Beson d'aide: virus trojan et malware [résolu]
Forum Sécurité - Virus : Beson d'aide: virus trojan et malware [résolu]
Bonjour,
Je vais t'aider à résoudre ton problème. Merci de suivre à la lettre mes instructions et de ne pas prendre d'initiatives personnelles. Si tu as la moindre question, je suis à ton écoute.
Merci de prendre en compte que je suis bénévole et que j'ai une vie privée : je passe au moins une fois par jour.
Si tu penses avoir été oublié, envoie-moi un MP pour me le signaler.
1) Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
- Lance l'installation du programme en exécutant le fichier téléchargé.
- Double-clique maintenant sur le raccourci de Toolbar-S&D.
- Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
- Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
- Poste le rapport généré. (C:\TB.txt)
2) Télécharge Gmer.
- Dézippe-le dans un dossier dédié ou sur ton Bureau.
- Déconnecte toi d'Internet puis ferme tous les programmes.
- Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
- Clique sur l'onglet Rootkit.
- A droite, coche tout.
- Clique maintenant sur Scan.
- Lorsque le scan est terminé, clique sur Copy.
- Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
- Le rapport doit alors apparaître.
- Enregistre le fichier sur ton Bureau et upload-le sur mediafire.
Uploader un fichier sur mediafire :
- Rends-toi sur ce lien : http://www.mediafire.com/
- Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
- Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
- Clique ensuite sur "Upload".
- A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
- Valide et laisse l'upload se faire.
- Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.
3) Télécharge DDS de sUBs et sauvegarde-le sur ton bureau.
- Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
- Double-clique sur dds.scr pour lancer l'outil. Ne double clique qu'une seule fois dessus, sois patient !
- Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
- Clique Oui à la prochaine invite Optional Scan.
- Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt, garde l'autre sous la main si jamais je te le demande. Copie/colle le rapport sur le forum. N'uploade des fichiers sur mediafire que si j'en fais la demande explicite.
Voici l'URL demandé:
[url=http://www.mediafire.com/?sharekey=49162d23a4b0002b91b20cc0d07ba4d245ce8564b23d79f5][/url]
Et le rapport DDS.txt:
DDS (Version 1.0) - NTFSx86
Run by laura at 1:13:35,29 on 07/12/2008
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.865 [GMT 1:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\laura\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\laura\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.fr/
uSEARCH PAGE = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
mDefault_Page_URL = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
TB: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [????r]
uRun: [SuperCopier.exe] c:\program files\supercopier\SuperCopier.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [LSA Shellu] c:\users\laura\lsass.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [?????????] ??????????????e
uRun: [cmds] rundll32.exe c:\users\laura\appdata\local\temp\cbXQHwWo.dll,c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\SMSCirda.sys [2006-12-5 31232]
=============== Created Last 30 ================
2008-12-07 00:28 250 a------- c:\windows\gmer.ini
2008-12-06 23:56 <DIR> --d----- C:\ToolBar SD
2008-12-06 21:54 <DIR> --d----- c:\programdata\Lavasoft
2008-12-06 21:04 1,505,792 a------- c:\windows\system32\tquery.dll
2008-12-06 21:03 860,160 a------- c:\windows\system32\WerFaultSecure.exe
2008-12-06 21:02 506,880 a------- c:\windows\system32\MSMPEG2ENC.DLL
2008-12-06 21:01 1,329,152 a------- c:\windows\system32\WMSPDMOE.DLL
2008-12-06 21:00 150 a------- c:\windows\system32\RacUREx.xml
2008-12-06 21:00 145,455 a------- c:\windows\system32\perfmon.msc
2008-12-06 21:00 599,552 a------- c:\windows\system32\vsp1cln.exe
2008-12-06 21:00 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-06 20:59 357,888 a------- c:\windows\system32\wbemcomn.dll
2008-12-06 20:59 129,536 a------- c:\windows\system32\sqmapi.dll
2008-12-06 20:59 704,512 a------- c:\windows\system32\SmiEngine.dll
2008-12-06 20:59 139,264 a------- c:\windows\system32\SmiInstaller.dll
2008-12-06 20:59 218,624 a------- c:\windows\system32\wdscore.dll
2008-12-06 20:59 130,560 a------- c:\windows\system32\PkgMgr.exe
2008-12-06 20:58 246,784 a------- c:\windows\system32\drvstore.dll
2008-12-06 20:58 305,152 a------- c:\windows\system32\msdelta.dll
2008-12-06 20:58 258,560 a------- c:\windows\system32\dpx.dll
2008-12-06 20:58 35,328 a------- c:\windows\system32\mspatcha.dll
2008-12-06 20:08 <DIR> --d----- c:\windows\system32\uXPi02
2008-12-06 18:34 <DIR> --d----- c:\windows\system32\RS4
2008-12-06 17:58 <DIR> --d----- C:\VundoFix Backups
2008-12-06 17:21 <DIR> --d----- c:\temp\DIV55
2008-12-06 15:45 <DIR> --d----- C:\PerfLogs
2008-12-06 14:52 <DIR> --d----- C:\7dbac67deba88655a43e5526a8d3
2008-12-06 04:11 <DIR> --d----- C:\Downloads
2008-12-06 04:11 <DIR> --d----- C:\Bases
2008-12-06 04:10 <DIR> --d----- C:\Kaspersky
2008-12-05 20:17 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-12-05 20:17 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-05 20:17 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-12-05 20:06 112,356 a------- c:\users\laura\csrss.exe
2008-11-26 18:09 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 18:09 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-11-26 18:09 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-11-26 18:09 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-26 18:09 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-26 18:09 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-26 18:09 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-23 16:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-11-23 16:35 83,456 a------- c:\windows\system32\wudriver.dll
2008-11-23 16:35 162,064 a------- c:\windows\system32\wuwebv.dll
2008-11-23 16:35 31,232 a------- c:\windows\system32\wuapp.exe
2008-11-22 13:26 <DIR> --d----- c:\program files\MSECache
2008-11-16 13:15 179,712 a------- c:\users\laura\gif.exe
2008-11-11 21:13 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-11 21:13 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-11-11 21:13 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-11-11 21:10 1,470,822 a------- c:\windows\system32\PerfStringBackup.INI
==================== Find3M ====================
2008-12-06 22:55 669,578 a------- c:\windows\system32\perfh00C.dat
2008-12-06 22:55 123,556 a------- c:\windows\system32\perfc00C.dat
2008-12-06 22:54 174 a--sh--- c:\program files\desktop.ini
2008-12-06 22:52 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-06 22:52 86,016 a------- c:\windows\inf\infstor.dat
2008-12-06 22:52 86,016 a------- c:\windows\inf\infpub.dat
2008-12-06 22:44 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-06 21:23 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-12-06 21:23 82,432 a------- c:\windows\system32\axaltocm.dll
2008-11-05 08:26 79,360 a------- c:\users\laura\index.exe
2008-10-02 04:49 827,392 a------- c:\windows\system32\wininet.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-18 06:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 06:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 03:16 2,032,640 a------- c:\windows\system32\win32k.sys
2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-03 18:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-03-03 18:51 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-03-03 18:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-07-31 18:56 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-07-31 18:56 32,768 a--sh--- c:\windows\temp\fichiers internet temporaires\content.ie5\index.dat
2007-07-31 18:56 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
============= FINISH: 1:14:20,19 ===============
PS: MERCI MERCI MERCI!! 
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Il va te demander d'installer la console de récupération : accepte.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
ComboFix 08-12-06.06 - laura 2008-12-07 12:16:35.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1112 [GMT 1:00]
Lancé depuis: c:\users\laura\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\users\laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\users\laura\csrss.exe
c:\windows\system32\pac.txt
c:\windows\system32\uXPi02
c:\windows\system32\uXPi02\uXPi022328.exe
c:\windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
.
2008-12-07 00:28 . 2008-12-07 00:28 250 --a------ c:\windows\gmer.ini
2008-12-06 23:56 . 2008-12-06 23:57 <REP> d-------- C:\ToolBar SD
2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\users\All Users\Lavasoft
2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\programdata\Lavasoft
2008-12-06 21:03 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-06 21:02 . 2008-01-19 08:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
2008-12-06 21:01 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-06 21:00 . 2008-01-19 08:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2008-12-06 21:00 . 2008-01-05 12:31 145,455 --a------ c:\windows\System32\perfmon.msc
2008-12-06 21:00 . 2008-01-05 12:39 150 --a------ c:\windows\System32\RacUREx.xml
2008-12-06 21:00 . 2008-01-05 12:31 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-06 20:59 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-06 20:59 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-06 20:59 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-06 20:59 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-06 20:59 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-06 20:59 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-06 20:58 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-06 20:58 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-06 20:58 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-06 20:58 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-06 18:34 . 2008-12-06 18:35 <REP> d-------- c:\windows\System32\RS4
2008-12-06 17:58 . 2008-12-06 17:58 <REP> d-------- C:\VundoFix Backups
2008-12-06 15:45 . 2008-12-06 15:45 <REP> d-------- C:\PerfLogs
2008-12-06 14:52 . 2008-12-06 19:04 <REP> d-------- C:\7dbac67deba88655a43e5526a8d3
2008-12-06 04:11 . 2008-12-06 04:19 <REP> d-------- C:\Downloads
2008-12-06 04:11 . 2008-12-06 04:20 <REP> d-------- C:\Bases
2008-12-06 04:10 . 2008-12-06 04:20 <REP> d-------- C:\Kaspersky
2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-05 20:17 . 2008-12-06 23:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-26 18:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 18:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 18:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 18:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 18:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 18:09 . 2008-01-19 08:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 18:09 . 2008-01-19 08:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-23 16:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 16:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 16:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 16:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 16:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 16:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 16:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 16:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 16:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-22 13:26 . 2008-11-22 13:26 <REP> d-------- c:\program files\MSECache
2008-11-16 13:15 . 2008-12-06 20:29 179,712 --a------ c:\users\laura\gif.exe
2008-11-11 21:13 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 21:13 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 21:13 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 21:10 . 2008-12-07 07:42 1,470,822 --a------ c:\windows\System32\PerfStringBackup.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 21:54 174 --sha-w c:\program files\desktop.ini
2008-12-06 21:45 --------- d-----w c:\program files\Windows Sidebar
2008-12-06 21:45 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-06 21:45 --------- d-----w c:\program files\Windows Mail
2008-12-06 21:45 --------- d-----w c:\program files\Windows Journal
2008-12-06 21:45 --------- d-----w c:\program files\Windows Defender
2008-12-06 21:45 --------- d-----w c:\program files\Windows Collaboration
2008-12-06 21:45 --------- d-----w c:\program files\Windows Calendar
2008-12-06 20:23 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-06 20:23 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-06 19:20 --------- d-----w c:\program files\Yahoo!
2008-11-26 02:01 --------- d-----w c:\programdata\Microsoft Help
2008-11-22 12:23 --------- d-----w c:\program files\Common Files\Adobe
2008-11-05 07:26 79,360 ----a-w c:\users\laura\index.exe
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-03 17:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled
ecryption
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-05 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1960b9a4-ae3f-11dd-b598-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3304f14c-ec28-11dc-9b38-0016d46a96cd}]
\shell\AutoRun\command - F:\EmDesk.exe
\shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3712cf5e-8699-11dd-ae8c-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483c5279-0072-11dc-bcfb-0016d46a96cd}]
\shell\Auto\command - E:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594a5c09-b6e1-11dd-b2a4-0016d46a96cd}]
\shell\Auto\command - G:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e71f84e-fc09-11db-baf6-0016d46a96cd}]
\shell\Auto\command - E:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{997eca06-c1da-11dd-9a3a-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac35f225-a779-11dd-af04-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e65fd938-a33e-11dc-ab8c-0016d46a96cd}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e823854f-0456-11dc-9bf2-0016d46a96cd}]
\shell\AutoRun\command - F:\6l6w8.com
\shell\explore\Command - F:\6l6w8.com
\shell\open\Command - F:\6l6w8.com
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-LSA Shellu - c:\users\laura\lsass.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 12:19:41
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-12-07 12:21:20
ComboFix-quarantined-files.txt 2008-12-07 11:21:17
Avant-CF: 42 648 465 408 octets libres
Après-CF: 42,555,404,288 octets libres
224 --- E O F --- 2008-12-06 20:26:25
Re,
1) Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer"
2)
- Télécharge UsbFix (de Chiquitine29) sur ton Bureau.
- Lance l'installation avec les paramètres par défaut.
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
- Double-clique sur le raccourci UsbFix sur ton Bureau.
- Choisis l'option Nettoyage.
- Le PC va redémarrer.
- Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
3) Refais un scan avec combofix et poste-moi le nouveau rapport que tu obtiens.
Bon alors j'ai bien tout suivi mais impossible de trouver le rapport lors du redémarrage de l'ordinateur... 
J'ai donc relancé UsbFix et j'ai trouvé (non sans difficulté), au redémarrage, le seul fichier texte qui pourrait éventuellement correspondre: "Changelog UsbFix.txt" mais c'est bizarre pcq'il me dit qu'il a été crée le 1er décembre et modifié le 6 décembre alors que je n'avais encore rien installé...
Enfin bref je transmets ce qu'il y a dans ce document:
Changelog UsbFix établit le 2 decembre 2008
outils créé par Chiquitine29 , aide aux mises a jours -> Chimay8
>>>>>>in "ProgramFiles"<<<<<<<<<
Internet Explorer\Connection Wizard\icwconn1\rada
Internet Explorer\Connection Wizard\icwconn1\rade
Internet Explorer\Connection Wizard\icwconn1\radf
Internet Explorer\Connection Wizard\icwconn1\rad5
Internet Explorer\Connection Wizard\icwconn1\rad0
Internet Explorer\Connection Wizard\icwconn1\rad9
Internet Explorer\Connection Wizard\icwconn1\rad4
Internet Explorer\Connection Wizard\icwconn1\rad1
Internet Explorer\Connection Wizard\icwconn1
Movie Maker\explorer.exe
Internet Explorer\explorer.exe
>>>>>>in "Windows"<<<<<<<<<
autorun.inf
autorun.exe
autorun.vbs
autorun.reg
autorun.ini
autorun.fcb
autorun.bat
autorun.com
AdobeR.exe
Alecks.vbs
bittorrent.exe
cmd32.exe
CwbRmDir.bat
Fonts\Fonts.exe
FS6519.dll.vbs
funny.exe
GMOGLFEO.exe
hiqalowo.inf
icapy.scr
ilezyvu.bin
Lany.vbs
lumy.exe
manulopa.reg
MS32DLL.dll.vbs
MyMP3.vbs
nar.vbs
osok.inf
osotilasiq.pif
oxafa.com
qobo.dat
rundll32.vbe
sleep.vbe
SysRes.vbs
takice.lib
tusoha.exe
unahafiwik.exe
waol.exe
waziqepehi.ban
WillPolo.vbs
Win32DLL.vbs
win.vbe
window.exe
wyzeha.com
xcopy.exe
yjilu.inf
ylacupyb.dll
RECYCLER\systems.com
temp\039.tmp
>>>>>>in "Windows\system32"<<<<<<<<<
agucuri.vbs
ahr.exe
Alecks.vbs
antinul.vbe
amvo.exe
amvo0.dll
amvo1.dll
amvo2.dll
autorun.bat
Autorun.com
autorun.exe
autorun.fcb
autorun.inf
autorun.ini
autorun.reg
autorun.vbs
Autoruns.exe
avpo.exe
avpo0.dll
avpo1.dll
Bitkvo.exe
Bitkv0.dll
Bitkv1.dll
cftmonn.exe
Christina.jpg
Christina.vbs
ckvo.exe
ckvo0.dll
ckvo1.dll
ckvo2.dll
cradle_of_filth.vbe
delself.bat
FS6519.dll.vbs
GMOGLFEO.exe
icf.exe.exe
ie.exe
jvvo.exe
jvvo0.dll
jvvo1.dll
jvvo2.dll
jvvo3.dll
j3ewro.exe
jwedsfdo0.dll
jwedsfdo1.dll
jwedsfdo2.dll
jwedsfdo3.dll
jxnraqjxg.exe
kavo.exe
kamsoft.exe
kav0.dll
kav1.dll
kav2.dll
kav3.dll
kavo0.dll
kavo1.dll
kavo2.dll
kavo3.dll
kdkfm.exe
KEYBOARD.exe
keygen.exe
kulitut.bat
kulitut.vbs
kxvo.exe
kxvo0.dll
kxvo1.dll
kxvo2.dll
kxvo3.dll
lExplore.exe
loader.exe
logoneui.exe
LOVE-LETTER-FOR-YOU.HTM
LOVE-LETTER-FOR-YOU.TXT.vbs
msfun80.exe
msime82.exe
MSKernel32.vbs
ne0kS.dll.wsf
ne0kS.exe
OeApi.vbs
pubnet.vbs
rs32net.exe
SemiAntiVirus.vbs
Sexy Girls.scr
SpiderH.bmp
SpiderH.jpeg
SpiderH.vbs
sys.vbs
Syso.vbs
SysRes.vbs
syx.exe
taso.exe
tavo.exe
tavo0.dll
tavo1.dll
tavo2.dll
tavo3.dll
temp1.exe
temp2.exe
temp?.exe
text.txt
Ecran.exe
THe Girls
tmp.reg
tmp.txt
t.txt
vb@dock.vbs
vl@dock.vbs
Win32.vbs
winudp64.exe
dllcache\Default.exe
>>>>>>in "Windows\system32\drivers"<<<<<<<<<
._Sanaa style-1 les formes.exe
0hct8ybw.exe
1ere partie du projet modifier.exe
abdelali lahrach.exe
Analyse transactionnelle.exe
AutoRun.exe
Bernoulli01215.exe"
Cahiers français Quels modes de financement pour les entreprises - La Documentation française.exe
Copie de Devoir I.exe
e-ticket Juba Paris.exe
fdfp2.exe
fihi ghizlane Rapport de stage.exe
graphic.exe
intel.exe
isew32.exe
kheireddine.exe
le_cadeau_du_sud(1).exe
LEADERSHIP SKILLS FINAL.exe
lettre de motivation.exe
MSDS.exe
Note.exe
PREMIER CHAPITRE modifié.exe
Raila Odinga.exe
Rapport NADIA.exe
spectro_masse1.exe
td de reacteur.exe
these-223.exe
xyw9tmdj.exe
>>>>>>in "Documents and Settings"<<<<<<<<<
tazebama.dl_
hook.dl_
>>>>>>in "appdata"<<<<<<<<<
fetomiv.vbs
gumugy.vbs
jicapikase.vbs
mobyhikaja.vbs
nebohozi.com
orimuwy.exe
sidymyvig.vbs
tazebama\tazebama.log
tazebama\zPharaoh.dat
tazebama
>>>>>>in "Temp files"<<<<<<<<<
1.reg
2.dll
6257890.exe
fq9.dll
help.exe
help1.rar
inst.exe
system.dll
w2e.sys
winhqqo.exe
wintoift.exe
xhjb.dll
xxx6042.exe
zb5ok.dll
>>>>>>in "All Drives"<<<<<<<<<
._autorun.inf
autorun.inf
autorun.ini
autorun.reg
autorun.bat
autorun.vbs
autorun2.inf
autosys.exe
00hoeav.com
096.bat
0gjn3yw.exe
0qx0sc6.bat
0tmhoc.cmd
0u.cmd
0w.com
0wk2.cmd
108i.cmd
1aq1obb.bat
1bbvq96y.com
1dg.exe
1i.com
1nkbd8h.bat
1rfw8hjr.com
1u0o8bnq.cmd
1weicxa.com
1XXEC.exe
22xo.exe
2ifetri.cmd
2y8la.exe
30ed3.exe
33gmhso.bat
39lpji.com
3o.exe
3wcxx91.cmd
3xXx31.exe
4vzjaw3o.sys
62oop0ak.bat
68.exe
6tkoyhx.cmd
6x8be16.cmd
8e9gmih.bat
8ng8w.com
93vx0c.com
9yqusig.bat
22wcb21o.exe
31n3b2h.exe
39lpji.com
80avp08.com
82r9.cmd
83fgj.com
83l3v.cmd
8df.exe >
8h3hh3m.exe
8tss2gwq.bat
90imhpnc.exe
92j11sm.com
9es.com
a1.bat
a9.com
abk.bat
activexdebugger32.exe
Administrateur_Fichiers.exe
admp.exe
adobeR.exe
Akon.exe
Alecks.vbs
antihost.exe
antinul.vbe
aoutfq.exe
ar.exe
Atisetup.exe
auto.exe
autorum.exe
AutoRun\Demo.exe
autorun.exe
autorun.pif
autoruns.exe
AutoScr.exe
ay8p6v3.cmd
Ayame.exe
b3b9u.com
bicsxk03.com
bittorrent.exe
bndafai.exe
bo1dhu.bat
bobm.exe
boot.exe
bootin.exe
bplrl98.cmd
buis.exe
bwpncb6.com
bxuup9r.bat
c18vk.exe
c9.com
c9hehpa.bat
camp.exe
cayfq2.cmd
cd8idoyl.com
cdr.exe
ceb6eu98.bat
cekbru.pif
clear.bat
ClickMe.exe
cftmonn.exe
cfv90h.com
Christina.vbs
cjq.exe
commands.txt
comment.htt
copetttt.com
copy.exe
cradle_of_filth.vbe
cqdis.cmd
cvqkuk.exe
d3bn0j.exe
ddyikr.cmd
delautorun.bat
DFD34719171.bat
DFD34719375.bat
DFD34719609.bat
DFD34723328.bat
DFD34723375.bat
DFD34723781.bat
DFD34724390.bat
DFD34719609.bat
DFD34724531.bat
DFD34724656.bat
DFD34725125.bat
DFD34725218.bat
DFD34726312.bat
DFD34724390.bat
DFD34726328.bat
DFD34729609.bat
DFD34730531.bat
DFD34730937.bat
DFD34734937.bat
DFD34739859.bat
DFD34741421.bat
DFD34741734.bat
DFD34741843.bat
DFD*.bat
dhv2u8.cmd
DPFMate.exe
dstart.exe
dtqlv.exe
dynrn6e.cmd
e898.com
e9ehn1m8.com
eb9ehyh.exe
Ecran.exe
ek.com
ekf6dbg0.com
ekugb3.bat
erdeIect.com
esta ig.vbs
ev60a2.cmd
explorer.exe
exqmmle.exe
f0.cmd
f2ir.com
fe.bat
ffojc.com
fi.cmd
FLIPART.EXE
folder.exe
Folder.htt
fooool.exe
Form5.exe
forSV.exe
FS6519.dll.vbs
fucker.vbs
fun.xls.exe
g2p3s.exe
g2pfnid.com
g83816.com
gdmae.bmp
Ghost.pif
gkyzcijfb.exe
GMOGLFEO.exe
gqsk.bat
graphic.exe
gsxlexd.cmd
gxlxknou.exe
gy.cmd
h0s2.bat
h2.com
hfhludy.exe
hgu.bat
hni.cmd
host.exe
hsomklg.exe
hxt9.bat
i0.cmd
i8.cmd
ie.exe
igxv.cmd
ij.bat
ilpg9ejd.com
info.exe
infrom.exe
ino6.com
install.exe
intel.exe
intro.exe
ipy.cmd
iq0ecwcj.cmd
lsass.exe
itsduel.exe
iwjj.com
j4c8t8b5l3a6.exe
j8q8d.cmd
jbfqv8j.cmd
jdhc2x2.com
jdwx.exe
jfjsipw.exe
jfvkcsy.bat
jiwsxh39.exe
JJJ.exe
Jojo.exe
jwwgtuh.exe
jxnraqjxg.exe
jxpiinstall.exe
k6wkwon2.exe
ka1nk.bat
kaq86asx.bat
kayira.bat
kbqbptn.exe
kdkfm.exe
kdy.cmd
kfmyoc.pif
khbph.exe
killVBS.vbs
kk3.bat
KM.exe
kmd.exe
kn6jhgc.cmd
kqnns.exe
kqsr.exe
krg62.cmd
kulitut.bat
kulitut.vbs
kxax.cmd
l2f.cmd
l9dwu8.bat
lExplore.exe
lgcadwx.bat
lgrncie.bat
lky.exe
ln9.exe
lo.exe
loader.exe
logoneui.exe
Long.exe
LOVE.PIF
ltljrg.exe
lumy.exe
lurjlnps.exe
lvxvo1xg.cmd
m1t8ta.com
m9j.com
mail.exe
manulopa.reg
mcxa.exe
Menu.exe
mgjpcfdg.cm
mnl6on3.com
mp.bat
mp.cmd
mp.com
Movie1.exe
mrsne.bat
MS-DOS.com
MS32DLL.dll.vbs
MSd040.vbs
MSdC64.vbs
MSdFB7.vbs
MSd141.vbs
MSd191.vbs
MSd49A.vbs
MSdE78.vbs
MSd*.vbs
mshta.exe
MSKernel32.vbs
muniu.exe
MyMP3.vbs
n1detect.com
n2de.cmd
n6j.com
n6j6pc0.com
n6t1h.cmd
nansy ajram.vbs
nar.vbs
ne0kS.exe
nemesis.exe
nemesis.inf
nfdmg.com
nideiect.com
niu.exe
njibyekk.com
nl.com
nncu6kk.com
NoLimit.exe
np.exe
nq0cq.cmd
nqvarn.pif
nriljal.exe
ntde1ect.com
ntdelect.com
nq.bat
nq0cq.cmd
nqgcd.com
nsv.bat
nw0t1l0d.exe
o2yf0w.bat
o9o2u.bat
o6opnro.bat
OeApi.vbs
oegbi.exe
ogcikeq.com
oka3yrf.bat
oq.cmd
oskkofa.exe
osotilasiq.pif
osy3.sys
otyh.cmd
oufddh.exe
oxafa.com
p3r1ud.exe
p83gjy.exe
p9.exe
pa39xth.cmd
pagefile.pif
pbwkwj.com
pefbutr.exe
pkxfkrki.bat
ph.com
phgr1j.bat
phim_nguoi_lon.exe
pnc.exe
prhyper.exe
psqrhqn.exe
pxka.exe
q3v.com
q83iwmgf.bat
q8sywiva.cmd
qcwpung.exe
qd.cmd
qjfl.exe
qkarc.exe
qquq.bat
qqzjnhuoi.exe
qpe6.com
qobo.dat
qrkugxtw.exe
qxbx9blb.com
r1y1.bat
r2nl.com
r6r.exe
r813.bat
Raila Odinga.exe
Raila Odinga.gif
ranvrgn.exe
ravmon.exe
ravmon.log
ReadMe.exe
RecInfo\RecInfo.exe
Recycle.exe
Recycled\ctfmon.exe
RECYCLED\INFO.exe
Recycled.exe
RECYCLER\Lock Folder.exe
RECYCLER\RECYCLER.exe
RECYCLER\*.exe
regxpcom.exe
resycled\boot.com
resycled\ctfmon.exe
revo.exe
rggbw.exe
rjiybg.exe
rn.exe
rombkaewl.exe
rosftpm.exe
rqq2v.bat
rs.cmd
rt.exe
Run.exe
runaut~1\autorun.pif
RunDll32.exe
rxukgcm.exe
s38k.exe
sal.xls.exe
sasyg1y8.com
script.bat
scriptlo.txt
scvhosts.exe
sdcvhost.exe
SemiAntiVirus.vbs
smkjd.cmd
smss.exe
semo2x.exe
spq.bat
serivces.exe
server.exe
server.inf
Sex City.jpg.wsf
sowar.vbs
SpiderH.vbs
sq.com
sqlserv.exe
SSVICHOSST.exe
stwi.com
svch0st.exe
scvhosts.exe
svdioajm.cmd
sxs.exe
sydp.exe
sys.vbs
Syso.vbs
SysRes.vbs
system.exe
system32.exe
systems.com
systems.exe
t82e2v.cmd
TAE7ESLP.exe
taipingtianguov1.1.exe
takice.lib
tel.xls.exe
temp.bat
temp.exe
temp.temp
temp1.exe
temp2.exe
test.exe
testfile.bat
testflo.bat
tfk8.exe
The_Cars.vbs
THe Girls
tknapl.exe
tknn6.bat
tmf3w3g0.com
TMMDW8LP.exe
Toy.exe
tusoha.exe
tyktjfww.exe
u18vxqle.com
u6k.cmd
u9dyi.exe
udnnnvq.exe
UFO.exe
ufuaugwq.exe
uis.com
uis.exe
um.cmd
un9.cmd
unahafiwik.exe
UnplugDrive.exe
uorys.cmd
update.exe
uqhqx1.cmd
usdeiect.com
userinit.exe
utdetect.com
uxdeiect.com
u?de?ect.com
v2h3.exe
v3pif.bat
VB6FR.DLL
vb@dock.vbs
vfpkkbq.exe
vksucydrh.exe
vl@dock.vbs
vmhr.bat
vmyphd.bat
vva0hc0p.cmd
vxl.exe
w0o.com
w0owgn.bat
w32sys.exe
w3dn9f.bat
waziqepehi.ban
wa6.vbs
Wallpaper.vbs
WallpaperMEHDI.vbs
wfhth.exe
whi.com
WillPolo.vbs
WINDOWS.EXE
Windows.scr
winfile.exe
winglogon.exe
winrun.vbs
winstall.exe
wjlfhtfm.cmd
wol.exe
wsctf.exe
wtbcccq.exe
x0.cmd
XAdeIect.com
xcopy.exe
xfoolavp.com
xih9.cmd
xj.bat
xk2n.bat
xlk9.com
xlu8a8sy.exe
xmnm2.cmd
xn1i9x.com
xnynrnh.exe
xo8wr9.exe
xp19.com
xpbkh.com
xqf.com
xvlyb.exe
xyhav.pif
y82td3td.com
ybj8df.exe
yew.bat
yg.cmd
yjilu.inf
ylacupyb.dl
ylr.exe
yjkjfuo.cmd
yjvmtaa.exe
ynfs9ks.cmd
yssjnngm.cmd
yvmkdwn.exe
zPharaoh.exe
0.cmd
1.cmd
2.cmd
3.cmd
4.cmd
5.cmd
6.cmd
7.cmd
8.cmd
9.cmd
0.bat
1.bat
2.bat
3.bat
4.bat
5.bat
6.bat
7.bat
8.bat
9.bat
0.exe
1.exe
2.exe
3.exe
4.exe
5.exe
6.exe
7.exe
8.exe
9.exe
0.com
1.com
2.com
3.com
4.com
5.com
6.com
7.com
8.com
9.com
0.vbs
1.vbs
2.vbs
3.vbs
4.vbs
5.vbs
6.vbs
7.vbs
8.vbs
9.vbs
a.com
b.com
c.com
d.com
e.com
f.com
g.com
h.com
i.com
j.com
k.com
l.com
m.com
n.com
o.com
p.com
q.com
r.com
s.com
t.com
u.com
v.com
w.com
x.com
y.com
z.com
a.bat
b.bat
c.bat
d.bat
e.bat
f.bat
g.bat
h.bat
i.bat
j.bat
k.bat
l.bat
m.bat
n.bat
o.bat
p.bat
q.bat
r.bat
s.bat
t.bat
u.bat
v.bat
w.bat
x.bat
y.bat
z.bat
a.cmd
b.cmd
c.cmd
d.cmd
e.cmd
f.cmd
g.cmd
h.cmd
i.cmd
j.cmd
k.cmd
l.cmd
m.cmd
n.cmd
o.cmd
p.cmd
q.cmd
r.cmd
s.cmd
t.cmd
u.cmd
v.cmd
w.cmd
x.cmd
y.cmd
z.cmd
a.exe
b.exe
c.exe
d.exe
e.exe
f.exe
g.exe
h.exe
i.exe
j.exe
k.exe
l.exe
m.exe
n.exe
o.exe
p.exe
q.exe
r.exe
s.exe
t.exe
u.exe
v.exe
w.exe
x.exe
y.exe
z.exe
a.vbs
b.vbs
c.vbs
d.vbs
e.vbs
f.vbs
g.vbs
h.vbs
i.vbs
j.vbs
k.vbs
l.vbs
m.vbs
n.vbs
o.vbs
p.vbs
q.vbs
r.vbs
s.vbs
t.vbs
u.vbs
v.vbs
w.vbs
x.vbs
y.vbs
z.vbs
*.dll.vbs
>>Dossiers :
AutoRun
autorun.inf
fsc.tmp
RecInfo
Recycled\Recycled
Recycler\Recycler
resycled
runaut~1
sdlflzoip
>>>>>>"Registry"<<<<<<<<<
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Window Title"=-
"Start Page"=-
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="http://fr.msn.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"fucker"=-
"SysDir"=-
"ms32dll"=-
"cftmonn"=-
"Lany"=-
"Zip"=-
"RavAV"=-
"cmd32"=-
"Install.exe"=-
"FIXEDFON.FON"=-
"MS-RAD0"=-
"MS-RAD1"=-
"MS-RAD2"=-
"MS-RAD3"=-
"MS-RAD4"=-
"MS-RAD5"=-
"MS-RAD6"=-
"MS-RAD7"=-
"MS-RAD8"=-
"MS-RAD9"=-
"MS-RADA"=-
"MS-RADB"=-
"MS-RADC"=-
"MS-RADD"=-
"MS-RADE"=-
"MS-RADF"=-
"MS-RADG"=-
"MS-RADH"=-
"MS-RADI"=-
"MS-RADJ"=-
"MS-RADK"=-
"MS-RADL"=-
"MS-RADM"=-
"MS-RADN"=-
"MS-RADO"=-
"MS-RADP"=-
"MS-RADQ"=-
"MS-RADR"=-
"MS-RADS"=-
"MS-RADT"=-
"MS-RADU"=-
"MS-RADV"=-
"MS-RADW"=-
"MS-RADX"=-
"MS-RADY"=-
"MS-RADZ"=-
" "=-
"winrun.dll"=-
"loader.exe"=-
"recinfo49"=-
"System"=-
"System Updater Machine"=-
"SpiderH"=-
"winudp64.exe"=-
"System12"=-
"System64"=-
"IMJPMIG8.2"=-
"CARPService"=-
"039.tmp"=-
"userd"=-
"nar"=-
"MSKernel32"=-
"WillPolo"=-
"MyMP3"=-
"FS6519"=-
"Windows\SysRes.vbs"=-
"SysRes"=-
"Raila Odinga"=-
"reginit"=-
"lnternet Update"=-
"GMOGLFEO"=-
"WintelUpdate"=-
"Pubnet"=-
"antihost"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
"System Updater Machine"=-
"Win32DLL"=-
"lnternet Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kamsoft"=-
"amva"=-
"kava"=-
"tava"=-
"avpa"=-
"internet_explorer"=-
"anti-virus 2007"=-
"Mp3 player"=-
"kxvo"=-
"EXPLORER.EXE"=-
"wsctf.exe"=-
"loader.exe"=-
"jvvo"=-
"taso"=-
"Avg_AntiHost"=-
"jvsoft"=-
"tasoft"=-
"SpiderH"=-
"MsServer"=-
"MSFox"=-
"msn"=-
"????r"=-
"Windows Update"=-
"Microsoft Debug Manager"=-
"protect_autorun"=-
"Le Petit Robert Hyperappel"=-
"firewall 2008"=-
" "=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
" "=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"test"=-
"Msn"=-
"MsnHost"=-
"MsnLoad"=-
"MsnConvert"=-
"MsnMessendger"=-
"sys"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"=-
"LegalNoticeCaption"=-
"LegalNoticeText"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\NoChangingWallPaper]
-------------------------------------------------------------------------------------------------------------
Mises a jours du 5 decembre 2008
>>>>>>in "All Drives"<<<<<<<<<
6xdgw26.com
6xig.com
8386nac.com
8e.com
8u.com
8uot.exe
arun.exe
asneg.com
bpu.exe
br1e.com
cdwfql2v.com
ceqfqp.bat
cm0.com
d1y36.com
dh66ln.cmd
dpu1.exe
dyr2j6mv.exe
ermvu8.cmd
fblfnthuh.exe
fn20.exe
fufb6tq3.cmd
g2o1n.exe
gx.com
h3hi1k3.exe
i8.com
ivcvknr.bat
jv.exe
kernel32.dll.vbs
kg2v.com
klp8j6i.com
ktnquo.exe
l1.cmd
lp3c.bat
m0g8sqx.cmd
m6dqm2vd.exe
m8wafly.com
m9as2c.cmd
MicrosoftPowerPoint.exe
MSd30D.vbs
msnmsgr_plus.exe
ncyrf.bat
ntdeIect.com
ntnq.exe
ntphyy.com
NTsys.exe
o6pq1n8.com
okhr.exe
ous.exe
ox.cmd
p1f6b.exe
program.exe
qeoc6sj.exe
qwultj1.bat
rcukd.cmd
rdsfk.com
rjx0.exe
rqb0v2ot.bat
scene.exe
Server082.exe
tigi.cmd
uh31.exe
uwlmj.com
uxkktr.cmd
vd91t29.exe
w2qagd.com
welcome.exe
WindowsXP.exe
winsys3.exe
ypjq1.cmd
.MGT_reg32.dll.vbs
achitasin.dll.vbs
autoupdate.dll.vbs
bat32.txt
happy.vbs
ie.vbs
killgodzilla.vbs
maskrider.dll.vbs
maskrider2001.vbs
msiexec.dll.vbs
MsUpdate.sys.vbs
nohack.vbs
RUNDLL64.dll.vbs
setup.dll.vbs
VBRuntime32.dll.vbs
viva.dll.vbs
Win32.dll.vbs
winconfig.dll.vbs
xepet.html
xepet.txt
>>>>>>in "Windows"<<<<<<<<<
.MGT_reg32.dll.vbs
achitasin.dll.vbs
autoupdate.dll.vbs
bat32.txt
boot.ini
happy.vbs
ie.vbs
killgodzilla.vbs
maskrider.dll.vbs
maskrider2001.vbs
msiexec.dll.vbs
MsUpdate.sys.vbs
nohack.vbs
RUNDLL64.dll.vbs
setup.dll.vbs
VBRuntime32.dll.vbs
viva.dll.vbs
Win32.dll.vbs
winconfig.dll.vbs
xepet.html
xepet.txt
>>>>>>in "Windows\system32"<<<<<<<<<
kdyul.exe
gasretyw0.dll
gasretyw1.dll
gasretyw2.dll
gasretyw3.dll
DC4491.DLL
>>>>>>"Registry"<<<<<<<<<
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Winboot"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UC"=-
"r4n694-24y"=-
"kernel32"=-
"MSConfigs"=-
"Microsoft"=-
"MGT_reg"=-
"Winboot"=-
"Winamp"=-
"Macromedia"=-
"WINFIX"=-
"winconfig"=-
"Achitasin"=-
"mcafee"=-
"wscript32dll"=-
"Batch32"=-
"maskrider"=-
"autoupdate"=-
"KILLMS32DLL"=-
"WinExpress"=-
"WinDebugger"=-
"C:\WINDOWS\system32\kdyul.exe"=-
mises a jours du 6 Décembre 2008
>>>>>>in "All Drives"<<<<<<<<<
lgrncie.bat
info.bat
iqosrtk.bat
0oyl662q.cmd
eb.bat
New Folder.exe
Setup_ver1.1779.2.exe
Setup_ver*.exe
>>>>>>in "Windows"<<<<<<<<<
SSVICHOSST.exe
>>>>>>in "Windows\system32"<<<<<<<<<
SSVICHOSST.exe
kdxkt.exe
kdjay.exe
kdwzh.exe
msiconf.exe
>>>>>>"Registry"<<<<<<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"MsUpdate"=-
"C:\WINDOWS\system32\kdxkt.exe"=-
"C:\WINDOWS\system32\kdjay.exe"=-
"C:\WINDOWS\system32\kdwzh.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"msiexec.exe"=-
"Yahoo Messengger"=-
Re,
Tu m'as donné le changelog...
Il n'y a pas un rapport ici C:\UsbFix.txt ?
Passe à l'étape 3.
Mais euhhh pas l'droit de se moquer! Je sais même pas qu'est ce que c'est un changelog... 
Mon ordinateur n'a pas crée de dossier UsbFix sur le disque C et j'ai effectué une recherche sur tout l'ordinateur et il n'y a aucune trace d'un document UsbFix.txt...
Bon sinon j'ai relancé Combofix et voici le rapport émis:
ComboFix 08-12-06.06 - laura 2008-12-07 13:26:08.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1192 [GMT 1:00]
Lancé depuis: c:\users\laura\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
.
2008-12-07 12:42 . 2008-12-07 12:42 <REP> d-------- c:\program files\UsbFix
2008-12-07 12:42 . 2008-12-07 12:42 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-07 00:28 . 2008-12-07 00:28 250 --a------ c:\windows\gmer.ini
2008-12-06 23:56 . 2008-12-06 23:57 <REP> d-------- C:\ToolBar SD
2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\users\All Users\Lavasoft
2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\programdata\Lavasoft
2008-12-06 21:03 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-06 21:02 . 2008-01-19 08:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
2008-12-06 21:01 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-06 21:00 . 2008-01-19 08:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2008-12-06 21:00 . 2008-01-05 12:31 145,455 --a------ c:\windows\System32\perfmon.msc
2008-12-06 21:00 . 2008-01-05 12:39 150 --a------ c:\windows\System32\RacUREx.xml
2008-12-06 21:00 . 2008-01-05 12:31 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-06 20:59 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-06 20:59 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-06 20:59 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-06 20:59 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-06 20:59 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-06 20:59 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-06 20:58 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-06 20:58 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-06 20:58 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-06 20:58 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-06 18:34 . 2008-12-06 18:35 <REP> d-------- c:\windows\System32\RS4
2008-12-06 17:58 . 2008-12-06 17:58 <REP> d-------- C:\VundoFix Backups
2008-12-06 15:45 . 2008-12-06 15:45 <REP> d-------- C:\PerfLogs
2008-12-06 14:52 . 2008-12-06 19:04 <REP> d-------- C:\7dbac67deba88655a43e5526a8d3
2008-12-06 04:11 . 2008-12-06 04:19 <REP> d-------- C:\Downloads
2008-12-06 04:11 . 2008-12-06 04:20 <REP> d-------- C:\Bases
2008-12-06 04:10 . 2008-12-06 04:20 <REP> d-------- C:\Kaspersky
2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-05 20:17 . 2008-12-06 23:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-26 18:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 18:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 18:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 18:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 18:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 18:09 . 2008-01-19 08:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 18:09 . 2008-01-19 08:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-23 16:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 16:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 16:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 16:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 16:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 16:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 16:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 16:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 16:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-22 13:26 . 2008-11-22 13:26 <REP> d-------- c:\program files\MSECache
2008-11-16 13:15 . 2008-12-06 20:29 179,712 --a------ c:\users\laura\gif.exe
2008-11-11 21:13 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 21:13 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 21:13 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 21:10 . 2008-12-07 13:00 1,470,822 --a------ c:\windows\System32\PerfStringBackup.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 21:54 174 --sha-w c:\program files\desktop.ini
2008-12-06 21:45 --------- d-----w c:\program files\Windows Sidebar
2008-12-06 21:45 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-06 21:45 --------- d-----w c:\program files\Windows Mail
2008-12-06 21:45 --------- d-----w c:\program files\Windows Journal
2008-12-06 21:45 --------- d-----w c:\program files\Windows Defender
2008-12-06 21:45 --------- d-----w c:\program files\Windows Collaboration
2008-12-06 21:45 --------- d-----w c:\program files\Windows Calendar
2008-12-06 20:23 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-06 20:23 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-06 19:20 --------- d-----w c:\program files\Yahoo!
2008-11-26 02:01 --------- d-----w c:\programdata\Microsoft Help
2008-11-22 12:23 --------- d-----w c:\program files\Common Files\Adobe
2008-11-05 07:26 79,360 ----a-w c:\users\laura\index.exe
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-03 17:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-07_12.20.16,41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 11:54:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-07 11:54:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 11:19:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-07 11:55:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-07 11:55:24 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-07 11:19:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-07 12:28:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-07 12:28:10 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-07 06:42:22 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-07 12:00:21 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-07 06:42:22 123,556 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-12-07 12:00:21 123,556 ----a-w c:\windows\System32\perfc00C.dat
- 2008-12-07 06:42:22 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-07 12:00:21 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-07 06:42:22 669,578 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-12-07 12:00:21 669,578 ----a-w c:\windows\System32\perfh00C.dat
- 2008-12-07 06:38:28 12,814 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
+ 2008-12-07 11:55:47 12,990 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
- 2008-12-07 06:38:28 74,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 11:55:47 74,522 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-07 06:38:26 52,428 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 11:55:45 52,672 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-05 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1960b9a4-ae3f-11dd-b598-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3304f14c-ec28-11dc-9b38-0016d46a96cd}]
\shell\AutoRun\command - F:\EmDesk.exe
\shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3712cf5e-8699-11dd-ae8c-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483c5279-0072-11dc-bcfb-0016d46a96cd}]
\shell\Auto\command - E:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594a5c09-b6e1-11dd-b2a4-0016d46a96cd}]
\shell\Auto\command - G:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e71f84e-fc09-11db-baf6-0016d46a96cd}]
\shell\Auto\command - E:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{997eca06-c1da-11dd-9a3a-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac35f225-a779-11dd-af04-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e65fd938-a33e-11dc-ab8c-0016d46a96cd}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e823854f-0456-11dc-9bf2-0016d46a96cd}]
\shell\AutoRun\command - F:\6l6w8.com
\shell\explore\Command - F:\6l6w8.com
\shell\open\Command - F:\6l6w8.com
.
Contenu du dossier 'Tâches planifiées'
2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 13:28:17
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-12-07 13:29:53
ComboFix-quarantined-files.txt 2008-12-07 12:29:51
ComboFix2.txt 2008-12-07 11:21:21
Avant-CF: 42 395 029 504 octets libres
Après-CF: 42,357,846,016 octets libres
240 --- E O F --- 2008-12-06 20:26:25
Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !
Branche tous tes supports amovibles avant de faire cette manip' : clés usb, disques durs externes etc.
Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )
Registry::
|
=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes
- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.
Alors voici le rapport de combofix:
ComboFix 08-12-06.06 - laura 2008-12-07 15:05:12.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1105 [GMT 1:00]
Lancé depuis: c:\users\laura\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\laura\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
F:\6l6w8.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
.
2008-12-07 12:42 . 2008-12-07 12:42 <REP> d-------- c:\program files\UsbFix
2008-12-07 12:42 . 2008-12-07 12:42 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-07 00:28 . 2008-12-07 00:28 250 --a------ c:\windows\gmer.ini
2008-12-06 23:56 . 2008-12-06 23:57 <REP> d-------- C:\ToolBar SD
2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\users\All Users\Lavasoft
2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\programdata\Lavasoft
2008-12-06 21:03 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-06 21:02 . 2008-01-19 08:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
2008-12-06 21:01 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-06 21:00 . 2008-01-19 08:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2008-12-06 21:00 . 2008-01-05 12:31 145,455 --a------ c:\windows\System32\perfmon.msc
2008-12-06 21:00 . 2008-01-05 12:39 150 --a------ c:\windows\System32\RacUREx.xml
2008-12-06 21:00 . 2008-01-05 12:31 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-06 20:59 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-06 20:59 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-06 20:59 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-06 20:59 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-06 20:59 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-06 20:59 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-06 20:58 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-06 20:58 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-06 20:58 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-06 20:58 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-06 18:34 . 2008-12-06 18:35 <REP> d-------- c:\windows\System32\RS4
2008-12-06 17:58 . 2008-12-06 17:58 <REP> d-------- C:\VundoFix Backups
2008-12-06 15:45 . 2008-12-06 15:45 <REP> d-------- C:\PerfLogs
2008-12-06 14:52 . 2008-12-06 19:04 <REP> d-------- C:\7dbac67deba88655a43e5526a8d3
2008-12-06 04:11 . 2008-12-06 04:19 <REP> d-------- C:\Downloads
2008-12-06 04:11 . 2008-12-06 04:20 <REP> d-------- C:\Bases
2008-12-06 04:10 . 2008-12-06 04:20 <REP> d-------- C:\Kaspersky
2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-05 20:17 . 2008-12-06 23:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-26 18:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 18:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 18:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 18:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 18:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 18:09 . 2008-01-19 08:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 18:09 . 2008-01-19 08:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-23 16:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 16:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 16:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 16:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 16:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 16:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 16:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 16:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 16:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-22 13:26 . 2008-11-22 13:26 <REP> d-------- c:\program files\MSECache
2008-11-16 13:15 . 2008-12-06 20:29 179,712 --a------ c:\users\laura\gif.exe
2008-11-11 21:13 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 21:13 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 21:13 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 21:10 . 2008-12-07 13:00 1,470,822 --a------ c:\windows\System32\PerfStringBackup.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 21:54 174 --sha-w c:\program files\desktop.ini
2008-12-06 21:45 --------- d-----w c:\program files\Windows Sidebar
2008-12-06 21:45 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-06 21:45 --------- d-----w c:\program files\Windows Mail
2008-12-06 21:45 --------- d-----w c:\program files\Windows Journal
2008-12-06 21:45 --------- d-----w c:\program files\Windows Defender
2008-12-06 21:45 --------- d-----w c:\program files\Windows Collaboration
2008-12-06 21:45 --------- d-----w c:\program files\Windows Calendar
2008-12-06 20:23 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-06 20:23 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-06 19:20 --------- d-----w c:\program files\Yahoo!
2008-11-26 02:01 --------- d-----w c:\programdata\Microsoft Help
2008-11-22 12:23 --------- d-----w c:\program files\Common Files\Adobe
2008-11-05 07:26 79,360 ----a-w c:\users\laura\index.exe
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-03 17:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Downloads ----
2008-12-06 04:19 99898 --a------ c:\downloads\base157c.avc
2008-12-06 04:19 99878 --a------ c:\downloads\base132c.avc
2008-12-06 04:19 99699 --a------ c:\downloads\base131c.avc
2008-12-06 04:19 99694 --a------ c:\downloads\base032c.avc
2008-12-06 04:19 99651 --a------ c:\downloads\base059c.avc
2008-12-06 04:19 99577 --a------ c:\downloads\base099c.avc
2008-12-06 04:19 99384 --a------ c:\downloads\base136c.avc
2008-12-06 04:19 99337 --a------ c:\downloads\base137c.avc
2008-12-06 04:19 9933 --a------ c:\downloads\base007.avc
2008-12-06 04:19 99260 --a------ c:\downloads\base134c.avc
2008-12-06 04:19 99240 --a------ c:\downloads\base091c.avc
2008-12-06 04:19 98982 --a------ c:\downloads\ext002c.avc
2008-12-06 04:19 98973 --a------ c:\downloads\base138c.avc
2008-12-06 04:19 98936 --a------ c:\downloads\base033c.avc
2008-12-06 04:19 987 --a------ c:\downloads\base113.avc
2008-12-06 04:19 98658 --a------ c:\downloads\base048c.avc
2008-12-06 04:19 98591 --a------ c:\downloads\ext008c.avc
2008-12-06 04:19 98364 --a------ c:\downloads\base130c.avc
2008-12-06 04:19 9834 --a------ c:\downloads\krngen.avc
2008-12-06 04:19 98274 --a------ c:\downloads\base141c.avc
2008-12-06 04:19 98258 --a------ c:\downloads\base087c.avc
2008-12-06 04:19 98220 --a------ c:\downloads\base135c.avc
2008-12-06 04:19 98209 --a------ c:\downloads\base152c.avc
2008-12-06 04:19 98183 --a------ c:\downloads\base151c.avc
2008-12-06 04:19 98160 --a------ c:\downloads\base110c.avc
2008-12-06 04:19 97514 --a------ c:\downloads\base139c.avc
2008-12-06 04:19 96740 --a------ c:\downloads\base088c.avc
2008-12-06 04:19 96652 --a------ c:\downloads\base156c.avc
2008-12-06 04:19 96547 --a------ c:\downloads\base115c.avc
2008-12-06 04:19 96220 --a------ c:\downloads\base084c.avc
2008-12-06 04:19 96157 --a------ c:\downloads\base149c.avc
2008-12-06 04:19 95993 --a------ c:\downloads\base147c.avc
2008-12-06 04:19 95808 --a------ c:\downloads\base146c.avc
2008-12-06 04:19 95699 --a------ c:\downloads\base037c.avc
2008-12-06 04:19 94687 --a------ c:\downloads\base162c.avc
2008-12-06 04:19 94338 --a------ c:\downloads\base086c.avc
2008-12-06 04:19 94206 --a------ c:\downloads\base092c.avc
2008-12-06 04:19 9397 --a------ c:\downloads\base148.avc
2008-12-06 04:19 93804 --a------ c:\downloads\base018c.avc
2008-12-06 04:19 93714 --a------ c:\downloads\base145c.avc
2008-12-06 04:19 93361 --a------ c:\downloads\base023c.avc
2008-12-06 04:19 932 --a------ c:\downloads\base119.avc
2008-12-06 04:19 929 --a------ c:\downloads\base072.avc
2008-12-06 04:19 92825 --a------ c:\downloads\base142c.avc
2008-12-06 04:19 91208 --a------ c:\downloads\base144c.avc
2008-12-06 04:19 90605 --a------ c:\downloads\base013c.avc
2008-12-06 04:19 90230 --a------ c:\downloads\base010c.avc
2008-12-06 04:19 89866 --a------ c:\downloads\base019c.avc
2008-12-06 04:19 89407 --a------ c:\downloads\base015c.avc
2008-12-06 04:19 892 --a------ c:\downloads\base046.avc
2008-12-06 04:19 89030 --a------ c:\downloads\unp002.avc
2008-12-06 04:19 88777 --a------ c:\downloads\base011c.avc
2008-12-06 04:19 88668 --a------ c:\downloads\base163c.avc
2008-12-06 04:19 88339 --a------ c:\downloads\base020c.avc
2008-12-06 04:19 87846 --a------ c:\downloads\base017c.avc
2008-12-06 04:19 87693 --a------ c:\downloads\base024c.avc
2008-12-06 04:19 87588 --a------ c:\downloads\base016c.avc
2008-12-06 04:19 87046 --a------ c:\downloads\base012c.avc
2008-12-06 04:19 87031 --a------ c:\downloads\base143c.avc
2008-12-06 04:19 86499 --a------ c:\downloads\base009c.avc
2008-12-06 04:19 86489 --a------ c:\downloads\base079c.avc
2008-12-06 04:19 86276 --a------ c:\downloads\ext009c.avc
2008-12-06 04:19 8566 --a------ c:\downloads\base006.avc
2008-12-06 04:19 85606 --a------ c:\downloads\krnexe32.avc
2008-12-06 04:19 8550 --a------ c:\downloads\base037.avc
2008-12-06 04:19 85277 --a------ c:\downloads\base148c.avc
2008-12-06 04:19 85276 --a------ c:\downloads\base158c.avc
2008-12-06 04:19 85193 --a------ c:\downloads\base021c.avc
2008-12-06 04:19 85154 --a------ c:\downloads\base014c.avc
2008-12-06 04:19 847 --a------ c:\downloads\base055.avc
2008-12-06 04:19 83852 --a------ c:\downloads\base022c.avc
2008-12-06 04:19 834 --a------ c:\downloads\ext009.avc
2008-12-06 04:19 831 --a------ c:\downloads\base125.avc
2008-12-06 04:19 828 --a------ c:\downloads\base153.avc
2008-12-06 04:19 827 --a------ c:\downloads\base052.avc
2008-12-06 04:19 822 --a------ c:\downloads\base121.avc
2008-12-06 04:19 81905 --a------ c:\downloads\base026c.avc
2008-12-06 04:19 818 --a------ c:\downloads\base129.avc
2008-12-06 04:19 79949 --a------ c:\downloads\base038c.avc
2008-12-06 04:19 789 --a------ c:\downloads\base116.avc
2008-12-06 04:19 78711 --a------ c:\downloads\base102c.avc
2008-12-06 04:19 7669 --a------ c:\downloads\base095.avc
2008-12-06 04:19 76677 --a------ c:\downloads\unp016.avc
2008-12-06 04:19 7589 --a------ c:\downloads\base088.avc
2008-12-06 04:19 75678 --a------ c:\downloads\unp007.avc
2008-12-06 04:19 75618 --a------ c:\downloads\base105c.avc
2008-12-06 04:19 7527 --a------ c:\downloads\base156.avc
2008-12-06 04:19 7466 --a------ c:\downloads\base110.avc
2008-12-06 04:19 74596 --a------ c:\downloads\avp.klb
2008-12-06 04:19 74586 --a------ c:\downloads\base103c.avc
2008-12-06 04:19 74339 --a------ c:\downloads\base100c.avc
2008-12-06 04:19 7425 --a------ c:\downloads\base115.avc
2008-12-06 04:19 7423 --a------ c:\downloads\smart.avc
2008-12-06 04:19 74056 --a------ c:\downloads\base107c.avc
2008-12-06 04:19 739 --a------ c:\downloads\base114.avc
2008-12-06 04:19 734 --a------ c:\downloads\base070.avc
2008-12-06 04:19 72241 --a------ c:\downloads\krn001.avc
2008-12-06 04:19 71405 --a------ c:\downloads\base029c.avc
2008-12-06 04:19 69036 --a------ c:\downloads\unp035.avc
2008-12-06 04:19 68909 --a------ c:\downloads\base027c.avc
2008-12-06 04:19 68409 --a------ c:\downloads\base031c.avc
2008-12-06 04:19 676 --a------ c:\downloads\base047.avc
2008-12-06 04:19 67352 --a------ c:\downloads\base028c.avc
2008-12-06 04:19 67292 --a------ c:\downloads\base030c.avc
2008-12-06 04:19 67194 --a------ c:\downloads\gen005.avc
2008-12-06 04:19 65539 --a------ c:\downloads\base025c.avc
2008-12-06 04:19 655 --a------ c:\downloads\ext002.avc
2008-12-06 04:19 651 --a------ c:\downloads\base158.avc
2008-12-06 04:19 6503 --a------ c:\downloads\base151.avc
2008-12-06 04:19 62952 --a------ c:\downloads\unp019.avc
2008-12-06 04:19 61871 --a------ c:\downloads\base101c.avc
2008-12-06 04:19 617 --a------ c:\downloads\base122.avc
2008-12-06 04:19 6134 --a------ c:\downloads\daily-ec.avc
2008-12-06 04:19 61295 --a------ c:\downloads\unp015.avc
2008-12-06 04:19 60874 --a------ c:\downloads\unp013.avc
2008-12-06 04:19 607 --a------ c:\downloads\base086.avc
2008-12-06 04:19 60131 --a------ c:\downloads\unp010.avc
2008-12-06 04:19 582 --a------ c:\downloads\base069.avc
2008-12-06 04:19 57901 --a------ c:\downloads\unp014.avc
2008-12-06 04:19 57282 --a------ c:\downloads\fa.avc
2008-12-06 04:19 57205 --a------ c:\downloads\base036c.avc
2008-12-06 04:19 57165 --a------ c:\downloads\unp008.avc
2008-12-06 04:19 56859 --a------ c:\downloads\base370c.avc
2008-12-06 04:19 56797 --a------ c:\downloads\base393c.avc
2008-12-06 04:19 56592 --a------ c:\downloads\base357c.avc
2008-12-06 04:19 56427 --a------ c:\downloads\base404c.avc
2008-12-06 04:19 56395 --a------ c:\downloads\base282c.avc
2008-12-06 04:19 56224 --a------ c:\downloads\base332c.avc
2008-12-06 04:19 56199 --a------ c:\downloads\base317c.avc
2008-12-06 04:19 5619 --a------ c:\downloads\base150.avc
2008-12-06 04:19 56068 --a------ c:\downloads\base315c.avc
2008-12-06 04:19 55912 --a------ c:\downloads\base373c.avc
2008-12-06 04:19 55881 --a------ c:\downloads\base401c.avc
2008-12-06 04:19 55832 --a------ c:\downloads\base372c.avc
2008-12-06 04:19 55800 --a------ c:\downloads\base330c.avc
2008-12-06 04:19 55792 --a------ c:\downloads\base316c.avc
2008-12-06 04:19 55757 --a------ c:\downloads\base360c.avc
2008-12-06 04:19 55746 --a------ c:\downloads\base342c.avc
2008-12-06 04:19 55673 --a------ c:\downloads\unp003.avc
2008-12-06 04:19 55637 --a------ c:\downloads\base451c.avc
2008-12-06 04:19 55566 --a------ c:\downloads\base365c.avc
2008-12-06 04:19 55542 --a------ c:\downloads\unp006.avc
2008-12-06 04:19 55509 --a------ c:\downloads\base369c.avc
2008-12-06 04:19 55464 --a------ c:\downloads\base406c.avc
2008-12-06 04:19 55431 --a------ c:\downloads\base325c.avc
2008-12-06 04:19 55391 --a------ c:\downloads\base311c.avc
2008-12-06 04:19 55325 --a------ c:\downloads\base352c.avc
2008-12-06 04:19 55299 --a------ c:\downloads\base341c.avc
2008-12-06 04:19 55284 --a------ c:\downloads\unp042.avc
2008-12-06 04:19 55258 --a------ c:\downloads\base416c.avc
2008-12-06 04:19 55239 --a------ c:\downloads\base313c.avc
2008-12-06 04:19 55225 --a------ c:\downloads\base409c.avc
2008-12-06 04:19 55210 --a------ c:\downloads\base340c.avc
2008-12-06 04:19 55209 --a------ c:\downloads\base309c.avc
2008-12-06 04:19 55111 --a------ c:\downloads\base314c.avc
2008-12-06 04:19 55073 --a------ c:\downloads\base445c.avc
2008-12-06 04:19 55073 --a------ c:\downloads\base408c.avc
2008-12-06 04:19 55028 --a------ c:\downloads\base396c.avc
2008-12-06 04:19 55027 --a------ c:\downloads\base381c.avc
2008-12-06 04:19 55026 --a------ c:\downloads\base328c.avc
2008-12-06 04:19 55022 --a------ c:\downloads\base405c.avc
2008-12-06 04:19 55001 --a------ c:\downloads\base334c.avc
2008-12-06 04:19 54948 --a------ c:\downloads\base318c.avc
2008-12-06 04:19 54942 --a------ c:\downloads\base358c.avc
2008-12-06 04:19 54929 --a------ c:\downloads\base414c.avc
2008-12-06 04:19 54928 --a------ c:\downloads\base400c.avc
2008-12-06 04:19 54912 --a------ c:\downloads\base322c.avc
2008-12-06 04:19 54908 --a------ c:\downloads\base346c.avc
2008-12-06 04:19 54797 --a------ c:\downloads\base363c.avc
2008-12-06 04:19 54795 --a------ c:\downloads\base368c.avc
2008-12-06 04:19 54793 --a------ c:\downloads\base389c.avc
2008-12-06 04:19 54699 --a------ c:\downloads\base327c.avc
2008-12-06 04:19 54661 --a------ c:\downloads\base446c.avc
2008-12-06 04:19 54660 --a------ c:\downloads\base312c.avc
2008-12-06 04:19 5465 --a------ c:\downloads\base033.avc
2008-12-06 04:19 54642 --a------ c:\downloads\base310c.avc
2008-12-06 04:19 54629 --a------ c:\downloads\base407c.avc
2008-12-06 04:19 54573 --a------ c:\downloads\base449c.avc
2008-12-06 04:19 54518 --a------ c:\downloads\base345c.avc
2008-12-06 04:19 54507 --a------ c:\downloads\base397c.avc
2008-12-06 04:19 54463 --a------ c:\downloads\base417c.avc
2008-12-06 04:19 54414 --a------ c:\downloads\base467c.avc
2008-12-06 04:19 54410 --a------ c:\downloads\base333c.avc
2008-12-06 04:19 54385 --a------ c:\downloads\base469c.avc
2008-12-06 04:19 54376 --a------ c:\downloads\unp005.avc
2008-12-06 04:19 54376 --a------ c:\downloads\base411c.avc
2008-12-06 04:19 54326 --a------ c:\downloads\base323c.avc
2008-12-06 04:19 54295 --a------ c:\downloads\base339c.avc
2008-12-06 04:19 54287 --a------ c:\downloads\unp023.avc
2008-12-06 04:19 54286 --a------ c:\downloads\base435c.avc
2008-12-06 04:19 54257 --a------ c:\downloads\base354c.avc
2008-12-06 04:19 54207 --a------ c:\downloads\base319c.avc
2008-12-06 04:19 54180 --a------ c:\downloads\base353c.avc
2008-12-06 04:19 54150 --a------ c:\downloads\base378c.avc
2008-12-06 04:19 54150 --a------ c:\downloads\base324c.avc
2008-12-06 04:19 54148 --a------ c:\downloads\base447c.avc
2008-12-06 04:19 54147 --a------ c:\downloads\base390c.avc
2008-12-06 04:19 54063 --a------ c:\downloads\base410c.avc
2008-12-06 04:19 54028 --a------ c:\downloads\base355c.avc
2008-12-06 04:19 54026 --a------ c:\downloads\base412c.avc
2008-12-06 04:19 54004 --a------ c:\downloads\base359c.avc
2008-12-06 04:19 53957 --a------ c:\downloads\base399c.avc
2008-12-06 04:19 53934 --a------ c:\downloads\base457c.avc
2008-12-06 04:19 53869 --a------ c:\downloads\base321c.avc
2008-12-06 04:19 53792 --a------ c:\downloads\base347c.avc
2008-12-06 04:19 53768 --a------ c:\downloads\ext054c.avc
2008-12-06 04:19 53759 --a------ c:\downloads\base379c.avc
2008-12-06 04:19 53731 --a------ c:\downloads\base450c.avc
2008-12-06 04:19 53709 --a------ c:\downloads\base351c.avc
2008-12-06 04:19 53707 --a------ c:\downloads\unp034.avc
2008-12-06 04:19 53707 --a------ c:\downloads\base364c.avc
2008-12-06 04:19 53694 --a------ c:\downloads\base377c.avc
2008-12-06 04:19 53681 --a------ c:\downloads\base395c.avc
2008-12-06 04:19 53677 --a------ c:\downloads\base418c.avc
2008-12-06 04:19 53595 --a------ c:\downloads\base388c.avc
2008-12-06 04:19 53581 --a------ c:\downloads\base335c.avc
2008-12-06 04:19 53556 --a------ c:\downloads\base436c.avc
2008-12-06 04:19 53541 --a------ c:\downloads\base439c.avc
2008-12-06 04:19 53526 --a------ c:\downloads\base326c.avc
2008-12-06 04:19 53495 --a------ c:\downloads\base367c.avc
2008-12-06 04:19 53390 --a------ c:\downloads\base471c.avc
2008-12-06 04:19 53349 --a------ c:\downloads\base444c.avc
2008-12-06 04:19 53345 --a------ c:\downloads\unp017.avc
2008-12-06 04:19 53273 --a------ c:\downloads\base394c.avc
2008-12-06 04:19 53271 --a------ c:\downloads\base465c.avc
2008-12-06 04:19 53270 --a------ c:\downloads\base383c.avc
2008-12-06 04:19 53269 --a------ c:\downloads\ext051c.avc
2008-12-06 04:19 53265 --a------ c:\downloads\base391c.avc
2008-12-06 04:19 53264 --a------ c:\downloads\base362c.avc
2008-12-06 04:19 53258 --a------ c:\downloads\base403c.avc
2008-12-06 04:19 53152 --a------ c:\downloads\base420c.avc
2008-12-06 04:19 53079 --a------ c:\downloads\base433c.avc
2008-12-06 04:19 53071 --a------ c:\downloads\base164c.avc
2008-12-06 04:19 53056 --a------ c:\downloads\base349c.avc
2008-12-06 04:19 53047 --a------ c:\downloads\base422c.avc
2008-12-06 04:19 52986 --a------ c:\downloads\base419c.avc
2008-12-06 04:19 52982 --a------ c:\downloads\base366c.avc
2008-12-06 04:19 52971 --a------ c:\downloads\base376c.avc
2008-12-06 04:19 52961 --a------ c:\downloads\base361c.avc
2008-12-06 04:19 52951 --a------ c:\downloads\base440c.avc
2008-12-06 04:19 52931 --a------ c:\downloads\base343c.avc
2008-12-06 04:19 52916 --a------ c:\downloads\base452c.avc
2008-12-06 04:19 52869 --a------ c:\downloads\base386c.avc
2008-12-06 04:19 52761 --a------ c:\downloads\unp040.avc
2008-12-06 04:19 52747 --a------ c:\downloads\base448c.avc
2008-12-06 04:19 52699 --a------ c:\downloads\base413c.avc
2008-12-06 04:19 52647 --a------ c:\downloads\base466c.avc
2008-12-06 04:19 52584 --a------ c:\downloads\base384c.avc
2008-12-06 04:19 52557 --a------ c:\downloads\base458c.avc
2008-12-06 04:19 52555 --a------ c:\downloads\base421c.avc
2008-12-06 04:19 52513 --a------ c:\downloads\base437c.avc
2008-12-06 04:19 52482 --a------ c:\downloads\ext060c.avc
2008-12-06 04:19 52461 --a------ c:\downloads\base455c.avc
2008-12-06 04:19 52401 --a------ c:\downloads\base348c.avc
2008-12-06 04:19 52399 --a------ c:\downloads\unp011.avc
2008-12-06 04:19 52397 --a------ c:\downloads\base375c.avc
2008-12-06 04:19 52336 --a------ c:\downloads\base336c.avc
2008-12-06 04:19 52296 --a------ c:\downloads\base350c.avc
2008-12-06 04:19 52247 --a------ c:\downloads\base166c.avc
2008-12-06 04:19 52224 --a------ c:\downloads\base344c.avc
2008-12-06 04:19 52220 --a------ c:\downloads\base424c.avc
2008-12-06 04:19 52212 --a------ c:\downloads\base392c.avc
2008-12-06 04:19 52175 --a------ c:\downloads\base320c.avc
2008-12-06 04:19 52154 --a------ c:\downloads\base174c.avc
2008-12-06 04:19 52151 --a------ c:\downloads\base218c.avc
2008-12-06 04:19 52137 --a------ c:\downloads\base387c.avc
2008-12-06 04:19 52083 --a------ c:\downloads\base197c.avc
2008-12-06 04:19 52074 --a------ c:\downloads\base173c.avc
2008-12-06 04:19 52063 --a------ c:\downloads\base454c.avc
2008-12-06 04:19 52059 --a------ c:\downloads\base380c.avc
2008-12-06 04:19 52044 --a------ c:\downloads\base425c.avc
2008-12-06 04:19 52033 --a------ c:\downloads\base423c.avc
2008-12-06 04:19 52022 --a------ c:\downloads\base459c.avc
2008-12-06 04:19 52021 --a------ c:\downloads\base441c.avc
2008-12-06 04:19 52013 --a------ c:\downloads\base216c.avc
2008-12-06 04:19 51951 --a------ c:\downloads\base456c.avc
2008-12-06 04:19 51921 --a------ c:\downloads\base429c.avc
2008-12-06 04:19 51906 --a------ c:\downloads\base165c.avc
2008-12-06 04:19 51902 --a------ c:\downloads\base398c.avc
2008-12-06 04:19 51845 --a------ c:\downloads\ext055c.avc
2008-12-06 04:19 51793 --a------ c:\downloads\base203c.avc
2008-12-06 04:19 51782 --a------ c:\downloads\base172c.avc
2008-12-06 04:19 51739 --a------ c:\downloads\base468c.avc
2008-12-06 04:19 51738 --a------ c:\downloads\base211c.avc
2008-12-06 04:19 51700 --a------ c:\downloads\base190c.avc
2008-12-06 04:19 51665 --a------ c:\downloads\base434c.avc
2008-12-06 04:19 51632 --a------ c:\downloads\base191c.avc
2008-12-06 04:19 51626 --a------ c:\downloads\base453c.avc
2008-12-06 04:19 51517 --a------ c:\downloads\base181c.avc
2008-12-06 04:19 51513 --a------ c:\downloads\base222c.avc
2008-12-06 04:19 51476 --a------ c:\downloads\unp041.avc
2008-12-06 04:19 51448 --a------ c:\downloads\base002c.avc
2008-12-06 04:19 51439 --a------ c:\downloads\base356c.avc
2008-12-06 04:19 51437 --a------ c:\downloads\base233c.avc
2008-12-06 04:19 51377 --a------ c:\downloads\base226c.avc
2008-12-06 04:19 51376 --a------ c:\downloads\base186c.avc
2008-12-06 04:19 51367 --a------ c:\downloads\base374c.avc
2008-12-06 04:19 51364 --a------ c:\downloads\base220c.avc
2008-12-06 04:19 51355 --a------ c:\downloads\base223c.avc
2008-12-06 04:19 51346 --a------ c:\downloads\ext062c.avc
2008-12-06 04:19 51312 --a------ c:\downloads\base329c.avc
2008-12-06 04:19 51302 --a------ c:\downloads\base168c.avc
2008-12-06 04:19 51289 --a------ c:\downloads\base179c.avc
2008-12-06 04:19 51276 --a------ c:\downloads\base196c.avc
2008-12-06 04:19 51170 --a------ c:\downloads\base243c.avc
2008-12-06 04:19 51159 --a------ c:\downloads\ext053c.avc
2008-12-06 04:19 51141 --a------ c:\downloads\base470c.avc
2008-12-06 04:19 51111 --a------ c:\downloads\base208c.avc
2008-12-06 04:19 51107 --a------ c:\downloads\base205c.avc
2008-12-06 04:19 51105 --a------ c:\downloads\base212c.avc
2008-12-06 04:19 51088 --a------ c:\downloads\base178c.avc
2008-12-06 04:19 51060 --a------ c:\downloads\base221c.avc
2008-12-06 04:19 51022 --a------ c:\downloads\base247c.avc
2008-12-06 04:19 50984 --a------ c:\downloads\base202c.avc
2008-12-06 04:19 50967 --a------ c:\downloads\base234c.avc
2008-12-06 04:19 50956 --a------ c:\downloads\base382c.avc
2008-12-06 04:19 50954 --a------ c:\downloads\base432c.avc
2008-12-06 04:19 50943 --a------ c:\downloads\ext052c.avc
2008-12-06 04:19 50913 --a------ c:\downloads\base204c.avc
2008-12-06 04:19 50894 --a------ c:\downloads\base428c.avc
2008-12-06 04:19 50893 --a------ c:\downloads\base415c.avc
2008-12-06 04:19 50888 --a------ c:\downloads\base462c.avc
2008-12-06 04:19 50829 --a------ c:\downloads\base305c.avc
2008-12-06 04:19 50825 --a------ c:\downloads\base238c.avc
2008-12-06 04:19 50807 --a------ c:\downloads\base198c.avc
2008-12-06 04:19 50776 --a------ c:\downloads\base219c.avc
2008-12-06 04:19 50775 --a------ c:\downloads\base225c.avc
2008-12-06 04:19 50769 --a------ c:\downloads\base001c.avc
2008-12-06 04:19 50765 --a------ c:\downloads\base167c.avc
2008-12-06 04:19 50751 --a------ c:\downloads\base298c.avc
2008-12-06 04:19 50706 --a------ c:\downloads\base427c.avc
2008-12-06 04:19 50670 --a------ c:\downloads\base209c.avc
2008-12-06 04:19 50661 --a------ c:\downloads\base438c.avc
2008-12-06 04:19 50657 --a------ c:\downloads\base005c.avc
2008-12-06 04:19 50598 --a------ c:\downloads\unp027.avc
2008-12-06 04:19 50592 --a------ c:\downloads\ext061c.avc
2008-12-06 04:19 50591 --a------ c:\downloads\ext056c.avc
2008-12-06 04:19 50531 --a------ c:\downloads\base290c.avc
2008-12-06 04:19 50525 --a------ c:\downloads\base302c.avc
2008-12-06 04:19 50504 --a------ c:\downloads\base240c.avc
2008-12-06 04:19 50478 --a------ c:\downloads\base306c.avc
2008-12-06 04:19 50441 --a------ c:\downloads\base280c.avc
2008-12-06 04:19 50405 --a------ c:\downloads\base300c.avc
2008-12-06 04:19 50393 --a------ c:\downloads\base229c.avc
2008-12-06 04:19 50388 --a------ c:\downloads\base210c.avc
2008-12-06 04:19 50335 --a------ c:\downloads\base007c.avc
2008-12-06 04:19 50316 --a------ c:\downloads\base289c.avc
2008-12-06 04:19 50308 --a------ c:\downloads\base227c.avc
2008-12-06 04:19 50304 --a------ c:\downloads\base189c.avc
2008-12-06 04:19 50286 --a------ c:\downloads\base006c.avc
2008-12-06 04:19 50284 --a------ c:\downloads\base171c.avc
2008-12-06 04:19 50239 --a------ c:\downloads\base261c.avc
2008-12-06 04:19 5023 --a------ c:\downloads\krndos.avc
2008-12-06 04:19 50200 --a------ c:\downloads\base217c.avc
2008-12-06 04:19 50166 --a------ c:\downloads\base004c.avc
2008-12-06 04:19 50163 --a------ c:\downloads\base175c.avc
2008-12-06 04:19 50152 --a------ c:\downloads\base180c.avc
2008-12-06 04:19 50136 --a------ c:\downloads\base262c.avc
2008-12-06 04:19 50098 --a------ c:\downloads\base008c.avc
2008-12-06 04:19 50030 --a------ c:\downloads\base461c.avc
2008-12-06 04:19 50029 --a------ c:\downloads\base385c.avc
2008-12-06 04:19 50028 --a------ c:\downloads\base215c.avc
2008-12-06 04:19 50006 --a------ c:\downloads\base188c.avc
2008-12-06 04:19 49971 --a------ c:\downloads\base199c.avc
2008-12-06 04:19 49908 --a------ c:\downloads\base206c.avc
2008-12-06 04:19 49865 --a------ c:\downloads\base265c.avc
2008-12-06 04:19 49860 --a------ c:\downloads\base003c.avc
2008-12-06 04:19 49851 --a------ c:\downloads\base195c.avc
2008-12-06 04:19 49840 --a------ c:\downloads\base176c.avc
2008-12-06 04:19 49835 --a------ c:\downloads\base281c.avc
2008-12-06 04:19 4978 --a------ c:\downloads\base032.avc
2008-12-06 04:19 49764 --a------ c:\downloads\base270c.avc
2008-12-06 04:19 49763 --a------ c:\downloads\base177c.avc
2008-12-06 04:19 49752 --a------ c:\downloads\unp037.avc
2008-12-06 04:19 49735 --a------ c:\downloads\base246c.avc
2008-12-06 04:19 49724 --a------ c:\downloads\base224c.avc
2008-12-06 04:19 49723 --a------ c:\downloads\base235c.avc
2008-12-06 04:19 49723 --a------ c:\downloads\base170c.avc
2008-12-06 04:19 49717 --a------ c:\downloads\base259c.avc
2008-12-06 04:19 49715 --a------ c:\downloads\base297c.avc
2008-12-06 04:19 49688 --a------ c:\downloads\base213c.avc
2008-12-06 04:19 49678 --a------ c:\downloads\base275c.avc
2008-12-06 04:19 49635 --a------ c:\downloads\base267c.avc
2008-12-06 04:19 49620 --a------ c:\downloads\base245c.avc
2008-12-06 04:19 49598 --a------ c:\downloads\ext007.avc
2008-12-06 04:19 49577 --a------ c:\downloads\base201c.avc
2008-12-06 04:19 49569 --a------ c:\downloads\base232c.avc
2008-12-06 04:19 49555 --a------ c:\downloads\ext063c.avc
2008-12-06 04:19 49543 --a------ c:\downloads\base295c.avc
2008-12-06 04:19 49503 --a------ c:\downloads\base276c.avc
2008-12-06 04:19 49480 --a------ c:\downloads\base303c.avc
2008-12-06 04:19 49468 --a------ c:\downloads\base263c.avc
2008-12-06 04:19 49453 --a------ c:\downloads\base271c.avc
2008-12-06 04:19 49424 --a------ c:\downloads\base250c.avc
2008-12-06 04:19 49413 --a------ c:\downloads\base304c.avc
2008-12-06 04:19 49401 --a------ c:\downloads\base207c.avc
2008-12-06 04:19 49400 --a------ c:\downloads\base268c.avc
2008-12-06 04:19 49381 --a------ c:\downloads\base214c.avc
2008-12-06 04:19 49363 --a------ c:\downloads\base287c.avc
2008-12-06 04:19 49355 --a------ c:\downloads\base192c.avc
2008-12-06 04:19 49331 --a------ c:\downloads\base249c.avc
2008-12-06 04:19 49291 --a------ c:\downloads\base460c.avc
2008-12-06 04:19 49280 --a------ c:\downloads\base301c.avc
2008-12-06 04:19 49270 --a------ c:\downloads\base296c.avc
2008-12-06 04:19 49252 --a------ c:\downloads\base285c.avc
2008-12-06 04:19 49248 --a------ c:\downloads\base294c.avc
2008-12-06 04:19 49214 --a------ c:\downloads\base273c.avc
2008-12-06 04:19 49204 --a------ c:\downloads\base266c.avc
2008-12-06 04:19 49199 --a------ c:\downloads\base431c.avc
2008-12-06 04:19 49199 --a------ c:\downloads\base187c.avc
2008-12-06 04:19 49129 --a------ c:\downloads\base269c.avc
2008-12-06 04:19 49124 --a------ c:\downloads\base288c.avc
2008-12-06 04:19 49121 --a------ c:\downloads\krnun003.avc
2008-12-06 04:19 49073 --a------ c:\downloads\base299c.avc
2008-12-06 04:19 49018 --a------ c:\downloads\base237c.avc
2008-12-06 04:19 49004 --a------ c:\downloads\base291c.avc
2008-12-06 04:19 48938 --a------ c:\downloads\base183c.avc
2008-12-06 04:19 48919 --a------ c:\downloads\ext059c.avc
2008-12-06 04:19 48890 --a------ c:\downloads\base274c.avc
2008-12-06 04:19 48885 --a------ c:\downloads\base430c.avc
2008-12-06 04:19 48854 --a------ c:\downloads\base331c.avc
2008-12-06 04:19 48787 --a------ c:\downloads\base258c.avc
2008-12-06 04:19 48732 --a------ c:\downloads\unp009.avc
2008-12-06 04:19 48732 --a------ c:\downloads\base272c.avc
2008-12-06 04:19 48693 --a------ c:\downloads\base242c.avc
2008-12-06 04:19 48691 --a------ c:\downloads\base255c.avc
2008-12-06 04:19 48690 --a------ c:\downloads\base260c.avc
2008-12-06 04:19 48662 --a------ c:\downloads\base230c.avc
2008-12-06 04:19 48586 --a------ c:\downloads\base284c.avc
2008-12-06 04:19 48555 --a------ c:\downloads\base182c.avc
2008-12-06 04:19 4849 --a------ c:\downloads\base999.avc
2008-12-06 04:19 48468 --a------ c:\downloads\base193c.avc
2008-12-06 04:19 48449 --a------ c:\downloads\ext065c.avc
2008-12-06 04:19 48407 --a------ c:\downloads\base248c.avc
2008-12-06 04:19 48389 --a------ c:\downloads\base464c.avc
2008-12-06 04:19 48377 --a------ c:\downloads\base252c.avc
2008-12-06 04:19 48373 --a------ c:\downloads\base286c.avc
2008-12-06 04:19 48362 --a------ c:\downloads\base308c.avc
2008-12-06 04:19 48328 --a------ c:\downloads\unp001.avc
2008-12-06 04:19 48297 --a------ c:\downloads\base283c.avc
2008-12-06 04:19 48247 --a------ c:\downloads\base200c.avc
2008-12-06 04:19 48242 --a------ c:\downloads\base443c.avc
2008-12-06 04:19 48231 --a------ c:\downloads\base426c.avc
2008-12-06 04:19 48184 --a------ c:\downloads\ext031c.avc
2008-12-06 04:19 48162 --a------ c:\downloads\base231c.avc
2008-12-06 04:19 48120 --a------ c:\downloads\base236c.avc
2008-12-06 04:19 48027 --a------ c:\downloads\base239c.avc
2008-12-06 04:19 48013 --a------ c:\downloads\base253c.avc
2008-12-06 04:19 47992 --a------ c:\downloads\base194c.avc
2008-12-06 04:19 47959 --a------ c:\downloads\ext039c.avc
2008-12-06 04:19 4794 --a------ c:\downloads\base001.avc
2008-12-06 04:19 47821 --a------ c:\downloads\base254c.avc
2008-12-06 04:19 47745 --a------ c:\downloads\base256c.avc
2008-12-06 04:19 47650 --a------ c:\downloads\base185c.avc
2008-12-06 04:19 47515 --a------ c:\downloads\base244c.avc
2008-12-06 04:19 47501 --a------ c:\downloads\ext064c.avc
2008-12-06 04:19 47461 --a------ c:\downloads\base371c.avc
2008-12-06 04:19 47433 --a------ c:\downloads\base241c.avc
2008-12-06 04:19 47425 --a------ c:\downloads\base402c.avc
2008-12-06 04:19 47424 --a------ c:\downloads\base228c.avc
2008-12-06 04:19 47363 --a------ c:\downloads\base307c.avc
2008-12-06 04:19 47141 --a------ c:\downloads\base264c.avc
2008-12-06 04:19 46823 --a------ c:\downloads\krnjava.avc
2008-12-06 04:19 46706 --a------ c:\downloads\base338c.avc
2008-12-06 04:19 46516 --a------ c:\downloads\unp038.avc
2008-12-06 04:19 46454 --a------ c:\downloads\base251c.avc
2008-12-06 04:19 46389 --a------ c:\downloads\ext022c.avc
2008-12-06 04:19 46213 --a------ c:\downloads\ext040c.avc
2008-12-06 04:19 4621 --a------ c:\downloads\base004.avc
2008-12-06 04:19 46138 --a------ c:\downloads\base292c.avc
2008-12-06 04:19 46091 --a------ c:\downloads\base184c.avc
2008-12-06 04:19 46060 --a------ c:\downloads\dailyc.avc
2008-12-06 04:19 46037 --a------ c:\downloads\base169c.avc
2008-12-06 04:19 46013 --a------ c:\downloads\ext041c.avc
2008-12-06 04:19 45908 --a------ c:\downloads\ext050c.avc
2008-12-06 04:19 45895 --a------ c:\downloads\base463c.avc
2008-12-06 04:19 45657 --a------ c:\downloads\base293c.avc
2008-12-06 04:19 45123 --a------ c:\downloads\base030.avc
2008-12-06 04:19 45003 --a------ c:\downloads\ext032c.avc
2008-12-06 04:19 44786 --a------ c:\downloads\base257c.avc
2008-12-06 04:19 44566 --a------ c:\downloads\ext058c.avc
2008-12-06 04:19 44546 --a------ c:\downloads\unp033.avc
2008-12-06 04:19 44514 --a------ c:\downloads\unp039.avc
2008-12-06 04:19 44469 --a------ c:\downloads\ext007c.avc
2008-12-06 04:19 44345 --a------ c:\downloads\krnun002.avc
2008-12-06 04:19 44220 --a------ c:\downloads\base337c.avc
2008-12-06 04:19 4415 --a------ c:\downloads\base137.avc
2008-12-06 04:19 4413 --a------ c:\downloads\base005.avc
2008-12-06 04:19 43515 --a------ c:\downloads\krnengn.avc
2008-12-06 04:19 43215 --a------ c:\downloads\ext038c.avc
2008-12-06 04:19 43122 --a------ c:\downloads\ext026c.avc
2008-12-06 04:19 42873 --a------ c:\downloads\krnun001.avc
2008-12-06 04:19 42780 --a------ c:\downloads\ext012c.avc
2008-12-06 04:19 4278 --a------ c:\downloads\base143.avc
2008-12-06 04:19 42475 --a------ c:\downloads\ext033c.avc
2008-12-06 04:19 42405 --a------ c:\downloads\base442c.avc
2008-12-06 04:19 42228 --a------ c:\downloads\ext027c.avc
2008-12-06 04:19 41710 --a------ c:\downloads\krn004.avc
2008-12-06 04:19 41684 --a------ c:\downloads\ca003.avc
2008-12-06 04:19 41595 --a------ c:\downloads\ext048c.avc
2008-12-06 04:19 41473 --a------ c:\downloads\ext057c.avc
2008-12-06 04:19 41425 --a------ c:\downloads\ext035c.avc
2008-12-06 04:19 4113 --a------ c:\downloads\base100.avc
2008-12-06 04:19 40986 --a------ c:\downloads\unp036.avc
2008-12-06 04:19 40769 --a------ c:\downloads\ext034c.avc
2008-12-06 04:19 40304 --a------ c:\downloads\ext023c.avc
2008-12-06 04:19 40126 --a------ c:\downloads\unp026.avc
2008-12-06 04:19 39988 --a------ c:\downloads\ext036c.avc
2008-12-06 04:19 39733 --a------ c:\downloads\ext030c.avc
2008-12-06 04:19 38586 --a------ c:\downloads\ext010c.avc
2008-12-06 04:19 38554 --a------ c:\downloads\ca002.avc
2008-12-06 04:19 38483 --a------ c:\downloads\krn002.avc
2008-12-06 04:19 38362 --a------ c:\downloads\ext011c.avc
2008-12-06 04:19 38340 --a------ c:\downloads\unp012.avc
2008-12-06 04:19 38198 --a------ c:\downloads\ext028c.avc
2008-12-06 04:19 37992 --a------ c:\downloads\ext044c.avc
2008-12-06 04:19 37830 --a------ c:\downloads\unp020.avc
2008-12-06 04:19 37739 --a------ c:\downloads\ext045c.avc
2008-12-06 04:19 3757 --a------ c:\downloads\base104.avc
2008-12-06 04:19 37268 --a------ c:\downloads\unp022.avc
2008-12-06 04:19 372 --a------ c:\downloads\krn003.avc
2008-12-06 04:19 37120 --a------ c:\downloads\ext037c.avc
2008-12-06 04:19 37041 --a------ c:\downloads\ext042c.avc
2008-12-06 04:19 36871 --a------ c:\downloads\gen002.avc
2008-12-06 04:19 36752 --a------ c:\downloads\ext049c.avc
2008-12-06 04:19 3633 --a------ c:\downloads\base141.avc
2008-12-06 04:19 35992 --a------ c:\downloads\ext029c.avc
2008-12-06 04:19 35946 --a------ c:\downloads\unp025.avc
2008-12-06 04:19 35691 --a------ c:\downloads\gen004.avc
2008-12-06 04:19 35657 --a------ c:\downloads\base025.avc
2008-12-06 04:19 35011 --a------ c:\downloads\ext015c.avc
2008-12-06 04:19 34814 --a------ c:\downloads\unp018.avc
2008-12-06 04:19 34777 --a------ c:\downloads\base031.avc
2008-12-06 04:19 3407 --a------ c:\downloads\base161.avc
2008-12-06 04:19 33953 --a------ c:\downloads\unp030.avc
2008-12-06 04:19 3388 --a------ c:\downloads\base132.avc
2008-12-06 04:19 32425 --a------ c:\downloads\ext018c.avc
2008-12-06 04:19 3240 --a------ c:\downloads\base127.avc
2008-12-06 04:19 32334 --a------ c:\downloads\ext046c.avc
2008-12-06 04:19 32251 --a------ c:\downloads\base028.avc
2008-12-06 04:19 32229 --a------ c:\downloads\ext014c.avc
2008-12-06 04:19 32209 --a------ c:\downloads\unp028.avc
2008-12-06 04:19 32195 --a------ c:\downloads\krnexe.avc
2008-12-06 04:19 32093 --a------ c:\downloads\base029.avc
2008-12-06 04:19 32034 --a------ c:\downloads\ext013c.avc
2008-12-06 04:19 31606 --a------ c:\downloads\gen003.avc
2008-12-06 04:19 31320 --a------ c:\downloads\ext025c.avc
2008-12-06 04:19 31218 --a------ c:\downloads\unp032.avc
2008-12-06 04:19 31085 --a------ c:\downloads\base027.avc
2008-12-06 04:19 30861 --a------ c:\downloads\ext016c.avc
2008-12-06 04:19 3075 --a------ c:\downloads\base109.avc
2008-12-06 04:19 30700 --a------ c:\downloads\ext017c.avc
2008-12-06 04:19 30137 --a------ c:\downloads\gen999.avc
2008-12-06 04:19 29739 --a------ c:\downloads\ext043c.avc
2008-12-06 04:19 29021 --a------ c:\downloads\ext020c.avc
2008-12-06 04:19 2853 --a------ c:\downloads\base089.avc
2008-12-06 04:19 28284 --a------ c:\downloads\ext021c.avc
2008-12-06 04:19 28187 --a------ c:\downloads\gen001.avc
2008-12-06 04:19 27882 --a------ c:\downloads\unp000.avc
2008-12-06 04:19 27878 --a------ c:\downloads\ext047c.avc
2008-12-06 04:19 2785 --a------ c:\downloads\base142.avc
2008-12-06 04:19 27795 --a------ c:\downloads\unp031.avc
2008-12-06 04:19 2762 --a------ c:\downloads\base042.avc
2008-12-06 04:19 27580 --a------ c:\downloads\base162.avc
2008-12-06 04:19 27545 --a------ c:\downloads\ext024c.avc
2008-12-06 04:19 27478 --a------ c:\downloads\ext019c.avc
2008-12-06 04:19 2687 --a------ c:\downloads\base135.avc
2008-12-06 04:19 26634 --a------ c:\downloads\base277c.avc
2008-12-06 04:19 262 --a------ c:\downloads\ext008.avc
2008-12-06 04:19 262 --a------ c:\downloads\ext006.avc
2008-12-06 04:19 262 --a------ c:\downloads\ext005.avc
2008-12-06 04:19 262 --a------ c:\downloads\ext004.avc
2008-12-06 04:19 262 --a------ c:\downloads\ext003.avc
2008-12-06 04:19 262 --a------ c:\downloads\daily-ex.avc
2008-12-06 04:19 262 --a------ c:\downloads\base126.avc
2008-12-06 04:19 262 --a------ c:\downloads\base120.avc
2008-12-06 04:19 262 --a------ c:\downloads\base118.avc
2008-12-06 04:19 262 --a------ c:\downloads\base117.avc
2008-12-06 04:19 262 --a------ c:\downloads\base112.avc
2008-12-06 04:19 262 --a------ c:\downloads\base108.avc
2008-12-06 04:19 262 --a------ c:\downloads\base106.avc
2008-12-06 04:19 262 --a------ c:\downloads\base103.avc
2008-12-06 04:19 262 --a------ c:\downloads\base102.avc
2008-12-06 04:19 262 --a------ c:\downloads\base098.avc
2008-12-06 04:19 262 --a------ c:\downloads\base096.avc
2008-12-06 04:19 262 --a------ c:\downloads\base094.avc
2008-12-06 04:19 262 --a------ c:\downloads\base093.avc
2008-12-06 04:19 262 --a------ c:\downloads\base084.avc
2008-12-06 04:19 262 --a------ c:\downloads\base083.avc
2008-12-06 04:19 262 --a------ c:\downloads\base077.avc
2008-12-06 04:19 262 --a------ c:\downloads\base076.avc
2008-12-06 04:19 262 --a------ c:\downloads\base075.avc
2008-12-06 04:19 262 --a------ c:\downloads\base074.avc
2008-12-06 04:19 262 --a------ c:\downloads\base071.avc
2008-12-06 04:19 262 --a------ c:\downloads\base067.avc
2008-12-06 04:19 262 --a------ c:\downloads\base066.avc
2008-12-06 04:19 262 --a------ c:\downloads\base065.avc
2008-12-06 04:19 262 --a------ c:\downloads\base062.avc
2008-12-06 04:19 262 --a------ c:\downloads\base061.avc
2008-12-06 04:19 262 --a------ c:\downloads\base054.avc
2008-12-06 04:19 262 --a------ c:\downloads\base041.avc
2008-12-06 04:19 262 --a------ c:\downloads\base035.avc
2008-12-06 04:19 2570 --a------ c:\downloads\base152.avc
2008-12-06 04:19 2545 --a------ c:\downloads\base073.avc
2008-12-06 04:19 2452 --a------ c:\downloads\base049.avc
2008-12-06 04:19 24392 --a------ c:\downloads\unp021.avc
2008-12-06 04:19 24163 --a------ c:\downloads\unp004.avc
2008-12-06 04:19 2402 --a------ c:\downloads\base157.avc
2008-12-06 04:19 2373 --a------ c:\downloads\base140.avc
2008-12-06 04:19 2359 --a------ c:\downloads\base056.avc
2008-12-06 04:19 2331 --a------ c:\downloads\base044.avc
2008-12-06 04:19 2211 --a------ c:\downloads\base146.avc
2008-12-06 04:19 22031 --a------ c:\downloads\base026.avc
2008-12-06 04:19 21811 --a------ c:\downloads\base079.avc
2008-12-06 04:19 21568 --a------ c:\downloads\avcmhk5.mhk
2008-12-06 04:19 2148 --a------ c:\downloads\base160.avc
2008-12-06 04:19 2136 --a------ c:\downloads\base107.avc
2008-12-06 04:19 2126 --a------ c:\downloads\base159.avc
2008-12-06 04:19 2119 --a------ c:\downloads\base134.avc
2008-12-06 04:19 2111 --a------ c:\downloads\base040.avc
2008-12-06 04:19 2110 --a------ c:\downloads\base078.avc
2008-12-06 04:19 21009 --a------ c:\downloads\daily.avc
2008-12-06 04:19 2086 --a------ c:\downloads\base059.avc
2008-12-06 04:19 2077 --a------ c:\downloads\base091.avc
2008-12-06 04:19 20713 --a------ c:\downloads\base022.avc
2008-12-06 04:19 2071 --a------ c:\downloads\base051.avc
2008-12-06 04:19 2054 --a------ c:\downloads\base045.avc
2008-12-06 04:19 2016 --a------ c:\downloads\base036.avc
2008-12-06 04:19 1962 --a------ c:\downloads\base090.avc
2008-12-06 04:19 19539 --a------ c:\downloads\base021.avc
2008-12-06 04:19 18763 --a------ c:\downloads\base165.avc
2008-12-06 04:19 1854 --a------ c:\downloads\base092.avc
2008-12-06 04:19 1817 --a------ c:\downloads\base139.avc
2008-12-06 04:19 18121 --a------ c:\downloads\base024.avc
2008-12-06 04:19 1807 --a------ c:\downloads\base053.avc
2008-12-06 04:19 18038 --a------ c:\downloads\base009.avc
2008-12-06 04:19 18033 --a------ c:\downloads\ca001.avc
2008-12-06 04:19 17960 --a------ c:\downloads\base038.avc
2008-12-06 04:19 1764 --a------ c:\downloads\eicar.avc
2008-12-06 04:19 17551 --a------ c:\downloads\base014.avc
2008-12-06 04:19 1730 --a------ c:\downloads\base060.avc
2008-12-06 04:19 1728 --a------ c:\downloads\chuka.avc
2008-12-06 04:19 1728 --a------ c:\downloads\base111.avc
2008-12-06 04:19 17262 --a------ c:\downloads\base472c.avc
2008-12-06 04:19 1699 --a------ c:\downloads\ext001.avc
2008-12-06 04:19 1659 --a------ c:\downloads\base082.avc
2008-12-06 04:19 1641 --a------ c:\downloads\base043.avc
2008-12-06 04:19 16398 --a------ c:\downloads\base012.avc
2008-12-06 04:19 16291 --a------ c:\downloads\base002.avc
2008-12-06 04:19 16133 --a------ c:\downloads\base020.avc
2008-12-06 04:19 16104 --a------ c:\downloads\unp024.avc
2008-12-06 04:19 16014 --a------ c:\downloads\base017.avc
2008-12-06 04:19 160115 --a------ c:\downloads\base082c.avc
2008-12-06 04:19 158218 --a------ c:\downloads\krnmacro.avc
2008-12-06 04:19 1567 --a------ c:\downloads\base057.avc
2008-12-06 04:19 15566 --a------ c:\downloads\base016.avc
2008-12-06 04:19 1538 --a------ c:\downloads\base154.avc
2008-12-06 04:19 15312 --a------ c:\downloads\base019.avc
2008-12-06 04:19 15266 --a------ c:\downloads\unp029.avc
2008-12-06 04:19 15228 --a------ c:\downloads\base003.avc
2008-12-06 04:19 15097 --a------ c:\downloads\ext999.avc
2008-12-06 04:19 14921 --a------ c:\downloads\base163.avc
2008-12-06 04:19 14902 --a------ c:\downloads\avp.vnd
2008-12-06 04:19 1483 --a------ c:\downloads\base063.avc
2008-12-06 04:19 1482 --a------ c:\downloads\base124.avc
2008-12-06 04:19 147958 --a------ c:\downloads\base085c.avc
2008-12-06 04:19 14781 --a------ c:\downloads\base011.avc
2008-12-06 04:19 14757 --a------ c:\downloads\ext066c.avc
2008-12-06 04:19 14449 --a------ c:\downloads\mail.avc
2008-12-06 04:19 1432 --a------ c:\downloads\base149.avc
2008-12-06 04:19 1417 --a------ c:\downloads\base097.avc
2008-12-06 04:19 14152 --a------ c:\downloads\kernel.avc
2008-12-06 04:19 13802 --a------ c:\downloads\base015.avc
2008-12-06 04:19 1343 --a------ c:\downloads\base039.avc
2008-12-06 04:19 1338 --a------ c:\downloads\base133.avc
2008-12-06 04:19 13279 --a------ c:\downloads\base010.avc
2008-12-06 04:19 13195 --a------ c:\downloads\base013.avc
2008-12-06 04:19 131835 --a------ c:\downloads\base279c.avc
2008-12-06 04:19 1310 --a------ c:\downloads\base087.avc
2008-12-06 04:19 1289 --a------ c:\downloads\base145.avc
2008-12-06 04:19 1276 --a------ c:\downloads\base130.avc
2008-12-06 04:19 1275 --a------ c:\downloads\base105.avc
2008-12-06 04:19 1268 --a------ c:\downloads\base050.avc
2008-12-06 04:19 12642 --a------ c:\downloads\base101.avc
2008-12-06 04:19 12518 --a------ c:\downloads\base144.avc
2008-12-06 04:19 1233 --a------ c:\downloads\base058.avc
2008-12-06 04:19 1223 --a------ c:\downloads\base136.avc
2008-12-06 04:19 1220 --a------ c:\downloads\base034.avc
2008-12-06 04:19 12178 --a------ c:\downloads\base023.avc
2008-12-06 04:19 12023 --a------ c:\downloads\engine.dt
2008-12-06 04:19 12023 --a------ c:\downloads\engine.cfg
2008-12-06 04:19 118990 --a------ c:\downloads\base278c.avc
2008-12-06 04:19 1185 --a------ c:\downloads\base068.avc
2008-12-06 04:19 1183 --a------ c:\downloads\base123.avc
2008-12-06 04:19 1166 --a------ c:\downloads\base085.avc
2008-12-06 04:19 1165 --a------ c:\downloads\base138.avc
2008-12-06 04:19 1164 --a------ c:\downloads\base147.avc
2008-12-06 04:19 1157 --a------ c:\downloads\base048.avc
2008-12-06 04:19 11542 --a------ c:\downloads\ocr.avc
2008-12-06 04:19 114662 --a------ c:\downloads\krn005.avc
2008-12-06 04:19 1145 --a------ c:\downloads\base155.avc
2008-12-06 04:19 113961 --a------ c:\downloads\base164.avc
2008-12-06 04:19 11301 --a------ c:\downloads\base018.avc
2008-12-06 04:19 1123 --a------ c:\downloads\base131.avc
2008-12-06 04:19 11220 --a------ c:\downloads\krnun004.avc
2008-12-06 04:19 110858 --a------ c:\downloads\fa001.avc
2008-12-06 04:19 109893 --a------ c:\downloads\base072c.avc
2008-12-06 04:19 109878 --a------ c:\downloads\base067c.avc
2008-12-06 04:19 109640 --a------ c:\downloads\base066c.avc
2008-12-06 04:19 1095 --a------ c:\downloads\base081.avc
2008-12-06 04:19 1095 --a------ c:\downloads\base080.avc
2008-12-06 04:19 109248 --a------ c:\downloads\base069c.avc
2008-12-06 04:19 108930 --a------ c:\downloads\base074c.avc
2008-12-06 04:19 108815 --a------ c:\downloads\base078c.avc
2008-12-06 04:19 108600 --a------ c:\downloads\base075c.avc
2008-12-06 04:19 108080 --a------ c:\downloads\base068c.avc
2008-12-06 04:19 107977 --a------ c:\downloads\base071c.avc
2008-12-06 04:19 107860 --a------ c:\downloads\base096c.avc
2008-12-06 04:19 107747 --a------ c:\downloads\base070c.avc
2008-12-06 04:19 107703 --a------ c:\downloads\base080c.avc
2008-12-06 04:19 10769 --a------ c:\downloads\avp.set
2008-12-06 04:19 107544 --a------ c:\downloads\base081c.avc
2008-12-06 04:19 107368 --a------ c:\downloads\base108c.avc
2008-12-06 04:19 107354 --a------ c:\downloads\base076c.avc
2008-12-06 04:19 107113 --a------ c:\downloads\base112c.avc
2008-12-06 04:19 1070 --a------ c:\downloads\base064.avc
2008-12-06 04:19 1068 --a------ c:\downloads\base128.avc
2008-12-06 04:19 1068 --a------ c:\downloads\base099.avc
2008-12-06 04:19 106763 --a------ c:\downloads\base077c.avc
2008-12-06 04:19 106202 --a------ c:\downloads\base106c.avc
2008-12-06 04:19 105946 --a------ c:\downloads\base098c.avc
2008-12-06 04:19 105802 --a------ c:\downloads\base113c.avc
2008-12-06 04:19 105702 --a------ c:\downloads\base116c.avc
2008-12-06 04:19 105242 --a------ c:\downloads\base065c.avc
2008-12-06 04:19 105184 --a------ c:\downloads\base126c.avc
2008-12-06 04:19 105175 --a------ c:\downloads\base114c.avc
2008-12-06 04:19 105045 --a------ c:\downloads\base034c.avc
2008-12-06 04:19 105003 --a------ c:\downloads\base061c.avc
2008-12-06 04:19 104990 --a------ c:\downloads\base159c.avc
2008-12-06 04:19 104593 --a------ c:\downloads\base161c.avc
2008-12-06 04:19 104471 --a------ c:\downloads\base073c.avc
2008-12-06 04:19 104451 --a------ c:\downloads\base051c.avc
2008-12-06 04:19 104325 --a------ c:\downloads\base047c.avc
2008-12-06 04:19 104322 --a------ c:\downloads\base054c.avc
2008-12-06 04:19 104228 --a------ c:\downloads\base053c.avc
2008-12-06 04:19 104217 --a------ c:\downloads\base052c.avc
2008-12-06 04:19 104084 --a------ c:\downloads\base117c.avc
2008-12-06 04:19 103938 --a------ c:\downloads\base062c.avc
2008-12-06 04:19 103891 --a------ c:\downloads\base064c.avc
2008-12-06 04:19 103878 --a------ c:\downloads\base120c.avc
2008-12-06 04:19 103775 --a------ c:\downloads\base124c.avc
2008-12-06 04:19 103698 --a------ c:\downloads\base118c.avc
2008-12-06 04:19 103571 --a------ c:\downloads\base125c.avc
2008-12-06 04:19 103463 --a------ c:\downloads\ext005c.avc
2008-12-06 04:19 103104 --a------ c:\downloads\base121c.avc
2008-12-06 04:19 103097 --a------ c:\downloads\base041c.avc
2008-12-06 04:19 103060 --a------ c:\downloads\base129c.avc
2008-12-06 04:19 103053 --a------ c:\downloads\base119c.avc
2008-12-06 04:19 103044 --a------ c:\downloads\base063c.avc
2008-12-06 04:19 102951 --a------ c:\downloads\base160c.avc
2008-12-06 04:19 102891 --a------ c:\downloads\base094c.avc
2008-12-06 04:19 102804 --a------ c:\downloads\base050c.avc
2008-12-06 04:19 102720 --a------ c:\downloads\base154c.avc
2008-12-06 04:19 102669 --a------ c:\downloads\base097c.avc
2008-12-06 04:19 102659 --a------ c:\downloads\base057c.avc
2008-12-06 04:19 102643 --a------ c:\downloads\base049c.avc
2008-12-06 04:19 102419 --a------ c:\downloads\base127c.avc
2008-12-06 04:19 102375 --a------ c:\downloads\base056c.avc
2008-12-06 04:19 102250 --a------ c:\downloads\base045c.avc
2008-12-06 04:19 102150 --a------ c:\downloads\ext006c.avc
2008-12-06 04:19 102131 --a------ c:\downloads\base111c.avc
2008-12-06 04:19 102116 --a------ c:\downloads\base055c.avc
2008-12-06 04:19 10205 --a------ c:\downloads\base008.avc
2008-12-06 04:19 101975 --a------ c:\downloads\base093c.avc
2008-12-06 04:19 101960 --a------ c:\downloads\base046c.avc
2008-12-06 04:19 101946 --a------ c:\downloads\base083c.avc
2008-12-06 04:19 101894 --a------ c:\downloads\base043c.avc
2008-12-06 04:19 101757 --a------ c:\downloads\base123c.avc
2008-12-06 04:19 101681 --a------ c:\downloads\base155c.avc
2008-12-06 04:19 101676 --a------ c:\downloads\base153c.avc
2008-12-06 04:19 101670 --a------ c:\downloads\base044c.avc
2008-12-06 04:19 101573 --a------ c:\downloads\base109c.avc
2008-12-06 04:19 101507 --a------ c:\downloads\base060c.avc
2008-12-06 04:19 101488 --a------ c:\downloads\base039c.avc
2008-12-06 04:19 101478 --a------ c:\downloads\base040c.avc
2008-12-06 04:19 101264 --a------ c:\downloads\base035c.avc
2008-12-06 04:19 101198 --a------ c:\downloads\base128c.avc
2008-12-06 04:19 101090 --a------ c:\downloads\ext003c.avc
2008-12-06 04:19 101063 --a------ c:\downloads\base058c.avc
2008-12-06 04:19 100997 --a------ c:\downloads\base122c.avc
2008-12-06 04:19 100966 --a------ c:\downloads\base089c.avc
2008-12-06 04:19 100799 --a------ c:\downloads\base095c.avc
2008-12-06 04:19 100777 --a------ c:\downloads\ext004c.avc
2008-12-06 04:19 100760 --a------ c:\downloads\base042c.avc
2008-12-06 04:19 100631 --a------ c:\downloads\base104c.avc
2008-12-06 04:19 100405 --a------ c:\downloads\base140c.avc
2008-12-06 04:19 100316 --a------ c:\downloads\ext001c.avc
2008-12-06 04:19 100251 --a------ c:\downloads\base150c.avc
2008-12-06 04:19 100211 --a------ c:\downloads\base090c.avc
2008-12-06 04:19 100161 --a------ c:\downloads\base133c.avc
((((((((((((((((((((((((((((( snapshot@2008-12-07_12.20.16,41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 11:54:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-07 11:54:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 11:19:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-07 11:55:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-07 11:55:24 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-07 11:19:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-07 14:07:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-07 14:07:04 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-07 06:42:22 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-07 12:00:21 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-07 06:42:22 123,556 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-12-07 12:00:21 123,556 ----a-w c:\windows\System32\perfc00C.dat
- 2008-12-07 06:42:22 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-07 12:00:21 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-07 06:42:22 669,578 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-12-07 12:00:21 669,578 ----a-w c:\windows\System32\perfh00C.dat
- 2008-12-07 06:38:28 12,814 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
+ 2008-12-07 11:55:47 12,990 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
- 2008-12-07 06:38:28 74,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 11:55:47 74,522 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-07 06:38:26 52,428 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 11:55:45 52,672 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-05 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'
2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 15:07:08
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(7520)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Heure de fin: 2008-12-07 15:08:50
ComboFix-quarantined-files.txt 2008-12-07 14:08:46
ComboFix2.txt 2008-12-07 12:29:54
ComboFix3.txt 2008-12-07 11:21:21
Avant-CF: 42 325 835 776 octets libres
Après-CF: 42,077,249,536 octets libres
1024 --- E O F --- 2008-12-06 20:26:25
Et celui de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:32, on 07/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\
Re,
Poste un nouveau rapport DDS.txt, et poste-moi le fichier attach.txt que je t'avais demandé de mettre de côté. Ensuite :
1) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
2) ~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html
- Clique sur Accept
- Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
- clique une nouvelle fois sur "Accept"
- Les bases de mises à jour vont s'installer, patiente un moment
- Clique sur Next.
- Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera. Et poste-moi le rapport que tu obtiens.
3) Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
- Lance l'installation du programme en exécutant le fichier téléchargé.
- Double-clique maintenant sur le raccourci de Toolbar-S&D.
- Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
- Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
- Poste le rapport généré. (C:\TB.txt)
Comment va le PC ? Toujours des problèmes ?
Re!
Bon alors voici tout d'abord le dernier rapport DDS:
DDS (Version 1.0) - NTFSx86
Run by laura at 17:00:34,71 on 07/12/2008
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1093 [GMT 1:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\laura\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
TB: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [????r]
uRun: [SuperCopier.exe] c:\program files\supercopier\SuperCopier.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [?????????] ??????????????e
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\SMSCirda.sys [2006-12-5 31232]
=============== Created Last 30 ================
2008-12-07 15:04 <DIR> --d----- C:\ComboFix
2008-12-07 12:42 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-07 12:42 <DIR> --d----- c:\program files\UsbFix
2008-12-07 12:15 161,792 a------- c:\windows\SWREG.exe
2008-12-07 12:15 98,816 a------- c:\windows\sed.exe
2008-12-07 00:28 250 a------- c:\windows\gmer.ini
2008-12-06 23:56 <DIR> --d----- C:\ToolBar SD
2008-12-06 21:54 <DIR> --d----- c:\programdata\Lavasoft
2008-12-06 21:04 1,505,792 a------- c:\windows\system32\tquery.dll
2008-12-06 21:03 860,160 a------- c:\windows\system32\WerFaultSecure.exe
2008-12-06 21:02 506,880 a------- c:\windows\system32\MSMPEG2ENC.DLL
2008-12-06 21:01 1,329,152 a------- c:\windows\system32\WMSPDMOE.DLL
2008-12-06 21:00 150 a------- c:\windows\system32\RacUREx.xml
2008-12-06 21:00 145,455 a------- c:\windows\system32\perfmon.msc
2008-12-06 21:00 599,552 a------- c:\windows\system32\vsp1cln.exe
2008-12-06 21:00 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-06 20:59 357,888 a------- c:\windows\system32\wbemcomn.dll
2008-12-06 20:59 129,536 a------- c:\windows\system32\sqmapi.dll
2008-12-06 20:59 704,512 a------- c:\windows\system32\SmiEngine.dll
2008-12-06 20:59 139,264 a------- c:\windows\system32\SmiInstaller.dll
2008-12-06 20:59 218,624 a------- c:\windows\system32\wdscore.dll
2008-12-06 20:59 130,560 a------- c:\windows\system32\PkgMgr.exe
2008-12-06 20:58 246,784 a------- c:\windows\system32\drvstore.dll
2008-12-06 20:58 305,152 a------- c:\windows\system32\msdelta.dll
2008-12-06 20:58 258,560 a------- c:\windows\system32\dpx.dll
2008-12-06 20:58 35,328 a------- c:\windows\system32\mspatcha.dll
2008-12-06 18:34 <DIR> --d----- c:\windows\system32\RS4
2008-12-06 17:58 <DIR> --d----- C:\VundoFix Backups
2008-12-06 15:45 <DIR> --d----- C:\PerfLogs
2008-12-06 14:52 <DIR> --d----- C:\7dbac67deba88655a43e5526a8d3
2008-12-06 04:11 <DIR> --d----- C:\Downloads
2008-12-06 04:11 <DIR> --d----- C:\Bases
2008-12-06 04:10 <DIR> --d----- C:\Kaspersky
2008-12-05 20:17 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-12-05 20:17 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-05 20:17 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-11-26 18:09 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 18:09 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-11-26 18:09 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-11-26 18:09 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-26 18:09 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-26 18:09 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-26 18:09 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-23 16:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-11-23 16:35 83,456 a------- c:\windows\system32\wudriver.dll
2008-11-23 16:35 162,064 a------- c:\windows\system32\wuwebv.dll
2008-11-23 16:35 31,232 a------- c:\windows\system32\wuapp.exe
2008-11-22 13:26 <DIR> --d----- c:\program files\MSECache
2008-11-16 13:15 179,712 a------- c:\users\laura\gif.exe
2008-11-11 21:13 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-11 21:13 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-11-11 21:13 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-11-11 21:10 1,470,822 a------- c:\windows\system32\PerfStringBackup.INI
==================== Find3M ====================
2008-12-07 13:00 669,578 a------- c:\windows\system32\perfh00C.dat
2008-12-07 13:00 123,556 a------- c:\windows\system32\perfc00C.dat
2008-12-06 22:54 174 a--sh--- c:\program files\desktop.ini
2008-12-06 22:52 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-06 22:52 86,016 a------- c:\windows\inf\infstor.dat
2008-12-06 22:52 86,016 a------- c:\windows\inf\infpub.dat
2008-12-06 22:44 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-06 21:23 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-12-06 21:23 82,432 a------- c:\windows\system32\axaltocm.dll
2008-11-05 08:26 79,360 a------- c:\users\laura\index.exe
2008-10-02 04:49 827,392 a------- c:\windows\system32\wininet.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-18 06:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 06:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 03:16 2,032,640 a------- c:\windows\system32\win32k.sys
2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-03 18:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-03-03 18:51 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-03-03 18:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 17:01:05,83 ===============
Ensuite, le fichier attach.txt que j'ai enregistré la dernière fois:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Version 1.0)
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 26/04/2007 04:16:29
System Uptime: 12/06/2008 22:47:29 (4251 hours ago)
Motherboard: Acer | | Grapevine
Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | U1 | 1600/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 71 GiB total, 40,356 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 1,709 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP763: 06/12/2008 21:08:52 - Service Pack 1 de Windows Vista
RP764: 06/12/2008 21:53:56 - Installed Ad-Aware
RP765: 06/12/2008 23:24:17 - Removed Ad-Aware
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer OrbiCam
Acer OrbiCam
Acer ScreenSaver
Acer Tour
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9 - Français
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Ajouter ou supprimer Adobe Creative Suite 3 Design Premium
Apple Software Update
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Intel(R) Graphics Media Accelerator Driver
K-Lite Codec Pack 2.46 Full
Launch Manager
LightScribe 1.4.124.1
Messenger Plus! Live
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
PDF Settings
PowerProducer
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roll
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Visio 2007 (KB947590)
SMSC Fast Infrared Driver
Spybot - Search & Destroy
SuperCopier
Synaptics Pointing Device Driver
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Windows Live Messenger
WinRAR archiver
==== Event Viewer Messages ===================
==== End Of File ===========================
Sinon, MalwareByte's Antimalware n'a rien trouvé
Ensuite voici le rapport Kapersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 07, 2008 09:20:51
Records in database: 1441946
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 143044
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:31:27
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Users\laura\csrss.exe.vir Infected: Trojan-Downloader.Win32.VB.jci 1
C:\Qoobox\Quarantine\C\Windows\System32\uXPi02\uXPi022328.exe.vir Infected: Trojan-Downloader.Win32.VB.jci 1
F:\Start.exe Infected: Trojan-Spy.Win32.VB.agg 1
The selected area was scanned.
Et enfin le dernier rapport TB.txt:
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2060 @ 1.60GHz )
BIOS : Ver 1.00PARTTBLP
USER : laura ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:71 Go (Free:38 Go)
D:\ (Local Disk) - NTFS - Total:70 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:3816 Mo (Free:2 Go)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 08/12/2008| 1:36 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.fr.acer.yahoo.com"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 06/12/2008|23:57 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 08/12/2008| 1:37 - Option : [1]
-----------\\ Fin du rapport a 1:37:08,15
Voila...j'espère n'avoir rien oublié! Sinon, là, d'après ce que j'ai pu lire dans kapersky, j'ai l'impression que les virus sont toujours là...Mon ordinateur fonctionne un peu au ralenti mais il fonctionne. J'attends la suite des instructions!
Re,
Branche ton disque E:\, G:\ et F:\, ils sont encore infectés, on va les nettoyer
Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !
Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )
File::
|
=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes
- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.
Alors voici le nouveau rapport de combofix:
ComboFix 08-12-06.06 - laura 2008-12-08 17:15:35.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1120 [GMT 1:00]
Lancé depuis: c:\users\laura\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\laura\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
E:\Start.exe
F:\Start.exe
G:\Start.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Start.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-08 au 2008-12-08 ))))))))))))))))))))))))))))))))))))
.
2008-12-07 18:30 . 2008-12-07 18:30 <REP> d-------- c:\program files\Java
2008-12-07 18:30 . 2008-12-07 18:30 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-07 17:12 . 2008-12-07 17:12 <REP> d-------- c:\users\laura\AppData\Roaming\Malwarebytes
2008-12-07 17:12 . 2008-12-07 17:12 <REP> d-------- c:\users\All Users\Malwarebytes
2008-12-07 17:12 . 2008-12-07 17:12 <REP> d-------- c:\programdata\Malwarebytes
2008-12-07 17:12 . 2008-12-07 17:12 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 17:12 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-07 17:12 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-07 12:42 . 2008-12-07 12:42 <REP> d-------- c:\program files\UsbFix
2008-12-07 12:42 . 2008-12-07 12:42 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-07 00:28 . 2008-12-07 00:28 250 --a------ c:\windows\gmer.ini
2008-12-06 23:56 . 2008-12-08 01:37 <REP> d-------- C:\ToolBar SD
2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\users\All Users\Lavasoft
2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\programdata\Lavasoft
2008-12-06 21:03 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-06 21:02 . 2008-01-19 08:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
2008-12-06 21:01 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-06 21:00 . 2008-01-19 08:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2008-12-06 21:00 . 2008-01-05 12:31 145,455 --a------ c:\windows\System32\perfmon.msc
2008-12-06 21:00 . 2008-01-05 12:39 150 --a------ c:\windows\System32\RacUREx.xml
2008-12-06 21:00 . 2008-01-05 12:31 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-06 20:59 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-06 20:59 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-06 20:59 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-06 20:59 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-06 20:59 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-06 20:59 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-06 20:58 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-06 20:58 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-06 20:58 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-06 20:58 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-06 18:34 . 2008-12-06 18:35 <REP> d-------- c:\windows\System32\RS4
2008-12-06 17:58 . 2008-12-06 17:58 <REP> d-------- C:\VundoFix Backups
2008-12-06 15:45 . 2008-12-06 15:45 <REP> d-------- C:\PerfLogs
2008-12-06 14:52 . 2008-12-06 19:04 <REP> d-------- C:\7dbac67deba88655a43e5526a8d3
2008-12-06 04:11 . 2008-12-06 04:19 <REP> d-------- C:\Downloads
2008-12-06 04:11 . 2008-12-06 04:20 <REP> d-------- C:\Bases
2008-12-06 04:10 . 2008-12-06 04:20 <REP> d-------- C:\Kaspersky
2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-05 20:17 . 2008-12-06 23:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-26 18:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 18:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 18:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 18:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 18:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 18:09 . 2008-01-19 08:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 18:09 . 2008-01-19 08:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-23 16:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 16:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 16:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 16:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 16:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 16:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 16:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 16:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 16:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-22 13:26 . 2008-11-22 13:26 <REP> d-------- c:\program files\MSECache
2008-11-16 13:15 . 2008-12-06 20:29 179,712 --a------ c:\users\laura\gif.exe
2008-11-11 21:13 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 21:13 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 21:13 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 21:10 . 2008-12-08 17:11 1,470,822 --a------ c:\windows\System32\PerfStringBackup.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 21:54 174 --sha-w c:\program files\desktop.ini
2008-12-06 21:45 --------- d-----w c:\program files\Windows Sidebar
2008-12-06 21:45 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-06 21:45 --------- d-----w c:\program files\Windows Mail
2008-12-06 21:45 --------- d-----w c:\program files\Windows Journal
2008-12-06 21:45 --------- d-----w c:\program files\Windows Defender
2008-12-06 21:45 --------- d-----w c:\program files\Windows Collaboration
2008-12-06 21:45 --------- d-----w c:\program files\Windows Calendar
2008-12-06 20:23 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-06 20:23 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-06 19:20 --------- d-----w c:\program files\Yahoo!
2008-11-26 02:01 --------- d-----w c:\programdata\Microsoft Help
2008-11-22 12:23 --------- d-----w c:\program files\Common Files\Adobe
2008-11-05 07:26 79,360 ----a-w c:\users\laura\index.exe
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-03 17:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-07_12.20.16,41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-08 16:14:28 6,225,920 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
- 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-08 16:06:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-08 16:06:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 11:19:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-08 16:06:56 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-12-07 11:19:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-08 16:18:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-08 16:18:04 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-12-08 16:11:54 2,762 ----a-w c:\windows\SoftwareDistribution\PostRebootEventCache\{C491B8BE-F7AB-4D91-8249-28854A830DE9}.bin
- 2008-12-07 06:37:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-08 16:10:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-07 06:37:27 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-08 16:10:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-07 06:37:27 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-08 16:10:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-07 17:30:34 144,792 ----a-w c:\windows\System32\java.exe
+ 2008-12-07 17:30:34 144,792 ----a-w c:\windows\System32\javaw.exe
+ 2008-12-07 17:30:34 148,888 ----a-w c:\windows\System32\javaws.exe
- 2008-12-07 06:42:22 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-08 16:11:46 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-07 06:42:22 123,556 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-12-08 16:11:46 123,556 ----a-w c:\windows\System32\perfc00C.dat
- 2008-12-07 06:42:22 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-08 16:11:46 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-07 06:42:22 669,578 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-12-08 16:11:46 669,578 ----a-w c:\windows\System32\perfh00C.dat
- 2008-12-07 00:48:25 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-12-08 16:10:53 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-12-07 06:38:28 12,814 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
+ 2008-12-08 16:08:13 12,990 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
- 2008-12-07 06:38:28 74,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 16:08:12 74,674 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-07 06:38:26 52,428 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 16:08:11 52,704 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 16:11:21 4,327,011 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-27 05:17:28 301,568 ----a-w c:\windows\winsxs\x86_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.6001.16503_none_13fcab3737a334c2\srchadmin.dll
+ 2008-05-27 05:18:30 136,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\nlhtml.dll
+ 2008-05-27 05:18:32 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\xmlfilter.dll
+ 2008-05-27 05:18:32 40,448 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-mime_31bf3856ad364e35_7.0.6001.16503_none_10a358dd3f57c0de\mimefilt.dll
+ 2008-05-27 05:17:23 194,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-office_31bf3856ad364e35_7.0.6001.16503_none_fab3f42bbfadf408\offfilt.dll
+ 2008-05-27 05:18:30 38,400 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.6001.16503_none_485964bf76e0570a\rtffilt.dll
+ 2008-06-26 03:29:02 45,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.18098_none_f64ce87593b7801f\dataclen.dll
+ 2008-06-26 03:15:06 45,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.22211_none_f7260480ac9a8c27\dataclen.dll
+ 2008-05-10 03:35:15 564,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18069_none_9e540f60f6e2ecf1\emdmgmt.dll
+ 2008-06-26 03:29:02 565,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\emdmgmt.dll
+ 2008-05-10 03:17:36 564,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22176_none_9ecfdb62100b5ca7\emdmgmt.dll
+ 2008-06-26 03:15:30 565,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22211_none_9f0bbb5e0fdf3375\emdmgmt.dll
+ 2008-09-18 04:56:02 147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\Faultrep.dll
+ 2008-01-19 07:33:35 217,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe
+ 2008-01-19 07:33:35 860,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFaultSecure.exe
+ 2008-09-20 04:00:23 147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\Faultrep.dll
+ 2008-09-20 04:00:16 217,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe
+ 2008-09-20 04:00:16 860,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFaultSecure.exe
+ 2008-09-18 04:56:07 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\wersvc.dll
+ 2008-09-20 04:00:26 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.22271_none_7a0ae2e8aa3b1988\wersvc.dll
+ 2008-08-02 03:26:00 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\cdd.dll
+ 2008-08-02 01:01:23 625,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\dxgkrnl.sys
+ 2008-08-02 03:20:51 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\cdd.dll
+ 2008-08-02 00:59:11 625,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\dxgkrnl.sys
+ 2008-05-20 02:07:31 148,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.18075_none_4ec1fb0e8f26c88a\nwifi.sys
+ 2008-05-20 02:00:06 148,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.22183_none_4f3ec759a84e5197\nwifi.sys
+ 2008-05-28 03:27:17 223,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22188_none_56d68c90cea4d169\netio.sys
+ 2008-05-28 03:17:25 328,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\BFE.DLL
+ 2008-05-28 03:28:43 101,432 ----a-w c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\FWPKCLNT.SYS
+ 2008-05-28 03:19:07 595,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\FWPUCLNT.DLL
+ 2008-05-28 03:19:32 438,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\IKEEXT.DLL
+ 2008-04-26 08:25:53 3,600,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntkrnlpa.exe
+ 2008-04-26 08:25:54 3,549,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe
+ 2008-04-26 08:11:34 3,601,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntkrnlpa.exe
+ 2008-04-26 08:11:33 3,549,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe
+ 2008-05-27 05:17:46 754,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\propsys.dll
+ 2008-04-05 01:21:42 72,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\pacer.sys
+ 2008-04-05 03:34:31 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\pacerprf.dll
+ 2006-11-02 09:46:13 33,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\traffic.dll
+ 2006-11-02 09:46:14 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\wshqos.dll
+ 2008-04-05 01:20:52 72,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\pacer.sys
+ 2008-04-05 03:20:42 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\pacerprf.dll
+ 2008-04-05 03:21:19 33,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\traffic.dll
+ 2008-04-05 03:21:39 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\wshqos.dll
+ 2008-04-12 03:32:11 784,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc5453bf46b\rpcrt4.dll
+ 2008-04-12 03:16:32 784,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22156_none_b4542e025e5512e8\rpcrt4.dll
+ 2008-05-08 21:59:35 90,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.0.6001.18068_none_0a48f9ec246cf834\wshext.dll
+ 2008-05-08 05:22:33 90,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.0.6001.22175_none_0ac4c5ed3d9567ea\wshext.dll
+ 2008-05-08 21:59:28 512,000 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18068_none_82a70b5ef74dc96b\jscript.dll
+ 2008-05-08 05:18:59 512,000 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22175_none_8322d76010763921\jscript.dll
+ 2008-05-08 21:59:33 430,080 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18068_none_482126172e1075a7\vbscript.dll
+ 2008-05-08 05:22:13 430,080 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.22175_none_489cf2184738e55d\vbscript.dll
+ 2008-05-08 21:58:40 135,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\cscript.exe
+ 2008-01-19 07:34:04 32,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\dispex.dll
+ 2008-05-08 21:59:32 180,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\scrobj.dll
+ 2008-05-08 21:59:32 172,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\scrrun.dll
+ 2008-05-08 21:59:26 155,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\wscript.exe
+ 2008-01-19 07:37:11 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\wshcon.dll
+ 2008-05-08 03:12:11 135,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\cscript.exe
+ 2008-05-08 05:17:02 32,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\dispex.dll
+ 2008-05-08 05:21:52 180,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\scrobj.dll
+ 2008-05-08 05:21:52 172,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\scrrun.dll
+ 2008-05-08 03:12:11 155,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\wscript.exe
+ 2008-05-08 05:22:33 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\wshcon.dll
+ 2008-05-27 05:18:35 29,184 ----a-w c:\windows\winsxs\x86_microsoft-windows-search-profilenotify_31bf3856ad364e35_7.0.6001.16503_none_d86cd72c8d3c237e\wsepno.dll
+ 2008-05-08 19:21:56 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18068_none_886bae514b981fe3\mrxsmb10.sys
+ 2008-05-08 02:47:34 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22175_none_88e77a5264c08f99\mrxsmb10.sys
+ 2008-04-26 08:26:49 891,448 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
+ 2008-04-26 08:08:16 891,448 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
+ 2008-05-27 05:17:16 6,103,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.6001.16503_none_df2000cce0d8c017\chtbrkr.dll
+ 2008-05-27 05:17:16 313,344 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.6001.16503_none_d40428cfc6b6fdf9\thawbrkr.dll
+ 2008-05-27 05:17:16 143,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..eakerstemmer-korean_31bf3856ad364e35_7.0.6001.16503_none_14072d09797cf93d\korwbrkr.dll
+ 2008-05-27 05:17:13 1,671,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.6001.16503_none_4cbdb704b61543d2\chsbrkr.dll
+ 2008-05-27 05:18:43 13,824 ----a-w c:\windows\winsxs\x86_windowssearch-wtrservicingsupport_31bf3856ad364e35_7.0.6001.16503_none_163fe74a2171e12e\WSWTRSvc.exe
+ 2008-05-27 05:18:32 231,936 ----a-w c:\windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_7.0.6001.16503_none_98586419f9103903\msshsq.dll
+ 2008-05-27 04:59:39 106,605 ----a-w c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchema.bin
+ 2008-05-27 04:59:40 18,904 ----a-w c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchemaTrivial.bin
+ 2008-05-27 05:17:42 34,816 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscb.dll
+ 2008-05-27 05:17:25 60,416 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscntrs.dll
+ 2008-05-27 05:17:36 11,776 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msshooks.dll
+ 2008-05-27 05:17:25 87,552 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssitlb.dll
+ 2008-05-27 05:18:25 350,208 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssph.dll
+ 2008-05-27 05:18:55 203,776 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssphtb.dll
+ 2008-05-27 05:17:26 32,768 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssprxy.dll
+ 2008-05-27 05:21:24 1,418,240 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssrch.dll
+ 2008-05-27 05:18:40 44,032 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msstrc.dll
+ 2008-05-27 05:18:56 670,208 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssvp.dll
+ 2008-05-27 05:18:06 71,680 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\propdefs.dll
+ 2008-05-27 05:17:55 87,552 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe
+ 2008-05-27 05:18:43 439,808 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchIndexer.exe
+ 2008-05-27 05:18:16 184,832 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchProtocolHost.exe
+ 2008-05-27 05:21:07 1,582,592 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\tquery.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-05 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'
2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 17:18:18
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-12-08 17:20:05
ComboFix-quarantined-files.txt 2008-12-08 16:20:02
ComboFix2.txt 2008-12-07 14:08:51
ComboFix3.txt 2008-12-07 12:29:54
ComboFix4.txt 2008-12-07 11:21:21
Avant-CF: 40 576 790 528 octets libres
Après-CF: 40,383,913,984 octets libres
334 --- E O F --- 2008-12-08 16:11:54
Et le nouveau rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:43, on 08/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5MLLQBP\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c9dd6112b104654f.spaces [...] dfr-fr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/J [...] 586-jc.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telech [...] oader4.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8489 bytes
Bonsoir,
Comment va le PC ? Toujours des problèmes ?
Je voudrais vérifier quelque chose :
Télécharge Runscanner et sauvegarde-le sur ton bureau.
- Double-clique dessus pour le lancer ( Sous vista : fais un clique droit dessus et choisis "lancer en tant qu'administrateur" )
- Lorsque la première page apparaît, sélectionne Beginner Mode.
- Ensuite, sur la page suivante, sélectionne Save a binary .Run file (Recommended) puis clique sur Start full scan en haut de la page.
- A ce moment, Runscanner.exe peut demander access to the Internet, dans ce cas, ignorez les alertes de votre firewall, il en aura pour quelques minutes.
- Lorsque le scan sera terminé, il te demandera où sauvegarder les rapports. Il le fera pour les deux fichiers suivants : .run file et log file
- Choisis un nom pour le fichier .run "Select a name" et sauvegarde-le sur ton bureau. Le fichier .run sera visible sur ton bureau. .run file. Il te faut maintenant me l'uploader sur mediafire : http://www.mediafire.com
Uploader un fichier sur mediafire :
- Rends-toi sur ce lien : http://www.mediafire.com/
- Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
- Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
- Clique ensuite sur "Upload".
- A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
- Valide et laisse l'upload se faire.
- Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.
Voici l'URL:
http://www.mediafire.com/?sharekey [...] ea390491ef
Bon sinon mon ordi se porte plutôt bien! J'ai relancé spybot tout à l'heure et il ne me trouve plus rien!
J'attend le verdict final mais j'ai déjà ma p'tite larme à l'oeil
Re,
Tu as dû mal faire l'upload, je n'ai rien à télécharger, recommence stp.
Sécurité / Prévention
Répondre à Egwene
Bon alors je sais pas comment je me suis débrouillée tout à l'heure. Cette fois ca a marché, voici l'URL:
http://www.mediafire.com/?sharekey [...] 29e4c7311b
Bonjour,
Comment va le PC ? Toujours des problèmes ?
Sécurité / Prévention
Répondre à Egwene
Youhouuu!!!! Nen mon ordinateur remarche parfaitement bien!!!
Merci merci merci et encore MERCI!!!
Je suis épatée de voir que certains se rendent si disponible pour les autres! Ca redonne espoir!
Bonne continuation
Bonsoir,
Suis ces étapes pour désinstaller proprement combofix et les tools que nous avons utilisés pendant la désinfection
- Menu démarrer puis exécuter
- Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.
***
Prévention :
- Nettoyage des fichiers temporaires :
Télécharge Ccleaner sur ton Bureau.
- Clique sur "download the latest version"
- Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner
- Lance le Nettoyage
- Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner.
Telecharge ATFcleaner sur ton Bureau.
- Double-clique sur l'exécutable téléchargé.
- Dans l'onglet Main, coche simplement la case Select All (toutes les cases vont se cocher) puis sur le bouton Empty Selected.
- Si tu possèdes Firefox ou Opera comme navigateur, pense à choisir ton navigateur en haut a gauche avant de sélectionner Select All puis Empty Selected.
- Puis réponds Non au message qui s'affiche, si tu ne souhaites pas perdre tes mots de passe.
Aide : Comment utiliser AFTCleaner.
-- Restauration Système :
Désactive-Réactive la restauration système.
Méthode XP :
Clique sur Démarrer, fais un clique droit sur le Poste de travail puis clique sur Propiétés. Sélectionne l'onglet Restauration du Système.
Dans cet onglet, coche la case Désactiver la Restauration du système sur tous les lecteurs.
Un message de confirmation va apparaître. Clique sur Oui, puis OK. Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).
Méthode Vista :
Clique sur Démarrer, fais un clique droit sur Ordinateur, puis clique sur Propriétés. Clique à gauche sur Paramètres système avancés. Sélectionne l'onglet Protection du Système.
Dans cet onglet, décoche (une par une) tes partitions, un message de confirmation va apparaître, clique sur Désactiver la protection du système, Clique sur Appliquer, puis OK.
Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).
Aide : Comment Désactiver-Réactiver la Restauration Système.
--- Affichage normal des fichiers :
Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Décoche Afficher les fichiers et dossiers cachés
- Coche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.
---- Suppression des outils installés :
Télécharge ToolsCleaner2 (de A.Rothstein)
- Installe le sur ton Bureau.
- Clique sur Recherche pour lancer le scan.
- Clique sur Supprimer pour nettoyer les outils utilisés.
- Clique sur Quitter.
- Supprime maintenant ToolsCleaner.
----- Remise en place des protections, protection du système avec les Mises à Jour ! :
Je t'invite maintenant à (ré)activer toutes tes protections résidentes (Antivirus, Antispyware, Firewall..).
Tu dois avoir accès à tes protections dans la zone systray à côté de la barre des tâches. Si tu as des difficultés, n'hésite pas à me questionner !
Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !
Mets tes Softwares correctement à jour (Java, Adobe, Flash ..) grâce à Sotware Inspector (chez Secunia)
Un petit mot à propos de Java :
Une fois la nouvelle version téléchargée, installe-la et fais redémarrer ton ordinateur.
Hélas, les anciennes version de Java (qui contiennent des failles, donc dangereuses !) sont toujours présentes !
C'est donc très important que tu désinstalles les anciennes versions de Java.
- Va dans Démarrer, Panneau de Configuration, Ajout/Suppression de Programmes
- Déinstalles toutes les versions de Java exceptée la plus récente.
Aide : Comment utiliser Secunia Software Inspector.
------ Ton infection, tu la dénonces ? :
Tu n'es pas obligé mais ce serait bien que tu rapportes ton infection sur Malware Complaints
- Ton(tes) infection(s) : Sdbot + infection par support amovible.
- Si tu ne la trouves pas dans la liste, poste dans Autres infections.
Aide : Comment dénoncer mon infection sur Malware Complaints.
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Je t'invite maintenant à regarder ces dossiers très instructifs en terme de prévention !
- Sécurité/Prévention
- Conséquences de la multi-protection
- Toolbars : Inutilité et ralentissements
Bonne journée/soirée
Bonjour!
J'ai bien suivi toutes les étapes, j'ai été poster un message sur malware complaints.
Par contre j'ai pas très bien compris l'utilisation de Sotware Inspector. J'ai été regarder sur le lien qui explique son utilisation mais je comprends toujours pas. J'ai lancé l'analyse, il m'a mis en rouge les logiciels à mettre à jour (si j'ai bien compris). Ensuite j'ai cliqué sur "Download" j'ai installé ce que j'ai téléchargé mais quand je relance l'analyse il me retrouve toujours les mêmes en erreur...alors je sais pas trop ce que je fais pas bien ou alors p'tete aussi que j'ai rien compris à son utilisation!
Voila voila. Sinon pas d'autres problèmes pour le reste grâce aux explications très claires! Merci!
Re,
Bah, tiens tes logiciels à jour manuellement et c'est bon, pense-y 
De rien ce fut un plaisir !
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Bonne continuation
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-28 15:11:03
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (59%) free of 9 GB
Total RAM: 255 MB (3% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:29, on 28/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\HiYo\bin\HiYo.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
d:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\PROGRA~1\AVG\AVG8\avgemc.exe
d:\PROGRA~1\AVG\AVG8\avgam.exe
d:\PROGRA~1\AVG\AVG8\avgrsx.exe
d:\PROGRA~1\AVG\AVG8\avgnsx.exe
d:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\calc.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Bureau\FLEXonline 0.1.8.6\FLEXonline.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Application Data\U3\00001628C3713647\LaunchPad.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG8_TRAY] d:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Hiyo] D:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgfws8.exe
--
End of file - 6608 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-764733703-842925246-500.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - d:\Program Files\AVG\AVG8\avgssie.dll [2009-02-27 1078552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2002-01-16 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\system32\msdxm.ocx [2004-08-04 848922]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [2004-06-03 32881]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-11 172032]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
"AVG8_TRAY"=d:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-27 1601304]
"Hiyo"=D:\Program Files\HiYo\bin\HiYo.exe [2009-01-28 300336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-23 133104]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-13 1057280]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-27 10520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"d:\Program Files\CCP Server 5\ccpsrv.exe"="d:\Program Files\CCP Server 5\ccpsrv.exe:*:Enabled:CyberCafePro Main Control Station"
"D:\Program Files\PoivY.com\PoivY\PoivY.exe"="D:\Program Files\PoivY.com\PoivY\PoivY.exe:*:Enabled
oivY"
"D:\Program Files\InterVoip.com\InterVoip\InterVoip.exe"="D:\Program Files\InterVoip.com\InterVoip\InterVoip.exe:*:Enabled:InterVoip"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\AVG\AVG8\avgam.exe"="D:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"D:\Program Files\AVG\AVG8\avgemc.exe"="D:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"D:\Program Files\AVG\AVG8\avgupd.exe"="D:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Program Files\AVG\AVG8\avgnsx.exe"="D:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Documents and Settings\Administrateur\Local Settings\Temp\ImInstaller\HiYo_Installer.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\ImInstaller\HiYo_Installer.exe:*:Enabled:IncrediMail Installer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3608f9e-0108-11de-954a-00d0b752a55e}]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2009-02-28 15:11:03 ----D---- C:\rsit
2009-02-28 14:44:45 ----A---- C:\TCleaner.txt
2009-02-27 16:45:58 ----D---- C:\Documents and Settings\Administrateur\Application Data\HiYo
2009-02-27 13:29:21 ----D---- C:\Documents and Settings\All Users\Application Data\HiYo
2009-02-27 13:21:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-27 13:19:33 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2009-02-27 13:19:30 ----D---- C:\Program Files\AVG
2009-02-27 13:19:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-26 18:15:39 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL
2009-02-26 18:15:39 ----A---- C:\WINDOWS\system32\MSVCP60D.DLL
2009-02-26 18:15:36 ----D---- C:\Program Files\Free Audio Pack
2009-02-26 13:38:31 ----D---- C:\WINDOWS\Sun
2009-02-26 13:38:31 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
2009-02-26 12:48:22 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-02-26 09:11:10 ----D---- C:\Program Files\Mozilla Firefox
2009-02-25 16:47:48 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-02-25 13:32:31 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2009-02-24 12:47:42 ----D---- C:\Program Files\Microsoft
2009-02-24 12:47:09 ----D---- C:\Program Files\Windows Live SkyDrive
2009-02-24 12:46:21 ----D---- C:\Program Files\Windows Live
2009-02-24 12:11:45 ----HD---- C:\$AVG8.VAULT$
2009-02-24 12:09:21 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-02-24 11:03:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\Macromedia
2009-02-24 10:54:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
2009-02-24 10:24:21 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-02-24 10:23:39 ----D---- C:\Program Files\Yahoo!
2009-02-24 10:12:42 ----D---- C:\Program Files\SuperCopier2
2009-02-24 10:11:50 ----D---- C:\Program Files\Foxit Software
2009-02-24 08:55:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\InterVoip
2009-02-23 14:49:25 ----D---- C:\Program Files\trend micro
2009-02-23 14:45:28 ----D---- C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2009-02-23 14:45:14 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-02-23 14:00:24 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
2009-02-23 12:53:57 ----D---- C:\Documents and Settings\Administrateur\Application Data\PoivY
2009-02-23 07:55:31 ----D---- C:\WINDOWS\pss
2009-02-22 20:15:34 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-22 20:15:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-02-22 20:04:05 ----RSD---- C:\WINDOWS\assembly
2009-02-22 20:01:46 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-22 19:48:05 ----D---- C:\Program Files\Common Files
2009-02-22 19:47:54 ----D---- C:\WINDOWS\system32\ccp4
2009-02-22 19:19:10 ----D---- C:\Downloads
2009-02-22 19:18:50 ----D---- C:\WINDOWS\system32\AdCache
2009-02-22 19:11:55 ----D---- C:\Documents and Settings\Administrateur\Application Data\U3
2009-02-22 19:08:51 ----A---- C:\WINDOWS\IsUn040c.exe
2009-02-22 18:20:23 ----A---- C:\WINDOWS\system32\h323log.txt
2009-02-22 18:17:27 ----A---- C:\WINDOWS\system32\usbui.dll
2009-02-22 18:17:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-02-22 18:16:59 ----A---- C:\WINDOWS\system32\i81xdnt5.dll
2009-02-22 18:14:28 ----A---- C:\WINDOWS\imsins.BAK
2009-02-22 18:14:22 ----SHD---- C:\WINDOWS\Installer
2009-02-22 18:14:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-22 18:14:20 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-02-22 18:14:20 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-22 18:14:16 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2009-02-22 18:14:15 ----RD---- C:\Program Files
2009-02-22 18:14:15 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-02-22 18:14:15 ----D---- C:\Program Files\Fichiers communs
2009-02-22 18:14:12 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-02-22 18:14:12 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-02-22 18:14:12 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-02-22 18:14:07 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-02-22 18:14:07 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-02-22 18:14:07 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-02-22 18:14:07 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-02-22 18:14:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-02-22 18:14:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-02-22 18:14:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-22 18:13:53 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-22 18:13:53 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-02-22 18:13:53 ----A---- C:\WINDOWS\system32\batt.dll
2009-02-22 18:13:52 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-02-22 18:13:49 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-22 18:13:32 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-22 18:13:22 ----RA---- C:\WINDOWS\SET8.tmp
2009-02-22 18:13:17 ----RA---- C:\WINDOWS\SET4.tmp
2009-02-22 18:13:15 ----RA---- C:\WINDOWS\SET3.tmp
2009-02-22 18:13:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-22 18:13:08 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-22 18:13:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-22 18:12:41 ----A---- C:\WINDOWS\setuplog.txt
2009-02-22 18:12:33 ----D---- C:\Documents and Settings
2009-02-22 18:11:46 ----SH---- C:\boot.ini
2009-02-22 18:11:34 ----D---- C:\MODIFS
2009-02-22 18:11:15 ----D---- C:\INSTALL
2009-02-22 18:06:44 ----D---- C:\Program Files\Hewlett-Packard
2009-02-22 18:06:19 ----SHD---- C:\System Volume Information
2009-02-22 18:06:10 ----A---- C:\WINDOWS\hpdj3500.ini
2009-02-22 18:04:04 ----A---- C:\WINDOWS\ODBC.INI
2009-02-22 18:03:57 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-02-22 18:02:07 ----D---- C:\Program Files\Microsoft.NET
2009-02-22 18:01:54 ----D---- C:\WINDOWS\system32\IME
2009-02-22 18:01:54 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-22 18:01:54 ----D---- C:\WINDOWS\system32\1036
2009-02-22 18:01:54 ----D---- C:\WINDOWS\PeerNet
2009-02-22 18:01:54 ----D---- C:\WINDOWS\pchealth
2009-02-22 18:01:54 ----D---- C:\WINDOWS\ime
2009-02-22 18:01:54 ----D---- C:\WINDOWS\ehome
2009-02-22 18:01:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-22 18:01:53 ----RSD---- C:\WINDOWS\Fonts
2009-02-22 18:01:53 ----RD---- C:\WINDOWS\Web
2009-02-22 18:01:53 ----HD---- C:\WINDOWS\inf
2009-02-22 18:01:53 ----D---- C:\WINDOWS\WinSxS
2009-02-22 18:01:53 ----D---- C:\WINDOWS\twain_32
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Temp
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\wins
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\wbem
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\usmt
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\spool
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\Setup
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\ras
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\oobe
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\npp
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\mui
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\icsxml
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\ias
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\export
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\drivers
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\dhcp
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\config
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\3076
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\2052
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1054
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1042
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1041
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1037
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1033
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1031
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1028
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1025
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32
2009-02-22 18:01:53 ----D---- C:\WINDOWS\system
2009-02-22 18:01:53 ----D---- C:\WINDOWS\security
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Resources
2009-02-22 18:01:53 ----D---- C:\WINDOWS\repair
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Provisioning
2009-02-22 18:01:53 ----D---- C:\WINDOWS\mui
2009-02-22 18:01:53 ----D---- C:\WINDOWS\msapps
2009-02-22 18:01:53 ----D---- C:\WINDOWS\msagent
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Media
2009-02-22 18:01:53 ----D---- C:\WINDOWS\java
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Help
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Driver Cache
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Debug
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Cursors
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Connection Wizard
2009-02-22 18:01:53 ----D---- C:\WINDOWS\Config
2009-02-22 18:01:53 ----D---- C:\WINDOWS\AppPatch
2009-02-22 18:01:53 ----D---- C:\WINDOWS\addins
2009-02-22 18:01:53 ----D---- C:\WINDOWS
2009-02-22 18:00:40 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2009-02-22 18:00:33 ----D---- C:\Program Files\Microsoft Works
2009-02-22 18:00:18 ----D---- C:\Program Files\Microsoft Visual Studio
2009-02-22 17:59:50 ----D---- C:\WINDOWS\SHELLNEW
2009-02-22 17:54:46 ----RHD---- C:\MSOCache
2009-02-22 17:51:55 ----SHD---- C:\RECYCLER
2009-02-22 17:47:55 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-02-22 17:47:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities
2009-02-22 17:47:48 ----HD---- C:\Program Files\Uninstall Information
2009-02-22 17:46:01 ----D---- C:\Program Files\WinRAR
2009-02-22 17:45:28 ----D---- C:\Program Files\Java
2009-02-22 17:45:28 ----D---- C:\Program Files\Fichiers communs\Java
2009-02-22 17:45:04 ----D---- C:\Program Files\FlashGet
2009-02-22 17:42:29 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini
2009-02-22 17:42:28 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-02-22 17:41:48 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-22 17:41:45 ----D---- C:\WINDOWS\Prefetch
2009-02-22 17:41:44 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-22 17:41:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-22 17:33:11 ----D---- C:\WINDOWS\system32\xircom
2009-02-22 17:33:11 ----D---- C:\Program Files\xerox
2009-02-22 17:33:11 ----D---- C:\Program Files\msn gaming zone
2009-02-22 17:33:11 ----D---- C:\Program Files\movie maker
2009-02-22 17:33:11 ----D---- C:\Program Files\microsoft frontpage
2009-02-22 17:32:05 ----A---- C:\WINDOWS\control.ini
2009-02-22 17:32:05 ----A---- C:\AUTOEXEC.BAT
2009-02-22 17:31:36 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-22 17:31:28 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-02-22 17:29:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-22 17:29:02 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-22 17:29:02 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-22 17:28:44 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-22 17:28:32 ----HD---- C:\Program Files\WindowsUpdate
2009-02-22 17:28:24 ----D---- C:\Program Files\Services en ligne
2009-02-22 17:27:39 ----D---- C:\WINDOWS\system32\DirectX
2009-02-22 17:27:00 ----A---- C:\WINDOWS\system32\atrace.dll
2009-02-22 17:26:57 ----A---- C:\WINDOWS\system32\desktop.ini
2009-02-22 17:26:57 ----A---- C:\WINDOWS\desktop.ini
2009-02-22 17:26:47 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-02-22 17:26:45 ----D---- C:\Program Files\Fichiers communs\Services
2009-02-22 17:26:45 ----A---- C:\WINDOWS\system32\acctres.dll
2009-02-22 17:26:40 ----SD---- C:\WINDOWS\Tasks
2009-02-22 17:26:40 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-22 17:26:39 ----D---- C:\Program Files\Fichiers communs\MSSoap
2009-02-22 17:26:32 ----D---- C:\WINDOWS\srchasst
2009-02-22 17:26:31 ----D---- C:\WINDOWS\system32\Macromed
2009-02-22 17:26:26 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-02-22 17:26:25 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-22 17:26:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-02-22 17:26:25 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-22 17:26:24 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-22 17:26:24 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-02-22 17:26:24 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-22 17:26:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-02-22 17:26:23 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-22 17:26:23 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-22 17:26:23 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-22 17:26:22 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-22 17:26:22 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-22 17:26:16 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-02-22 17:26:16 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-02-22 17:26:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-22 17:26:16 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-02-22 17:26:02 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-02-22 17:26:02 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-02-22 17:26:01 ----D---- C:\WINDOWS\system32\Restore
2009-02-22 17:26:01 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-02-22 17:26:00 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-02-22 17:26:00 ----A---- C:\WINDOWS\system32\srclient.dll
2009-02-22 17:25:59 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-02-22 17:25:59 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-02-22 17:25:59 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-22 17:25:59 ----A---- C:\WINDOWS\system32\ils.dll
2009-02-22 17:25:58 ----A---- C:\WINDOWS\system32\msconf.dll
2009-02-22 17:25:58 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-22 17:25:51 ----D---- C:\Program Files\NetMeeting
2009-02-22 17:25:51 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-02-22 17:25:51 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-02-22 17:25:46 ----A---- C:\WINDOWS\system32\inetres.dll
2009-02-22 17:25:39 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-02-22 17:25:37 ----D---- C:\Program Files\Outlook Express
2009-02-22 17:25:37 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-02-22 17:25:37 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-22 17:25:37 ----A---- C:\WINDOWS\system32\mstask.dll
2009-02-22 17:25:36 ----A---- C:\WINDOWS\system32\isign32.dll
2009-02-22 17:25:36 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-02-22 17:25:36 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-02-22 17:25:36 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-02-22 17:25:29 ----D---- C:\Program Files\Fichiers communs\System
2009-02-22 17:25:25 ----D---- C:\Program Files\Internet Explorer
2009-02-22 17:23:45 ----D---- C:\Program Files\ComPlus Applications
2009-02-22 17:23:42 ----A---- C:\WINDOWS\vbaddin.ini
2009-02-22 17:23:42 ----A---- C:\WINDOWS\vb.ini
2009-02-22 17:23:33 ----D---- C:\WINDOWS\Registration
2009-02-22 17:23:18 ----D---- C:\Program Files\Windows Media Player
2009-02-22 17:23:08 ----A---- C:\WINDOWS\system32\write.exe
2009-02-22 17:22:57 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-22 17:22:57 ----A---- C:\WINDOWS\system32\hticons.dll
2009-02-22 17:22:56 ----A---- C:\WINDOWS\system32\winchat.exe
2009-02-22 17:22:56 ----A---- C:\WINDOWS\system32\avwav.dll
2009-02-22 17:22:56 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-02-22 17:22:56 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-02-22 17:22:44 ----A---- C:\WINDOWS\system32\getuname.dll
2009-02-22 17:22:43 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-22 17:22:42 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tskill.exe
2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tscon.exe
2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\reset.exe
2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\shadow.exe
2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\regini.exe
2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\logoff.exe
2009-02-22 17:22:39 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-22 17:22:39 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\stclient.dll
2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-02-22 17:22:27 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-22 17:22:26 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-02-22 17:22:26 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-02-22 17:22:26 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-22 17:22:25 ----D---- C:\Program Files\Windows NT
2009-02-22 17:22:25 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-22 17:22:25 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-02-22 17:22:24 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-02-22 17:22:22 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-02-22 17:22:22 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-22 17:22:22 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-02-22 17:22:22 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-02-22 17:22:21 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-02-22 17:22:20 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-22 17:22:19 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-02-22 17:22:19 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-22 17:22:19 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-22 17:22:18 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-02-22 17:22:18 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-02-22 17:22:18 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-02-22 17:22:18 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-22 17:22:17 ----D---- C:\WINDOWS\system32\Com
2009-02-22 17:22:17 ----A---- C:\WINDOWS\system32\colbact.dll
2009-02-22 17:22:17 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-02-22 17:22:17 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-02-22 17:22:16 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-02-22 17:22:16 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-02-22 17:22:15 ----A---- C:\WINDOWS\system32\comuid.dll
2009-02-22 17:22:15 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-02-22 17:22:15 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-02-22 17:22:03 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-02-22 17:22:03 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-02-22 17:22:03 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-02-22 17:22:03 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll
======List of files/folders modified in the last 1 months======
2009-02-22 18:13:59 ----A---- C:\WINDOWS\system.ini
2009-02-22 18:03:16 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-27 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-27 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-27 107272]
R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 46720]
R3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-02-27 29208]
R3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-24 9600]
R3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12288]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-02-27 29208]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8emc;AVG8 E-mail Scanner; d:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-27 903960]
R2 avg8wd;AVG8 WatchDog; d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-27 298264]
R2 avgfws8;AVG8 Firewall; d:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-02-27 1339600]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
