Virus C:\WINDOWS\system32\wowfx.dll - 08.php
Forum Sécurité - Virus : Virus C:\WINDOWS\system32\wowfx.dll - 08.php
Bonjour,
Voila depuis que j'ai installer SP3 (hier) je trouvais que mon pc etait plus lent
Ensuite aujourd'hui avast a détecter une voler de virus après l'instalation de prog telecharger, Les fichiers infecter était principalement situer dans les dossiers temps et pchealdcenter. J'ai donc passer un scan minutieux avec avast qui a détecter 1 virus que j'ai virer. Puis peut de temps après une fenêtre cmd s'ouvre. Allor je regarde dans le gestionnaire des taches est je voie 5 fichier nommer 08.php, c'est 5 fichier exécuter 5 fenêtre cmd une fois c fenêtre exécuter les 10 taches en question ce quitte et mon PC ramer encore plus.
Je mes mon livecd de linux dans mon lecteur pour faire des sauvegardes est virer les fichier douteux manuellement, mais malheureusement linux m'informe qu'il ne peut pas monter les disques puisqu'il sont déjà en lecture oO hors le DD n'étais pas monter.
Au redemarage de l'ordi l'erreur suivante est apparue :
C:windowssystem32wowfx.dll Is Not A Valid Windows Image
Et sa a chaque lancement de programme
Le vrai nom du fichier 08.php => 08.PHP-29ACBB8B.pf
Ce fichier etait placer dans le dossier Prefetch de windows que j'ai suprimmer par la suite
#####################################################################
Voici mon log de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:39, on 25/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C
rogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesGizmo5mDNSResponder.exe
Crogram FilesFichiers communsInterVideoDeviceServiceDevSvc.exe
C:WINDOWSSystem32CTsvcCDA.EXE
Crogram FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32Wacom_Tablet.exe
Crogram FilesFichiers communsUlead SystemsDVDULCDRSvr.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSsystem32Wacom_Tablet.exe
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
Crogram FilesCreativeShareDLLCtNotify.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32rundll32.exe
Crogram FilesD-LinkAirPlus XtremeG DWL-G520AirPlusCFG.exe
Crogram FilesANIANIWZCS2 ServiceWZCSLDR2.exe
Crogram FilesJavajre1.6.0_07binjusched.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesCreativeShareDLLMediaDet.Exe
Crogram FilesFichiers communsAheadlibNMBgMonitor.exe
C:WINDOWSsystem32ctfmon.exe
C:wampwampmanager.exe
c:wampbinapacheapache2.2.8binhttpd.exe
c:wampbinmysqlmysql5.0.51bbinmysqld-nt.exe
C:wampbinapacheapache2.2.8binhttpd.exe
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = file:///D
Documents/Bookmarker/index.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesFichiers communsAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - Crogram FilesFlashGetjccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_07binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A0B0A6D-F9E4-E432-2E58-287EEC2151A4} - (no file)
O2 - BHO: (no name) - {BD0356BC-A6DC-40F4-983B-981E7A71654C} - C:WINDOWSsystem32browse.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - Crogram FilesFlashGetgetflash.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [ATIPTA] Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdreg.exe
O4 - HKLM..Run: [avast!] CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [D-Link AirPlus XtremeG DWL-G520] Crogram FilesD-LinkAirPlus XtremeG DWL-G520AirPlusCFG.exe
O4 - HKLM..Run: [ANIWZCS2Service] Crogram FilesANIANIWZCS2 ServiceWZCSLDR2.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesFichiers communsAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - AppInit_DLLs: C:WINDOWSsystem32wowfx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesFichiers communsAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:Program FilesANIANIWZCS2 ServiceANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:Program FilesGizmo5mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:Program FilesFichiers communsInterVideoDeviceServiceDevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSSystem32CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesFichiers communsMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:WINDOWSsystem32Wacom_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:Program FilesFichiers communsUlead SystemsDVDULCDRSvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:wampbinapacheapache2.2.8binhttpd.exe
O23 - Service: wampmysqld - Unknown owner - c:wampbinmysqlmysql5.0.51bbinmysqld-nt.exe
--
End of file - 9195 bytes
####################################################################
Voici le log d'avast :
29/03/2008 14:17:23 SYSTEM 1624 Sign of "Win32:AirCrack [Tool]" has been found in "C:Program FilesCrackWepPackwinaircrackpackaircrack.exe" file.
30/03/2008 18:57:20 Sebastien 2216 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
30/03/2008 23:45:43 SYSTEM 1400 Sign of "Win32:AirCrack [Tool]" has been found in "C:CrackWepPackwinaircrackpackaircrack.exe" file.
31/03/2008 01:21:52 SYSTEM 1400 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
31/03/2008 01:21:53 SYSTEM 1400 An error has occured while attempting to update. Please check the logs.
02/04/2008 12:59:31 Sebastien 2696 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/04/2008 00:33:52 SYSTEM 1536 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/04/2008 00:33:52 SYSTEM 1536 An error has occured while attempting to update. Please check the logs.
08/04/2008 13:08:52 SYSTEM 1548 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/04/2008 13:08:52 SYSTEM 1548 An error has occured while attempting to update. Please check the logs.
09/04/2008 11:39:01 SYSTEM 1520 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
09/04/2008 11:39:01 SYSTEM 1520 An error has occured while attempting to update. Please check the logs.
09/04/2008 21:47:58 SYSTEM 1520 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
09/04/2008 21:47:59 SYSTEM 1520 An error has occured while attempting to update. Please check the logs.
10/04/2008 11:05:30 SYSTEM 1520 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/04/2008 11:05:31 SYSTEM 1520 An error has occured while attempting to update. Please check the logs.
13/04/2008 09:57:32 SYSTEM 1656 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
13/04/2008 09:58:09 SYSTEM 1656 An error has occured while attempting to update. Please check the logs.
13/04/2008 19:55:39 SYSTEM 1416 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
13/04/2008 19:55:39 SYSTEM 1416 An error has occured while attempting to update. Please check the logs.
20/04/2008 02:56:38 SYSTEM 1652 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
20/04/2008 02:56:38 SYSTEM 1652 An error has occured while attempting to update. Please check the logs.
26/04/2008 22:36:55 SYSTEM 1708 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: \Mathieubureautexte.bat (\Mathieubureautexte.bat) returning error, 00000005.
26/04/2008 23:21:57 SYSTEM 1708 Sign of "Win32:Trojan-gen {VC}" has been found in "I:Autres DocumentsAlexAdobe CS3Keygen Photoshop CS3 Extended.exe" file.
05/05/2008 06:43:42 SYSTEM 1756 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/05/2008 06:43:44 SYSTEM 1756 An error has occured while attempting to update. Please check the logs.
10/05/2008 01:23:48 SYSTEM 1792 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/05/2008 01:23:48 SYSTEM 1792 An error has occured while attempting to update. Please check the logs.
13/05/2008 00:45:50 SYSTEM 1756 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
13/05/2008 00:45:51 SYSTEM 1756 An error has occured while attempting to update. Please check the logs.
17/06/2008 21:41:25 SYSTEM 2024 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
18/06/2008 13:01:36 SYSTEM 1748 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
20/06/2008 19:18:01 SYSTEM 2028 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://ftp.heanet.ie/mirrors/backtrack/bt3-final.iso (C:WINDOWSTEMP_avast4_unp818301.tmp) returning error, 00000084.
20/06/2008 19:20:34 SYSTEM 2028 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://mirror.switch.ch/ftp/mirror [...] -final.iso (C:WINDOWSTEMP_avast4_unp57775795.tmp) returning error, 00000084.
20/06/2008 19:22:44 SYSTEM 2028 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://backtrack3.evdohacker.com/bt3-final.iso (C:WINDOWSTEMP_avast4_unp226210708.tmp) returning error, 00000084.
20/06/2008 19:36:25 SYSTEM 2028 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://ftp.cc.uoc.gr/mirrors/linux [...] -final.iso (C:WINDOWSTEMP_avast4_unp195579821.tmp) returning error, 00000084.
21/06/2008 10:29:18 SYSTEM 2028 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
30/06/2008 11:08:04 SYSTEM 1844 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
02/07/2008 15:01:37 SYSTEM 1852 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/07/2008 00:28:53 SYSTEM 2020 Sign of "Win32:Trojan-gen {Other}" has been found in "C:WINDOWSsystem32_ProxyM.dll" file.
10/07/2008 00:29:10 SYSTEM 2020 Sign of "Win32:Trojan-gen {Other}" has been found in "C:WINDOWSsystem32_Proxy.dll" file.
15/07/2008 21:38:59 SYSTEM 1532 Sign of "Win32:Trojan-gen {Other}" has been found in "C:Program FilesBitLordDownloadsCommView For WiFi v6.0 Build.585 VoIPcrackCV.exe" file.
18/07/2008 21:03:30 SYSTEM 1636 Sign of "Win32:Trojan-gen {Other}" has been found in "D:THAWTony Hawk's American WastelandGamedatasoundspakr.exe" file.
22/07/2008 01:29:59 SYSTEM 1604 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
22/07/2008 18:26:09 SYSTEM 1604 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
22/07/2008 19:44:48 SYSTEM 1580 Function setifaceUpdateFiles() has failed. Return code is 0x20000011, dwRes is 20000011.
22/07/2008 19:44:48 SYSTEM 1580 An error has occured while attempting to update. Please check the logs.
24/07/2008 13:44:45 SYSTEM 1580 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
24/07/2008 13:44:45 SYSTEM 1580 An error has occured while attempting to update. Please check the logs.
24/07/2008 22:12:37 SYSTEM 1580 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://data.####.fr/swf/client.swf?v=3 (C:WINDOWSTEMP_avast4_unp201815051.tmp) returning error, 0000A413.
28/07/2008 01:42:27 SYSTEM 1544 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
28/07/2008 01:42:28 SYSTEM 1544 An error has occured while attempting to update. Please check the logs.
31/07/2008 18:23:36 SYSTEM 1532 Sign of "Win32:PolyCrypt-ASO [Trj]" has been found in "http://underground54.serveurperso.com/telecharger/brutus-aet2.zipBrutusA2.exe" file.
31/07/2008 18:25:22 SYSTEM 1532 Sign of "Win32:Trojan-gen {Other}" has been found in "http://underground54.serveurperso.com/telecharger/john-16w.zipjohn-16runjohn.exe" file.
03/08/2008 12:36:20 SYSTEM 1532 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
03/08/2008 16:27:16 SYSTEM 1812 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/08/2008 04:04:57 SYSTEM 1812 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/08/2008 14:10:09 SYSTEM 1812 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/08/2008 18:16:29 SYSTEM 1812 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/08/2008 22:26:28 SYSTEM 1812 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/08/2008 22:26:28 SYSTEM 1812 An error has occured while attempting to update. Please check the logs.
05/08/2008 09:16:53 SYSTEM 1812 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/08/2008 09:42:44 SYSTEM 1812 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/08/2008 09:44:45 SYSTEM 1812 An error has occured while attempting to update. Please check the logs.
06/08/2008 18:31:58 SYSTEM 1508 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
06/08/2008 18:31:59 SYSTEM 1508 An error has occured while attempting to update. Please check the logs.
07/08/2008 17:05:02 SYSTEM 1508 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
07/08/2008 17:05:06 SYSTEM 1508 An error has occured while attempting to update. Please check the logs.
08/08/2008 01:25:47 SYSTEM 1508 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/08/2008 05:54:25 SYSTEM 1508 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/08/2008 14:04:17 SYSTEM 1508 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/08/2008 22:26:49 SYSTEM 1508 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/08/2008 22:26:50 SYSTEM 1508 An error has occured while attempting to update. Please check the logs.
09/08/2008 18:32:51 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
09/08/2008 18:32:55 SYSTEM 1860 An error has occured while attempting to update. Please check the logs.
09/08/2008 22:51:16 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
09/08/2008 22:53:13 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
09/08/2008 22:53:15 SYSTEM 1860 An error has occured while attempting to update. Please check the logs.
11/08/2008 10:26:41 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
11/08/2008 18:58:41 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
13/08/2008 02:54:51 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
14/08/2008 03:18:47 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
14/08/2008 07:22:31 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
25/08/2008 10:07:44 Sebastien 1912 Sign of "Win32:Trojan-gen {Other}" has been found in "C
ocuments and SettingsSebastienLocal SettingsTemporary Internet FilesContent.IE56TRXYM3Kcodec.v.1.0[1].exe" file.
25/08/2008 10:08:09 Sebastien 1912 Sign of "Win32:Trojan-gen {Other}" has been found in "COCUME~1SEBAST~1LOCALS~1Temp79_003.exe" file.
25/08/2008 10:08:26 Sebastien 1912 Sign of "BV:Vapsup-A" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2install.bat" file.
25/08/2008 10:08:35 Sebastien 1912 Sign of "Win32:Trojan-gen {Other}" has been found in "C:Program FilesPCHealthCenter7.exe" file.
25/08/2008 10:08:50 Sebastien 1912 Sign of "Win32:Trojan-gen {Other}" has been found in "COCUME~1SEBAST~1LOCALS~1Tempnsj69.tmpcodec.v.1.0.20164.exe" file.
25/08/2008 10:08:55 Sebastien 1912 Sign of "Win32:Vapsup-EB [Adw]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2rodqgpvlkoa.dll" file.
25/08/2008 10:15:14 Sebastien 1912 Sign of "BV:Vapsup-A" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2install.bat" file.
25/08/2008 10:15:21 Sebastien 1912 Sign of "Win32:Trojan-gen {Other}" has been found in "C:Program FilesPCHealthCenter�.exe" file.
25/08/2008 10:15:29 Sebastien 1912 Sign of "BV:Vapsup-A" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2install.bat" file.
25/08/2008 10:16:59 Sebastien 1912 Sign of "BV:Vapsup-A" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2install.bat" file.
25/08/2008 10:17:13 Sebastien 1912 Sign of "BV:Vapsup-A" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2install.bat" file.
25/08/2008 10:17:20 Sebastien 1912 Sign of "Win32:Trojan-gen {Other}" has been found in "COCUME~1SEBAST~1LOCALS~1Tempsmchk.exe" file.
25/08/2008 10:17:22 Sebastien 1912 Sign of "Win32:Agent-LTS [Trj]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2pdoskegl.dll" file.
25/08/2008 10:17:28 Sebastien 1912 Sign of "Win32:Vapsup-EB [Adw]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2rodqgpvlkoa.dll" file.
25/08/2008 10:19:05 Sebastien 1912 Sign of "Win32:Vapsup-EB [Adw]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2rodqgpvlkoa.dll" file.
25/08/2008 10:19:23 Sebastien 1912 Sign of "Win32:Vapsup-EB [Adw]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2rodqgpvlkoa.dll" file.
25/08/2008 11:07:36 Sebastien 2512 Sign of "Win32:Trojan-gen {Other}" has been found in "Cocuments and SettingsSebastienLocal SettingsTemporary Internet FilesContent.IE54SVUPYUKcntr[1].gif" file.
25/08/2008 19:50:56 SYSTEM 1904 Sign of "Win32:Trojan-gen {Other}" has been found in "COCUME~1SEBAST~1LOCALS~1TempBIT3.tmp" file.
25/08/2008 19:52:27 SYSTEM 1904 Sign of "Win32:Agent-LTS [Trj]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2pdoskegl.dll" file.
25/08/2008 19:53:57 SYSTEM 1904 Sign of "Win32:Trojan-gen {Other}" has been found in "C:Program FilesPCHealthCenter7.exe" file.
25/08/2008 19:55:27 SYSTEM 1904 Sign of "Win32:Agent-LTS [Trj]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2pdoskegl.dll" file.
25/08/2008 19:56:57 SYSTEM 1904 Sign of "Win32:Vapsup-EB [Adw]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2rodqgpvlndk.dll" file.
25/08/2008 19:58:27 SYSTEM 1904 Sign of "Win32:Vapsup-EB [Adw]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2rodqgpvlndk.dll" file.
25/08/2008 19:59:57 SYSTEM 1904 Sign of "Win32:Vapsup-EB [Adw]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2rodqgpvlndk.dll" file.
25/08/2008 20:01:27 SYSTEM 1904 Sign of "Win32:Agent-LTS [Trj]" has been found in "COCUME~1SEBAST~1LOCALS~1Tempac8zt2pdoskegl.dll" file.
25/08/2008 20:02:57 SYSTEM 1904 Sign of "Win32:Trojan-gen {Other}" has been found in "Cocuments and SettingsSebastienLocal SettingsTemporary Internet FilesContent.IE5J9GYZD8Acntr[1].gif" file.
25/08/2008 20:04:27 SYSTEM 1904 Sign of "Win32:Trojan-gen {Other}" has been found in "C:Program FilesPCHealthCenter�.exe" file.
25/08/2008 20:05:59 SYSTEM 1904 Sign of "Win32:Trojan-gen {Other}" has been found in "COCUME~1SEBAST~1LOCALS~1Tempsmchk.exe" file.
25/08/2008 20:07:27 SYSTEM 1904 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:Program FilesPCHealthCenter3.exe" file.
25/08/2008 20:39:15 SYSTEM 1696 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
Merci par avance
Après avoir regarder quelque message sur le forum j'ai effectuer les operation suivante :
1/ Rapport SDFIX :
System Report
*************
Run on 25/08/2008 at 22:22
Microsoft Windows XP [version 5.1.2600]
Current user is an administrator
Running Processes:
\SystemRoot\System32\smss.exe [180]
\??\C:\WINDOWS\system32\csrss.exe [228]
\??\C:\WINDOWS\system32\winlogon.exe [252]
C:\WINDOWS\system32\services.exe [296]
C:\WINDOWS\system32\lsass.exe [308]
C:\WINDOWS\system32\svchost.exe [472]
C:\WINDOWS\system32\svchost.exe [552]
C:\WINDOWS\system32\devldr32.exe [560]
C:\WINDOWS\system32\svchost.exe [620]
C:\WINDOWS\system32\ctfmon.exe [1340]
C:\Program Files\Mozilla Firefox\firefox.exe [1496]
C:\WINDOWS\explorer.exe [1840]
C:\WINDOWS\system32\devldr32.exe [1164]
C:\WINDOWS\system32\devldr32.exe [1184]
C:\WINDOWS\system32\devldr32.exe [1176]
C:\WINDOWS\system32\devldr32.exe [1196]
Drivers - Running:
ACPI
atapi
Beep
Cdfs
Cdrom
Disk
Fdc
FltMgr
Ftdisk
HidUsb
i8042prt
Imapi
isapnp
Kbdclass
kbdhid
KSecDD
Mouclass
mouhid
MountMgr
Msfs
mssmbios
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
redbook
sfdrv01
sfhlp02
sfvfs02
sptd
sr
swenum
TermDD
Update
usbehci
usbhub
usbuhci
VgaSave
viaagp
viaagp1
ViaIde
VIAPFD
VolSnap
wacommousefilter
wacomvhid
WacomVKHid
Drivers - Stopped:
A3AB
Aavmker4
Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
AFD
Aha154x
aic78u2
aic78xx
AliIde
AmdK7
amsint
ANIO
AR5211
AR5416
asc
asc3350p
asc3550
aswFsBlk
aswMon2
aswRdr
aswSP
aswTdi
AsyncMac
Atdisk
ati2mtag
Atmarpc
audstub
BthEnum
BTHMODEM
BthPan
BTHPORT
BTHUSB
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
ce6230
ce6230BDACAP
Changer
CmdIde
Cpqarray
ctljystk
dac960nt
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
DSDrv4
DTVFW
emu10k
emu10k1
Fastfat
Fips
Flpydisk
gameenum
Gpc
HidBth
hpn
HTTP
i2omgmt
i2omp
InCDFs
InCDPass
InCDRm
ini910u
IntelIde
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IPSec
IRENUM
kmixer
lbrtfdc
MDC8021X
mnmdd
Modem
MPE
mraid35x
MRxDAV
MRxSmb
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NdisIP
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
nm
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCANDIS5
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
PEEK5
perc2
perc2hib
PfModNT
PptpMiniport
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
RFCOMM
rtl8139
Secdrv
serenum
Serial
Sfloppy
sfman
Simbad
SLIP
Sparrow
splitter
Srv
streamip
swmidi
symc810
symc8xx
sym_hi
sym_u3
sysaudio
Tcpip
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbdtv
USBSTOR
Wanarp
WDICA
wdmaud
WlanUIG
WSTCODEC
WudfPf
WudfRd
Services - Running:
CryptSvc
DcomLaunch
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt
Services - Stopped:
Adobe
Alerter
ALG
ANIWZCSdService
AppMgmt
aspnet_state
aswUpdSv
Ati
ATI
AudioSrv
avast!
avast!
avast!
BITS
Bonjour
Browser
BthServ
Capture
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
Creative
Dhcp
dmadmin
dmserver
Dnscache
ERSvc
EventSystem
FastUserSwitchingCompatibility
FLEXnet
FontCache3.0.0.0
HidServ
HTTPFilter
idsvc
ImapiService
lanmanserver
lanmanworkstation
LmHosts
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
Netman
NetTcpPortSharing
Nla
NtLmSsp
NtmsSvc
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RichVideo
RpcLocator
RSVP
SamSs
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
SSDPSRV
stisvc
SwPrv
SysmonLog
TabletServiceWacom
TapiSrv
TermService
Themes
TrkWks
UleadBurningHelper
upnphost
UPS
usnjsvc
VSS
W32Time
wampapache
wampmysqld
WebClient
WLSetupSvc
WMDM
WmdmPmSN
WmiApSrv
WMPNetworkSvc
wscsvc
wuauserv
WudfSvc
WZCSVC
xmlprov
Files Created/Modified - 60 Days:
C:\
25 Aug 2008 20:40:52 792 A.... "C:\BriaTiming.log"
25 Aug 2008 22:10:42 1 207 959 552 A.SH. "C:\pagefile.sys"
25 Aug 2008 22:16:22 523 A.... "C:\rapport.txt"
9 Jul 2008 22:41:32 34 A.... "C:\results.txt"
C:\WINDOWS\
25 Aug 2008 20:38:02 0 A.... "C:\WINDOWS\0.log"
25 Aug 2008 19:30:22 38 A.... "C:\WINDOWS\AviSplitter.INI"
25 Aug 2008 22:11:18 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
25 Aug 2008 19:41:38 116 A.... "C:\WINDOWS\NeroDigital.ini"
25 Aug 2008 22:14:36 154 100 A.... "C:\WINDOWS\ntbtlog.txt"
22 Jul 2008 16:32:46 39 A.... "C:\WINDOWS\plugSpk.INI"
27 Jul 2008 20:19:46 1 409 A.... "C:\WINDOWS\QTFont.for"
25 Aug 2008 9:20:36 54 156 A..H. "C:\WINDOWS\QTFont.qfn"
16 Jul 2008 3:28:22 198 A.... "C:\WINDOWS\SBWIN.INI"
25 Aug 2008 22:09:28 32 612 A.... "C:\WINDOWS\SchedLgU.Txt"
25 Aug 2008 20:52:34 932 A.... "C:\WINDOWS\setupapi.log"
25 Aug 2008 22:09:02 1 346 313 A.... "C:\WINDOWS\WindowsUpdate.log"
25 Aug 2008 22:11:20 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
17 Jul 2008 22:57:02 109 892 A.... "C:\WINDOWS\inf\apps.PNF"
15 Jul 2008 21:00:02 4 676 A.... "C:\WINDOWS\inf\branches.PNF"
5 Aug 2008 21:49:34 1 392 232 A.... "C:\WINDOWS\inf\INFCACHE.1"
5 Aug 2008 21:48:24 7 524 A.... "C:\WINDOWS\inf\oem15.PNF"
5 Aug 2008 21:49:18 7 938 A.... "C:\WINDOWS\inf\oem18.PNF"
5 Aug 2008 21:49:58 7 982 A.... "C:\WINDOWS\inf\oem21.PNF"
21 Aug 2008 7:07:52 0 ...H. "C:\WINDOWS\inf\oem22.inf"
22 Aug 2008 4:41:12 0 ...H. "C:\WINDOWS\inf\oem23.inf"
15 Jul 2008 21:22:22 36 056 A.... "C:\WINDOWS\inf\oem7.PNF"
4 Jul 2008 15:37:32 7 028 A.... "C:\WINDOWS\inf\swflash.PNF"
18 Jul 2008 21:55:46 61 802 A.... "C:\WINDOWS\inf\wuau.adm"
29 Jun 2008 12:18:10 876 A.... "C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup"
15 Jul 2008 21:28:22 8 192 A.... "C:\WINDOWS\security\edb.chk"
15 Jul 2008 21:28:22 1 048 576 A.... "C:\WINDOWS\security\edb.log"
15 Jul 2008 21:22:20 1 048 576 A.... "C:\WINDOWS\security\res1.log"
15 Jul 2008 21:22:20 1 048 576 A.... "C:\WINDOWS\security\res2.log"
18 Aug 2008 12:19:04 82 432 A.... "C:\WINDOWS\system32\404Fix.exe"
25 Aug 2008 20:52:40 10 A.... "C:\WINDOWS\system32\ANIWZCSUSERNAME{DFF72142-A006-48D2-90CD-6C78B2CF9DC5}"
25 Aug 2008 21:50:26 3 284 A.... "C:\WINDOWS\system32\ANIWZCS{DFF72142-A006-48D2-90CD-6C78B2CF9DC5}"
25 Aug 2008 20:38:58 7 A.... "C:\WINDOWS\system32\ANIWZCSUSERNAME"
19 Jul 2008 16:43:08 1 163 960 A.... "C:\WINDOWS\system32\aswBoot.exe"
19 Jul 2008 16:30:54 94 392 A.... "C:\WINDOWS\system32\AvastSS.scr"
18 Jul 2008 22:10:48 94 920 A.... "C:\WINDOWS\system32\cdm.dll"
25 Aug 2008 13:45:10 3 121 A.... "C:\WINDOWS\system32\CONFIG.NT"
7 Jul 2008 22:31:48 253 952 A.... "C:\WINDOWS\system32\es.dll"
24 Aug 2008 17:45:00 159 544 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
14 Aug 2008 21:52:24 82 432 A.... "C:\WINDOWS\system32\IEDFix.C.exe"
29 Jun 2008 11:59:54 5 911 A.... "C:\WINDOWS\system32\jupdate-1.6.0_04-b12.log"
29 Jun 2008 22:09:46 6 466 A.... "C:\WINDOWS\system32\jupdate-1.6.0_05-b13.log"
10 Jul 2008 13:37:48 6 761 A.... "C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log"
5 Aug 2008 20:11:02 15 888 504 A.... "C:\WINDOWS\system32\MRT.exe"
18 Jul 2008 22:07:34 270 880 A.... "C:\WINDOWS\system32\mucltui.dll"
18 Jul 2008 22:07:28 29 728 A.... "C:\WINDOWS\system32\mucltui.dll.mui"
18 Jul 2008 22:07:32 210 976 A.... "C:\WINDOWS\system32\muweb.dll"
25 Aug 2008 20:53:34 71 308 A.... "C:\WINDOWS\system32\perfc009.dat"
25 Aug 2008 20:53:34 84 818 A.... "C:\WINDOWS\system32\perfc00C.dat"
25 Aug 2008 20:53:34 441 624 A.... "C:\WINDOWS\system32\perfh009.dat"
25 Aug 2008 20:53:34 510 736 A.... "C:\WINDOWS\system32\perfh00C.dat"
25 Aug 2008 20:53:34 1 123 208 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
14 Jul 2008 13:09:18 62 976 ..... "C:\WINDOWS\system32\tzchange.exe"
17 Aug 2008 20:41:46 357 240 A.... "C:\WINDOWS\system32\TZLog.log"
24 Aug 2008 17:45:06 2 422 A.... "C:\WINDOWS\system32\wpa.dbl"
18 Jul 2008 22:09:44 563 912 A.... "C:\WINDOWS\system32\wuapi.dll"
18 Jul 2008 22:09:14 29 896 A.... "C:\WINDOWS\system32\wuapi.dll.mui"
18 Jul 2008 22:10:42 53 448 A.... "C:\WINDOWS\system32\wuauclt.exe"
18 Jul 2008 22:09:46 215 752 A.... "C:\WINDOWS\system32\wuaucpl.cpl"
18 Jul 2008 22:09:56 29 896 A.... "C:\WINDOWS\system32\wuaucpl.cpl.mui"
18 Jul 2008 22:09:42 1 811 656 A.... "C:\WINDOWS\system32\wuaueng.dll"
18 Jul 2008 22:09:06 22 216 A.... "C:\WINDOWS\system32\wuaueng.dll.mui"
18 Jul 2008 22:09:46 325 832 A.... "C:\WINDOWS\system32\wucltui.dll"
18 Jul 2008 22:10:36 38 088 A.... "C:\WINDOWS\system32\wucltui.dll.mui"
18 Jul 2008 22:10:20 36 552 A.... "C:\WINDOWS\system32\wups.dll"
18 Jul 2008 22:10:40 45 768 A.... "C:\WINDOWS\system32\wups2.dll"
18 Jul 2008 22:09:44 205 000 A.... "C:\WINDOWS\system32\wuweb.dll"
21 Aug 2008 12:03:06 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
25 Aug 2008 22:09:28 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
25 Aug 2008 20:17:36 0 A.... "C:\WINDOWS\Temp\ib35.tmp"
25 Aug 2008 20:17:36 0 A.... "C:\WINDOWS\Temp\ib36.tmp"
25 Aug 2008 20:17:36 0 A.... "C:\WINDOWS\Temp\ib37.tmp"
25 Aug 2008 20:17:36 0 A.... "C:\WINDOWS\Temp\ib38.tmp"
25 Aug 2008 20:17:36 0 A.... "C:\WINDOWS\Temp\ib39.tmp"
25 Aug 2008 22:20:04 5 019 A.... "C:\WINDOWS\Temp\scs6.tmp"
18 Jul 2008 22:10:48 94 920 A.... "C:\WINDOWS\system32\dllcache\cdm.dll"
7 Jul 2008 22:31:48 253 952 ..... "C:\WINDOWS\system32\dllcache\es.dll"
18 Jul 2008 22:09:44 563 912 A.... "C:\WINDOWS\system32\dllcache\wuapi.dll"
18 Jul 2008 22:10:42 53 448 A.... "C:\WINDOWS\system32\dllcache\wuauclt.exe"
18 Jul 2008 22:09:46 215 752 A.... "C:\WINDOWS\system32\dllcache\wuaucpl.cpl"
18 Jul 2008 22:09:42 1 811 656 A.... "C:\WINDOWS\system32\dllcache\wuaueng.dll"
18 Jul 2008 22:09:46 325 832 A.... "C:\WINDOWS\system32\dllcache\wucltui.dll"
18 Jul 2008 22:10:20 36 552 A.... "C:\WINDOWS\system32\dllcache\wups.dll"
18 Jul 2008 22:09:44 205 000 A.... "C:\WINDOWS\system32\dllcache\wuweb.dll"
19 Jul 2008 16:32:16 26 944 A.... "C:\WINDOWS\system32\drivers\aavmker4.sys"
19 Jul 2008 16:37:42 20 560 A.... "C:\WINDOWS\system32\drivers\aswFsBlk.sys"
19 Jul 2008 16:37:22 94 416 A.... "C:\WINDOWS\system32\drivers\aswmon2.sys"
19 Jul 2008 16:33:42 23 152 A.... "C:\WINDOWS\system32\drivers\aswRdr.sys"
19 Jul 2008 16:35:18 78 416 A.... "C:\WINDOWS\system32\drivers\aswSP.sys"
19 Jul 2008 16:32:36 42 912 A.... "C:\WINDOWS\system32\drivers\aswTdi.sys"
2 Jul 2008 16:33:50 77 967 A.... "C:\WINDOWS\PCHealth\HelpCtr\System\News\1036_Personal_0_gss3_small_banner.gif"
5 Aug 2008 21:49:32 7 982 A.... "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\wacomvkhid.PNF"
C:\Program Files\
9 Jul 2008 22:43:32 9 623 A.... "C:\Program Files\Atomic Email Hunter\unins000.dat"
9 Jul 2008 22:43:20 668 964 A.... "C:\Program Files\Atomic Email Hunter\unins000.exe"
22 Aug 2008 19:26:02 1 234 160 A.... "C:\Program Files\CCleaner\CCleaner.exe"
23 Aug 2008 0:03:12 24 064 A.... "C:\Program Files\CCleaner\lang-1036.dll"
25 Aug 2008 20:01:40 114 605 A.... "C:\Program Files\CCleaner\uninst.exe"
8 Jul 2008 17:49:44 74 341 A.... "C:\Program Files\eMule\Uninstall.exe"
5 Jul 2008 22:46:02 1 192 448 A.... "C:\Program Files\foobar2000\foobar2000.exe"
5 Jul 2008 22:42:14 146 432 A.... "C:\Program Files\foobar2000\shared.dll"
20 Jul 2008 12:07:46 144 951 A.... "C:\Program Files\foobar2000\uninstall.exe"
26 Jul 2008 23:39:22 1 114 112 A.... "C:\Program Files\Gizmo5\AppUpgrade.exe"
26 Jul 2008 23:28:08 876 544 A.... "C:\Program Files\Gizmo5\BrandResources.dll"
26 Jul 2008 23:39:22 1 093 632 A.... "C:\Program Files\Gizmo5\CrashReporter.exe"
26 Jul 2008 23:39:34 5 312 512 A.... "C:\Program Files\Gizmo5\Gizmo5.exe"
26 Jul 2008 23:27:38 23 040 A.... "C:\Program Files\Gizmo5\IdleHook.dll"
26 Jul 2008 23:26:50 5 713 920 A.... "C:\Program Files\Gizmo5\SipphoneAPI.dll"
25 Aug 2008 19:52:22 154 966 A.... "C:\Program Files\Gizmo5\uninst.exe"
18 Jul 2008 4:47:24 17 408 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
18 Jul 2008 4:47:26 185 856 A.... "C:\Program Files\Mozilla Firefox\crashreporter.exe"
18 Jul 2008 4:47:28 307 712 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
18 Jul 2008 4:47:28 233 472 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
18 Jul 2008 4:47:28 695 296 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
18 Jul 2008 4:47:28 710 144 A.... "C:\Program Files\Mozilla Firefox\mozcrt19.dll"
18 Jul 2008 4:47:28 198 144 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
18 Jul 2008 4:47:28 697 856 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
18 Jul 2008 4:47:28 304 640 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
18 Jul 2008 4:47:30 103 936 A.... "C:\Program Files\Mozilla Firefox\nssdbm3.dll"
18 Jul 2008 4:47:30 87 552 A.... "C:\Program Files\Mozilla Firefox\nssutil3.dll"
18 Jul 2008 4:47:30 20 480 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
18 Jul 2008 4:47:30 17 408 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
18 Jul 2008 4:47:30 103 936 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
18 Jul 2008 4:47:30 151 552 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
18 Jul 2008 4:47:30 395 776 A.... "C:\Program Files\Mozilla Firefox\sqlite3.dll"
18 Jul 2008 4:47:30 136 704 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
18 Jul 2008 4:47:30 241 664 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
18 Jul 2008 4:47:30 17 920 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
18 Jul 2008 4:47:34 9 704 960 A.... "C:\Program Files\Mozilla Firefox\xul.dll"
28 Jul 2008 23:15:10 57 344 A.... "C:\Program Files\WinHTTrack\htsjava.dll"
28 Jul 2008 23:15:10 73 728 A.... "C:\Program Files\WinHTTrack\htsswf.dll"
9 Aug 2008 1:57:30 36 864 A.... "C:\Program Files\WinHTTrack\httrack.exe"
28 Jul 2008 23:15:08 651 264 A.... "C:\Program Files\WinHTTrack\libhttrack.dll"
28 Jul 2008 22:43:56 143 360 A.... "C:\Program Files\WinHTTrack\proxytrack.exe"
9 Aug 2008 1:57:34 38 095 A.... "C:\Program Files\WinHTTrack\unins000.dat"
9 Aug 2008 1:57:16 695 578 A.... "C:\Program Files\WinHTTrack\unins000.exe"
28 Jul 2008 23:15:10 57 344 A.... "C:\Program Files\WinHTTrack\webhttrack.exe"
13 Jul 2008 9:35:56 131 072 A.... "C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll"
28 Jul 2008 23:15:14 430 080 A.... "C:\Program Files\WinHTTrack\WinHTTrack.exe"
13 Jul 2008 9:35:18 73 728 A.... "C:\Program Files\WinHTTrack\zlib1.dll"
5 Jul 2008 17:07:18 16 087 224 A.... "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"
19 Jul 2008 16:31:36 221 184 A.... "C:\Program Files\Alwil Software\Avast4\Aavm4h.dll"
19 Jul 2008 16:39:00 188 416 A.... "C:\Program Files\Alwil Software\Avast4\AavmGuih.dll"
19 Jul 2008 16:31:26 20 992 A.... "C:\Program Files\Alwil Software\Avast4\AavmRpch.dll"
19 Jul 2008 16:31:48 35 840 A.... "C:\Program Files\Alwil Software\Avast4\AhResMai.dll"
19 Jul 2008 16:34:04 32 768 A.... "C:\Program Files\Alwil Software\Avast4\ahResMes.dll"
19 Jul 2008 16:33:00 31 744 A.... "C:\Program Files\Alwil Software\Avast4\AhResNS.dll"
19 Jul 2008 16:38:20 29 696 A.... "C:\Program Files\Alwil Software\Avast4\AhResOut.dll"
19 Jul 2008 16:33:38 33 280 A.... "C:\Program Files\Alwil Software\Avast4\ahResP2P.dll"
19 Jul 2008 16:39:24 43 008 A.... "C:\Program Files\Alwil Software\Avast4\AhResStd.dll"
19 Jul 2008 16:32:02 53 248 A.... "C:\Program Files\Alwil Software\Avast4\AhResWS.dll"
19 Jul 2008 16:36:38 65 536 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll"
19 Jul 2008 16:34:00 36 864 A.... "C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll"
19 Jul 2008 16:32:56 36 864 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll"
19 Jul 2008 16:37:04 90 112 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll"
19 Jul 2008 16:33:34 22 528 A.... "C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll"
19 Jul 2008 16:39:20 57 344 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll"
19 Jul 2008 16:34:18 49 152 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll"
19 Jul 2008 16:28:36 270 520 A.... "C:\Program Files\Alwil Software\Avast4\ashAvast.exe"
19 Jul 2008 16:24:18 229 376 A.... "C:\Program Files\Alwil Software\Avast4\ashBase.dll"
19 Jul 2008 16:29:04 127 160 A.... "C:\Program Files\Alwil Software\Avast4\ashBug.exe"
19 Jul 2008 16:27:42 98 304 A.... "C:\Program Files\Alwil Software\Avast4\ashCfgP.dll"
19 Jul 2008 16:28:06 135 168 A.... "C:\Program Files\Alwil Software\Avast4\ashCfgT.dll"
19 Jul 2008 16:28:16 151 552 A.... "C:\Program Files\Alwil Software\Avast4\ashChest.dll"
19 Jul 2008 16:29:22 65 720 A.... "C:\Program Files\Alwil Software\Avast4\ashChest.exe"
19 Jul 2008 16:29:12 50 872 A.... "C:\Program Files\Alwil Software\Avast4\ashCnsnt.exe"
19 Jul 2008 16:38:34 78 008 A.... "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
19 Jul 2008 16:28:46 47 800 A.... "C:\Program Files\Alwil Software\Avast4\ashLogV.exe"
19 Jul 2008 16:38:04 250 040 A.... "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"
19 Jul 2008 16:38:16 200 888 A.... "C:\Program Files\Alwil Software\Avast4\ashOutXt.dll"
19 Jul 2008 16:38:48 204 984 A.... "C:\Program Files\Alwil Software\Avast4\ashPopWz.exe"
19 Jul 2008 16:30:38 278 712 A.... "C:\Program Files\Alwil Software\Avast4\ashQuick.exe"
19 Jul 2008 16:38:28 147 640 A.... "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
19 Jul 2008 16:30:42 73 912 A.... "C:\Program Files\Alwil Software\Avast4\ashShell.dll"
19 Jul 2008 16:29:34 127 160 A.... "C:\Program Files\Alwil Software\Avast4\ashSimp2.exe"
19 Jul 2008 16:31:12 155 832 A.... "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe"
19 Jul 2008 16:28:50 18 432 A.... "C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe"
19 Jul 2008 16:28:56 61 440 A.... "C:\Program Files\Alwil Software\Avast4\ashSkPck.exe"
19 Jul 2008 16:24:30 53 248 A.... "C:\Program Files\Alwil Software\Avast4\ashSODBC.dll"
19 Jul 2008 16:25:26 233 472 A.... "C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll"
19 Jul 2008 16:25:32 48 128 A.... "C:\Program Files\Alwil Software\Avast4\ashSXML.dll"
19 Jul 2008 16:24:40 118 784 A.... "C:\Program Files\Alwil Software\Avast4\ashTask.dll"
19 Jul 2008 16:27:24 319 488 A.... "C:\Program Files\Alwil Software\Avast4\ashUInt.dll"
19 Jul 2008 16:24:52 65 720 A.... "C:\Program Files\Alwil Software\Avast4\ashUpd.exe"
23 Jul 2008 16:25:46 348 344 A.... "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
19 Jul 2008 16:35:56 61 440 A.... "C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll"
19 Jul 2008 16:24:24 659 456 A.... "C:\Program Files\Alwil Software\Avast4\aswAux.dll"
19 Jul 2008 16:20:24 131 072 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnB.dll"
19 Jul 2008 16:20:16 86 016 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll"
19 Jul 2008 16:20:36 192 512 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnS.dll"
19 Jul 2008 16:24:00 1 245 184 A.... "C:\Program Files\Alwil Software\Avast4\aswEngin.dll"
19 Jul 2008 16:25:02 8 888 A.... "C:\Program Files\Alwil Software\Avast4\aswIdle.dll"
19 Jul 2008 16:23:34 22 528 A.... "C:\Program Files\Alwil Software\Avast4\aswInteg.dll"
19 Jul 2008 16:21:04 294 912 A.... "C:\Program Files\Alwil Software\Avast4\aswRawFS.dll"
19 Jul 2008 16:19:54 147 456 A.... "C:\Program Files\Alwil Software\Avast4\aswRes.dll"
18 Jul 2008 14:38:20 90 296 A.... "C:\Program Files\Alwil Software\Avast4\aswRunDll.exe"
19 Jul 2008 16:23:10 81 920 A.... "C:\Program Files\Alwil Software\Avast4\aswScan.dll"
19 Jul 2008 16:25:06 16 056 A.... "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
19 Jul 2008 16:33:26 106 496 A.... "C:\Program Files\Alwil Software\Avast4\avCommEx.dll"
19 Jul 2008 16:28:26 10 936 A.... "C:\Program Files\Alwil Software\Avast4\AVSSHOOK.dll"
19 Jul 2008 16:42:34 65 720 A.... "C:\Program Files\Alwil Software\Avast4\sched.exe"
19 Jul 2008 16:30:48 65 720 A.... "C:\Program Files\Alwil Software\Avast4\VisthAux.exe"
19 Jul 2008 16:30:58 50 360 A.... "C:\Program Files\Alwil Software\Avast4\VisthLic.exe"
19 Jul 2008 16:30:18 50 360 A.... "C:\Program Files\Alwil Software\Avast4\VisthUpd.exe"
9 Jul 2008 12:25:04 1 688 064 A.... "C:\Program Files\AtomPark\Atomic Mail Sender\AtomicMailSender.exe"
19 Jul 2008 18:42:30 73 841 A.... "C:\Program Files\AtomPark\Atomic Mail Sender\unins000.dat"
19 Jul 2008 18:42:06 672 240 A.... "C:\Program Files\AtomPark\Atomic Mail Sender\unins000.exe"
25 Aug 2008 19:00:24 131 110 A.... "C:\Program Files\BitLord\Downloads\Weeds.401.VO.VF.zip"
19 Jul 2008 15:42:30 68 175 A.... "C:\Program Files\CounterPath\X-Lite\unins000.dat"
19 Jul 2008 15:42:12 669 002 A.... "C:\Program Files\CounterPath\X-Lite\unins000.exe"
1 Jul 2008 13:43:32 52 256 ..... "C:\Program Files\CyberLink\PowerDVD\deskband32.dll"
1 Jul 2008 13:43:34 1 706 800 ..... "C:\Program Files\CyberLink\PowerDVD\GdiPlus.dll"
9 Jul 2008 23:13:26 2 A.... "C:\Program Files\eMule\config\AC_BootstrapIPs.dat"
9 Jul 2008 23:13:24 128 A.... "C:\Program Files\eMule\config\AC_ServerMetURLs.dat"
8 Jul 2008 17:49:58 365 A.... "C:\Program Files\eMule\config\cryptkey.dat"
8 Jul 2008 18:02:46 28 A.... "C:\Program Files\eMule\config\key_index.dat"
8 Jul 2008 18:02:46 12 A.... "C:\Program Files\eMule\config\load_index.dat"
8 Jul 2008 18:02:46 12 A.... "C:\Program Files\eMule\config\nodes.dat"
9 Jul 2008 23:13:26 61 A.... "C:\Program Files\eMule\config\preferences.dat"
8 Jul 2008 18:02:46 23 A.... "C:\Program Files\eMule\config\preferencesKad.dat"
9 Jul 2008 23:13:28 2 A.... "C:\Program Files\eMule\config\shareddir.dat"
8 Jul 2008 18:02:46 12 A.... "C:\Program Files\eMule\config\src_index.dat"
10 Jul 2008 14:37:16 1 301 A.... "C:\Program Files\eMule\Incoming\Atomic Email Hunter v3.20 7 Kb 5.12.05 crack keygen serial.zip"
25 Aug 2008 10:22:20 112 A.... "C:\Program Files\Enigma Software Group\SpyHunter\key.dat"
30 Jun 2008 19:02:50 72 704 ..SHR "C:\Program Files\eRightSoft\SUPER\Setup.exe"
25 Aug 2008 17:58:52 5 501 A.... "C:\Program Files\FlashGet\Config\DHTTable.dat"
5 Jul 2008 22:45:20 421 888 A.... "C:\Program Files\foobar2000\components\foo_albumlist.dll"
25 Jun 2008 19:18:24 239 104 A.... "C:\Program Files\foobar2000\components\foo_cdda.dll"
5 Jul 2008 22:45:22 399 872 A.... "C:\Program Files\foobar2000\components\foo_converter.dll"
5 Jul 2008 22:45:42 1 213 952 A.... "C:\Program Files\foobar2000\components\foo_input_std.dll"
5 Jul 2008 22:45:42 847 872 A.... "C:\Program Files\foobar2000\components\foo_ui_std.dll"
1 Jul 2008 13:43:30 300 592 A.... "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"
29 Jun 2008 15:33:54 311 296 A.... "C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe"
18 Jul 2008 4:47:26 23 040 A.... "C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll"
18 Jul 2008 4:47:26 134 144 A.... "C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll"
18 Aug 2008 17:03:50 142 665 A.... "C:\Program Files\Mozilla Firefox\components\compreg.dat"
18 Aug 2008 17:03:48 96 288 A.... "C:\Program Files\Mozilla Firefox\components\xpti.dat"
18 Jul 2008 4:47:30 65 536 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
18 Jul 2008 4:47:30 508 632 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
29 Jun 2008 12:09:40 759 A.... "C:\Program Files\OpenOffice.org 2.4\program\python.bat"
2 Jul 2008 12:27:20 6 590 464 A.... "C:\Program Files\Oxemis\OxiMailing\oximailing.exe"
25 Aug 2008 21:05:20 396 288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
30 Jun 2008 17:12:02 188 600 A.... "C:\Program Files\Alwil Software\Avast4\DATA\aswar1.dll"
25 Aug 2008 13:12:52 70 766 A.... "C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm"
19 Jul 2008 16:18:28 98 304 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\Base.dll"
19 Jul 2008 16:17:00 17 920 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\Boot.dll"
19 Jul 2008 16:18:26 2 568 192 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\Lang.dll"
19 Jul 2008 16:18:22 61 440 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\LangMai.dll"
25 Aug 2008 12:01:34 127 024 A.... "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll"
24 Aug 2008 23:22:20 504 417 A.... "C:\Program Files\BitLord\Downloads\Weeds Season 3-OnlyMe1\Weeds.S3.VF.zip"
4 Jul 2008 16:56:02 654 848 A.... "C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
26 Jul 2008 23:28:16 1 228 800 A.... "C:\Program Files\Gizmo5\Resources\1028\AppResources.zht.dll"
26 Jul 2008 23:28:00 1 273 856 A.... "C:\Program Files\Gizmo5\Resources\1031\AppResources.de.dll"
26 Jul 2008 23:28:22 1 261 568 A.... "C:\Program Files\Gizmo5\Resources\1033\AppResources.dll"
26 Jul 2008 23:28:18 1 273 856 A.... "C:\Program Files\Gizmo5\Resources\1034\AppResources.es.dll"
26 Jul 2008 23:28:20 1 277 952 A.... "C:\Program Files\Gizmo5\Resources\1036\AppResources.fr.dll"
26 Jul 2008 23:28:12 1 269 760 A.... "C:\Program Files\Gizmo5\Resources\1040\AppResources.it.dll"
26 Jul 2008 23:27:42 1 146 880 A.... "C:\Program Files\Gizmo5\Resources\1040\AppResources.id.dll"
26 Jul 2008 23:28:02 1 241 088 A.... "C:\Program Files\Gizmo5\Resources\1041\AppResources.jp.dll"
26 Jul 2008 23:28:24 1 273 856 A.... "C:\Program Files\Gizmo5\Resources\1046\AppResources.pt.dll"
26 Jul 2008 23:28:14 1 228 800 A.... "C:\Program Files\Gizmo5\Resources\2052\AppResources.zhs.dll"
19 Jul 2008 16:32:16 26 944 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\Aavmker4.sys"
19 Jul 2008 16:37:42 20 560 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswFsBlk.sys"
19 Jul 2008 16:37:22 94 416 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon2.sys"
19 Jul 2008 16:36:04 51 280 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMonFlt.sys"
19 Jul 2008 16:33:42 23 152 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AswRdr.sys"
19 Jul 2008 16:35:18 78 416 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys"
19 Jul 2008 16:32:36 42 912 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AswTdi.sys"
20 Aug 2008 21:59:26 1 A.... "C:\Program Files\OpenOffice.org 2.4\share\uno_packages\cache\stamp.sys"
19 Jul 2008 16:32:26 25 168 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\Aavmker4.sys"
19 Jul 2008 16:37:52 22 096 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswFsBlk.sys"
19 Jul 2008 16:37:32 75 856 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMon2.sys"
19 Jul 2008 16:36:20 63 568 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMonFlt.sys"
19 Jul 2008 16:33:48 27 216 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswRdr.sys"
19 Jul 2008 16:35:48 89 168 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys"
19 Jul 2008 16:32:42 48 720 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswTdi.sys"
19 Jul 2008 16:37:48 37 968 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswFsBlk.sys"
19 Jul 2008 16:36:12 138 320 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswMonFlt.sys"
19 Jul 2008 16:33:52 55 376 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswRdr.sys"
19 Jul 2008 16:35:36 168 016 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswSP.sys"
19 Jul 2008 16:32:46 103 504 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswTdi.sys"
Files with hidden attributes:
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Mon 30 Jun 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Tue 2 Oct 2007 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Mon 31 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\download\BIT66.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\17e3f23ff72184333b78d75c8e81cda8\download\BIT65.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\27efdbd68a382580fdb15dd4f797360e\download\BIT6A.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f6d57cd4efa945b402cdec2ffedddf\download\BIT67.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3887d65d3ab5fa0d45001f504bed5b37\download\BIT53.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3d626d96e6e22b8a5867784640121555\download\BIT5F.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42526a992b20eef1df8750beb4f78f35\download\BIT69.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\48507772aceb60b61525fdb208c39514\download\BIT5E.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BIT6E.tmp"
Sat 29 Mar 2008 7,102,224 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cabbc33d9fa3ea879d2330766ba6ff1\download\BIT1F.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT57.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4febda7b78da8f94eaee96a8b432d591\download\BIT52.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\563853df011d8b0ddaf0b39deb74f6b7\download\BIT56.tmp"
Fri 8 Jul 2005 112,689 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5cbce544ba5a58e170acdb52973e4471\download\BIT4C.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6c75180874e00b1d103af2b8b2b3b170\download\BIT4E.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7d67df8d2fa218514bbe5a22ae12a9b3\download\BIT6C.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT5B.tmp"
Sat 29 Mar 2008 310,331 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b6d906fd5974a905eb1cc67c000b099\download\BIT4D.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d31f6e93a03bc7a736602ed1adb9986\download\BIT55.tmp"
Tue 3 Oct 2006 795,171 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\98e4ab2cb14986b0be91146bef7a2943\download\BIT4B.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9aa5f686d8c0b8f1fad16b524f06c565\download\BIT68.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BIT63.tmp"
Mon 7 Feb 2005 63,159 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b848f7bbcc1590afa157f879b74964b2\download\BIT49.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b955ba47e5d89f57a5ea6a34838f80ab\download\BIT6D.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bfd81cbd42e5265d12677c96600c0804\download\BIT60.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8378ccca1581319d7b7f3a9d1188607\download\BIT54.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT6B.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cbee9c95b55c0a7f59376a89c9a3d3c1\download\BIT64.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT4F.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d2543d14ced0177a8154816e15636514\download\BIT62.tmp"
Sat 29 Mar 2008 96,571,877 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d3e2cd1aa350dfdef90c91dfc8e90f2d\download\BIT50.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8cfedd5cfd3f0881276825d82978e5d\download\BIT61.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d983f6bace749011714a05db9ad756fb\download\BIT51.tmp"
Fri 28 Jul 2006 397,685 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da9428daf73da125c596ed070747be59\download\BIT4A.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\download\BIT5C.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT58.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fde0566446f6dd640c536f419fe1216a\download\BIT5D.tmp"
Program Folders:
C:\Program Files\
Ableton
Adobe
altcmd
Alwil Software
ANI
Apple Software Update
ATI Technologies
Atomic Email Hunter
AtomPark
AviSynth 2.5
BitLord
BlazeVideo
Blender Foundation
CCleaner
CDex_150
CommViewWiFi
CounterPath
Creative
CyberLink
DAEMON Tools
directx
D-Link
Dofus
DreamCatcher
EMailing List Pro
eMule
Enigma Software Group
eRightSoft
Ethereal
Fichiers communs
FlashGet
FMA 2
foobar2000
Gizmo5
Image-Line
InstallShield Installation Information
Internet Explorer
intuix
Java
Messenger
Messenger Plus! Live
microsoft frontpage
Microsoft Silverlight
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
Muon Software Ltd
Nero
NetMeeting
NfoDiz 6.0
OpenOffice.org 2.3
OpenOffice.org 2.4
Outlook Express
Outsim
Oxemis
Python25
QuickTime
Reference Assemblies
Safari
Satsuki Decoder Pack
Serious Sam 2
Services en ligne
Tablet
Trend Micro
Ulead Systems
Uninstall Information
UT2003
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter
VIA Technologies, INC
VideoLAN
Visicom Media
VstPlugins
Windows Live
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinHTTrack
WinRAR
xerox
Yahoo!
C:\Program Files\Fichiers communs\
Adobe
Adobe Systems Shared
Ahead
InstallShield
Intel
InterVideo
Java
Macrovision Shared
Microsoft Shared
MSSoap
ODBC
Services
SpeechEngines
System
Ulead Systems
WindowsLiveInstaller
Add/Remove Programs:
Adobe Flash Player ActiveX
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe SVG Viewer 3.0
Adobe ExtendScript Toolkit 2
Adobe Dreamweaver CS3
ATI - Utilitaire de désinstallation du logiciel
altcompare
ATI Display Driver
Atomic Email Hunter 3.20
Atomic Mail Sender 4.27
avast! Antivirus
BitLord 1.1
BlazeDTV 2.5a
Blender (remove only)
CCleaner (remove only)
CDex extraction audio
CommView for WiFi
Dofus 1.24.0
EMailing List Pro
eMule
Ethereal 0.10.13
FlashGet 1.9.6.1073
foobar2000 v0.9.5.4
FTP Expert 3
Gizmo5
HijackThis 2.0.2
Windows Internet Explorer 7
PowerDVD
Ulead VideoStudio 11
Windows Genuine Advantage Validation Tool (KB892130)
Mise à jour de sécurité pour Windows XP (KB904706)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows XP (KB944338-v2)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows XP (KB946648)
Correctif pour Windows Internet Explorer 7 (KB947864)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour pour Windows XP (KB951072-v2)
Correctif pour Windows XP (KB952287)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows XP (KB953839)
Live 7.0.3
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.1)
Muon Tau Pro Demo VSTi
NfoDiz 6.0 Setup
Serious Sam 2
Sound Blaster Live!
Toxic Biohazard
Unreal Tournament 2003
VideoLAN VLC media player 0.8.6d
Tablette Wacom
WampServer 2.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Lecteur Windows Media 11
WinHTTrack Website Copier 3.42-3
Archiveur WinRAR
X-Lite 3.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar avec bloqueur de fenêtres pop-up
Yahoo! Toolbar
Yahoo! Install Manager
Apple Software Update
Adobe Help Viewer CS3
Adobe Bridge Start Meeting
MSXML 6.0 Parser (KB933579)
ATI Control Panel
QuickTime
Adobe Photoshop CS2
Adobe ExtendScript Toolkit 2
Microsoft .NET Framework 3.0 Service Pack 1
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
ATI HydraVision
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
OxiMailing
Adobe Dreamweaver CS3
ANIWZCS2 Service
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
InterVideo DeviceService
PowerDVD
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Windows Media Player Firefox Plugin
Python 2.5.2
Adobe Asset Services CS3
MSXML 4.0 SP2 Parser and SDK
Microsoft Visual C++ 2005 Redistributable
Adobe Stock Photos 1.0
ANIO Service
Adobe InDesign CS2
Microsoft Silverlight
Adobe Device Central CS3
Adobe Type Support
Adobe Common File Installer
Adobe Anchor Service CS3
floAt's Mobile Agent 2
RTLSetup for Realtek RTL8139/810x Family NIC 3.00
Microsoft .NET Framework 1.1 French Language Pack
Adobe Bridge CS3
SAGEM Wi-Fi 11g USB adapter (outil)
OpenOffice.org 2.4
Adobe CMaps
Adobe Reader 8.1.2 - Français
Adobe Camera Raw 4.0
Adobe Setup
Microsoft .NET Framework 2.0 Service Pack 1
Adobe Bridge 1.0
Adobe Default Language CS3
Windows Live Messenger
Windows Presentation Foundation
Adobe Extension Manager CS3
MSXML 4.0 SP2 (KB936181)
Nero 7 Demo
Microsoft .NET Framework 1.1
Adobe Version Cue CS3 Client
Adobe PDF Library Files
Adobe Setup
Adobe Update Manager CS3
Adobe Help Center 1.0
AirPlus XtremeG DWL-G520
Safari
VideoStudio
Windows Live installer
Run Values:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"D-Link AirPlus XtremeG DWL-G520"="C:\\Program Files\\D-Link\\AirPlus XtremeG DWL-G520\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMFirstStart.exe"
Bot Check:
SERVICE_NAME: wscsvc
DISPLAY_NAME : Centre de sécurité
START_TYPE : 2 AUTO_START
SERVICE_NAME: sharedaccess
DISPLAY_NAME : Pare-feu Windows / Partage de connexion Internet
START_TYPE : 2 AUTO_START
SERVICE_NAME: wuauserv
DISPLAY_NAME : Mises à jour automatiques
START_TYPE : 2 AUTO_START
SERVICE_NAME: srservice
DISPLAY_NAME : Service de restauration système
START_TYPE : 2 AUTO_START
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"
ShellExecuteHooks:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Environment:
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Ulead Systems\MPEG
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SAFEBOOT_OPTION REG_SZ MINIMAL
SecurityProviders:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
Authentication Packages:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Subsystem Startup:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
Midi Drivers:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"
Non-Default IFEO Debugger:
Non-Default Installed Components:
Non-Default Safeboot Minimal:
File Associations:
[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"
[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -requestPending -osint -url \"%1\""
[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="\"regedit.exe\" \"%1\""
[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"
[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"
Finished!
2/ Rapport après fixage avec SDFIX:
SDFix: Version 1.219
Run by Administrateur on 25/08/2008 at 22:42
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Resetting SecurityProviders Value
Resetting AppInit_DLLs value
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Program Files\altcmd\altcmd.inf - Deleted
C:\Program Files\altcmd\altcmd32.g.dll - Deleted
C:\Program Files\altcmd\uninstall.bat - Deleted
C:\WINDOWS\system32\wowfx.dll - Deleted
Folder C:\Program Files\altcmd - Removed
Removing Temp Files
ADS Check :
C:\WINDOWS\system32
:{4B9A1497-0817-47C4-9612-D5A1C53ACF57} 12
:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} 12
Total size: 24 bytes.
system32: deleted 24 bytes in 2 streams.
Checking for remaining Streams
C:\WINDOWS\system32
No streams found.
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 22:58:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex8,9e,29,b1,95,2a,ab,44,88,a7,d5,6c,3d,45,07,d2,a9,19,81,91,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d8,be,e9,6a,59,41,57,94,90,e1,f3,67,5c,2e,25,1c,fe,..
"khjeh"=hex:b7,7a,fc,2e,a2,13,87,09,95,0d,6f,72,e7,ac,08,c9,df,10,34,85,af,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,42,8e,7b,99,5b,62,b5,60,69,d8,4f,fd,a5,59,2c,60,89,b9,41,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d074baa]
"001d286880f5"=hex:71,48,30,79,dd,85,da,81,c4,e3,7f,92,4e,9a,a5,df
"001c43dad257"=hex:55,a6,e9,9d,7a,7d,28,3d,59,92,f4,0a,e7,48,4c,39
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex8,9e,29,b1,95,2a,ab,44,88,a7,d5,6c,3d,45,07,d2,a9,19,81,91,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d8,be,e9,6a,59,41,57,94,90,e1,f3,67,5c,2e,25,1c,fe,..
"khjeh"=hexf,d4,a1,9d,1a,68,b3,46,c8,80,ab,1d,b9,b3,63,ce,c0,b8,05,36,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:40,25,00,1d,9f,8e,44,1f,9d,91,e0,80,6d,f4,ef,cf,eb,29,5a,1b,c9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d074baa]
"001d286880f5"=hex:71,48,30,79,dd,85,da,81,c4,e3,7f,92,4e,9a,a5,df
"001c43dad257"=hex:55,a6,e9,9d,7a,7d,28,3d,59,92,f4,0a,e7,48,4c,39
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex8,9e,29,b1,95,2a,ab,44,88,a7,d5,6c,3d,45,07,d2,a9,19,81,91,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d8,be,e9,6a,59,41,57,94,90,e1,f3,67,5c,2e,25,1c,fe,..
"khjeh"=hexf,d4,a1,9d,1a,68,b3,46,c8,80,ab,1d,b9,b3,63,ce,c0,b8,05,36,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:40,25,00,1d,9f,8e,44,1f,9d,91,e0,80,6d,f4,ef,cf,eb,29,5a,1b,c9,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000008d
"TracesSuccessful"=dword:0000005c
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A41CF53-1F75-3160-C357-95CCDB895BB1}]
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Documents and Settings\\Sebastien\\Bureau\\Wifi\\aircrack-ng-1.0-beta2-win\\bin\\airserv-ng.exe"="C:\\Documents and Settings\\Sebastien\\Bureau\\Wifi\\aircrack-ng-1.0-beta2-win\\bin\\airserv-ng.exe:*:Enabled:airserv-ng"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Micro Application\\InCrazyBall\\InCrazyBall.exe"="C:\\Program Files\\Micro Application\\InCrazyBall\\InCrazyBall.exe:*:Enabled:Lexis Common Player"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\DreamCatcher\\Painkiller\\Bin\\Painkiller.exe"="C:\\Program Files\\DreamCatcher\\Painkiller\\Bin\\Painkiller.exe:*:Enabledainkiller"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\UT2003\\System\\UT2003.exe"="C:\\Program Files\\UT2003\\System\\UT2003.exe:*:Enabled:UT2003"
"D:\\Wifi\\aircrack-ng-1.0-beta2-win\\bin\\airserv-ng.exe"="D:\\Wifi\\aircrack-ng-1.0-beta2-win\\bin\\airserv-ng.exe:*:Enabled:airserv-ng"
"C:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe"="C:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe:*:Enabled:AceFTP v3"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"="C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe:*:Enabled:X-Lite"
"C:\\Program Files\\Gizmo5\\Gizmo5.exe"="C:\\Program Files\\Gizmo5\\Gizmo5.exe:*:Enabled:Gizmo5"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\AtomPark\\Atomic Mail Sender\\AtomicMailSender.exe"="C:\\Program Files\\AtomPark\\Atomic Mail Sender\\AtomicMailSender.exe:*:Enabled:Atomic Mail Sender"
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\CounterPath\\Bria\\bria.exe"="C:\\Program Files\\CounterPath\\Bria\\bria.exe:*:Enabled:bria"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Mon 30 Jun 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Tue 2 Oct 2007 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Mon 31 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\download\BIT66.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\17e3f23ff72184333b78d75c8e81cda8\download\BIT65.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\27efdbd68a382580fdb15dd4f797360e\download\BIT6A.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f6d57cd4efa945b402cdec2ffedddf\download\BIT67.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3887d65d3ab5fa0d45001f504bed5b37\download\BIT53.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3d626d96e6e22b8a5867784640121555\download\BIT5F.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42526a992b20eef1df8750beb4f78f35\download\BIT69.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\48507772aceb60b61525fdb208c39514\download\BIT5E.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BIT6E.tmp"
Sat 29 Mar 2008 7,102,224 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cabbc33d9fa3ea879d2330766ba6ff1\download\BIT1F.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4eeab5e9badabf8752919b7df37ed651\download\BIT57.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4febda7b78da8f94eaee96a8b432d591\download\BIT52.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\563853df011d8b0ddaf0b39deb74f6b7\download\BIT56.tmp"
Fri 8 Jul 2005 112,689 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5cbce544ba5a58e170acdb52973e4471\download\BIT4C.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6c75180874e00b1d103af2b8b2b3b170\download\BIT4E.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7d67df8d2fa218514bbe5a22ae12a9b3\download\BIT6C.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\download\BIT5B.tmp"
Sat 29 Mar 2008 310,331 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b6d906fd5974a905eb1cc67c000b099\download\BIT4D.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d31f6e93a03bc7a736602ed1adb9986\download\BIT55.tmp"
Tue 3 Oct 2006 795,171 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\98e4ab2cb14986b0be91146bef7a2943\download\BIT4B.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9aa5f686d8c0b8f1fad16b524f06c565\download\BIT68.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BIT63.tmp"
Mon 7 Feb 2005 63,159 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b848f7bbcc1590afa157f879b74964b2\download\BIT49.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b955ba47e5d89f57a5ea6a34838f80ab\download\BIT6D.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bfd81cbd42e5265d12677c96600c0804\download\BIT60.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8378ccca1581319d7b7f3a9d1188607\download\BIT54.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT6B.tmp"
Sat 29 Ma
