------ C:\WINDOWS\System32\cbXRIAQg.dll
2008-08-07 23:37:34 32256 --a------ C:\WINDOWS\System32\winrkp32.dll
2008-08-07 23:35:46 7140 --a------ C:\tubecodec.exe
2008-08-07 23:35:37 53760 --a------ C:\WINDOWS\xml2u32h.dll <Not Verified; Microsoft Corporation; XML parser library>
2008-08-07 23:34:40 58368 --a------ C:\directx.exe
2008-08-07 23:34:22 18944 --a------ C:\WINDOWS\System32\gldmng.dll
2008-08-07 23:33:19 57868 --a------ C:\wmcodec_update.exe
2008-08-07 20:19:42 0 d-------- C:\Documents and Settings\Réda\.Subdo.Java.Cache <SUBDOJ~1.CAC>
2008-08-07 20:19:35 0 d-------- C:\Documents and Settings\Réda\.jogl_ext <JOGL_E~1>
2008-07-29 18:20:11 0 d-------- C:\Program Files\Smart Projects
2008-07-29 18:13:35 0 d-------- C:\Program Files\free-downloads.net
2008-07-23 23:05:26 0 d--h----- C:\WINDOWS\System32\GroupPolicy
2008-07-18 19:00:58 10 --a------ C:\Documents and Settings\Réda\usb002
2008-07-14 15:06:44 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-14 15:06:44 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-14 15:05:05 0 d-------- C:\Program Files\NRJ

-- Find3M Report ---------------------------------------------------------------

2008-08-09 04:25:33 367658 --a------ C:\WINDOWS\System32\perfh00C.dat
2008-08-09 04:25:32 48616 --a------ C:\WINDOWS\System32\perfc00C.dat
2008-08-09 04:13:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-09 04:08:48 0 d-------- C:\Program Files\Fichiers communs
2008-08-08 19:32:08 0 d-------- C:\Program Files\eMule
2008-07-07 13:54:00 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-07-05 20:13:43 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-07-05 20:11:23 0 d-------- C:\Program Files\EPSON
2008-07-05 12:40:42 0 d-------- C:\Documents and Settings\Réda\Application Data\LimeWire
2008-06-23 19:54:40 446976 --a------ C:\WINDOWS\System32\ShellMPD.dll
2008-06-23 19:54:39 0 d-------- C:\Program Files\MSN Pictures Displayer
2008-06-23 19:54:39 0 d-------- C:\Documents and Settings\Réda\Application Data\MSN Pictures Displayer
2008-06-16 10:23:05 0 d-------- C:\Program Files\SSC Service Utility
2008-06-16 09:49:18 0 d-------- C:\Documents and Settings\Réda\Application Data\InstallShield
2008-06-15 19:05:55 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 3

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05c41150-c47d-4930-945c-1fe60eac6130}]
09/08/2008 11:34 96256 --a------ C:\WINDOWS\System32\xpzogn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BEB1D14-BBE8-478A-AA39-F48073E2DCD7}]
07/08/2008 23:38 246784 --a------ C:\WINDOWS\System32\cbXRIAQg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72A128E0-2240-40c8-9E92-5387D64F839E}]
07/08/2008 23:35 53760 --a------ C:\WINDOWS\xml2u32h.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81FE02-F70B-46C2-82C3-DE5C6652E677}]
C:\WINDOWS\System32\pmnnKDvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE}]
07/08/2008 23:34 18944 --a------ C:\WINDOWS\System32\gldmng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [03/06/2004 20:51]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [04/09/2003 10:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/10/2007 23:57]
"SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [09/10/2007 12:55]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [19/07/2007 15:23]
"BM6b57b73a"="C:\WINDOWS\System32\xcfclcbl.dll" [09/08/2008 11:31]
"686484a6"="C:\WINDOWS\System32\beetotqi.dll" [09/08/2008 11:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:55]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [10/09/2007 14:33]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [12/04/2007 08:00]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 09:20]

C:\Documents and Settings\Réda\Menu Démarrer\Programmes\Démarrage\
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [23/06/2008 19:52:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BB81FE02-F70B-46C2-82C3-DE5C6652E677}"= C:\WINDOWS\System32\pmnnKDvs.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnKDvs]
pmnnKDvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
winrkp32.dll 07/08/2008 23:37 32256 C:\WINDOWS\system32\winrkp32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\System32\cbXRIAQg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

-- Hosts -----------------------------------------------------------------------

127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 dev.bde.com.au

910 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-08-09 12:10:35 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 1.0
Architecture: X86; Language: French

CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 255.36 MiB / 51.88 MiB
Pagefile Memory (total/avail): 616.52 MiB / 170.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.8 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 44.75 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 74.52 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Réda\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=HADAK-IE8ZJNUA8
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Réda
LOGONSERVER=\\HADAK-IE8ZJNUA8
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox 3 Beta 3;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RDA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RDA~1\LOCALS~1\Temp
USERDOMAIN=HADAK-IE8ZJNUA8
USERNAME=Réda
USERPROFILE=C:\Documents and Settings\Réda
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Réda (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> .
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
Audio Record Wizard v3.8 --> "C:\Program Files\ARWizard3\unins000.exe"
BitComet 0.93 --> C:\Program Files\BitComet\uninst.exe
BlueSoleil --> MsiExec.exe /X{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}
Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
Correctif Windows XP - KB835732 --> C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Correctif Windows XP - KB842773 --> C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Correctif Windows XP - KB892944 --> "C:\WINDOWS\$NtUninstallKB892944$\spuninst\spuninst.exe"
Correctif Windows XP - KB911567 --> "C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Correctif Windows XP - KB918439 --> "C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe"
Correctif Windows XP - KB918899 --> "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Correctif Windows XP - KB925486 --> "C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
dBpoweramp Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy MP3 Sound Recorder version 3.11 --> "C:\Program Files\SoundRecorder\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EPSON Attach To Email --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel --> C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\FRA\USE_G\DOCUNINS.EXE
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\Setup.exe" -l0x9 -anything
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
free-downloads.net Toolbar --> C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Free Mp3 Wma Converter V 1.7.2 --> "C:\Program Files\Free Audio Pack\unins000.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Réda\Bureau\BTFix\HijackThis.exe" /uninstall
Ip --> C:\WINDOWS\st6unst.exe -n "c:\ST6UNST.LOG"
IsoBuster 2.4 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\System32\KASPER~1\KASPER~1\kavuninstall.exe
Labtec WebCam --> MsiExec.exe /I{0463B519-E4C8-4C16-84AA-4743D1ED91B5}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905495) --> "C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914798) -->
Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB835409) --> "C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b3) --> C:\Program Files\Mozilla Firefox 3 Beta 3\uninstall\helper.exe
MSN Pictures Displayer 4.5 --> "C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe" /U
NRJ Studio --> C:\Program Files\NRJ\NRJ Studio\Uninstal.exe
NVIDIA Drivers --> C:\WINDOWS\System32\NVUNINST.EXE UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 --> "C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
Panda Antivirus + Firewall 2008 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\SETUP.exe" -l0x40c -removeonly
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
River Past Screen Recorder --> C:\WINDOWS\Screen Recorder Uninstaller.exe
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SSC Service Utility v4.30 --> "C:\Program Files\SSC Service Utility\unins000.exe"
Unibet Poker --> C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\UNWISE.EXE C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\INSTALL.LOG
Universal Simlock Remover (remove only) --> "C:\Program Files\USR\uninstall.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

-- Application Event Log -------------------------------------------------------

Event Record #/Type4072 / Success
Event Submitted/Written: 08/08/2008 09:02:05 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4070 / Error
Event Submitted/Written: 08/08/2008 07:06:06 PM
Event ID/Source: 1001 / Application Error
Event Description:
Détecteur d'erreurs 447747565.

Event Record #/Type4069 / Error
Event Submitted/Written: 08/08/2008 07:05:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante upnp.exe, version 1.0.6.8, module défaillant ntdll.dll, version 5.1.2600.1106, adresse de défaillance 0x00001f2c.

Event Record #/Type4064 / Error
Event Submitted/Written: 08/08/2008 06:15:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante iexplore.exe, version 6.0.2800.1106, module défaillant , version 0.0.0.0, adresse de défaillance 0x00000000.

Event Record #/Type4063 / Error
Event Submitted/Written: 08/08/2008 06:13:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante iexplore.exe, version 6.0.2800.1106, module défaillant , version 0.0.0.0, adresse de défaillance 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type9542 / Error
Event Submitted/Written: 08/09/2008 04:24:59 AM
Event ID/Source: 10010 / DCOM
Event Description:
Le serveur {DF66AFC9-C61D-404A-B535-64FBF91D420F} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.

Event Record #/Type9498 / Error
Event Submitted/Written: 08/09/2008 04:01:08 AM
Event ID/Source: 7005 / Service Control Manager
Event Description:
L'appel RpcImpersonateClient a échoué avec l'erreur :
%%1765

Event Record #/Type9467 / Warning
Event Submitted/Written: 08/09/2008 03:07:13 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Votre ordinateur a automatiquement configuré l'adresse IP pour la
carte avec l'adresse réseau 000C6EFF5B8E. L'adresse IP utilisée est 169.254.78.254.

Event Record #/Type9465 / Warning
Event Submitted/Written: 08/09/2008 03:07:08 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 000C6EFF5B8E. Il s'est
produit l'erreur suivante :
%%121.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type9461 / Warning
Event Submitted/Written: 08/09/2008 00:40:51 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Votre ordinateur a automatiquement configuré l'adresse IP pour la
carte avec l'adresse réseau 000C6EFF5B8E. L'adresse IP utilisée est 169.254.78.254.

-- End of Deckard's System Scanner: finished at 2008-08-09 12:10:35 ------------

| Alerter

Répondre à reds2501

Egwene

9 Août 2008 13:22:00

Bonjour,

1) Télécharge DAFT :

Sauvegarde-le sur ton bureau.

Double-clique sur l'icône de DAFT, présente sur ton bureau.

Clique sur le bouton scan.

Sélectionne tout ce qui apparaît.

Clique sur le bouton fix.

Ensuite relance DAFT et re-scan avec, Si un message du type "All associations are OK" apparaît c'est que tout est OK,

Ferme DAFT.

2) Utilise ERUNT pour sauvegarder ton registre
http://www.zebulon.fr/dossiers/57-6-sauvegarder-base-de...
En cas de problème, il te sera ainsi possible d'annuler la manipulation,
/!\ Etape importante à ne pas sauter ! /!\

3) Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!

Télécharge Brute Force Uninstaller sur ton Bureau.

Copie la totalité de la citation dans ton Bloc-Notes.

Citation :

OptionShowLog

ProcessKill C:\WINDOWS\System32\pehkvlkf.exe|1
ProcessKill C:\tubecodec.exe|1
ProcessKill C:\directx.exe|1
ProcessKill C:\wmcodec_update.exe|1

OptionUnloadShell
DllUnregister C:\WINDOWS\System32\beetotqi.dll|1
DllUnregister C:\WINDOWS\System32\xpzogn.dll|1
DllUnregister C:\WINDOWS\System32\ndmqjbod.dll|1
DllUnregister C:\WINDOWS\System32\xcfclcbl.dll|1
DllUnregister C:\WINDOWS\System32\cbXRIAQg.dll|1
DllUnregister C:\WINDOWS\System32\winrkp32.dll|1
DllUnregister C:\WINDOWS\System32\gldmng.dll|1
DllUnregister C:\WINDOWS\xml2u32h.dll|1

FileDelete C:\WINDOWS\System32\beetotqi.dll
FileDelete C:\WINDOWS\System32\pehkvlkf.exe
FileDelete C:\WINDOWS\System32\xpzogn.dll
FileDelete C:\WINDOWS\System32\ndmqjbod.dll
FileDelete C:\WINDOWS\System32\xcfclcbl.dll
FileDelete C:\WINDOWS\System32\gQAIRXbc.ini2
FileDelete C:\WINDOWS\System32\cbXRIAQg.dll
FileDelete C:\WINDOWS\System32\winrkp32.dll
FileDelete C:\tubecodec.exe
FileDelete C:\directx.exe
FileDelete C:\WINDOWS\System32\gldmng.dll
FileDelete C:\wmcodec_update.exe
FileDelete C:\WINDOWS\xml2u32h.dll

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05c41150-c47d-4930-945c-1fe60eac6130}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BEB1D14-BBE8-478A-AA39-F48073E2DCD7}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72A128E0-2240-40c8-9E92-5387D64F839E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB81FE02-F70B-46C2-82C3-DE5C6652E677}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE}

RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BM6b57b73a
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|686484a6

RegDeleteKey HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnKDvs
RegDeleteKey HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32

HostsFileReset
SystemEmptyTempFolder
SystemEmptyRecycleBin
SystemEmptyInternetCache

OptionSaveLog %DESKTOP%\LOGFILE.log

Enregistre-le sous le nom de Fix.bfu sur ton bureau. Sous "nom de fichier", pour "type", choisis "tous les fichiers".

4) Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

5) Crée un fichier Bloc Notes avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :

Citation :

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,6e,77,70,72,6f,76,61,75,00,00

-Enregistrer ce fichier dans : Bureau
-Nom du fichier : fix.reg
-Type : tous les fichiers !!!
-cliquer sur Enregistrer
-quitter le Bloc Notes

Utilisation du fichier: fix.reg
- double cliquer sur le fichier (Bureau) / Accepter l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / valider le message disant que la fusion est terminée.

6) Double-clique sur BFU.exe pour lancer Brute Force Uninstaller.

A côté de la case scriptline to execute, clique sur l'icône

et choisis Fix.bfu

Clique sur Execute afin de le lancer.

Une fois fini, clique sur Exit pour fermer le programme.

Redémarre normalement.

Post le rapport LOGFILE.log présent sur ton bureau ainsi qu'un nouveau rapport DSS scan, main.txt

| Alerter

Répondre à Egwene

reds2501

9 Août 2008 16:37:36

Logfile.log

BFU v1.11.0
Windows XP SP1 (WinNT 5.01.2600 SP1)
Script started at 18:24:32, on 09/08/2008

Option Unload Explorer: Yes
Success: ProcessKillByPID 808
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Failed: DllUnregister C:\WINDOWS\System32\beetotqi.dll|1 (operation failed)
Failed: DllUnregister C:\WINDOWS\System32\xpzogn.dll|1 (operation failed)
Failed: DllUnregister C:\WINDOWS\System32\ndmqjbod.dll|1 (operation failed)
Failed: DllUnregister C:\WINDOWS\System32\xcfclcbl.dll|1 (operation failed)
Failed: DllUnregister C:\WINDOWS\System32\cbXRIAQg.dll|1 (operation failed)
Failed: DllUnregister C:\WINDOWS\System32\winrkp32.dll|1 (operation failed)
Failed: DllUnregister C:\WINDOWS\System32\gldmng.dll|1 (operation failed)
Failed: DllUnregister C:\WINDOWS\xml2u32h.dll|1 (operation failed)
Success: FileDelete C:\WINDOWS\System32\beetotqi.dll
Success: FileDelete C:\WINDOWS\System32\pehkvlkf.exe
Success: FileDelete C:\WINDOWS\System32\xpzogn.dll
Success: FileDelete C:\WINDOWS\System32\ndmqjbod.dll
Success: FileDelete C:\WINDOWS\System32\xcfclcbl.dll
Success: FileDelete C:\WINDOWS\System32\gQAIRXbc.ini2
Failed: FileDelete C:\WINDOWS\System32\cbXRIAQg.dll (operation failed)
Failed: FileDelete C:\WINDOWS\System32\winrkp32.dll (operation failed)
Success: FileDelete C:\tubecodec.exe
Success: FileDelete C:\directx.exe
Success: FileDelete C:\WINDOWS\System32\gldmng.dll
Success: FileDelete C:\wmcodec_update.exe
Success: FileDelete C:\WINDOWS\xml2u32h.dll
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05c41150-c47d-4930-945c-1fe60eac6130}
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BEB1D14-BBE8-478A-AA39-F48073E2DCD7} (key does not exist)
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72A128E0-2240-40c8-9E92-5387D64F839E}
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB81FE02-F70B-46C2-82C3-DE5C6652E677}
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE}
Success: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BM6b57b73a
Success: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|686484a6
Success: RegDeleteKey HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnKDvs
Success: RegDeleteKey HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\3rh7BD.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\4g17C5.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\7dw78E.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\9hb86A.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\9y6750.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\b2p756.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\cq97B6.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\d5d784.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\ft37BA.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\irp73C.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\j047C2.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\jev78C.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\l39622.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\lxr792.tmp
Success: FolderDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\MessengerCache
Success: FolderDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\plugtmp
Failed: FolderDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\Rar$EX00.250 (operation failed)
Success: FolderDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\Rar$EX00.672
Success: FolderDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\Rar$EX00.922
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\tko6F2.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\usb788.tmp
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\WER7C6.tmp
Success: FolderDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\WER7C6.tmp.dir00
Success: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\xla781.tmp
Failed: FileDelete C:\DOCUME~1\RDA~1\LOCALS~1\Temp\~DF6D2A.tmp (operation failed)
Success: FileDelete C:\WINDOWS\Temp\win1.tmp
Success: FileDelete C:\WINDOWS\Temp\win2.tmp
Success: FileDelete C:\WINDOWS\Temp\win4.tmp
Success: FileDelete C:\WINDOWS\Temp\win5.tmp
Success: FileDelete C:\WINDOWS\Temp\win6.tmp
Success: FileDelete C:\WINDOWS\Temp\win611.tmp
Success: FileDelete C:\WINDOWS\Temp\win612.tmp
Success: FileDelete C:\WINDOWS\Temp\win618.tmp
Success: FileDelete C:\WINDOWS\Temp\win619.tmp
Success: FileDelete C:\WINDOWS\Temp\win61A.tmp
Success: FileDelete C:\WINDOWS\Temp\win61B.tmp
Success: FileDelete C:\WINDOWS\Temp\win620.tmp
Success: FileDelete C:\WINDOWS\Temp\win621.tmp
Success: FileDelete C:\WINDOWS\Temp\win627.tmp
Success: FileDelete C:\WINDOWS\Temp\win628.tmp
Success: FileDelete C:\WINDOWS\Temp\win629.tmp
Success: FileDelete C:\WINDOWS\Temp\win62A.tmp
Success: FileDelete C:\WINDOWS\Temp\win62D.tmp
Success: FileDelete C:\WINDOWS\Temp\win62E.tmp
Success: FileDelete C:\WINDOWS\Temp\win62F.tmp
Success: FileDelete C:\WINDOWS\Temp\win630.tmp
Success: FileDelete C:\WINDOWS\Temp\win631.tmp
Success: FileDelete C:\WINDOWS\Temp\win632.tmp
Success: FileDelete C:\WINDOWS\Temp\win636.tmp
Success: FileDelete C:\WINDOWS\Temp\win637.tmp
Success: FileDelete C:\WINDOWS\Temp\win63B.tmp
Success: FileDelete C:\WINDOWS\Temp\win63C.tmp
Success: FileDelete C:\WINDOWS\Temp\win63D.tmp
Success: FileDelete C:\WINDOWS\Temp\win63E.tmp
Success: FileDelete C:\WINDOWS\Temp\win643.tmp
Success: FileDelete C:\WINDOWS\Temp\win644.tmp
Success: FileDelete C:\WINDOWS\Temp\win64F.tmp
Success: FileDelete C:\WINDOWS\Temp\win650.tmp
Success: FileDelete C:\WINDOWS\Temp\win662.tmp
Success: FileDelete C:\WINDOWS\Temp\win663.tmp
Success: FileDelete C:\WINDOWS\Temp\win668.tmp
Success: FileDelete C:\WINDOWS\Temp\win669.tmp
Success: FileDelete C:\WINDOWS\Temp\win680.tmp
Success: FileDelete C:\WINDOWS\Temp\win681.tmp
Success: FileDelete C:\WINDOWS\Temp\win684.tmp
Success: FileDelete C:\WINDOWS\Temp\win685.tmp
Success: FileDelete C:\WINDOWS\Temp\win686.tmp
Success: FileDelete C:\WINDOWS\Temp\win687.tmp
Success: FileDelete C:\WINDOWS\Temp\win69E.tmp
Success: FileDelete C:\WINDOWS\Temp\win69F.tmp
Success: FileDelete C:\WINDOWS\Temp\win6A2.tmp
Success: FileDelete C:\WINDOWS\Temp\win6A3.tmp
Success: FileDelete C:\WINDOWS\Temp\win6B1.tmp
Success: FileDelete C:\WINDOWS\Temp\win6B2.tmp
Success: FileDelete C:\WINDOWS\Temp\win6B3.tmp
Success: FileDelete C:\WINDOWS\Temp\win6B4.tmp
Success: FileDelete C:\WINDOWS\Temp\win6B5.tmp
Success: FileDelete C:\WINDOWS\Temp\win6B6.tmp
Success: FileDelete C:\WINDOWS\Temp\win6B7.tmp
Success: FileDelete C:\WINDOWS\Temp\win6B8.tmp
Success: FileDelete C:\WINDOWS\Temp\win6B9.tmp
Success: FileDelete C:\WINDOWS\Temp\win6BA.tmp
Success: FileDelete C:\WINDOWS\Temp\win6BB.tmp
Success: FileDelete C:\WINDOWS\Temp\win6BC.tmp
Success: FileDelete C:\WINDOWS\Temp\win6BD.tmp
Success: FileDelete C:\WINDOWS\Temp\win6BE.tmp
Success: FileDelete C:\WINDOWS\Temp\win6BF.tmp
Success: FileDelete C:\WINDOWS\Temp\win6C0.tmp
Success: FileDelete C:\WINDOWS\Temp\win6C3.tmp
Success: FileDelete C:\WINDOWS\Temp\win6C4.tmp
Success: FileDelete C:\WINDOWS\Temp\win6CB.tmp
Success: FileDelete C:\WINDOWS\Temp\win6CC.tmp
Success: FileDelete C:\WINDOWS\Temp\win6D0.tmp
Success: FileDelete C:\WINDOWS\Temp\win6D1.tmp
Success: FileDelete C:\WINDOWS\Temp\win6D9.tmp
Success: FileDelete C:\WINDOWS\Temp\win6DA.tmp
Success: FileDelete C:\WINDOWS\Temp\win6E1.tmp
Success: FileDelete C:\WINDOWS\Temp\win6E2.tmp
Success: FileDelete C:\WINDOWS\Temp\win6EB.tmp
Success: FileDelete C:\WINDOWS\Temp\win6EC.tmp
Success: FileDelete C:\WINDOWS\Temp\win6F3.tmp
Success: FileDelete C:\WINDOWS\Temp\win6F4.tmp
Success: FileDelete C:\WINDOWS\Temp\win6F6.tmp
Success: FileDelete C:\WINDOWS\Temp\win6F7.tmp
Success: FileDelete C:\WINDOWS\Temp\win7.tmp
Success: FileDelete C:\WINDOWS\Temp\win700.tmp
Success: FileDelete C:\WINDOWS\Temp\win701.tmp
Success: FileDelete C:\WINDOWS\Temp\win704.tmp
Success: FileDelete C:\WINDOWS\Temp\win705.tmp
Success: FileDelete C:\WINDOWS\Temp\win706.tmp
Success: FileDelete C:\WINDOWS\Temp\win707.tmp
Success: FileDelete C:\WINDOWS\Temp\win708.tmp
Success: FileDelete C:\WINDOWS\Temp\win709.tmp
Success: FileDelete C:\WINDOWS\Temp\win70B.tmp
Success: FileDelete C:\WINDOWS\Temp\win70C.tmp
Success: FileDelete C:\WINDOWS\Temp\win70D.tmp
Success: FileDelete C:\WINDOWS\Temp\win70E.tmp
Success: FileDelete C:\WINDOWS\Temp\win711.tmp
Success: FileDelete C:\WINDOWS\Temp\win712.tmp
Success: FileDelete C:\WINDOWS\Temp\win713.tmp
Success: FileDelete C:\WINDOWS\Temp\win714.tmp
Success: FileDelete C:\WINDOWS\Temp\win715.tmp
Success: FileDelete C:\WINDOWS\Temp\win716.tmp
Success: FileDelete C:\WINDOWS\Temp\win719.tmp
Success: FileDelete C:\WINDOWS\Temp\win71A.tmp
Success: FileDelete C:\WINDOWS\Temp\win71C.tmp
Success: FileDelete C:\WINDOWS\Temp\win71D.tmp
Success: FileDelete C:\WINDOWS\Temp\win71E.tmp
Success: FileDelete C:\WINDOWS\Temp\win71F.tmp
Success: FileDelete C:\WINDOWS\Temp\win720.tmp
Success: FileDelete C:\WINDOWS\Temp\win721.tmp
Success: FileDelete C:\WINDOWS\Temp\win722.tmp
Success: FileDelete C:\WINDOWS\Temp\win723.tmp
Success: FileDelete C:\WINDOWS\Temp\win724.tmp
Success: FileDelete C:\WINDOWS\Temp\win725.tmp
Success: FileDelete C:\WINDOWS\Temp\win726.tmp
Success: FileDelete C:\WINDOWS\Temp\win727.tmp
Success: FileDelete C:\WINDOWS\Temp\win728.tmp
Success: FileDelete C:\WINDOWS\Temp\win729.tmp
Success: FileDelete C:\WINDOWS\Temp\win72C.tmp
Success: FileDelete C:\WINDOWS\Temp\win72D.tmp
Success: FileDelete C:\WINDOWS\Temp\win72E.tmp
Success: FileDelete C:\WINDOWS\Temp\win72F.tmp
Success: FileDelete C:\WINDOWS\Temp\win730.tmp
Success: FileDelete C:\WINDOWS\Temp\win731.tmp
Success: FileDelete C:\WINDOWS\Temp\win732.tmp
Success: FileDelete C:\WINDOWS\Temp\win733.tmp
Success: FileDelete C:\WINDOWS\Temp\win735.tmp
Success: FileDelete C:\WINDOWS\Temp\win736.tmp
Success: FileDelete C:\WINDOWS\Temp\win737.tmp
Success: FileDelete C:\WINDOWS\Temp\win738.tmp
Success: FileDelete C:\WINDOWS\Temp\win739.tmp
Success: FileDelete C:\WINDOWS\Temp\win73A.tmp
Success: FileDelete C:\WINDOWS\Temp\win73D.tmp
Success: FileDelete C:\WINDOWS\Temp\win73E.tmp
Success: FileDelete C:\WINDOWS\Temp\win73F.tmp
Success: FileDelete C:\WINDOWS\Temp\win740.tmp
Success: FileDelete C:\WINDOWS\Temp\win741.tmp
Success: FileDelete C:\WINDOWS\Temp\win742.tmp
Success: FileDelete C:\WINDOWS\Temp\win744.tmp
Success: FileDelete C:\WINDOWS\Temp\win745.tmp
Success: FileDelete C:\WINDOWS\Temp\win746.tmp
Success: FileDelete C:\WINDOWS\Temp\win747.tmp
Success: FileDelete C:\WINDOWS\Temp\win748.tmp
Success: FileDelete C:\WINDOWS\Temp\win749.tmp
Success: FileDelete C:\WINDOWS\Temp\win74A.tmp
Success: FileDelete C:\WINDOWS\Temp\win74B.tmp
Success: FileDelete C:\WINDOWS\Temp\win752.tmp
Success: FileDelete C:\WINDOWS\Temp\win753.tmp
Success: FileDelete C:\WINDOWS\Temp\win758.tmp
Success: FileDelete C:\WINDOWS\Temp\win759.tmp
Success: FileDelete C:\WINDOWS\Temp\win75A.tmp
Success: FileDelete C:\WINDOWS\Temp\win75B.tmp
Success: FileDelete C:\WINDOWS\Temp\win75C.tmp
Success: FileDelete C:\WINDOWS\Temp\win75D.tmp
Success: FileDelete C:\WINDOWS\Temp\win75E.tmp
Success: FileDelete C:\WINDOWS\Temp\win75F.tmp
Success: FileDelete C:\WINDOWS\Temp\win760.tmp
Success: FileDelete C:\WINDOWS\Temp\win761.tmp
Success: FileDelete C:\WINDOWS\Temp\win762.tmp
Success: FileDelete C:\WINDOWS\Temp\win763.tmp
Success: FileDelete C:\WINDOWS\Temp\win764.tmp
Success: FileDelete C:\WINDOWS\Temp\win765.tmp
Success: FileDelete C:\WINDOWS\Temp\win766.tmp
Success: FileDelete C:\WINDOWS\Temp\win767.tmp
Success: FileDelete C:\WINDOWS\Temp\win769.tmp
Success: FileDelete C:\WINDOWS\Temp\win76A.tmp
Success: FileDelete C:\WINDOWS\Temp\win76B.tmp
Success: FileDelete C:\WINDOWS\Temp\win76C.tmp
Success: FileDelete C:\WINDOWS\Temp\win76D.tmp
Success: FileDelete C:\WINDOWS\Temp\win76E.tmp
Success: FileDelete C:\WINDOWS\Temp\win76F.tmp
Success: FileDelete C:\WINDOWS\Temp\win770.tmp
Success: FileDelete C:\WINDOWS\Temp\win771.tmp
Success: FileDelete C:\WINDOWS\Temp\win772.tmp
Success: FileDelete C:\WINDOWS\Temp\win774.tmp
Success: FileDelete C:\WINDOWS\Temp\win775.tmp
Success: FileDelete C:\WINDOWS\Temp\win776.tmp
Success: FileDelete C:\WINDOWS\Temp\win777.tmp
Success: FileDelete C:\WINDOWS\Temp\win779.tmp
Success: FileDelete C:\WINDOWS\Temp\win77A.tmp
Success: FileDelete C:\WINDOWS\Temp\win77B.tmp
Success: FileDelete C:\WINDOWS\Temp\win77C.tmp
Success: FileDelete C:\WINDOWS\Temp\win77D.tmp
Success: FileDelete C:\WINDOWS\Temp\win77E.tmp
Success: FileDelete C:\WINDOWS\Temp\win77F.tmp
Success: FileDelete C:\WINDOWS\Temp\win780.tmp
Success: FileDelete C:\WINDOWS\Temp\win786.tmp
Success: FileDelete C:\WINDOWS\Temp\win787.tmp
Success: FileDelete C:\WINDOWS\Temp\win790.tmp
Success: FileDelete C:\WINDOWS\Temp\win791.tmp
Success: FileDelete C:\WINDOWS\Temp\win795.tmp
Success: FileDelete C:\WINDOWS\Temp\win796.tmp
Success: FileDelete C:\WINDOWS\Temp\win797.tmp
Success: FileDelete C:\WINDOWS\Temp\win798.tmp
Success: FileDelete C:\WINDOWS\Temp\win799.tmp
Success: FileDelete C:\WINDOWS\Temp\win79A.tmp
Success: FileDelete C:\WINDOWS\Temp\win79C.tmp
Success: FileDelete C:\WINDOWS\Temp\win79D.tmp
Success: FileDelete C:\WINDOWS\Temp\win79E.tmp
Success: FileDelete C:\WINDOWS\Temp\win79F.tmp
Success: FileDelete C:\WINDOWS\Temp\win7A0.tmp
Success: FileDelete C:\WINDOWS\Temp\win7A1.tmp
Success: FileDelete C:\WINDOWS\Temp\win7A2.tmp
Success: FileDelete C:\WINDOWS\Temp\win7A3.tmp
Success: FileDelete C:\WINDOWS\Temp\win7A4.tmp
Success: FileDelete C:\WINDOWS\Temp\win7A5.tmp
Success: FileDelete C:\WINDOWS\Temp\win7A6.tmp
Success: FileDelete C:\WINDOWS\Temp\win7A7.tmp
Success: FileDelete C:\WINDOWS\Temp\win7A9.tmp
Success: FileDelete C:\WINDOWS\Temp\win7AA.tmp
Success: FileDelete C:\WINDOWS\Temp\win7AC.tmp
Success: FileDelete C:\WINDOWS\Temp\win7AD.tmp
Success: FileDelete C:\WINDOWS\Temp\win7B2.tmp
Success: FileDelete C:\WINDOWS\Temp\win7B3.tmp
Success: FileDelete C:\WINDOWS\Temp\win7B4.tmp
Success: FileDelete C:\WINDOWS\Temp\win7B5.tmp
Success: FileDelete C:\WINDOWS\Temp\win7B8.tmp
Success: FileDelete C:\WINDOWS\Temp\win7B9.tmp
Success: FileDelete C:\WINDOWS\Temp\win7C0.tmp
Success: FileDelete C:\WINDOWS\Temp\win7C1.tmp
Success: FileDelete C:\WINDOWS\Temp\win7C8.tmp
Success: FileDelete C:\WINDOWS\Temp\win7C9.tmp
Success: FileDelete C:\WINDOWS\Temp\win7D1.tmp
Success: FileDelete C:\WINDOWS\Temp\win7D2.tmp
Success: FileDelete C:\WINDOWS\Temp\win7D3.tmp
Success: FileDelete C:\WINDOWS\Temp\win7D4.tmp
Success: FileDelete C:\WINDOWS\Temp\win7D5.tmp
Success: FileDelete C:\WINDOWS\Temp\win7D6.tmp
Success: FileDelete C:\WINDOWS\Temp\win7D7.tmp
Success: FileDelete C:\WINDOWS\Temp\win7D8.tmp
Success: FileDelete C:\WINDOWS\Temp\win7D9.tmp
Success: FileDelete C:\WINDOWS\Temp\win7DA.tmp
Success: FileDelete C:\WINDOWS\Temp\win7DB.tmp
Success: FileDelete C:\WINDOWS\Temp\win7DC.tmp
Success: FileDelete C:\WINDOWS\Temp\win7DD.tmp
Success: FileDelete C:\WINDOWS\Temp\win7DE.tmp
Success: FileDelete C:\WINDOWS\Temp\win7DF.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E0.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E1.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E2.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E3.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E4.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E5.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E6.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E7.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E8.tmp
Success: FileDelete C:\WINDOWS\Temp\win7E9.tmp
Success: FileDelete C:\WINDOWS\Temp\win7EA.tmp
Success: FileDelete C:\WINDOWS\Temp\win7EB.tmp
Success: FileDelete C:\WINDOWS\Temp\win7EC.tmp
Success: FileDelete C:\WINDOWS\Temp\win7ED.tmp
Success: FileDelete C:\WINDOWS\Temp\win7EE.tmp
Success: FileDelete C:\WINDOWS\Temp\win7EF.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F0.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F1.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F2.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F3.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F4.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F5.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F6.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F7.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F8.tmp
Success: FileDelete C:\WINDOWS\Temp\win7F9.tmp
Success: FileDelete C:\WINDOWS\Temp\win7FA.tmp
Success: FileDelete C:\WINDOWS\Temp\win7FB.tmp
Success: FileDelete C:\WINDOWS\Temp\win7FC.tmp
Success: FileDelete C:\WINDOWS\Temp\win7FD.tmp
Success: FileDelete C:\WINDOWS\Temp\win7FE.tmp
Success: FileDelete C:\WINDOWS\Temp\win7FF.tmp
Success: FileDelete C:\WINDOWS\Temp\win8.tmp
Success: FileDelete C:\WINDOWS\Temp\win800.tmp
Success: FileDelete C:\WINDOWS\Temp\win801.tmp
Success: FileDelete C:\WINDOWS\Temp\win802.tmp
Success: FileDelete C:\WINDOWS\Temp\win803.tmp
Success: FileDelete C:\WINDOWS\Temp\win804.tmp
Success: FileDelete C:\WINDOWS\Temp\win805.tmp
Success: FileDelete C:\WINDOWS\Temp\win806.tmp
Success: FileDelete C:\WINDOWS\Temp\win807.tmp
Success: FileDelete C:\WINDOWS\Temp\win808.tmp
Success: FileDelete C:\WINDOWS\Temp\win809.tmp
Success: FileDelete C:\WINDOWS\Temp\win80A.tmp
Success: FileDelete C:\WINDOWS\Temp\win80B.tmp
Success: FileDelete C:\WINDOWS\Temp\win80C.tmp
Success: FileDelete C:\WINDOWS\Temp\win80D.tmp
Success: FileDelete C:\WINDOWS\Temp\win80E.tmp
Success: FileDelete C:\WINDOWS\Temp\win80F.tmp
Success: FileDelete C:\WINDOWS\Temp\win810.tmp
Success: FileDelete C:\WINDOWS\Temp\win811.tmp
Success: FileDelete C:\WINDOWS\Temp\win812.tmp
Success: FileDelete C:\WINDOWS\Temp\win813.tmp
Success: FileDelete C:\WINDOWS\Temp\win814.tmp
Success: FileDelete C:\WINDOWS\Temp\win815.tmp
Success: FileDelete C:\WINDOWS\Temp\win816.tmp
Success: FileDelete C:\WINDOWS\Temp\win817.tmp
Success: FileDelete C:\WINDOWS\Temp\win818.tmp
Success: FileDelete C:\WINDOWS\Temp\win819.tmp
Success: FileDelete C:\WINDOWS\Temp\win81A.tmp
Success: FileDelete C:\WINDOWS\Temp\win81B.tmp
Success: FileDelete C:\WINDOWS\Temp\win81C.tmp
Success: FileDelete C:\WINDOWS\Temp\win81D.tmp
Success: FileDelete C:\WINDOWS\Temp\win81E.tmp
Success: FileDelete C:\WINDOWS\Temp\win81F.tmp
Success: FileDelete C:\WINDOWS\Temp\win820.tmp
Success: FileDelete C:\WINDOWS\Temp\win821.tmp
Success: FileDelete C:\WINDOWS\Temp\win822.tmp
Success: FileDelete C:\WINDOWS\Temp\win823.tmp
Success: FileDelete C:\WINDOWS\Temp\win824.tmp
Success: FileDelete C:\WINDOWS\Temp\win825.tmp
Success: FileDelete C:\WINDOWS\Temp\win826.tmp
Success: FileDelete C:\WINDOWS\Temp\win827.tmp
Success: FileDelete C:\WINDOWS\Temp\win828.tmp
Success: FileDelete C:\WINDOWS\Temp\win829.tmp
Success: FileDelete C:\WINDOWS\Temp\win82A.tmp
Success: FileDelete C:\WINDOWS\Temp\win82B.tmp
Success: FileDelete C:\WINDOWS\Temp\win82C.tmp
Success: FileDelete C:\WINDOWS\Temp\win82D.tmp
Success: FileDelete C:\WINDOWS\Temp\win82E.tmp
Success: FileDelete C:\WINDOWS\Temp\win82F.tmp
Success: FileDelete C:\WINDOWS\Temp\win830.tmp
Success: FileDelete C:\WINDOWS\Temp\win831.tmp
Success: FileDelete C:\WINDOWS\Temp\win832.tmp
Success: FileDelete C:\WINDOWS\Temp\win833.tmp
Success: FileDelete C:\WINDOWS\Temp\win834.tmp
Success: FileDelete C:\WINDOWS\Temp\win835.tmp
Success: FileDelete C:\WINDOWS\Temp\win836.tmp
Success: FileDelete C:\WINDOWS\Temp\win837.tmp
Success: FileDelete C:\WINDOWS\Temp\win838.tmp
Success: FileDelete C:\WINDOWS\Temp\win839.tmp
Success: FileDelete C:\WINDOWS\Temp\win83A.tmp
Success: FileDelete C:\WINDOWS\Temp\win83B.tmp
Success: FileDelete C:\WINDOWS\Temp\win83C.tmp
Success: FileDelete C:\WINDOWS\Temp\win83D.tmp
Success: FileDelete C:\WINDOWS\Temp\win83E.tmp
Success: FileDelete C:\WINDOWS\Temp\win83F.tmp
Success: FileDelete C:\WINDOWS\Temp\win840.tmp
Success: FileDelete C:\WINDOWS\Temp\win841.tmp
Success: FileDelete C:\WINDOWS\Temp\win842.tmp
Success: FileDelete C:\WINDOWS\Temp\win843.tmp
Success: FileDelete C:\WINDOWS\Temp\win844.tmp
Success: FileDelete C:\WINDOWS\Temp\win847.tmp
Success: FileDelete C:\WINDOWS\Temp\win848.tmp
Success: FileDelete C:\WINDOWS\Temp\win854.tmp
Success: FileDelete C:\WINDOWS\Temp\win855.tmp
Success: FileDelete C:\WINDOWS\Temp\win860.tmp
Success: FileDelete C:\WINDOWS\Temp\win861.tmp
Success: FileDelete C:\WINDOWS\Temp\win868.tmp
Success: FileDelete C:\WINDOWS\Temp\win869.tmp
Success: FileDelete C:\WINDOWS\Temp\win86E.tmp
Success: FileDelete C:\WINDOWS\Temp\win86F.tmp
Success: FileDelete C:\WINDOWS\Temp\win872.tmp
Success: FileDelete C:\WINDOWS\Temp\win873.tmp
Success: FileDelete C:\WINDOWS\Temp\win874.tmp
Success: FileDelete C:\WINDOWS\Temp\win875.tmp
Success: FileDelete C:\WINDOWS\Temp\win876.tmp
Success: FileDelete C:\WINDOWS\Temp\win877.tmp
Success: FileDelete C:\WINDOWS\Temp\win878.tmp
Success: FileDelete C:\WINDOWS\Temp\win879.tmp
Success: FileDelete C:\WINDOWS\Temp\win888.tmp
Success: FileDelete C:\WINDOWS\Temp\win889.tmp
Success: FileDelete C:\WINDOWS\Temp\win88C.tmp
Success: FileDelete C:\WINDOWS\Temp\win88D.tmp
Success: FileDelete C:\WINDOWS\Temp\win88E.tmp
Success: FileDelete C:\WINDOWS\Temp\win88F.tmp
Success: FileDelete C:\WINDOWS\Temp\win890.tmp
Success: FileDelete C:\WINDOWS\Temp\win891.tmp
Success: FileDelete C:\WINDOWS\Temp\win894.tmp
Success: FileDelete C:\WINDOWS\Temp\win895.tmp
Success: FileDelete C:\WINDOWS\Temp\win896.tmp
Success: FileDelete C:\WINDOWS\Temp\win897.tmp
Success: FileDelete C:\WINDOWS\Temp\win898.tmp
Success: FileDelete C:\WINDOWS\Temp\win899.tmp
Success: FileDelete C:\WINDOWS\Temp\win89D.tmp
Success: FileDelete C:\WINDOWS\Temp\win89E.tmp
Success: FileDelete C:\WINDOWS\Temp\win9.tmp
Success: FileDelete C:\WINDOWS\Temp\winA.tmp
Success: FileDelete C:\WINDOWS\Temp\winB.tmp
Success: FileDelete C:\WINDOWS\Temp\winC.tmp
Success: FileDelete C:\WINDOWS\Temp\winD.tmp
Success: FileDelete C:\WINDOWS\Temp\winE.tmp
Success: FileDelete C:\WINDOWS\Temp\winF.tmp
Success: SystemEmptyRecycleBin
Success: FolderDelete C:\Documents and Settings\Réda\Local Settings\Temporary Internet Files\Content.IE5\63Q9EZMF
Success: FolderDelete C:\Documents and Settings\Réda\Local Settings\Temporary Internet Files\Content.IE5\CBUVW3E1
Success: FolderDelete C:\Documents and Settings\Réda\Local Settings\Temporary Internet Files\Content.IE5\KBMNW9SD
Success: FolderDelete C:\Documents and Settings\Réda\Local Settings\Temporary Internet Files\Content.IE5\O7QX0DU9
Success: SystemRun C:\WINDOWS\explorer.exe||1
Script completed at 18:24:40.

DDS scan, main.txt

Deckard's System Scanner v20071014.68
Run by Réda on 2008-08-09 18:35:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).

-- HijackThis (run as Réda.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:03, on 09/08/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Réda\Bureau\dss.exe
C:\DOCUME~1\RDA~1\Bureau\RDA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B10A71B3-E1FF-4E5D-A61C-7B1A36330697} - C:\WINDOWS\System32\cbXRIAQg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S1AE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8176 bytes

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 18:24:36 52809 --ahs---- C:\WINDOWS\System32\gQAIRXbc.ini2
2008-08-09 04:17:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\sentinel
2008-08-09 04:15:24 281 --a------ C:\WINDOWS\System32\PavCPL.dat
2008-08-09 04:15:08 219096 --a------ C:\WINDOWS\System32\drivers\APPFCONT.DAT
2008-08-09 04:14:22 0 d-------- C:\WINDOWS\System32\PAV
2008-08-09 04:13:19 101888 --a------ C:\WINDOWS\System32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS>
2008-08-09 04:13:04 0 d-------- C:\Program Files\Panda Security
2008-08-09 04:08:48 0 d-------- C:\Program Files\Fichiers communs\Panda Software
2008-08-07 23:38:46 6742016 --a------ C:\Documents and Settings\Réda\ntuser.dat
2008-08-07 23:38:26 246784 --a------ C:\WINDOWS\System32\cbXRIAQg.dll
2008-08-07 23:37:34 32256 --a------ C:\WINDOWS\System32\winrkp32.dll
2008-08-07 20:19:42 0 d-------- C:\Documents and Settings\Réda\.Subdo.Java.Cache
2008-08-07 20:19:35 0 d-------- C:\Documents and Settings\Réda\.jogl_ext
2008-07-29 18:20:11 0 d-------- C:\Program Files\Smart Projects
2008-07-29 18:13:35 0 d-------- C:\Program Files\free-downloads.net
2008-07-23 23:05:26 0 d--h----- C:\WINDOWS\System32\GroupPolicy
2008-07-18 19:00:58 10 --a------ C:\Documents and Settings\Réda\usb002
2008-07-14 15:06:44 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-14 15:06:44 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-14 15:05:05 0 d-------- C:\Program Files\NRJ

-- Find3M Report ---------------------------------------------------------------

2008-08-09 14:12:36 0 d-------- C:\Program Files\eMule
2008-08-09 04:25:33 367658 --a------ C:\WINDOWS\System32\perfh00C.dat
2008-08-09 04:25:32 48616 --a------ C:\WINDOWS\System32\perfc00C.dat
2008-08-09 04:13:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-09 04:08:48 0 d-------- C:\Program Files\Fichiers communs
2008-07-07 13:54:00 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-07-05 20:13:43 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-07-05 20:11:23 0 d-------- C:\Program Files\EPSON
2008-07-05 12:40:42 0 d-------- C:\Documents and Settings\Réda\Application Data\LimeWire
2008-06-23 19:54:40 446976 --a------ C:\WINDOWS\System32\ShellMPD.dll
2008-06-23 19:54:39 0 d-------- C:\Program Files\MSN Pictures Displayer
2008-06-23 19:54:39 0 d-------- C:\Documents and Settings\Réda\Application Data\MSN Pictures Displayer
2008-06-16 10:23:05 0 d-------- C:\Program Files\SSC Service Utility
2008-06-16 09:49:18 0 d-------- C:\Documents and Settings\Réda\Application Data\InstallShield
2008-06-15 19:05:55 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 3

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B10A71B3-E1FF-4E5D-A61C-7B1A36330697}]
07/08/2008 23:38 246784 --a------ C:\WINDOWS\System32\cbXRIAQg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [03/06/2004 20:51]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [04/09/2003 10:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/10/2007 23:57]
"SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [09/10/2007 12:55]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [19/07/2007 15:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:55]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [10/09/2007 14:33]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [12/04/2007 08:00]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 09:20]

C:\Documents and Settings\Réda\Menu Démarrer\Programmes\Démarrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [23/06/2008 19:52:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BB81FE02-F70B-46C2-82C3-DE5C6652E677}"= C:\WINDOWS\System32\pmnnKDvs.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
winrkp32.dll 07/08/2008 23:37 32256 C:\WINDOWS\system32\winrkp32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\System32\cbXRIAQg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - COMFILTR

-- End of Deckard's System Scanner: finished at 2008-08-09 18:37:21 ------------

| Alerter

Répondre à reds2501

Egwene

9 Août 2008 16:44:58

Re,

Bien :super:

Il y a un peu de résistance, on va employer un outil plus puissant

Télécharge Combofix à partir d'**ICI** ou bien **ICI** et enregistre-le sur ton bureau.

**Note 1 : Dans le cas où tu aurais déjà une version de combofix, il faudra que tu en télécharges une autre, la toute dernière. De plus il est très important de le sauvegarder directement sur ton bureau.**

Merci de ne jamais renommer Combofix, sauf si cela t'es expressément demandé.

Ferme toutes les fenêtres en cours, sans exception.

Désactive toutes les protections résidentes de tous tes logiciels antivirus, antispyware etc. afin que ces derniers n'interfèrent pas avec le bonfonctionnement de Combofix.
Très important : Désactive temporairement toutes tes protections résidentes de tous tes logiciels de sécurité avant de lancer un scan avec Combofix. Ils risqueraient d'altérer le bon déroulement du scan de Combofix, ce qui pourrait avoir des conséquences imprévues et désastreuses.

Clique sur ce lien pour voir une liste de programmes qui devraient systématiquement être désactivés avant l'utilisation de combofix. A noter que la liste n'est pas exhaustive. Si ton logiciel de sécurité n'est pas dans cette liste et que tu ne sais pas comment le désactiver, ou que tu ne comprends pas l'anglais

, merci de me poser la question.

ATTENTION : Combofix va automatiquement te déconnecter d'internet dès que le scan débute.

Merci ne pas essayer de reconnecter ta machine à internet tant que combofix n'a pas fini son travail.

Si jamais tu n'arrives plus à te connecter à internet après l'utilisation de combofix, redémarre ton PC pour restaurer la connexion à internet.

Double clique sur combofix.exe et suis les instructions qui s'affichent.

Quand le scan sera fini, un rapport devrait normalement s'afficher à l'écran.

Merci de poster le rapport suivant, "C:\ComboFix.txt" , dans votre prochaine réponse, accompagné d'un nouveau rapport HiJackThis.

**Note 2 : Ne pas cliquer dans la fenêtre de combofix pendant qu'il travaille. Tu risquerais de planter le PC et de causer d'importants dommages.**

| Alerter

Répondre à Egwene

Ronnie25

16 Août 2008 10:22:19

Re bonjour désolé pour cette abscence,j'était tout simplement en vacances,et je pensait en avoir fini,Alors j'ai effectué la derniere etape que vous m'avez suggeré voici les rapports...

| Alerter

Répondre à Ronnie25

Ronnie25

16 Août 2008 10:23:30

ComboFix 08-08-14.05 - Réda 2008-08-16 11:55:18.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.52 [GMT 2:00]
Endroit: C:\Documents and Settings\Réda\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\BM6b57b73a.txt
C:\WINDOWS\BM6b57b73a.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtuVllI.dll
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\cbXRIAQg.dll
C:\WINDOWS\system32\cgotiypk.exe
C:\WINDOWS\system32\gldmng.dll
C:\WINDOWS\system32\gokyaaqp.dll
C:\WINDOWS\system32\gQAIRXbc.ini
C:\WINDOWS\system32\gQAIRXbc.ini2
C:\WINDOWS\system32\kaekdo.dll
C:\WINDOWS\system32\lwlrbqjq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\mkdshpvc.dll
C:\WINDOWS\system32\pmnnKDvs.dll
C:\WINDOWS\system32\pqaaykog.ini
C:\WINDOWS\xml2u32h.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.

2008-08-16 11:19 . 2008-08-16 11:19 <REP> d-------- C:\Program Files\TVAnts
2008-08-16 03:34 . 2008-08-16 05:54 <REP> d-------- C:\WINDOWS\system32\zsfiles
2008-08-16 03:30 . 2008-08-16 03:34 131,072 --a------ C:\WINDOWS\system32\datestamp.dll
2008-08-16 03:29 . 2008-08-16 03:29 <REP> d-------- C:\WINDOWS\system32\ZeroSpyware
2008-08-16 03:29 . 2008-08-16 03:29 <REP> d-------- C:\Program Files\FBM Software
2008-08-16 03:21 . 2008-08-16 03:21 <REP> d-------- C:\Program Files\CCleaner
2008-08-16 03:06 . 2008-08-16 03:06 <REP> d-------- C:\Program Files\River Past
2008-08-16 03:06 . 2008-08-16 03:06 <REP> d-------- C:\Program Files\Fichiers communs\River Past
2008-08-16 03:05 . 2008-08-16 03:12 <REP> d-------- C:\Program Files\NRJ
2008-08-16 03:05 . 2008-08-16 03:05 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-08-16 03:05 . 2008-08-16 03:05 <REP> d-------- C:\Program Files\Loto1N2
2008-08-16 03:05 . 2008-08-16 03:05 <REP> d-------- C:\Program Files\free-downloads.net
2008-08-16 03:05 . 2008-08-16 03:16 <REP> d-------- C:\Program Files\BitComet
2008-08-14 17:19 . 2008-08-14 17:19 <REP> d-------- C:\Program Files\Alwil Software
2008-08-13 21:20 . 2008-08-13 21:20 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2008-08-09 17:46 . 2008-08-16 03:06 <REP> d-------- C:\Program Files\ERUNT
2008-08-09 11:58 . 2008-08-09 11:58 <REP> d-------- C:\Deckard
2008-08-09 04:23 . 2008-08-16 02:33 225,612 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-08-09 04:21 . 2008-08-16 02:38 1,244 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-08-09 04:17 . 2008-08-09 04:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\sentinel
2008-08-09 04:15 . 2008-08-16 02:33 225,612 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-08-09 04:14 . 2008-08-13 00:43 <REP> d-------- C:\WINDOWS\system32\PAV
2008-08-09 04:13 . 2008-08-09 04:13 <REP> d-------- C:\Program Files\Panda Security
2008-08-09 04:08 . 2008-08-09 04:08 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-08-07 23:37 . 2008-08-07 23:37 32,256 --a------ C:\WINDOWS\system32\winrkp32.dll
2008-08-07 23:35 . 2008-08-07 23:35 7,140 --a------ C:\tubecodec.exe
2008-08-07 23:34 . 2008-08-07 23:35 58,368 --a------ C:\directx.exe
2008-08-07 23:33 . 2008-08-07 23:33 57,868 --a------ C:\wmcodec_update.exe
2008-08-07 20:19 . 2008-08-07 20:20 <REP> d-------- C:\Documents and Settings\Réda\.Subdo.Java.Cache
2008-08-07 20:19 . 2008-08-07 20:20 <REP> d-------- C:\Documents and Settings\Réda\.Subdo.Java.Cache
2008-08-07 20:19 . 2008-08-07 20:19 <REP> d-------- C:\Documents and Settings\Réda\.jogl_ext
2008-08-07 20:19 . 2008-08-07 20:19 <REP> d-------- C:\Documents and Settings\Réda\.jogl_ext
2008-08-06 19:54 . 2008-08-06 19:54 268 --ah----- C:\sqmdata07.sqm
2008-08-06 19:54 . 2008-08-06 19:54 172 --ah----- C:\sqmnoopt07.sqm
2008-08-06 10:27 . 2008-08-06 10:27 268 --ah----- C:\sqmdata06.sqm
2008-08-06 10:27 . 2008-08-06 10:27 244 --ah----- C:\sqmnoopt06.sqm
2008-07-29 18:53 . 2008-07-29 18:53 66 --a------ C:\WINDOWS\system32\wbt.inf
2008-07-29 18:20 . 2008-07-29 18:20 <REP> d-------- C:\Program Files\Smart Projects
2008-07-23 23:05 . 2008-07-23 23:05 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-22 22:33 . 2008-07-22 22:33 244 --ah----- C:\sqmnoopt05.sqm
2008-07-22 22:33 . 2008-07-22 22:33 232 --ah----- C:\sqmdata05.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 01:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 01:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
2008-08-13 14:01 --------- d-----w C:\Program Files\eMule
2008-07-07 11:54 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-07-07 11:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
2008-07-05 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-05 18:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
2008-07-05 18:11 --------- d-----w C:\Program Files\EPSON
2008-07-05 10:40 --------- d-----w C:\Documents and Settings\Réda\Application Data\LimeWire
2008-07-05 10:40 --------- d-----w C:\Documents and Settings\Réda\Application Data\LimeWire
2008-07-05 10:40 --------- d-----w C:\Documents and Settings\Réda\Application Data\LimeWire
2008-06-23 17:54 446,976 ----a-w C:\WINDOWS\system32\ShellMPD.dll
2008-06-23 17:54 --------- d-----w C:\Program Files\MSN Pictures Displayer
2008-06-23 17:54 --------- d-----w C:\Documents and Settings\Réda\Application Data\MSN Pictures Displayer
2008-06-23 17:54 --------- d-----w C:\Documents and Settings\Réda\Application Data\MSN Pictures Displayer
2008-06-23 17:54 --------- d-----w C:\Documents and Settings\Réda\Application Data\MSN Pictures Displayer
2008-06-16 08:23 --------- d-----w C:\Program Files\SSC Service Utility
2008-06-16 07:49 --------- d-----w C:\Documents and Settings\Réda\Application Data\InstallShield
2008-06-16 07:49 --------- d-----w C:\Documents and Settings\Réda\Application Data\InstallShield
2008-06-16 07:49 --------- d-----w C:\Documents and Settings\Réda\Application Data\InstallShield
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-21 17:05 19,384 ----a-w C:\Documents and Settings\Réda\Application Data\GDIPFONTCACHEV1.DAT
2008-01-21 17:05 19,384 ----a-w C:\Documents and Settings\Réda\Application Data\GDIPFONTCACHEV1.DAT
2008-01-21 17:05 19,384 ----a-w C:\Documents and Settings\Réda\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-11-04_22.08.42,56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-22 21:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll
+ 2002-07-25 15:13:18 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll
+ 2002-07-25 15:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2002-07-25 15:05:32 172,032 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
- 2002-12-04 00:03:54 11,392 ----a-w C:\WINDOWS\Driver Cache\i386\bdasup.sys
+ 2004-07-09 02:26:38 11,392 ----a-w C:\WINDOWS\Driver Cache\i386\bdasup.sys
- 2002-12-04 00:04:12 16,384 ----a-w C:\WINDOWS\Driver Cache\i386\ccdecode.sys
+ 2004-07-09 02:26:38 16,384 ----a-w C:\WINDOWS\Driver Cache\i386\ccdecode.sys
- 2002-12-06 21:55:36 15,104 ----a-w C:\WINDOWS\Driver Cache\i386\mpe.sys
+ 2004-07-09 02:26:38 15,104 ----a-w C:\WINDOWS\Driver Cache\i386\mpe.sys
- 2002-11-12 17:15:30 52,096 ----a-w C:\WINDOWS\Driver Cache\i386\msdv.sys
+ 2004-07-09 02:26:38 52,096 ----a-w C:\WINDOWS\Driver Cache\i386\msdv.sys
- 2002-12-04 00:04:20 16,896 ----a-w C:\WINDOWS\Driver Cache\i386\msyuv.dll
+ 2004-07-09 02:26:38 16,896 ----a-w C:\WINDOWS\Driver Cache\i386\msyuv.dll
- 2002-12-04 00:04:14 83,968 ----a-w C:\WINDOWS\Driver Cache\i386\nabtsfec.sys
+ 2004-07-09 02:26:38 83,968 ----a-w C:\WINDOWS\Driver Cache\i386\nabtsfec.sys
- 2002-12-06 21:56:36 10,112 ----a-w C:\WINDOWS\Driver Cache\i386\ndisip.sys
+ 2004-07-09 02:26:38 10,112 ----a-w C:\WINDOWS\Driver Cache\i386\ndisip.sys
- 2002-12-03 23:33:32 354,816 ----a-w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
+ 2004-07-09 02:26:40 354,816 ----a-w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
- 2002-12-04 00:03:56 10,880 ----a-w C:\WINDOWS\Driver Cache\i386\slip.sys
+ 2004-07-09 02:26:40 10,880 ----a-w C:\WINDOWS\Driver Cache\i386\slip.sys
- 2002-12-11 22:14:32 45,696 ----a-w C:\WINDOWS\Driver Cache\i386\stream.sys
+ 2004-07-09 02:27:28 48,512 ----a-w C:\WINDOWS\Driver Cache\i386\stream.sys
- 2002-12-04 00:03:54 14,976 ----a-w C:\WINDOWS\Driver Cache\i386\streamip.sys
+ 2004-07-09 02:26:40 14,976 ----a-w C:\WINDOWS\Driver Cache\i386\streamip.sys
- 2002-12-04 00:04:12 18,688 ----a-w C:\WINDOWS\Driver Cache\i386\wstcodec.sys
+ 2004-07-09 02:26:40 18,688 ----a-w C:\WINDOWS\Driver Cache\i386\wstcodec.sys
+ 2008-08-09 15:46:57 6,742,016 ----a-w C:\WINDOWS\erdnt\09-08-2008\Users\00000001\ntuser.dat
+ 2008-08-09 15:46:57 155,648 ----a-w C:\WINDOWS\erdnt\09-08-2008\Users\00000002\UsrClass.dat
+ 2008-08-09 16:27:48 6,742,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\09-08-2008\Users\00000001\ntuser.dat
+ 2008-08-09 16:27:49 155,648 ----a-w C:\WINDOWS\erdnt\AutoBackup\09-08-2008\Users\00000002\UsrClass.dat
+ 2008-08-10 12:00:31 6,742,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-08-2008\Users\00000001\ntuser.dat
+ 2008-08-10 12:00:32 155,648 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-08-2008\Users\00000002\UsrClass.dat
+ 2008-08-10 22:43:35 6,742,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-08-2008\Users\00000001\ntuser.dat
+ 2008-08-10 22:43:36 155,648 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-08-2008\Users\00000002\UsrClass.dat
+ 2008-08-11 23:43:53 6,742,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-08-2008\Users\00000001\ntuser.dat
+ 2008-08-11 23:43:54 155,648 ----a-w C:\WINDOWS\erdnt\AutoBackup\12-08-2008\Users\00000002\UsrClass.dat
+ 2008-08-12 22:06:39 6,742,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\13-08-2008\Users\00000001\ntuser.dat
+ 2008-08-12 22:06:40 155,648 ----a-w C:\WINDOWS\erdnt\AutoBackup\13-08-2008\Users\00000002\UsrClass.dat
+ 2008-08-13 23:15:33 6,451,200 ----a-w C:\WINDOWS\erdnt\AutoBackup\14-08-2008\Users\00000001\ntuser.dat
+ 2008-08-13 23:15:33 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\14-08-2008\Users\00000002\UsrClass.dat
+ 2008-08-15 10:19:39 6,500,352 ----a-w C:\WINDOWS\erdnt\AutoBackup\15-08-2008\Users\00000001\ntuser.dat
+ 2008-08-15 10:19:40 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\15-08-2008\Users\00000002\UsrClass.dat
+ 2008-08-15 22:30:58 6,500,352 ----a-w C:\WINDOWS\erdnt\AutoBackup\16-08-2008\Users\00000001\ntuser.dat
+ 2008-08-15 22:30:59 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\16-08-2008\Users\00000002\UsrClass.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
- 2007-09-07 04:11:10 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-02-22 23:43:55 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-02-22 23:43:55 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2007-09-07 04:11:10 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-02-22 23:43:55 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2007-09-07 04:11:09 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-02-22 23:43:55 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-09-07 04:11:10 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-02-22 23:43:55 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-09-07 04:11:10 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-02-22 23:43:55 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-09-07 04:11:10 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-02-22 23:43:55 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-09-07 04:11:09 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-02-22 23:43:55 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-09-07 04:11:10 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-02-22 23:43:55 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-09-07 04:11:10 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-02-22 23:43:55 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-09-07 04:11:09 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-02-22 23:43:55 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-09-07 04:11:09 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-02-22 23:43:55 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-12-08 13:05:12 3,638 ----a-r C:\WINDOWS\Installer\{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}\ARPPRODUCTICON.exe
+ 2007-12-08 13:05:13 45,056 ----a-r C:\WINDOWS\Installer\{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}\NewShortcut2_B0C8A90F65894FC68EA581831D92A6B4.exe
+ 2007-12-08 13:05:13 45,056 ----a-r C:\WINDOWS\Installer\{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}\NewShortcut2_B9F499B8D1F042FC84BECC552123CCCB.exe
+ 2007-12-08 13:05:12 45,056 ----a-r C:\WINDOWS\Installer\{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}\NewShortcut2_D52FB7FCBA0548A399F27778E184CAF7.exe
+ 2007-12-08 13:05:12 8,854 ----a-r C:\WINDOWS\Installer\{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}\Uninstall_BlueSoleil_DA0C16B5026041ACAA4BA0D7EA548378.exe
+ 2008-07-05 18:10:52 69,632 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe
+ 2008-07-05 18:10:52 69,632 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
- 1998-11-13 11:16:44 308,224 ----a-w C:\WINDOWS\IsUn040c.exe
+ 1998-11-13 10:16:44 308,224 ----a-w C:\WINDOWS\IsUn040c.exe
+ 2003-02-28 15:35:26 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2007-12-24 10:58:07 2,678 ----a-w C:\WINDOWS\java\Packages\Data\013J9BRN.DAT
+ 2007-12-24 10:58:06 2,678 ----a-w C:\WINDOWS\java\Packages\Data\BRFZLZL7.DAT
+ 2007-12-24 10:58:05 2,678 ----a-w C:\WINDOWS\java\Packages\Data\I7LJHJVP.DAT
+ 2007-12-24 10:58:06 2,678 ----a-w C:\WINDOWS\java\Packages\Data\S7N5FVJR.DAT
+ 2007-12-24 10:58:25 2,678 ----a-w C:\WINDOWS\java\Packages\Data\VPJ7PBZ3.DAT
- 2007-06-16 23:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-08-27 15:15:05 2,410 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
- 2002-12-11 22:14:32 1,177,600 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8.dll
+ 2004-07-09 02:27:28 1,201,152 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8.dll
- 2002-12-11 22:14:32 797,184 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3dim700.dll
+ 2003-05-30 07:00:02 797,184 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3dim700.dll
- 2002-12-11 22:14:32 284,160 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
+ 2004-07-09 02:27:28 292,864 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
- 2002-12-11 22:14:32 132,096 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\devenum.dll
+ 2003-05-30 07:00:02 132,608 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\devenum.dll
- 2002-12-11 22:14:32 171,520 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmime.dll
+ 2004-07-09 02:27:28 181,248 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmime.dll
- 2002-12-11 22:14:32 116,736 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmusic.dll
+ 2004-07-09 02:27:28 122,880 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmusic.dll
- 2002-12-11 22:14:32 217,600 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplayx.dll
+ 2004-07-09 02:27:28 230,400 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplayx.dll
- 2002-12-11 22:14:32 32,768 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhpast.dll
+ 2003-03-24 07:00:02 32,768 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhpast.dll
- 2002-12-11 22:14:32 68,096 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhupnp.dll
+ 2003-03-24 07:00:02 68,096 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhupnp.dll
- 2002-12-11 22:14:32 76,800 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpwsockx.dll
+ 2004-07-09 02:27:28 79,360 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpwsockx.dll
- 2002-12-11 22:14:32 355,328 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
+ 2004-07-09 02:27:28 381,952 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
- 2002-12-11 22:14:32 1,189,888 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx8vb.dll
+ 2003-05-30 07:00:02 1,189,888 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx8vb.dll
- 2002-12-11 22:14:32 937,984 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe
+ 2004-07-09 02:27:28 974,848 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe
- 2002-12-11 22:14:32 44,544 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
+ 2002-12-11 22:14:32 46,592 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
- 2002-12-11 22:14:32 311,808 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdv.dll
+ 2004-07-09 02:27:28 316,928 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdv.dll
- 2002-12-11 22:14:32 449,024 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdvd.dll
+ 2004-07-09 02:27:28 470,528 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdvd.dll
- 2002-12-11 22:14:32 1,962,496 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\quartz.dll
+ 2003-05-30 07:00:02 1,962,496 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\quartz.dll
- 2002-12-11 22:14:32 45,696 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\stream.sys
+ 2004-07-09 02:27:28 48,512 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\stream.sys
- 2002-12-04 00:03:54 11,392 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\bdasup.sys
+ 2004-07-09 02:26:38 11,392 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\bdasup.sys
- 2002-12-04 00:04:12 16,384 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ccdecode.sys
+ 2004-07-09 02:26:38 16,384 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ccdecode.sys
- 2002-12-06 21:55:36 15,104 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\mpe.sys
+ 2004-07-09 02:26:38 15,104 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\mpe.sys
- 2002-12-03 23:34:46 1,230,336 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msvidctl.dll
+ 2004-07-09 02:26:38 1,230,336 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msvidctl.dll
- 2002-12-04 00:04:20 16,896 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msyuv.dll
+ 2004-07-09 02:26:38 16,896 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msyuv.dll
- 2002-12-04 00:04:14 83,968 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\nabtsfec.sys
+ 2004-07-09 02:26:38 83,968 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\nabtsfec.sys
- 2002-12-06 21:56:36 10,112 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ndisip.sys
+ 2004-07-09 02:26:38 10,112 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ndisip.sys
- 2002-12-03 23:33:32 354,816 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\psisdecd.dll
+ 2004-07-09 02:26:40 354,816 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\psisdecd.dll
- 2002-12-04 00:03:56 10,880 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\slip.sys
+ 2004-07-09 02:26:40 10,880 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\slip.sys
- 2002-12-04 00:03:54 14,976 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\streamip.sys
+ 2004-07-09 02:26:40 14,976 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\streamip.sys
- 2002-12-04 00:04:12 18,688 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstcodec.sys
+ 2004-07-09 02:26:40 18,688 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstcodec.sys
- 2002-12-04 00:04:14 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstdecod.dll
+ 2004-07-09 02:26:40 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstdecod.dll
+ 2008-03-28 14:36:21 163,975 ----a-w C:\WINDOWS\Screen Recorder Uninstaller.exe
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2003-02-28 17:26:30 46,352 ----a-w C:\WINDOWS\setdebug.exe
- 2007-08-27 16:58:46 290,816 ------w C:\WINDOWS\Setup1.exe
+ 2008-03-20 15:43:51 253,952 ------w C:\WINDOWS\Setup1.exe
- 2007-08-27 16:58:43 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
+ 2008-03-20 15:43:46 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-08-28 14:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-28 14:00:00 73,680 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2001-08-28 14:00:00 25,280 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2001-08-28 14:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-08-28 14:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-28 14:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-28 14:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2001-08-28 14:00:00 4,096 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2001-08-28 14:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2001-08-28 14:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2002-08-29 11:45:20 132,608 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
+ 2001-04-16 14:39:02 397,312 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\AceLite.dll
+ 2001-09-05 12:10:34 1,138,688 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\Agm.dll
+ 2001-04-16 14:39:02 147,456 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\Bib.dll
+ 2001-10-26 11:41:22 1,441,792 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\CoolType.dll
+ 2001-03-14 12:10:56 299,059 ------w C:\WINDOWS\system32\Adobe\SVG Viewer\NPSVGVw.dll
+ 2001-03-14 12:14:00 491,574 ------w C:\WINDOWS\system32\Adobe\SVG Viewer\SVGControl.dll
+ 2001-03-14 12:36:56 12,288 ------w C:\WINDOWS\system32\Adobe\SVG Viewer\SVGRSRC.DLL
+ 2001-03-14 12:07:52 1,597,491 ------w C:\WINDOWS\system32\Adobe\SVG Viewer\SVGView.dll
+ 2005-02-24 10:10:10 2,084,864 ----a-w C:\WINDOWS\system32\AudDesign.dll
+ 2005-02-24 10:10:30 417,792 ----a-w C:\WINDOWS\system32\AudDisplay.dll
+ 2005-03-11 15:37:10 1,986,560 ----a-w C:\WINDOWS\system32\AudFile.dll
+ 2005-02-24 10:11:06 1,212,416 ----a-w C:\WINDOWS\system32\AudioInfos.dll
+ 2005-03-10 14:00:30 454,656 ----a-w C:\WINDOWS\system32\AudioRecord.dll
+ 2005-02-24 10:11:56 479,232 ----a-w C:\WINDOWS\system32\AudioVisu.dll
+ 2005-02-24 13:21:12 458,752 ----a-w C:\WINDOWS\system32\AudPlayer.dll
+ 2004-09-21 17:18:40 7,680 ----a-w C:\WINDOWS\system32\btinstall.dll
- 2002-08-29 11:45:10 49,182 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2003-02-28 17:26:26 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
- 1998-07-12 17:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
+ 2004-10-04 23:35:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
+ 2007-12-24 11:51:38 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
+ 2001-08-28 14:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2007-09-30 19:43:03 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-16 00:30:28 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-09-30 19:43:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-16 00:30:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-01 11:12:39 266,240 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2002-12-11 22:14:32 1,177,600 ----a-w C:\WINDOWS\system32\d3d8.dll
+ 2004-07-09 02:27:28 1,201,152 ----a-w C:\WINDOWS\system32\d3d8.dll
- 2002-12-11 22:14:32 1,634,304 ----a-w C:\WINDOWS\system32\d3d9.dll
+ 2004-07-09 02:27:28 1,703,936 ----a-w C:\WINDOWS\system32\d3d9.dll
- 2002-12-11 22:14:32 797,184 ----a-w C:\WINDOWS\system32\d3dim700.dll
+ 2003-05-30 07:00:02 797,184 ----a-w C:\WINDOWS\system32\d3dim700.dll
+ 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2002-08-29 12:18:54 1,740 ----a-w C:\WINDOWS\system32\Dcache.bin
- 2002-12-11 22:14:32 284,160 ----a-w C:\WINDOWS\system32\ddraw.dll
+ 2004-07-09 02:27:28 292,864 ----a-w C:\WINDOWS\system32\ddraw.dll
- 2002-12-11 22:14:32 132,096 ----a-w C:\WINDOWS\system32\devenum.dll
+ 2003-05-30 07:00:02 132,608 ----a-w C:\WINDOWS\system32\devenum.dll
+ 2004-07-09 02:26:38 11,392 -c--a-w C:\WINDOWS\system32\dllcache\bdasup.sys
+ 2004-07-09 02:26:38 16,384 -c--a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
- 2002-12-11 22:14:32 1,177,600 -c--a-w C:\WINDOWS\system32\dllcache\d3d8.dll
+ 2004-07-09 02:27:28 1,201,152 -c--a-w C:\WINDOWS\system32\dllcache\d3d8.dll
- 2002-12-11 22:14:32 797,184 -c--a-w C:\WINDOWS\system32\dllcache\d3dim700.dll
+ 2003-05-30 07:00:02 797,184 -c--a-w C:\WINDOWS\system32\dllcache\d3dim700.dll
- 2002-08-29 11:44:50 253,440 -c--a-w C:\WINDOWS\system32\dllcache\ddraw.dll
+ 2004-07-09 02:27:28 292,864 -c--a-w C:\WINDOWS\system32\dllcache\ddraw.dll
- 2001-08-28 14:00:00 51,712 -c--a-w C:\WINDOWS\system32\dllcache\devenum.dll
+ 2003-05-30 07:00:02 132,608 -c--a-w C:\WINDOWS\system32\dllcache\devenum.dll
- 2002-12-11 22:14:32 171,520 -c--a-w C:\WINDOWS\system32\dllcache\dmime.dll
+ 2004-07-09 02:27:28 181,248 -c--a-w C:\WINDOWS\system32\dllcache\dmime.dll
- 2002-12-11 22:14:32 116,736 -c--a-w C:\WINDOWS\system32\dllcache\dmusic.dll
+ 2004-07-09 02:27:28 122,880 -c--a-w C:\WINDOWS\system32\dllcache\dmusic.dll
- 2001-08-28 14:00:00 212,992 -c--a-w C:\WINDOWS\system32\dllcache\dplayx.dll
+ 2004-07-09 02:27:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\dplayx.dll
- 2002-12-11 22:14:32 32,768 -c--a-w C:\WINDOWS\system32\dllcache\dpnhpast.dll
+ 2003-03-24 07:00:02 32,768 -c--a-w C:\WINDOWS\system32\dllcache\dpnhpast.dll
- 2002-12-11 22:14:32 68,096 -c--a-w C:\WINDOWS\system32\dllcache\dpnhupnp.dll
+ 2003-03-24 07:00:02 68,096 -c--a-w C:\WINDOWS\system32\dllcache\dpnhupnp.dll
- 2002-12-11 22:14:32 76,800 -c--a-w C:\WINDOWS\system32\dllcache\dpwsockx.dll
+ 2004-07-09 02:27:28 79,360 -c--a-w C:\WINDOWS\system32\dllcache\dpwsockx.dll
- 2002-08-28 23:32:34 57,856 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2002-08-29 00:32:34 57,856 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2002-08-28 23:32:34 2,816 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
- 2001-08-28 14:00:00 338,944 -c--a-w C:\WINDOWS\system32\dllcache\dsound.dll
+ 2004-07-09 02:27:28 381,952 -c--a-w C:\WINDOWS\system32\dllcache\dsound.dll
- 2002-12-11 22:14:32 1,189,888 -c--a-w C:\WINDOWS\system32\dllcache\dx8vb.dll
+ 2003-05-30 07:00:02 1,189,888 -c--a-w C:\WINDOWS\system32\dllcache\dx8vb.dll
- 2002-12-11 22:14:32 937,984 -c--a-w C:\WINDOWS\system32\dllcache\dxdiag.exe
+ 2004-07-09 02:27:28 974,848 -c--a-w C:\WINDOWS\system32\dllcache\dxdiag.exe
+ 2001-08-23 16:47:06 45,568 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll
+ 2001-08-28 14:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-08-28 14:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-28 14:00:00 73,680 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-08-28 14:00:00 25,280 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-08-28 14:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-08-28 14:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2004-07-09 02:26:38 15,104 -c--a-w C:\WINDOWS\system32\dllcache\mpe.sys
+ 2004-07-09 02:26:38 52,096 -c--a-w C:\WINDOWS\system32\dllcache\msdv.sys
- 2002-08-29 11:44:52 1,225,216 -c--a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
+ 2004-07-09 02:26:38 1,230,336 -c--a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
+ 2004-07-09 02:26:38 16,896 -c--a-w C:\WINDOWS\system32\dllcache\msyuv.dll
+ 2004-07-09 02:26:38 83,968 -c--a-w C:\WINDOWS\system32\dllcache\nabtsfec.sys
+ 2004-07-09 02:26:38 10,112 -c--a-w C:\WINDOWS\system32\dllcache\ndisip.sys
+ 2001-08-28 14:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
- 2002-08-29 00:01:00 134,272 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2002-08-29 01:01:00 134,272 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2004-07-09 02:26:40 354,816 -c--a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
- 2002-12-11 22:14:32 311,808 -c--a-w C:\WINDOWS\system32\dllcache\qdv.dll
+ 2004-07-09 02:27:28 316,928 -c--a-w C:\WINDOWS\system32\dllcache\qdv.dll
- 2002-12-11 22:14:32 449,024 -c--a-w C:\WINDOWS\system32\dllcache\qdvd.dll
+ 2004-07-09 02:27:28 470,528 -c--a-w C:\WINDOWS\system32\dllcache\qdvd.dll
+ 2004-07-09 02:26:40 10,880 -c--a-w C:\WINDOWS\system32\dllcache\slip.sys
+ 2001-08-28 14:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
- 2002-12-11 22:14:32 45,696 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-07-09 02:27:28 48,512 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-07-09 02:26:40 14,976 -c--a-w C:\WINDOWS\system32\dllcache\streamip.sys
+ 2001-08-28 14:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
+ 2001-08-28 14:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
+ 2001-08-23 16:47:20 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll
+ 2002-08-29 00:32:32 56,832 -c--a-w C:\WINDOWS\system32\dllcache\usbaudio.sys
+ 2002-08-29 00:32:54 28,160 -c--a-w C:\WINDOWS\system32\dllcache\usbccgp.sys
+ 2002-08-29 00:50:02 24,960 -c--a-w C:\WINDOWS\system32\dllcache\usbprint.sys
+ 2002-08-28 23:48:52 14,208 -c--a-w C:\WINDOWS\system32\dllcache\usbscan.sys
- 2002-08-29 09:45:06 50,688 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2002-08-29 10:45:06 50,688 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2001-08-28 14:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2001-08-28 14:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
+ 2001-08-28 14:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2002-08-29 11:45:20 132,608 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
+ 2001-08-28 14:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-28 14:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2004-07-09 02:26:40 18,688 -c--a-w C:\WINDOWS\system32\dllcache\wstcodec.sys
- 2002-12-04 00:04:14 47,104 -c--a-w C:\WINDOWS\system32\dllcache\wstdecod.dll
+ 2004-07-09 02:26:40 47,104 -c--a-w C:\WINDOWS\system32\dllcache\wstdecod.dll
- 2002-12-11 22:14:32 171,520 ----a-w C:\WINDOWS\system32\dmime.dll
+ 2004-07-09 02:27:28 181,248 ----a-w C:\WINDOWS\system32\dmime.dll
- 2002-12-11 22:14:32 116,736 ----a-w C:\WINDOWS\system32\dmusic.dll
+ 2004-07-09 02:27:28 122,880 ----a-w C:\WINDOWS\system32\dmusic.dll
- 2002-12-11 22:14:32 217,600 ----a-w C:\WINDOWS\system32\dplayx.dll
+ 2004-07-09 02:27:28 230,400 ----a-w C:\WINDOWS\system32\dplayx.dll
- 2002-12-11 22:14:32 32,768 ----a-w C:\WINDOWS\system32\dpnhpast.dll
+ 2003-03-24 07:00:02 32,768 ----a-w C:\WINDOWS\system32\dpnhpast.dll
- 2002-12-11 22:14:32 68,096 ----a-w C:\WINDOWS\system32\dpnhupnp.dll
+ 2003-03-24 07:00:02 68,096 ----a-w C:\WINDOWS\system32\dpnhupnp.dll
- 2002-12-11 22:14:32 76,800 ----a-w C:\WINDOWS\system32\dpwsockx.dll
+ 2004-07-09 02:27:28 79,360 ----a-w C:\WINDOWS\system32\dpwsockx.dll
+ 2008-04-29 09:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
+ 2008-04-29 09:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
+ 2004-09-21 17:18:36 148,830 ----a-w C:\WINDOWS\system32\drivers\bcbthub.sys
- 2002-12-04 00:03:54 11,392 ----a-w C:\WINDOWS\system32\drivers\bdasup.sys
+ 2004-07-09 02:26:38 11,392 ----a-w C:\WINDOWS\system32\drivers\bdasup.sys
+ 2006-06-23 15:00:26 31,488 ----a-w C:\WINDOWS\system32\drivers\blueletaudio.sys
+ 2005-08-31 09:34:52 20,480 ----a-w C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
+ 2006-07-16 15:06:16 23,040 ----a-w C:\WINDOWS\system32\drivers\btcusb.sys
+ 2005-05-01 04:50:10 28,271 ----a-w C:\WINDOWS\system32\drivers\BTHidMgr.sys
+ 2006-01-19 12:31:34 10,068 ----a-w C:\WINDOWS\system32\drivers\BtNetDrv.sys
+ 2006-04-14 08:14:12 14,312 ----a-w C:\WINDOWS\system32\drivers\BTNetFilter.sys
- 2002-12-04 00:04:12 16,384 ----a-w C:\WINDOWS\system32\drivers\ccdecode.sys
+ 2004-07-09 02:26:38 16,384 ----a-w C:\WINDOWS\system32\drivers\ccdecode.sys
- 2002-08-28 23:32:34 57,856 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2002-08-29 00:32:34 57,856 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2002-08-28 23:32:34 2,816 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-09-21 17:18:36 116,021 ----a-w C:\WINDOWS\system32\drivers\fw203x.sys
- 2003-09-04 08:40:46 12,112 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
+ 2007-10-12 01:00:44 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
+ 2007-10-12 01:00:56 3,647,384 ----a-w C:\WINDOWS\system32\drivers\lvuvc.sys
+ 2007-10-12 01:01:08 23,832 ----a-w C:\WINDOWS\system32\drivers\lvuvcflt.sys
- 2002-12-06 21:55:36 15,104 ----a-w C:\WINDOWS\system32\drivers\mpe.sys
+ 2004-07-09 02:26:38 15,104 ----a-w C:\WINDOWS\system32\drivers\mpe.sys
- 2002-11-12 17:15:30 52,096 ----a-w C:\WINDOWS\system32\drivers\msdv.sys
+ 2004-07-09 02:26:38 52,096 ----a-w C:\WINDOWS\system32\drivers\msdv.sys
- 2002-12-04 00:04:14 83,968 ----a-w C:\WINDOWS\system32\drivers\nabtsfec.sys
+ 2004-07-09 02:26:38 83,968 ----a-w C:\WINDOWS\system32\drivers\nabtsfec.sys
- 2002-12-06 21:56:36 10,112 ----a-w C:\WINDOWS\system32\drivers\ndisip.sys
+ 2004-07-09 02:26:38 10,112 ----a-w C:\WINDOWS\system32\drivers\ndisip.sys
+ 2008-04-29 09:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2001-08-28 14:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2003-04-29 00:31:18 51,169 ----a-w C:\WINDOWS\system32\drivers\OXSER.SYS
- 2002-08-29 00:01:00 134,272 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2002-08-29 01:01:00 134,272 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2005-10-26 20:12:48 20,640 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2002-09-23 06:30:48 40,960 ----a-w C:\WINDOWS\system32\drivers\SCTray.exe
+ 2004-02-11 12:29:34 48,076 ----a-w C:\WINDOWS\system32\drivers\Sio9502k.sys
+ 2002-09-18 06:11:02 77,824 ----a-w C:\WINDOWS\system32\drivers\SioUi2k.dll
+ 2004-03-23 09:26:22 48,556 ----a-w C:\WINDOWS\system32\drivers\SktBt2k.sys
- 2002-12-04 00:03:56 10,880 ----a-w C:\WINDOWS\system32\drivers\slip.sys
+ 2004-07-09 02:26:40 10,880 ----a-w C:\WINDOWS\system32\drivers\slip.sys
+ 2007-12-24 11:30:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
+ 2005-08-30 00:47:38 58,320 ----a-w C:\WINDOWS\system32\drivers\ssm_bus.sys
+ 2005-08-30 00:49:28 6,176 ----a-w C:\WINDOWS\system32\drivers\ssm_cm.sys
+ 2005-08-30 00:49:28 6,176 ----a-w C:\WINDOWS\system32\drivers\ssm_cmnt.sys
+ 2005-08-30 00:49:34 8,336 ----a-w C:\WINDOWS\system32\drivers\ssm_mdfl.sys
+ 2005-08-30 00:49:38 94,000 ----a-w C:\WINDOWS\system32\drivers\ssm_mdm.sys
+ 2005-08-30 00:47:34 5,840 ----a-w C:\WINDOWS\system32\drivers\ssm_wh.sys
+ 2005-08-30 00:47:34 5,840 ----a-w C:\WINDOWS\system32\drivers\ssm_whnt.sys
- 2006-07-24 14:05:00 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
+ 2006-07-24 15:05:00 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
- 2002-12-11 22:14:32 45,696 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-07-09 02:27:28 48,512 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2002-12-04 00:03:54 14,976 ----a-w C:\WINDOWS\system32\drivers\streamip.sys
+ 2004-07-09 02:26:40 14,976 ----a-w C:\WINDOWS\system32\drivers\streamip.sys
+ 2002-08-29 00:32:32 56,832 ----a-w C:\WINDOWS\system32\drivers\USBAUDIO.sys
+ 2002-08-29 00:32:54 28,160 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2002-08-29 00:50:02 24,960 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
+ 2002-08-28 23:48:52 14,208 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
+ 2005-07-30 06:21:32 11,988 ----a-w C:\WINDOWS\system32\drivers\vbtenum.sys
+ 2004-10-19 12:37:38 61,312 ----a-w C:\WINDOWS\system32\drivers\VComm.sys
+ 2006-02-28 15:57:22 84,836 ----a-w C:\WINDOWS\system32\drivers\VcommMgr.sys
+ 2002-08-29 10:45:06 50,688 ----a-w C:\WINDOWS\system32\drivers\vfwwdm32.dll
+ 2005-07-29 15:21:48 11,736 ----a-w C:\WINDOWS\system32\drivers\VHIDMini.sys
+ 2003-07-04 01:58:34 63,488 ----a-w C:\WINDOWS\system32\drivers\wssbtr1f.sys
- 2002-12-04 00:04:12 18,688 ----a-w C:\WINDOWS\system32\drivers\wstcodec.sys
+ 2004-07-09 02:26:40 18,688 ----a-w C:\WINDOWS\system32\drivers\wstcodec.sys
- 2002-12-11 22:14:32 355,328 ----a-w C:\WINDOWS\system32\dsound.dll
+ 2004-07-09 02:27:28 381,952 ----a-w C:\WINDOWS\system32\dsound.dll
- 2002-08-29 11:44:50 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
+ 2003-02-28 15:34:42 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
- 2002-12-11 22:14:32 1,189,888 ----a-w C:\WINDOWS\system32\dx8vb.dll
+ 2003-05-30 07:00:02 1,189,888 ----a-w C:\WINDOWS\system32\dx8vb.dll
- 2002-12-11 22:14:32 937,984 ----a-w C:\WINDOWS\system32\dxdiag.exe
+ 2004-07-09 02:27:28 974,848 ----a-w C:\WINDOWS\system32\dxdiag.exe
- 2002-12-11 22:14:32 1,675,264 ----a-w C:\WINDOWS\system32\dxdiagn.dll
+ 2004-07-09 02:27:28 1,769,472 ----a-w C:\WINDOWS\system32\dxdiagn.dll
- 2002-12-11 22:14:32 44,544 ----a-w C:\WINDOWS\system32\dxdllreg.exe
+ 2005-09-28 13:35:48 63,696 ----a-w C:\WINDOWS\system32\dxdllreg.exe
+ 2004-09-10 20:12:28 49,152 ----a-w C:\WINDOWS\system32\E_DCINST.DLL
+ 2006-04-19 02:00:00 62,976 ----a-w C:\WINDOWS\system32\E_FD4BCEE.DLL
+ 2006-12-08 02:04:00 76,800 ----a-w C:\WINDOWS\system32\E_FLBCEE.DLL
+ 2000-06-06 23:01:00 34,304 ----a-w C:\WINDOWS\system32\EBPCHP.DLL
+ 2004-05-21 04:04:00 79,622 ----a-w C:\WINDOWS\system32\EBPMON24(2).DLL
+ 2004-05-21 04:04:00 79,622 ----a-w C:\WINDOWS\system32\EBPMON24(3).DLL
+ 2004-05-21 04:04:00 79,622 ----a-w C:\WINDOWS\system32\EBPMON24.DLL
+ 2003-05-21 00:27:00 64,000 ----a-w C:\WINDOWS\system32\ECBTEG.DLL
+ 2006-10-30 22:10:00 71,840 ----a-w C:\WINDOWS\system32\EPPicMgr.dll
+ 2004-03-03 04:10:00 26,154 ----a-w C:\WINDOWS\system32\EPPICPattern1.dat
+ 2004-03-03 04:10:00 27,417 ----a-w C:\WINDOWS\system32\EPPICPattern121.dat
+ 2004-03-03 04:10:00 31,053 ----a-w C:\WINDOWS\system32\EPPICPattern131.dat
+ 2004-03-03 04:10:00 20,148 ----a-w C:\WINDOWS\system32\EPPICPattern2.dat
+ 2004-03-03 04:10:00 24,903 ----a-w C:\WINDOWS\system32\EPPICPattern3.dat
+ 2004-03-03 04:10:00 11,811 ----a-w C:\WINDOWS\system32\EPPICPattern4.dat
+ 2004-03-03 04:10:00 21,390 ----a-w C:\WINDOWS\system32\EPPICPattern5.dat
+ 2004-03-03 04:10:00 4,943 ----a-w C:\WINDOWS\system32\EPPICPattern6.dat
+ 2005-05-31 22:20:00 111,932 ----a-w C:\WINDOWS\system32\EPPICPrinterDB.dat
+ 2006-10-30 22:10:00 120,992 ----a-w C:\WINDOWS\system32\EpPicPrt.dll
+ 2008-06-13 08:35:45 17,705 ----a-w C:\WINDOWS\system32\Epson\EST\ESTPTest\contents.dat
+ 2007-04-17 22:00:00 67,072 ----a-w C:\WINDOWS\system32\escwiad.dll
- 2007-10-02 08:58:25 116,560 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-16 01:31:43 114,176 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2002-11-09 13:47:56 10,752 ----a-w C:\WINDOWS\system32\hh.exe
- 1998-07-12 21:00:00 15,360 ----a-w C:\WINDOWS\system32\inetfr.DLL
+ 1998-07-12 23:00:00 15,360 ----a-w C:\WINDOWS\system32\InetFR.dll
- 2001-08-28 14:00:00 45,568 ----a-w C:\WINDOWS\system32\iyuv_32.dll
+ 2001-08-23 16:47:06 45,568 ----a-w C:\WINDOWS\system32\iyuv_32.dll
- 2002-08-29 11:44:52 186,911 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2003-02-28 17:26:16 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2003-02-28 17:26:18 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
- 2002-08-29 11:44:52 63,007 ----a-w C:\WINDOWS\system32\javaprxy.dll
+ 2003-02-28 17:26:18 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
- 2002-08-29 11:44:52 404,509 ----a-w C:\WINDOWS\system32\javart.dll
+ 2003-02-28 17:26:18 404,752 ----a-w C:\WINDOWS\system32\javart.dll
- 2002-08-29 11:45:10 14,878 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
+ 2003-02-28 17:26:30 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
- 2002-08-29 11:44:52 171,034 ----a-w C:\WINDOWS\system32\jit.dll
+ 2003-02-28 17:26:20 171,280 ----a-w C:\WINDOWS\system32\jit.dll
- 2002-08-29 11:45:10 172,060 ----a-w C:\WINDOWS\system32\jview.exe
+ 2003-02-28 17:26:30 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2001-08-28 14:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2003-08-07 13:01:50 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
+ 2001-08-28 14:00:00 224,448 ----a-w C:\WINDOWS\system32\lanman.drv
+ 2007-09-05 20:56:20 40,960 ----a-w C:\WINDOWS\system32\LedCommon.dll
+ 2004-05-14 15:53:08 57,344 ----a-w C:\WINDOWS\system32\lfbmp13n.dll
+ 2004-05-14 15:53:08 401,408 ----a-w C:\WINDOWS\system32\lfcmp13n.dll
+ 2003-11-04 14:10:40 69,632 ----a-w C:\WINDOWS\system32\lfgif13n.dll
- 2006-06-28 08:04:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
+ 2008-02-21 02:05:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
+ 2004-05-14 15:53:10 299,008 ----a-w C:\WINDOWS\system32\ltdis13n.dll
+ 2004-01-12 01:09:42 206,336 ----a-w C:\WINDOWS\system32\ltefx13n.dll
+ 2004-05-14 15:53:10 163,840 ----a-w C:\WINDOWS\system32\ltfil13n.dll
+ 2004-05-14 15:53:12 450,560 ----a-w C:\WINDOWS\system32\ltimg13n.dll
+ 2004-05-14 15:53:12 462,848 ----a-w C:\WINDOWS\system32\ltkrn13n.dll
+ 2007-10-12 00:57:42 195,096 ----a-w C:\WINDOWS\system32\lvci1150.dll
- 2003-09-04 08:46:54 172,032 ----a-w C:\WINDOWS\system32\lvcodec2.dll
+ 2007-10-12 00:57:30 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll
- 2003-09-04 08:47:06 122,880 ----a-w C:\WINDOWS\system32\LVUI2.dll
+ 2007-10-12 01:00:22 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
- 2003-09-04 08:47:10 360,448 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
+ 2007-10-12 01:00:34 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
+ 2001-08-28 14:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2007-08-07 12:37:56 53,248 ----a-w C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
+ 2007-08-07 16:20:44 182,248 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
+ 2005-08-27 11:38:58 128,648 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
+ 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-02-29 16:01:16 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-08-07 12:35:56 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2007-08-07 12:19:40 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2007-08-07 12:36:32 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-08-07 12:17:24 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
+ 2007-08-07 12:35:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2007-08-07 12:35:32 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-08-07 12:28:38 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-08-07 16:20:28 391,144 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020023.exe
+ 2007-08-07 12:37:56 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2007-08-07 12:35:18 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-08-07 12:37:58 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 1999-06-25 09:55:30 149,504 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
+ 2001-08-28 14:00:00 73,680 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2001-08-28 14:00:00 25,280 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2001-08-28 14:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2001-08-28 14:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2001-08-28 14:00:00 20,992 ----a-w C:\WINDOWS\system32\msacm32.drv
- 2002-08-29 11:44:52 154,140 ----a-w C:\WINDOWS\system32\msawt.dll
+ 2003-02-28 17:26:20 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
- 1998-07-12 21:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
+ 1998-07-12 23:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
+ 2002-08-29 11:45:20 184,320 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2002-08-29 10:45:20 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
- 2002-08-29 11:44:52 945,693 ----a-w C:\WINDOWS\system32\msjava.dll
+ 2003-02-28 17:26:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
- 2002-08-29 11:44:52 21,023 ----a-w C:\WINDOWS\system32\msjdbc10.dll
+ 2003-02-28 17:26:26 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
- 2004-02-23 17:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 18:42:40 1,386,496 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
+ 2007-11-05 22:14:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
- 2002-12-03 23:34:46 1,230,336 ----a-w C:\WINDOWS\system32\msvidctl.dll
+ 2004-07-09 02:26:38 1,230,336 ----a-w C:\WINDOWS\system32\msvidctl.dll
- 2002-12-04 00:04:20 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2004-07-09 02:26:38 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2001-08-28 14:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
- 2007-10-28 08:38:39 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-09 02:25:30 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 08:38:39 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-08-09 02:25:32 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-10-28 08:38:39 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-09 02:25:30 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-28 08:38:39 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-09 02:25:33 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2006-10-19 22:10:00 108,704 ----a-w C:\WINDOWS\system32\PICEntry.dll
+ 2006-10-19 22:10:00 80,024 ----a-w C:\WINDOWS\system32\PICSDK.dll
+ 2006-10-19 22:10:00 501,912 ----a-w C:\WINDOWS\system32\PICSDK2.dll
- 2002-12-03 23:33:32 354,816 ----a-w C:\WINDOWS\system32\psisdecd.dll
+ 2004-07-09 02:26:40 354,816 ----a-w C:\WINDOWS\system32\psisdecd.dll
- 2002-12-11 22:14:32 311,808 ----a-w C:\WINDOWS\system32\qdv.dll
+ 2004-07-09 02:27:28 316,928 ----a-w C:\WINDOWS\system32\qdv.dll
- 2002-12-11 22:14:32 449,024 ----a-w C:\WINDOWS\system32\qdvd.dll
+ 2004-07-09 02:27:28 470,528 ----a-w C:\WINDOWS\system32\qdvd.dll
+ 2001-08-23 15:47:52 22,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\wdmaud.drv
+ 2008-08-16 01:08:14 4,609,124 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2005-08-29 23:47:38 58,320 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_bus.sys
+ 2005-08-30 00:47:38 58,320 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_bus.sys
- 2005-08-29 23:49:28 6,176 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_cmnt.sys
+ 2005-08-30 00:49:28 6,176 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_cmnt.sys
- 2005-08-29 23:49:34 8,336 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdfl.sys
+ 2005-08-30 00:49:34 8,336 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdfl.sys
- 2005-08-29 23:49:38 94,000 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdm.sys
+ 2005-08-30 00:49:38 94,000 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdm.sys
- 2005-08-29 23:46:16 81,920 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2005-08-30 00:46:16 81,920 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
- 2005-08-29 23:47:34 5,840 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_whnt.sys
+ 2005-08-30 00:47:34 5,840 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_whnt.sys
- 2005-12-22 10:24:50 80,272 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdbus.sys
+ 2005-12-22 11:24:50 80,272 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdbus.sys
- 2005-12-22 10:24:52 11,877 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdcmnt.sys
+ 2005-12-22 11:24:52 11,877 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdcmnt.sys
- 2005-12-22 10:24:52 10,864 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdfl.sys
+ 2005-12-22 11:24:52 10,864 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdfl.sys
- 2005-12-22 10:24:52 137,884 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdm.sys
+ 2005-12-22 11:24:52 137,884 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdm.sys
- 2005-12-22 10:24:52 108,003 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdserd.sys
+ 2005-12-22 11:24:52 108,003 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdserd.sys
- 2005-12-22 10:24:52 65,536 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2005-12-22 11:24:52 65,536 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
- 2005-12-22 10:24:54 11,188 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdwhnt.sys
+ 2005-12-22 11:24:54 11,188 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdwhnt.sys
- 2006-07-21 10:12:56 66,672 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdbus.sys
+ 2006-07-21 11:12:56 66,672 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdbus.sys
- 2006-07-21 10:15:26 6,208 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdcmnt.sys
+ 2006-07-21 11:15:26 6,208 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdcmnt.sys
- 2006-07-21 10:13:48 9,232 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdfl.sys
+ 2006-07-21 11:13:48 9,232 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdfl.sys
- 2006-07-21 10:13:52 100,304 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdm.sys
+ 2006-07-21 11:13:52 100,304 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdm.sys
- 2006-07-21 10:14:40 91,744 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmgmt.sys
+ 2006-07-21 11:14:40 91,744 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmgmt.sys
- 2006-07-21 10:15:28 89,584 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdobex.sys
+ 2006-07-21 11:15:28 89,584 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdobex.sys
- 2006-07-21 10:15:56 53,760 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
+ 2006-07-21 11:15:56 53,760 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
- 2006-07-21 10:12:52 5,872 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdwhnt.sys
+ 2006-07-21 11:12:52 5,872 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdwhnt.sys
- 2007-01-07 16:10:28 66,880 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcbus.sys
+ 2007-01-07 17:10:28 66,880 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcbus.sys
- 2007-01-07 16:11:16 6,272 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbccmnt.sys
+ 2007-01-07 17:11:16 6,272 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbccmnt.sys
- 2007-01-07 16:11:18 9,360 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdfl.sys
+ 2007-01-07 17:11:18 9,360 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdfl.sys
- 2007-01-07 16:11:22 100,864 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdm.sys
+ 2007-01-07 17:11:22 100,864 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdm.sys
- 2007-01-07 16:11:48 55,296 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
+ 2007-01-07 17:11:48 55,296 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
- 2007-01-07 16:10:24 5,936 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcwhnt.sys
+ 2007-01-07 17:10:24 5,936 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcwhnt.sys
+ 2001-08-28 14:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2004-06-01 02:00:00 315,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DCON02.DLL
+ 2004-07-02 03:00:00 55,779 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DDSP13.DLL
+ 2003-05-08 02:00:00 118,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DHMM11.DLL
+ 2003-05-08 02:00:00 199,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DHT303.DLL
+ 2003-12-17 00:03:00 1,086,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DI08RE.DLL
+ 2004-07-13 02:00:00 403,968 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DJB306.DLL
+ 2004-01-19 03:00:00 68,362 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DMAI16.DLL
+ 2004-01-29 02:00:00 145,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DPPE03.EXE
+ 2004-03-31 02:00:00 509,952 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DPUI03.DLL
+ 2003-11-28 02:00:00 1,556,480 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DS80RE.DLL
+ 2004-06-30 03:00:00 407,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DU18RE.DLL
+ 2003-11-04 02:00:00 85,504 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUMWC2.DLL
+ 2007-02-02 18:57:42 202,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA20.EXE
+ 2007-02-14 02:00:02 7,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA2E.DLL
+ 2007-02-26 06:00:00 397,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FABRCEE.DLL
+ 2007-02-15 06:00:00 3,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIFCEE.DAT
+ 2007-01-22 01:02:00 138,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIRCEE.DLL
+ 2007-03-09 05:01:00 173,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTCEE.EXE
+ 2007-04-12 06:00:00 677,888 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAPRCEE.DLL
+ 2007-03-12 05:01:00 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNCEE.EXE
+ 2006-11-13 05:00:00 129,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASKCEE.DLL
+ 2007-03-06 01:01:00 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASOCEE.DLL
+ 2007-04-16 06:03:00 74,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASRCEE.DLL
+ 2007-04-12 06:00:00 182,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICEE.EXE
+ 2006-11-13 01:00:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAUDCEE.DLL
+ 2007-02-21 06:01:00 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBA6CEE.DLL
+ 2006-11-30 05:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBAPCEE.DLL
+ 2006-11-16 01:01:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBCSCEE.EXE
+ 2007-01-30 06:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBL6CEE.DLL
+ 2006-11-13 04:00:00 458,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FCONCEE.DLL
+ 2007-04-10 05:00:00 71,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FDSPCEE.DLL
+ 2007-02-26 01:01:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FGEPCEE.DLL
+ 2006-09-21 03:04:00 18,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FGRCCEE.DLL
+ 2007-03-30 01:00:00 504,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHBRCEE.DLL
+ 2007-01-18 04:20:00 328,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHM0CEE.DLL
+ 2007-03-30 01:03:00 39,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHSRCEE.DLL
+ 2007-02-13 04:20:00 104,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHT0CEE.DLL
+ 2007-03-30 10:06:00 218,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTCEE.DLL
+ 2007-03-30 10:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTCEE.EXE
+ 2007-04-05 04:00:00 561,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FJBCCEE.DLL
+ 2007-01-22 05:00:00 119,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMAICEE.DLL
+ 2007-03-23 04:20:00 48,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMW0CEE.DLL
+ 2006-12-13 14:55:34 536,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FOKACEE.DLL
+ 2006-10-31 04:00:00 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRECEE.EXE
+ 2007-01-23 04:00:00 626,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRUCEE.DLL
+ 2007-03-30 04:20:00 1,480,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FSR0CEE.DLL
+ 2007-01-22 07:01:00 740,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUI1CEE.DLL
+ 2007-03-15 06:00:00 1,187,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUICCEE.DLL
+ 2007-04-04 06:03:00 8,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUIPCEE.DLL
+ 2007-03-13 07:03:00 201,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUIRCEE.DLL
+ 2003-11-24 23:00:00 1,063,424 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_H490R2.DLL
+ 2003-12-17 23:00:00 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_H4E0R2.DLL
+ 2004-02-19 00:03:00 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S00RP2.EXE
+ 2007-01-11 04:02:00 113,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S40RP7.EXE
+ 2006-11-30 05:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBAPI4.DLL
+ 2007-01-30 06:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBPBIDI.DLL
+ 2004-05-21 03:03:00 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBPLPT4.DLL
+ 2003-11-11 23:02:00 81,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBPSHRE4.DLL
+ 2002-07-16 02:00:00 29,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPIBSR30.EXE
+ 2004-04-27 00:01:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPIPGI20.DLL
+ 2007-03-06 03:09:00 296,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPSET32.DLL
+ 2005-04-06 00:01:00 6,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.DAT
+ 2007-02-26 06:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
+ 2003-10-08 05:01:04 219,136 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUTIX25.DLL
+ 2003-10-08 05:01:04 38,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUTIX25.EXE
+ 2004-04-29 23:07:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE
+ 2004-06-01 02:00:00 315,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DCON02.DLL
+ 2004-07-02 03:00:00 55,779 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DDSP13.DLL
+ 2003-05-08 02:00:00 118,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DHMM11.DLL
+ 2003-05-08 02:00:00 199,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DHT303.DLL
+ 2003-12-17 00:03:00 1,086,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DI08RE.DLL
+ 2004-07-13 02:00:00 403,968 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DJB306.DLL
+ 2004-01-19 03:00:00 68,362 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DMAI16.DLL
+ 2004-01-29 02:00:00 145,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DPPE03.EXE
+ 2004-03-31 02:00:00 509,952 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DPUI03.DLL
+ 2003-11-28 02:00:00 1,556,480 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DS80RE.DLL
+ 2004-06-30 03:00:00 407,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DU18RE.DLL
+ 2003-11-04 02:00:00 85,504 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_DUMWC2.DLL
+ 2003-11-24 23:00:00 1,063,424 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_H490R2.DLL
+ 2003-12-17 23:00:00 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_H4E0R2.DLL
+ 2004-02-19 00:03:00 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\E_S00RP2.EXE
+ 2004-04-26 03:01:00 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EBAPI4.DLL
+ 2004-05-21 03:03:00 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EBPLPT4.DLL
+ 2003-11-11 23:02:00 81,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EBPSHRE4.DLL
+ 2002-07-16 02:00:00 29,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EPIBSR30.EXE
+ 2004-04-27 00:01:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EPIPGI20.DLL
+ 2003-02-19 23:08:00 54,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EPSET32.DLL
+ 2003-11-17 22:00:00 6,390 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EPUPDATE.DAT
+ 2004-04-09 04:06:00 708,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EPUPDATE.EXE
+ 2003-10-08 05:01:04 219,136 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EPUTIX25.DLL
+ 2003-10-08 05:01:04 38,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\EPUTIX25.EXE
+ 2004-04-29 23:07:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c869acc\SAGENT4.EXE
+ 2007-02-02 18:57:42 202,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_DUPA20.EXE
+ 2007-02-14 02:00:02 7,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_DUPA2E.DLL
+ 2007-02-26 06:00:00 397,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FABRCEE.DLL
+ 2007-02-15 06:00:00 3,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAIFCEE.DAT
+ 2007-01-22 01:02:00 138,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAIRCEE.DLL
+ 2007-03-09 05:01:00 173,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAMTCEE.EXE
+ 2007-04-12 06:00:00 677,888 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAPRCEE.DLL
+ 2007-03-12 05:01:00 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FARNCEE.EXE
+ 2006-11-13 05:00:00 129,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FASKCEE.DLL
+ 2007-03-06 01:01:00 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FASOCEE.DLL
+ 2007-04-16 06:03:00 74,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FASRCEE.DLL
+ 2007-04-12 06:00:00 182,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FATICEE.EXE
+ 2006-11-13 01:00:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAUDCEE.DLL
+ 2007-02-21 06:01:00 32,768 ---

| Alerter

Répondre à Ronnie25

Ronnie25

16 Août 2008 10:24:00

.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-04 23:57 98304]
"SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [2007-10-09 12:55 665600]
"ZSScheduler"="C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll" [2006-04-07 15:04 77870]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 13:45 13312]

C:\Documents and Settings\Réda\Menu Démarrer\Programmes\Démarrage\
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-06-23 19:52:33 4561920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
2008-08-07 23:37 32256 C:\WINDOWS\system32\winrkp32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\System32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKLM-Run-686484a6 - C:\WINDOWS\System32\gokyaaqp.dll
HKLM-Run-BM6b57b73a - C:\WINDOWS\System32\lwlrbqjq.dll
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Réda\Application Data\Mozilla\Firefox\Profiles\468qjksu.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 12:01:36
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\winrkp32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-16 12:09:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 10:09:03
ComboFix2.txt 2007-11-05 22:11:17

Pre-Run: 54,052,085,760 octets libres
Post-Run: 54,008,786,944 octets libres

976 --- E O F --- 2008-06-12 07:33:47

| Alerter

Répondre à Ronnie25

Ronnie25

16 Août 2008 10:35:05

Ainsi que le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:31, on 16/08/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Réda\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [ZSScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5464 bytes

J'espere que cette fois ça sera bon

| Alerter

Répondre à Ronnie25

Egwene

16 Août 2008 20:51:11

Bonjour,

Reste avec moi, il y a encore du travail à faire avec cette machine !

Tu es infecté(e) par "Vundo", entre autre. Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.
Plus d'informations disponibles en cliquant sur le lien suivant : Cracks / P2P

On commence par ça :

Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

Citation :

File::
C:\WINDOWS\system32\winrkp32.dll
C:\tubecodec.exe
C:\directx.exe
C:\wmcodec_update.exe

FileLook::
C:\WINDOWS\system32\wbt.inf
C:\WINDOWS\system32\drivers\wnmsav.dat

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]

=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.

| Alerter

Répondre à Egwene

Lassé par la pub ? Créez un compte

Répondre Créer un nouveau sujet

Contenus similaires :

Tom's guide dans le monde