Tom's Guide > Forum > Sécurité - Virus > Internet lent

Internet lent

Forum Sécurité - Virus : Internet lent

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
cynthia_38   25-02-2009 à 16:05:47

Bonjour,
depuis quelques jours sur mon pc, internet est tres lent, j'ai peur d'avoir un virus, quelqu'un pourrait'il m'aider?
merci

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Destrio5   25-02-2009 à 16:16:33
- 0 +

Salut,

On va regarder :

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).


Note : les rapports sont sauvegardés dans le dossier C:\rsit\.

Répondre à Destrio5
cynthia_38   25-02-2009 à 16:41:37
- 0 +

re

Logfile of random's system information tool 1.05 (written by random/random)
Run by alexis at 2009-02-25 16:22:51
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 72 GB (30%) free of 238 GB
Total RAM: 1014 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:02, on 25/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DWRCS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CmWatch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\alexis\client1.exe
F:\Hvfsys\HVF-ICS.exe
C:\windows\system32\SIGNON.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\spider.exe
C:\Documents and Settings\alexis\Bureau\RSIT.exe
C:\Documents and Settings\alexis\Bureau\HiJackThis\alexis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries [...] efault.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: bgrqfetx - {87EF3F20-E986-4B30-B9AA-A65E59792F29} - C:\WINDOWS\bgrqfetx.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Client Net-Assistance.lnk = C:\Program Files\LBINT\Launch.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: EPSON Contrôle en arrière-plan.lnk = C:\Program Files\EPSON\ESM2\Stms.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/J [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HEVEAFIL.local
O17 - HKLM\Software\..\Telephony: DomainName = HEVEAFIL.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C682CED-F5BD-48AC-A7C8-327F26A53BA3}: NameServer = 192.168.15.1,192.168.15.254
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = HEVEAFIL.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C682CED-F5BD-48AC-A7C8-327F26A53BA3}: NameServer = 192.168.15.1,192.168.15.254
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = HEVEAFIL.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{3C682CED-F5BD-48AC-A7C8-327F26A53BA3}: NameServer = 192.168.15.1,192.168.15.254
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = HEVEAFIL.local
O17 - HKLM\System\CS4\Services\Tcpip\..\{3C682CED-F5BD-48AC-A7C8-327F26A53BA3}: NameServer = 192.168.15.1,192.168.15.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DameWare Mini Remote Control Service (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: ICRAplus - OPTENET - C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

--
End of file - 9671 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2006-02-10 218632]
{87EF3F20-E986-4B30-B9AA-A65E59792F29} - bgrqfetx - C:\WINDOWS\bgrqfetx.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-05-06 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-05-06 118784]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-11-23 631362]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2005-10-07 180269]
"CmCardRun"=C:\WINDOWS\system32\CmWatch.exe [2003-09-16 229376]
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-19 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-22 342848]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmCardRun]
C:\WINDOWS\system32\CmWatch.exe [2003-09-16 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyeOnFiles.exe]
C:\Program Files\HGMB\EyeOnFiles\EyeOnFiles.exe [2008-02-17 4838400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe [2003-09-09 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-01-23 847872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2005-10-07 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Client Net-Assistance.lnk - C:\Program Files\LBINT\Launch.exe
Démarrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
EPSON Contrôle en arrière-plan.lnk - C:\Program Files\EPSON\ESM2\Stms.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-05-06 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0xexx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4tyxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoWelcomeScreen"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\LBINT\launch1.exe"="C:\Program Files\LBINT\launch1.exe:*:Enabled:launch1"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\LBINT\Launch.exe"="C:\Program Files\LBINT\Launch.exe:*:Enabled:Launch"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\LBINT\launch1.exe"="C:\Program Files\LBINT\launch1.exe:*:Enabled:launch1"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\LBINT\Launch.exe"="C:\Program Files\LBINT\Launch.exe:*:Enabled:Launch"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\alexis\Mes documents\BitTorrent Downloads\BitTorrent.exe"="C:\Documents and Settings\alexis\Mes documents\BitTorrent Downloads\BitTorrent.exe:*:Enabled:BitTorrent"

======List of files/folders created in the last 1 months======

2009-02-25 09:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-19 12:49:48 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-19 12:49:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-19 12:49:48 ----A---- C:\WINDOWS\system32\java.exe
2009-02-19 12:49:48 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-16 09:02:39 ----D---- C:\Documents and Settings\alexis\Application Data\Malwarebytes
2009-02-16 08:57:20 ----SHD---- C:\found.000
2009-02-13 16:53:21 ----SHD---- C:\RECYCLER
2009-02-13 16:17:15 ----D---- C:\WINDOWS\temp
2009-02-13 16:17:10 ----A---- C:\ComboFix.txt
2009-02-13 15:47:20 ----A---- C:\Boot.bak
2009-02-13 15:47:10 ----RASHD---- C:\cmdcons
2009-02-13 15:44:48 ----A---- C:\WINDOWS\zip.exe
2009-02-13 15:44:48 ----A---- C:\WINDOWS\VFIND.exe
2009-02-13 15:44:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-13 15:44:48 ----A---- C:\WINDOWS\SWSC.exe
2009-02-13 15:44:48 ----A---- C:\WINDOWS\SWREG.exe
2009-02-13 15:44:48 ----A---- C:\WINDOWS\sed.exe
2009-02-13 15:44:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-13 15:44:48 ----A---- C:\WINDOWS\grep.exe
2009-02-13 15:44:48 ----A---- C:\WINDOWS\fdsv.exe
2009-02-12 17:06:15 ----A---- C:\WINDOWS\system32\InstallAVg_77015112.exe.tmp
2009-02-12 08:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-12 08:46:47 ----A---- C:\WINDOWS\imsins.BAK
2009-02-10 13:44:01 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2009-02-10 10:31:03 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-09 18:16:21 ----D---- C:\IDN
2009-02-09 16:55:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-09 16:55:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-09 16:31:04 ----A---- C:\FindyKill.txt
2009-02-09 16:30:34 ----D---- C:\Program Files\FindyKill
2009-02-09 09:42:27 ----D---- C:\rsit
2009-02-09 09:08:28 ----A---- C:\WINDOWS\system32\system32xp.exe.tmp

======List of files/folders modified in the last 1 months======

2009-02-25 16:22:59 ----D---- C:\WINDOWS\Prefetch
2009-02-25 16:18:14 ----D---- C:\Documents and Settings\alexis\Application Data\DNA
2009-02-25 15:48:15 ----D---- C:\windows
2009-02-25 15:48:12 ----D---- C:\Program Files\LBINT
2009-02-25 15:48:11 ----D---- C:\Program Files\DNA
2009-02-25 15:48:11 ----A---- C:\WINDOWS\iTouch.ini
2009-02-25 15:40:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-25 15:18:38 ----D---- C:\Documents and Settings\alexis\Application Data\BitTorrent
2009-02-25 11:35:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-25 09:56:55 ----A---- C:\WINDOWS\crw.ini
2009-02-25 09:37:00 ----D---- C:\WINDOWS\system32
2009-02-25 09:34:59 ----HD---- C:\WINDOWS\inf
2009-02-25 09:34:51 ----RSHD---- C:\WINDOWS\system32\DllCache
2009-02-25 09:29:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-20 12:16:01 ----D---- C:\Documents and Settings\alexis\Application Data\SolidDocuments
2009-02-19 12:50:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-19 12:50:03 ----SHD---- C:\WINDOWS\Installer
2009-02-19 12:49:55 ----HD---- C:\Config.Msi
2009-02-19 12:49:31 ----D---- C:\Program Files\Java
2009-02-16 15:02:55 ----D---- C:\WINDOWS\system32\drivers
2009-02-13 16:14:21 ----D---- C:\QooBox
2009-02-13 16:11:23 ----A---- C:\WINDOWS\system.ini
2009-02-13 15:59:51 ----D---- C:\WINDOWS\AppPatch
2009-02-13 15:59:44 ----D---- C:\Program Files\Fichiers communs
2009-02-13 15:57:10 ----RD---- C:\Program Files
2009-02-13 15:47:20 ----RASH---- C:\boot.ini
2009-02-13 15:40:52 ----D---- C:\ComboFix
2009-02-12 09:17:42 ----D---- C:\Program Files\Internet Explorer
2009-02-12 08:49:51 ----A---- C:\WINDOWS\system32\MRT.INI
2009-02-12 08:47:14 ----D---- C:\WINDOWS\Debug
2009-02-12 08:42:20 ----SHD---- C:\WINDOWS\CSC
2009-02-12 08:42:18 ----D---- C:\WINDOWS\security
2009-02-12 08:41:27 ----D---- C:\WINDOWS\Minidump
2009-02-04 00:21:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2271]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-05-06 711005]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2002-11-08 14156]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2002-11-08 23838]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2002-11-08 41420]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2002-11-08 70238]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-12-21 28164]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\netimflt.sys []
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 UMSSSTOR;C-Media Storage; C:\WINDOWS\system32\DRIVERS\UMSS.SYS [2004-07-13 48512]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-03-20 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\System32\basfipm.exe [2004-04-01 77824]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DWMRCS;DameWare Mini Remote Control Service; C:\WINDOWS\system32\DWRCS.exe [2007-03-14 220160]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\EPSON\ESM2\eEBSVC.exe [2002-01-30 77824]
R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-13 155648]
R2 ICRAplus;ICRAplus; C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe [2006-12-29 909312]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-19 152984]
R2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe [2006-02-10 69632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------


merci

Répondre à cynthia_38
Destrio5   25-02-2009 à 16:44:20
- 0 +

Peux-tu me poster ce rapport : C:\ComboFix.txt ?

Répondre à Destrio5
cynthia_38   25-02-2009 à 17:00:56
- 0 +

ComboFix 09-02-12.03 - cynthia 2009-02-13 15:56:25.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1014.685 [GMT 1:00]
Lancé depuis: c:\documents and settings\alexis\Bureau\comb.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)
FW: Panda Internet Security 2008 *disabled*
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antivirus 2009\
c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\windows\msauc.exe
c:\windows\services.exe
c:\windows\system32\crypts.dll
c:\windows\system32\digeste.dll
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\TDSSserv.sys
c:\windows\system32\drivers\UACrfsqfcjn.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\rah3b8ffdnd.dll
c:\windows\system32\rs32net.exe
c:\windows\system32\shell31.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\svschost.exe
c:\windows\system32\tmp.reg
c:\windows\system32\UACdlugsybu.dll
c:\windows\system32\UACftnefqsm.log
c:\windows\system32\UAChurqfqwg.dat
c:\windows\system32\UACjqxtjkln.dll
c:\windows\system32\UACppgxylrg.dll
c:\windows\system32\UACqgpcrgst.log
c:\windows\system32\UACqpwrjjwj.log
c:\windows\system32\UACsawagakk.dll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wpv231234083759.cpx
c:\windows\system32\wpv331234083698.cpx
c:\windows\system32\WS2Fix.exe
c:\windows\wiaserviv.log
c:\windows\system32\InstallAVg_77015112.exe . . . . impossible à supprimer
.
---- Exécution préalable -------
.
c:\documents and settings\cynthia\Bureau\Error Cleaner.url
c:\documents and settings\cynthia\Bureau\Privacy Protector.url
c:\documents and settings\cynthia\Bureau\Spyware&Malware Protection.url
c:\documents and settings\cynthia\Favoris\Error Cleaner.url
c:\documents and settings\cynthia\Favoris\Privacy Protector.url
c:\documents and settings\cynthia\Favoris\Spyware&Malware Protection.url
c:\program files\PCHealthCenter
c:\program files\PCHealthCenter\0.exe
c:\program files\PCHealthCenter\0.gif
c:\program files\PCHealthCenter\1.exe
c:\program files\PCHealthCenter\1.gif
c:\program files\PCHealthCenter\2.exe
c:\program files\PCHealthCenter\2.gif
c:\program files\PCHealthCenter\3.exe
c:\program files\PCHealthCenter\3.gif
c:\program files\PCHealthCenter\4.exe
c:\program files\PCHealthCenter\5.exe
c:\program files\PCHealthCenter\7.exe
c:\program files\PCHealthCenter\sex1.ico
c:\program files\PCHealthCenter\sex2.ico
c:\program files\VAV
c:\program files\VAV\vav.cpl
c:\program files\VAV\vav.exe
c:\program files\VAV\vav0.dat
c:\program files\VAV\vav1.dat
c:\windows\bgrqfetx.dll
c:\windows\epgk.exe
c:\windows\privacy_danger
c:\windows\privacy_danger\images\capt.gif
c:\windows\privacy_danger\images\danger.jpg
c:\windows\privacy_danger\images\down.gif
c:\windows\privacy_danger\images\spacer.gif
c:\windows\privacy_danger\index.htm
c:\windows\system32\sex1.ico
c:\windows\system32\sex2.ico
c:\windows\system32\vav.cpl
c:\windows\tfnslopk.dll
c:\windows\wnlmdakqenv.dll
c:\windows\xokvrpwg.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-13 au 2009-02-13 ))))))))))))))))))))))))))))))))))))
.

2009-02-13 16:07 . 2009-02-13 16:07 139,264 --a------ c:\documents and settings\cynthia\client1.exe
2009-02-12 09:19 . 2009-02-13 16:05 32,768 --a------ c:\windows\system32\drivers\ati0xexx.sys
2009-02-12 08:46 . 2009-02-12 08:46 1,374 --a------ c:\windows\imsins.BAK
2009-02-12 08:43 . 2009-02-12 08:49 32,768 --a------ c:\windows\system32\drivers\ati4tyxx.sys
2009-02-11 12:08 . 2009-02-11 12:08 27,136 --a------ c:\windows\system32\TDSSoitu.dll
2009-02-10 13:44 . 2009-02-10 13:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2009-02-09 18:16 . 2009-02-09 18:23 <REP> d-------- C:\IDN
2009-02-09 16:55 . 2009-02-10 10:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 16:55 . 2009-02-09 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 16:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 16:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 16:30 . 2009-02-09 16:49 <REP> d-------- c:\program files\FindyKill
2009-02-09 09:42 . 2009-02-09 09:43 <REP> d-------- C:\rsit
2009-02-09 09:13 . <REP> c:\program files\Antivirus 2009
2009-02-09 09:13 . 2009-02-12 17:06 0 --a------ c:\windows\system32\InstallAVg_77015112.exe.tmp
2009-02-09 09:13 . 2009-02-09 09:13 0 --------- c:\windows\system32\InstallAVg_77015112.exe
2009-02-09 09:08 . 2009-02-09 09:08 92,160 --a------ c:\windows\system32\svñshost.exe
2009-02-09 09:08 . 2009-02-13 08:39 5,538 --a------ c:\windows\system32\uacinit.dll
2009-02-09 09:08 . 2009-02-09 09:08 0 --a------ c:\windows\system32\system32xp.exe.tmp
2009-01-30 14:45 . 2009-02-01 00:03 <REP> d-------- c:\documents and settings\cynthia\download
2009-01-30 14:45 . 2009-02-01 00:03 60 --a------ c:\documents and settings\cynthia\ocsinventory.dat
2009-01-13 11:50 . 2009-01-13 11:50 <REP> d-------- c:\program files\ESET
2009-01-13 11:50 . 2009-01-13 11:50 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-01-13 11:26 . 2009-01-13 11:26 0 --a------ c:\windows\system32\drivers\wnmsav.dat
2009-01-13 08:54 . 2009-02-13 15:40 <REP> d-------- C:\ComboFix

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 15:06 --------- d-----w c:\program files\LBINT
2009-02-13 15:06 --------- d-----w c:\program files\DNA
2009-02-13 15:06 --------- d-----w c:\documents and settings\cynthia\Application Data\DNA
2009-02-13 14:39 --------- d-----w c:\documents and settings\cynthia\Application Data\BitTorrent
2009-02-13 09:37 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-02-11 15:21 --------- d-----w c:\documents and settings\cynthia\Application Data\SolidDocuments
2009-01-14 10:56 --------- d-----w c:\program files\Panda Security
2009-01-13 10:45 --------- d-----w c:\program files\Fichiers communs\Panda Software
2008-12-16 08:49 --------- d-----w c:\program files\Bonjour
2008-12-16 08:48 --------- d-----w c:\program files\iTunes
2008-12-16 08:48 --------- d-----w c:\program files\iPod
2008-12-16 08:48 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 08:45 --------- d-----w c:\program files\QuickTime
2008-12-16 08:44 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-16 08:39 --------- d-----w c:\program files\Safari
2008-11-13 09:52 3,532 ----a-w C:\drmHeader.bin
2007-10-17 13:15 312 ----a-w c:\documents and settings\Administrateur.HEVEAFIL.000\Application Data\config.dat
2006-09-18 08:02 304 ----a-w c:\documents and settings\Administrateur.HEVEAFIL\Application Data\config.dat
2006-06-22 15:26 278 ----a-w c:\documents and settings\Sylviane\Application Data\config.dat
2005-12-06 10:54 225,280 ----a-w c:\program files\Patch_Window_A_0_14.exe
2008-09-10 07:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-07_12.50.17.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
+ 2008-05-02 13:33:12 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:52 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:44:40 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-07-07 20:18:27 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:28:20 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:24:11 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:40:33 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:05:22 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-11 22:23:04 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:43 767,352 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:51:45 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:51:45 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:51:45 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:51:45 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:51:45 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-05-01 15:04:51 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:36:26 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:39:23 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:30:27 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:44:02 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:52 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 15:40:01 124,928 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 15:40:01 347,136 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 15:40:01 214,528 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 15:40:01 132,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 15:40:01 63,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 15:40:01 153,088 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 15:40:01 230,400 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 15:40:02 383,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 15:40:02 388,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 15:40:04 6,068,736 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 15:40:04 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 15:40:04 267,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 15:40:05 27,648 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 15:40:05 459,264 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 15:40:05 52,224 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 15:40:07 3,594,240 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 15:40:07 477,696 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 15:40:07 193,024 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 15:40:07 671,232 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 15:40:07 102,912 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 15:40:07 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 15:40:07 105,984 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 15:40:08 1,162,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 15:40:08 233,472 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 15:40:08 827,904 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll
+ 2008-09-15 15:20:39 1,847,040 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-10 01:12:14 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-03 09:50:27 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-09-04 17:12:47 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 12:10:36 406,392 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-08-26 09:10:25 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:10:25 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:10:25 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:10:25 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:10:25 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:10:26 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:10:26 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:10:26 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:10:26 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 16:22:30 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:10:27 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:10:27 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:10:27 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:10:27 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:10:27 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:10:28 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:10:28 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:10:28 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:10:29 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:10:29 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:10:29 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:10:29 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:10:29 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:10:29 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:10:29 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-10-23 12:44:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 13:55:54 2,147,328 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 17:26:00 2,068,096 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 13:55:47 2,025,984 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 17:26:02 2,191,232 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:03:57 767,352 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:04:05 406,392 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-16 19:33:14 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 19:33:14 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 19:33:14 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 19:33:14 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 19:33:14 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 19:33:14 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 19:33:14 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 19:33:15 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 19:33:15 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 19:33:16 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 19:33:16 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 19:33:16 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 19:33:17 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 19:33:18 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 19:33:18 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 19:33:19 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 19:33:20 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 19:33:20 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 19:33:21 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 19:33:21 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 19:33:21 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 19:33:21 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 19:33:21 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 19:33:22 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 19:33:22 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2008-10-15 16:31:32 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2008-12-13 06:27:45 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
+ 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
+ 2007-03-06 01:35:47 394,976 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
- 2003-01-13 16:53:24 50,816 -c----w c:\windows\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-04 06:10:06 53,248 -c----w c:\windows\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-04 06:00:03 12,288 -c----w c:\windows\$NtServicePackUninstall$\4mmdat.sys
+ 2004-08-04 06:10:10 48,128 -c----w c:\windows\$NtServicePackUninstall$\61883.sys
- 2004-03-20 19:44:36 59,392 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
+ 2006-08-16 11:59:27 100,352 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll.000
- 2002-11-27 11:55:52 185,344 -c----w c:\windows\$NtServicePackUninstall$\accwiz.exe
+ 2004-08-19 23:09:50 189,952 -c----w c:\windows\$NtServicePackUninstall$\accwiz.exe
- 2002-11-26 19:20:40 1,821,184 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-19 23:09:19 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-19 23:09:19 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll.000
- 2004-03-20 19:44:40 406,528 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-19 23:09:19 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-19 23:09:19 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll.000
- 2004-03-20 19:44:40 125,440 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
+ 2004-08-19 23:09:19 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
+ 2004-08-19 23:09:19 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll.000
- 2004-03-20 19:44:40 111,616 -c----w c:\windows\$NtServicePackUninstall$\aclui.dll
+ 2004-08-19 23:09:19 119,296 -c----w c:\windows\$NtServicePackUninstall$\aclui.dll
- 2004-03-20 19:54:22 180,224 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
+ 2004-08-19 22:51:54 188,672 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
- 2004-03-20 19:44:42 219,136 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-19 23:09:19 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-19 23:09:19 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll.000
- 2004-03-20 19:44:42 181,760 -c----w c:\windows\$NtServicePackUninstall$\activeds.dll
+ 2004-08-19 23:09:19 194,048 -c----w c:\windows\$NtServicePackUninstall$\activeds.dll
- 2004-03-20 19:44:42 4,096 -c----w c:\windows\$NtServicePackUninstall$\actmovie.exe
+ 2004-08-19 23:09:50 4,096 -c----w c:\windows\$NtServicePackUninstall$\actmovie.exe
- 2004-03-20 19:44:42 98,304 -c----w c:\windows\$NtServicePackUninstall$\actxprxy.dll
+ 2004-08-19 23:09:19 101,888 -c----w c:\windows\$NtServicePackUninstall$\actxprxy.dll
- 2004-03-20 19:44:44 107,520 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-19 23:09:19 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-19 23:09:19 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll.000
+ 2004-08-19 23:09:19 29,696 -c----w c:\windows\$NtServicePackUninstall$\admexs.dll
+ 2004-08-19 23:09:19 20,540 -c----w c:\windows\$NtServicePackUninstall$\admin.dll
+ 2004-08-19 23:09:50 16,439 -c----w c:\windows\$NtServicePackUninstall$\admin.exe
- 2004-03-20 19:44:44 57,344 -c----w c:\windows\$NtServicePackUninstall$\admparse.dll
+ 2004-08-19 23:09:19 61,440 -c----w c:\windows\$NtServicePackUninstall$\admparse.dll
+ 2004-08-19 23:09:19 43,520 -c----w c:\windows\$NtServicePackUninstall$\admwprox.dll
+ 2004-08-19 23:09:19 290,816 -c----w c:\windows\$NtServicePackUninstall$\adsiis51.dll
- 2004-03-20 19:44:46 162,816 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
+ 2004-08-19 23:09:19 175,616 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
- 2004-03-20 19:44:46 139,776 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
+ 2004-08-19 23:09:19 143,360 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
- 2004-03-20 19:44:46 62,464 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
+ 2004-08-19 23:09:19 68,096 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
- 2004-03-20 19:44:46 239,616 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
+ 2004-08-19 23:09:19 263,680 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
+ 2004-03-20 19:44:46 109,568 -c----w c:\windows\$NtServicePackUninstall$\adsnw.dll
+ 2004-08-19 23:09:19 4,255 -c----w c:\windows\$NtServicePackUninstall$\adv01nt5.dll
+ 2004-08-19 23:09:19 3,967 -c----w c:\windows\$NtServicePackUninstall$\adv02nt5.dll
+ 2004-08-19 23:09:19 3,615 -c----w c:\windows\$NtServicePackUninstall$\adv05nt5.dll
+ 2004-08-19 23:09:19 3,647 -c----w c:\windows\$NtServicePackUninstall$\adv07nt5.dll
+ 2004-08-19 23:09:19 3,135 -c----w c:\windows\$NtServicePackUninstall$\adv08nt5.dll
+ 2004-08-19 23:09:19 3,711 -c----w c:\windows\$NtServicePackUninstall$\adv09nt5.dll
+ 2004-08-19 23:09:19 3,775 -c----w c:\windows\$NtServicePackUninstall$\adv11nt5.dll
- 2004-03-20 19:44:48 626,176 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
+ 2004-08-19 23:09:19 685,056 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
- 2004-03-20 19:44:48 93,184 -c----w c:\windows\$NtServicePackUninstall$\advpack.dll
+ 2004-08-19 23:09:19 101,888 -c----w c:\windows\$NtServicePackUninstall$\advpack.dll
- 2002-08-28 23:16:38 142,208 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys.001
- 2004-03-20 19:44:48 131,968 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
- 2004-03-20 19:44:48 22,016 -c----w c:\windows\$NtServicePackUninstall$\agentanm.dll
+ 2004-08-19 23:09:19 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentanm.dll
- 2004-03-20 19:44:48 204,288 -c----w c:\windows\$NtServicePackUninstall$\agentctl.dll
+ 2004-08-19 23:09:19 214,016 -c----w c:\windows\$NtServicePackUninstall$\agentctl.dll
- 2004-03-20 19:44:48 35,840 -c----w c:\windows\$NtServicePackUninstall$\agentdp2.dll
+ 2006-10-12 13:55:58 42,496 -c----w c:\windows\$NtServicePackUninstall$\agentdp2.dll
- 2004-03-20 19:44:48 50,688 -c----w c:\windows\$NtServicePackUninstall$\agentdpv.dll
+ 2007-03-09 14:00:38 57,344 -c----w c:\windows\$NtServicePackUninstall$\agentdpv.dll
- 2004-03-20 19:44:48 44,032 -c----w c:\windows\$NtServicePackUninstall$\agentmpx.dll
+ 2004-08-19 23:09:19 49,152 -c----w c:\windows\$NtServicePackUninstall$\agentmpx.dll
- 2004-03-20 19:44:48 21,504 -c----w c:\windows\$NtServicePackUninstall$\agentpsh.dll
+ 2004-08-19 23:09:19 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentpsh.dll
- 2004-03-20 19:44:48 39,936 -c----w c:\windows\$NtServicePackUninstall$\agentsr.dll
+ 2004-08-19 23:09:19 44,032 -c----w c:\windows\$NtServicePackUninstall$\agentsr.dll
- 2004-03-20 19:44:48 235,008 -c----w c:\windows\$NtServicePackUninstall$\agentsvr.exe
+ 2006-10-12 11:54:07 256,512 -c----w c:\windows\$NtServicePackUninstall$\agentsvr.exe
- 2001-08-17 21:58:00 25,472 -c----w c:\windows\$NtServicePackUninstall$\agp440.sys
+ 2004-08-04 06:07:41 42,368 -c----w c:\windows\$NtServicePackUninstall$\agp440.sys
- 2001-08-17 21:58:02 29,056 -c----w c:\windows\$NtServicePackUninstall$\agpcpq.sys
+ 2004-08-04 06:07:42 44,928 -c----w c:\windows\$NtServicePackUninstall$\agpcpq.sys
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0404.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0405.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0406.dll
+ 2004-03-20 19:44:50 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt0407.dll
+ 2004-03-20 19:44:50 22,016 -c----w c:\windows\$NtServicePackUninstall$\agt0408.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0409.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040b.dll
+ 2004-03-20 19:44:50 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt040c.dll
+ 2004-03-20 19:44:50 19,968 -c----w c:\windows\$NtServicePackUninstall$\agt040e.dll
+ 2004-03-20 19:44:50 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0410.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0411.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0412.dll
+ 2004-03-20 19:44:50 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0413.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0414.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0415.dll
+ 2004-03-20 19:44:50 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0416.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0419.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041d.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041f.dll
+ 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0804.dll
+ 2004-03-20 19:44:50 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0816.dll
+ 2004-03-20 19:44:50 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0c0a.dll
- 2004-03-20 19:44:50 21,504 -c----w c:\windows\$NtServicePackUninstall$\agtintl.dll
+ 2004-08-19 23:09:19 24,064 -c----w c:\windows\$NtServicePackUninstall$\agtintl.dll
- 2004-03-20 19:44:50 91,648 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
+ 2004-08-19 23:09:50 98,304 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
- 2004-03-20 19:44:50 41,984 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
+ 2004-08-19 23:09:51 44,544 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
- 2001-08-17 21:58:00 27,648 -c----w c:\windows\$NtServicePackUninstall$\alim1541.sys
+ 2004-08-04 06:07:41 42,752 -c----w c:\windows\$NtServicePackUninstall$\alim1541.sys
- 2004-03-20 19:44:50 15,872 -c----w c:\windows\$NtServicePackUninstall$\alrsvc.dll
+ 2004-08-19 23:09:19 17,408 -c----w c:\windows\$NtServicePackUninstall$\alrsvc.dll
- 2001-08-17 21:58:02 27,648 -c----w c:\windows\$NtServicePackUninstall$\amdagp.sys
+ 2004-08-04 06:07:42 43,008 -c----w c:\windows\$NtServicePackUninstall$\amdagp.sys
- 2004-03-20 19:54:22 34,816 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
+ 2004-08-19 22:52:41 41,216 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
- 2004-03-20 19:54:22 35,328 -c----w c:\windows\$NtServicePackUninstall$\amdk7.sys
+ 2004-08-19 22:52:42 41,600 -c----w c:\windows\$NtServicePackUninstall$\amdk7.sys
- 2002-12-12 00:14:32 64,512 -c----w c:\windows\$NtServicePackUninstall$\amstream.dll
+ 2004-08-19 23:09:19 70,656 -c----w c:\windows\$NtServicePackUninstall$\amstream.dll
+ 2004-08-19 23:09:19 110,080 -c----w c:\windows\$NtServicePackUninstall$\appconf.dll
- 2004-03-20 19:44:52 115,712 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
+ 2004-08-19 23:09:19 126,976 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
- 2004-03-20 19:44:54 165,376 -c----w c:\windows\$NtServicePackUninstall$\appmgmts.dll
+ 2004-08-19 23:09:19 176,640 -c----w c:\windows\$NtServicePackUninstall$\appmgmts.dll
- 2004-03-20 19:44:54 284,160 -c----w c:\windows\$NtServicePackUninstall$\appmgr.dll
+ 2004-08-19 23:09:19 302,592 -c----w c:\windows\$NtServicePackUninstall$\appmgr.dll
+ 2004-08-19 23:09:19 334,336 -c----w c:\windows\$NtServicePackUninstall$\aqueue.dll
- 2004-03-20 19:54:22 57,344 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
+ 2004-08-04 05:58:29 60,800 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
+ 2004-08-19 23:09:19 377,344 -c----w c:\windows\$NtServicePackUninstall$\asp51.dll
+ 2004-08-04 05:11:00 200,704 -c----w c:\windows\$NtServicePackUninstall$\aspnet_isapi.dll
+ 2004-08-04 05:11:04 24,576 -c----w c:\windows\$NtServicePackUninstall$\aspnet_regiis.exe
+ 2004-08-04 05:11:04 32,768 -c----w c:\windows\$NtServicePackUninstall$\aspnet_wp.exe
- 2004-03-20 19:45:02 27,648 -c----w c:\windows\$NtServicePackUninstall$\asr_fmt.exe
+ 2004-08-19 23:09:51 30,720 -c----w c:\windows\$NtServicePackUninstall$\asr_fmt.exe
- 2004-03-20 19:45:02 29,696 -c----w c:\windows\$NtServicePackUninstall$\asr_pfu.exe
+ 2004-08-19 23:09:51 32,768 -c----w c:\windows\$NtServicePackUninstall$\asr_pfu.exe
- 2004-03-20 19:45:02 77,824 -c----w c:\windows\$NtServicePackUninstall$\asycfilt.dll
+ 2004-08-19 23:09:19 65,024 -c----w c:\windows\$NtServicePackUninstall$\asycfilt.dll
- 2004-03-20 19:45:02 13,568 -c----w c:\windows\$NtServicePackUninstall$\asyncmac.sys
+ 2004-08-04 06:05:03 14,336 -c----w c:\windows\$NtServicePackUninstall$\asyncmac.sys
- 2004-03-20 19:45:02 22,528 -c----w c:\windows\$NtServicePackUninstall$\at.exe
+ 2004-08-19 23:09:51 25,088 -c----w c:\windows\$NtServicePackUninstall$\at.exe
- 2003-04-23 09:29:54 87,296 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
+ 2004-08-04 05:59:42 95,360 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
+ 2004-08-19 23:09:19 229,376 -c----w c:\windows\$NtServicePackUninstall$\ati2cqag.dll
+ 2004-08-19 23:09:19 377,984 -c----w c:\windows\$NtServicePackUninstall$\ati2dvaa.dll
+ 2004-08-19 23:09:19 201,728 -c----w c:\windows\$NtServicePackUninstall$\ati2dvag.dll
+ 2004-08-19 23:09:19 870,784 -c----w c:\windows\$NtServicePackUninstall$\ati3d1ag.dll
+ 2004-08-19 23:09:19 1,057,760 -c----w c:\windows\$NtServicePackUninstall$\ati3d2ag.dll
+ 2004-08-19 23:09:19 1,888,992 -c----w c:\windows\$NtServicePackUninstall$\ati3duag.dll
+ 2004-08-19 23:09:19 32,768 -c----w c:\windows\$NtServicePackUninstall$\ativtmxx.dll
+ 2004-08-19 23:09:19 516,768 -c----w c:\windows\$NtServicePackUninstall$\ativvaxx.dll
- 2004-03-20 19:45:08 74,810 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
+ 2004-08-19 23:09:19 58,880 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
- 2004-03-20 19:45:08 10,240 -c----w c:\windows\$NtServicePackUninstall$\atmadm.exe
+ 2004-08-19 23:09:51 11,264 -c----w c:\windows\$NtServicePackUninstall$\atmadm.exe
- 2004-03-20 19:45:08 57,216 -c----w c:\windows\$NtServicePackUninstall$\atmarpc.sys
+ 2004-08-04 05:58:30 59,904 -c----w c:\windows\$NtServicePackUninstall$\atmarpc.sys
- 2004-03-20 19:45:08 272,768 -c----w c:\windows\$NtServicePackUninstall$\atmfd.dll
+ 2004-08-19 23:08:01 285,696 -c----w c:\windows\$NtServicePackUninstall$\atmfd.dll
- 2004-03-20 19:45:08 53,888 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
+ 2004-08-04 05:58:34 55,936 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
- 2004-03-20 19:45:08 27,136 -c----w c:\windows\$NtServicePackUninstall$\atmlib.dll
+ 2004-08-19 23:09:20 30,208 -c----w c:\windows\$NtServicePackUninstall$\atmlib.dll
+ 2004-03-20 19:45:10 11,264 -c----w c:\windows\$NtServicePackUninstall$\attrib.exe
+ 2004-08-19 23:09:20 21,183 -c----w c:\windows\$NtServicePackUninstall$\atv01nt5.dll
+ 2004-08-19 23:09:20 11,359 -c----w c:\windows\$NtServicePackUninstall$\atv02nt5.dll
+ 2004-08-19 23:09:20 25,471 -c----w c:\windows\$NtServicePackUninstall$\atv04nt5.dll
+ 2004-08-19 23:09:20 14,143 -c----w c:\windows\$NtServicePackUninstall$\atv06nt5.dll
+ 2004-08-19 23:09:20 17,279 -c----w c:\windows\$NtServicePackUninstall$\atv10nt5.dll
- 2004-03-20 19:45:10 38,912 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-19 23:09:20 42,496 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-19 23:09:51 14,336 -c----w c:\windows\$NtServicePackUninstall$\auditusr.exe
+ 2004-08-19 23:09:20 20,540 -c----w c:\windows\$NtServicePackUninstall$\author.dll
+ 2004-08-19 23:09:51 16,439 -c----w c:\windows\$NtServicePackUninstall$\author.exe
- 2004-03-20 19:45:10 51,200 -c----w c:\windows\$NtServicePackUninstall$\authz.dll
+ 2005-03-02 18:10:36 56,832 -c----w c:\windows\$NtServicePackUninstall$\authz.dll
- 2004-03-20 19:45:10 602,112 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
+ 2004-08-19 23:09:51 625,152 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
- 2004-03-20 19:45:12 614,912 -c----w c:\windows\$NtServicePackUninstall$\autoconv.exe
+ 2004-08-19 23:09:51 638,976 -c----w c:\windows\$NtServicePackUninstall$\autoconv.exe
- 2004-03-20 19:45:12 594,944 -c----w c:\windows\$NtServicePackUninstall$\autofmt.exe
+ 2004-08-19 23:09:51 616,960 -c----w c:\windows\$NtServicePackUninstall$\autofmt.exe
- 2004-03-20 19:45:12 8,192 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-19 23:09:51 11,264 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-04 06:10:10 38,912 -c----w c:\windows\$NtServicePackUninstall$\avc.sys
+ 2004-08-04 06:09:58 13,696 -c----w c:\windows\$NtServicePackUninstall$\avcstrm.sys
- 2004-03-20 19:45:14 76,800 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
+ 2004-08-19 23:09:20 85,504 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
- 2004-06-17 17:56:29 47,616 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
+ 2004-08-19 23:09:20 52,736 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
- 2004-03-20 19:45:16 27,136 -c----w c:\windows\$NtServicePackUninstall$\batmeter.dll
+ 2004-08-19 23:09:20 28,672 -c----w c:\windows\$NtServicePackUninstall$\batmeter.dll
- 2004-03-20 19:45:16 6,656 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
+ 2004-08-19 23:09:20 8,704 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
- 2003-02-17 10:16:26 11,392 -c----w c:\windows\$NtServicePackUninstall$\bdasup.sys
+ 2004-08-04 06:10:12 11,776 -c----w c:\windows\$NtServicePackUninstall$\bdasup.sys
- 2004-03-20 19:45:18 14,848 -c----w c:\windows\$NtServicePackUninstall$\bidispl.dll
+ 2004-08-19 23:09:20 17,408 -c----w c:\windows\$NtServicePackUninstall$\bidispl.dll
- 2004-07-01 22:08:13 7,680 -c----w c:\windows\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-08-19 23:09:20 8,192 -c----w c:\windows\$NtServicePackUninstall$\bitsprx2.dll
- 2004-07-01 22:08:13 7,168 -c----w c:\windows\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-19 23:09:20 7,168 -c----w c:\windows\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-19 23:09:51 71,680 -c----w c:\windows\$NtServicePackUninstall$\blastcln.exe
+ 2004-03-20 19:45:20 152,064 -c----w c:\windows\$NtServicePackUninstall$\bootcfg.exe
- 2004-03-20 19:45:22 68,864 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
+ 2004-08-04 05:59:57 71,552 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
- 2004-03-20 19:45:26 69,632 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
+ 2004-08-19 23:08:02 70,144 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
- 2004-03-20 19:45:26 49,152 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
+ 2004-08-19 23:09:20 77,312 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
- 2004-11-11 18:51:16 1,026,048 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
+ 2006-09-23 11:12:56 1,022,976 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
- 2004-03-20 19:45:26 71,680 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-19 23:09:20 78,336 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-19 23:09:20 20,992 -c----w c:\windows\$NtServicePackUninstall$\bthci.dll
+ 2004-08-04 06:10:38 17,024 -c----w c:\windows\$NtServicePackUninstall$\bthenum.sys
+ 2004-08-04 06:10:38 38,016 -c----w c:\windows\$NtServicePackUninstall$\bthmodem.sys
+ 2004-08-04 05:58:38 100,992 -c----w c:\windows\$NtServicePackUninstall$\bthpan.sys
+ 2008-06-14 17:59:52 272,768 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys
+ 2008-06-14 17:59:52 272,768 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys.001
+ 2004-08-04 06:10:37 35,456 -c----w c:\windows\$NtServicePackUninstall$\bthprint.sys
+ 2004-08-19 23:09:20 30,208 -c----w c:\windows\$NtServicePackUninstall$\bthserv.dll
+ 2004-08-04 06:10:34 18,944 -c----w c:\windows\$NtServicePackUninstall$\bthusb.sys
+ 2004-08-19 23:09:20 50,688 -c----w c:\windows\$NtServicePackUninstall$\btpanui.dll
+ 2004-03-20 19:46:14 218,112 -c----w c:\windows\$NtServicePackUninstall$\c_g18030.dll
- 2004-03-20 19:45:28 59,904 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
+ 2004-08-19 23:09:20 59,904 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
- 2004-03-20 19:45:28 81,408 -c----w c:\windows\$NtServicePackUninstall$\cabview.dll
+ 2004-08-19 23:09:20 85,504 -c----w c:\windows\$NtServicePackUninstall$\cabview.dll
+ 2004-03-20 19:45:28 19,456 -c----w c:\windows\$NtServicePackUninstall$\cacls.exe
- 2004-03-30 02:49:42 364,544 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
+ 2004-08-19 23:09:20 385,024 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
- 2004-03-20 19:45:28 45,056 -c----w c:\windows\$NtServicePackUninstall$\camocx.dll
+ 2004-08-19 23:09:20 50,688 -c----w c:\windows\$NtServicePackUninstall$\camocx.dll
+ 2004-03-20 19:45:30 146,432 -c----w c:\windows\$NtServicePackUninstall$\capesnpn.dll
- 2004-03-06 03:17:16 225,280 -c----w c:\windows\$NtServicePackUninstall$\catsrv.dll
+ 2005-07-26 04:39:54 225,792 -c----w c:\windows\$NtServicePackUninstall$\catsrv.dll
- 2004-03-20 19:45:30 85,504 -c----w c:\windows\$NtServicePackUninstall$\catsrvps.dll
+ 2004-08-19 23:09:20 85,504 -c----w c:\windows\$NtServicePackUninstall$\catsrvps.dll
- 2004-03-06 03:17:16 594,944 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
+ 2005-07-26 04:39:54 625,152 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
- 2003-02-17 10:16:26 16,384 -c----w c:\windows\$NtServicePackUninstall$\ccdecode.sys
+ 2004-08-04 06:10:16 17,024 -c----w c:\windows\$NtServicePackUninstall$\ccdecode.sys
- 2004-03-20 19:45:32 59,648 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
+ 2004-08-04 06:14:10 63,744 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
- 2004-03-20 19:45:32 143,360 -c----w c:\windows\$NtServicePackUninstall$\cdfview.dll
+ 2006-09-14 08:39:59 152,064 -c----w c:\windows\$NtServicePackUninstall$\cdfview.dll
+ 2004-08-19 23:09:20 66,560 -c----w c:\windows\$NtServicePackUninstall$\cdm.dll
- 2004-03-20 19:45:32 2,028,032 -c----w c:\windows\$NtServicePackUninstall$\cdosys.dll
+ 2005-09-10 01:55:14 2,067,968 -c----w c:\windows\$NtServicePackUninstall$\cdosys.dll
- 2004-03-20 19:54:22 47,488 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
+ 2004-08-04 05:59:52 49,536 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
- 2004-03-20 19:45:34 192,512 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
+ 2004-08-19 23:09:20 200,192 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
- 2004-03-20 19:45:34 446,976 -c----w c:\windows\$NtServicePackUninstall$\certmgr.dll
+ 2004-08-19 23:09:20 467,968 -c----w c:\windows\$NtServicePackUninstall$\certmgr.dll
- 2004-03-20 19:45:34 33,280 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
+ 2004-08-19 23:09:20 39,424 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
- 2004-03-20 19:45:34 16,896 -c----w c:\windows\$NtServicePackUninstall$\cfgmgr32.dll
+ 2004-08-19 23:08:02 16,896 -c----w c:\windows\$NtServicePackUninstall$\cfgmgr32.dll
+ 2004-08-19 23:09:51 188,480 -c----w c:\windows\$NtServicePackUninstall$\cfgwiz.exe
+ 2004-08-19 23:09:20 15,423 -c----w c:\windows\$NtServicePackUninstall$\ch7xxnt5.dll
+ 2004-08-04 06:00:12 8,192 -c----w c:\windows\$NtServicePackUninstall$\changer.sys
+ 2003-04-24 12:00:00 97,792 -c----w c:\windows\$NtServicePackUninstall$\chtmbx.dll
+ 2003-04-24 12:00:00 56,320 -c----w c:\windows\$NtServicePackUninstall$\chtskdic.dll
+ 2003-04-24 12:00:00 173,568 -c----w c:\windows\$NtServicePackUninstall$\chtskf.dll
+ 2004-03-20 19:45:38 109,568 -c----w c:\windows\$NtServicePackUninstall$\cic.dll
- 2004-03-20 19:45:38 1,268,224 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
+ 2004-08-19 23:09:20 1,352,704 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
- 2003-04-24 12:00:00 201,216 -c----w c:\windows\$NtServicePackUninstall$\cintime.dll
+ 2004-08-04 05:31:52 198,656 -c----w c:\windows\$NtServicePackUninstall$\cintime.dll
- 2004-03-20 19:45:40 64,512 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
+ 2006-06-22 05:13:45 69,120 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
- 2004-03-20 19:45:40 45,568 -c----w c:\windows\$NtServicePackUninstall$\cipher.exe
+ 2004-08-19 23:09:51 56,832 -c----w c:\windows\$NtServicePackUninstall$\cipher.exe
- 2004-03-20 19:45:40 5,120 -c----w c:\windows\$NtServicePackUninstall$\cisvc.exe
+ 2004-08-19 23:09:51 5,632 -c----w c:\windows\$NtServicePackUninstall$\cisvc.exe
- 2004-03-20 19:45:40 46,336 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
+ 2004-08-04 06:14:26 49,664 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
- 2004-03-06 03:17:16 110,080 -c----w c:\windows\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:39:55 110,080 -c----w c:\windows\$NtServicePackUninstall$\clbcatex.dll
- 2004-03-06 03:17:16 499,712 -c----w c:\windows\$NtServicePackUninstall$\clbcatq.dll
+ 2005-07-26 04:39:55 498,688 -c----w c:\windows\$NtServicePackUninstall$\clbcatq.dll
- 2004-03-20 19:45:42 62,976 -c----w c:\windows\$NtServicePackUninstall$\cleanmgr.exe
+ 2004-08-19 23:09:51 65,536 -c----w c:\windows\$NtServicePackUninstall$\cleanmgr.exe
- 2003-02-20 15:28:04 73,728 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.dll
+ 2004-08-19 23:09:20 77,824 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.dll
- 2003-02-20 15:28:06 20,480 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.exe
+ 2004-08-19 23:09:51 20,480 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.exe
- 2004-03-20 19:45:42 100,352 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
+ 2004-08-19 23:09:51 104,448 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
- 2004-03-20 19:45:44 30,720 -c----w c:\windows\$NtServicePackUninstall$\clipsrv.exe
+ 2004-08-19 23:09:51 33,280 -c----w c:\windows\$NtServicePackUninstall$\clipsrv.exe
- 2004-03-20 19:45:44 54,272 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-19 23:09:20 57,856 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-04 06:07:39 14,080 -c----w c:\windows\$NtServicePackUninstall$\cmbatt.sys
- 2004-03-20 19:45:44 12,288 -c----w c:\windows\$NtServicePackUninstall$\cmcfg32.dll
+ 2004-08-19 23:09:20 15,872 -c----w c:\windows\$NtServicePackUninstall$\cmcfg32.dll
- 2004-03-20 19:45:44 388,096 -c----w c:\windows\$NtServicePackUninstall$\cmd.exe
+ 2004-08-19 23:09:51 400,896 -c----w c:\windows\$NtServicePackUninstall$\cmd.exe
- 2004-03-30 01:49:42 40,960 -c----w c:\windows\$NtServicePackUninstall$\cmdevtgprov.dll
+ 2004-08-19 23:09:25 45,568 -c----w c:\windows\$NtServicePackUninstall$\cmdevtgprov.dll
- 2004-03-20 19:45:44 333,824 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
+ 2004-08-19 23:09:20 352,256 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
- 2004-03-20 19:45:44 41,472 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
+ 2004-08-19 23:09:51 47,104 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
- 2004-03-20 19:45:44 35,840 -c----w c:\windows\$NtServicePackUninstall$\cmmon32.exe
+ 2004-08-19 23:09:51 40,448 -c----w c:\windows\$NtServicePackUninstall$\cmmon32.exe
- 2004-03-20 19:45:46 180,736 -c----w c:\windows\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-19 23:09:20 191,488 -c----w c:\windows\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-19 23:09:20 13,824 -c----w c:\windows\$NtServicePackUninstall$\cmsetacl.dll
- 2004-03-20 19:45:46 56,832 -c----w c:\windows\$NtServicePackUninstall$\cmstp.exe
+ 2004-08-19 23:09:51 65,536 -c----w c:\windows\$NtServicePackUninstall$\cmstp.exe
- 2004-03-20 19:45:46 37,888 -c----w c:\windows\$NtServicePackUninstall$\cmutil.dll
+ 2004-08-19 23:09:20 40,960 -c----w c:\windows\$NtServicePackUninstall$\cmutil.dll
- 2004-03-20 19:48:04 49,152 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon.dll
+ 2004-08-19 23:09:20 50,688 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon.dll
+ 2004-08-19 23:09:20 83,968 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon2.dll
+ 2004-08-19 23:09:20 47,104 -c----w c:\windows\$NtServicePackUninstall$\coadmin.dll
- 2004-03-06 03:17:16 64,512 -c----w c:\windows\$NtServicePackUninstall$\colbact.dll
+ 2005-07-26 04:39:55 60,416 -c----w c:\windows\$NtServicePackUninstall$\colbact.dll
+ 2004-03-20 19:45:48 25,600 -c----w c:\windows\$NtServicePackUninstall$\comaddin.dll
- 2004-03-06 03:17:16 187,904 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
+ 2005-07-26 04:39:56 195,072 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
- 2004-03-20 19:45:48 557,056 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
+ 2006-08-25 15:51:14 617,472 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
- 2004-03-20 19:45:48 262,656 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
+ 2004-08-19 23:09:21 281,088 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
- 2004-03-20 19:45:52 239,104 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
+ 2004-08-19 23:09:21 253,440 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
+ 2004-08-19 23:09:21 24,064 -c----w c:\windows\$NtServicePackUninstall$\compfilt.dll
- 2004-03-20 19:45:52 223,744 -c----w c:\windows\$NtServicePackUninstall$\compstui.dll
+ 2004-08-19 23:09:21 230,912 -c----w c:\windows\$NtServicePackUninstall$\compstui.dll
+ 2005-07-26 04:39:56 97,792 -c----w c:\windows\$NtServicePackUninstall$\comrepl.dll
- 2004-02-17 19:49:58 8,192 -c----w c:\windows\$NtServicePackUninstall$\comrepl.exe
+ 2004-08-19 23:09:51 9,728 -c----w c:\windows\$NtServicePackUninstall$\comrepl.exe
+ 2004-03-20 19:45:52 5,120 -c----w c:\windows\$NtServicePackUninstall$\comrereg.exe
- 2004-03-20 19:45:52 851,968 -c----w c:\windows\$NtServicePackUninstall$\comres.dll
+ 2004-08-19 23:09:21 851,968 -c----w c:\windows\$NtServicePackUninstall$\comres.dll
+ 2004-08-04 05:59:34 9,728 -c----w c:\windows\$NtServicePackUninstall$\comsdupd.exe
+ 2004-03-20 19:45:54 259,584 -c----w c:\windows\$NtServicePackUninstall$\comsetup.dll
+ 2004-03-20 19:45:54 147,456 -c----w c:\windows\$NtServicePackUninstall$\comsnap.dll
- 2004-03-06 03:17:16 1,194,496 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
+ 2005-07-26 04:39:57 1,267,200 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
- 2004-03-06 03:17:16 499,200 -c----w c:\windows\$NtServicePackUninstall$\comuid.dll
+ 2005-07-26 04:39:57 540,160 -c----w c:\windows\$NtServicePackUninstall$\comuid.dll
- 2004-03-20 19:45:56 1,007,616 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
+ 2004-08-19 23:09:51 1,044,480 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
- 2004-03-20 19:45:56 45,056 -c----w c:\windows\$NtServicePackUninstall$\confmrsl.dll
+ 2004-08-19 23:09:21 45,056 -c----w c:\windows\$NtServicePackUninstall$\confmrsl.dll
+ 2004-03-20 19:45:56 346,112 -c----w c:\windows\$NtServicePackUninstall$\confmsp.dll
- 2004-03-20 19:45:56 24,576 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
+ 2004-08-19 23:09:51 27,648 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
- 2004-03-20 19:45:58 14,877 -c----w c:\windows\$NtServicePackUninstall$\corpol.dll
+ 2007-01-08 18:01:14 17,408 -c----w c:\windows\$NtServicePackUninstall$\corpol.dll
- 2004-03-20 19:46:02 160,768 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
+ 2004-08-19 23:09:21 165,888 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
- 2004-03-20 19:54:22 34,304 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
+ 2004-08-19 22:59:24 40,704 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
- 2002-09-23 10:10:48 551,424 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
+ 2004-08-19 23:09:21 604,672 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
- 2004-03-20 19:46:04 71,168 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
+ 2004-08-19 23:09:21 75,776 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
- 2004-03-20 19:46:04 29,184 -c----w c:\windows\$NtServicePackUninstall$\cryptdll.dll
+ 2004-08-19 23:09:21 33,280 -c----w c:\windows\$NtServicePackUninstall$\cryptdll.dll
- 2004-03-20 19:46:04 49,664 -c----w c:\windows\$NtServicePackUninstall$\cryptext.dll
+ 2004-08-19 23:09:21 54,784 -c----w c:\windows\$NtServicePackUninstall$\cryptext.dll
- 2004-03-20 19:46:04 53,248 -c----w c:\windows\$NtServicePackUninstall$\cryptnet.dll
+ 2004-08-19 23:09:21 63,488 -c----w c:\windows\$NtServicePackUninstall$\cryptnet.dll
- 2003-03-25 12:41:12 53,760 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
+ 2004-08-19 23:09:21 60,416 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
- 2003-07-24 16:41:42 495,616 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
+ 2004-08-19 23:09:21 530,432 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
- 2004-10-28 01:31:14 93,184 -c----w c:\windows\$NtServicePackUninstall$\cscdll.dll
+ 2004-08-19 23:09:21 102,912 -c----w c:\windows\$NtServicePackUninstall$\cscdll.dll
- 2004-03-20 19:46:04 102,450 -c----w c:\windows\$NtServicePackUninstall$\cscript.exe
+ 2004-08-19 23:09:51 98,304 -c----w c:\windows\$NtServicePackUninstall$\cscript.exe
- 2004-03-20 19:46:04 318,464 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
+ 2004-08-19 23:09:21 337,920 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
- 2004-03-20 19:46:04 29,184 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
+ 2004-08-19 23:09:21 32,768 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
- 2004-03-20 19:46:04 4,096 -c----w c:\windows\$NtServicePackUninstall$\csrss.exe
+ 2004-08-19 23:09:51 6,144 -c----w c:\windows\$NtServicePackUninstall$\csrss.exe
- 2004-03-20 19:46:06 13,312 -c----w c:\windows\$NtServicePackUninstall$\ctfmon.exe
+ 2004-08-19 23:09:51 15,360 -c----w c:\windows\$NtServicePackUninstall$\ctfmon.exe
+ 2004-08-19 23:09:21 252,416 -c----w c:\windows\$NtServicePackUninstall$\ctmasetp.dll
- 2004-12-21 10:14:24 28,672 -c----w c:\windows\$NtServicePackUninstall$\custsat.dll
+ 2006-06-02 19:32:20 33,792 -c----w c:\windows\$NtServicePackUninstall$\custsat.dll
- 2002-12-12 00:14:32 1,177,600 -c----w c:\windows\$NtServicePackUninstall$\d3d8.dll
+ 2004-08-19 23:09:21 1,179,648 -c----w c:\windows\$NtServicePackUninstall$\d3d8.dll
- 2002-12-12 00:14:32 8,192 -c----w c:\windows\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-08-19 23:09:21 8,192 -c----w c:\windows\$NtServicePackUninstall$\d3d8thk.dll
- 2003-05-30 09:00:02 1,634,304 -c----w c:\windows\$NtServicePackUninstall$\d3d9.dll
+ 2004-08-19 23:09:21 1,689,088 -c----w c:\windows\$NtServicePackUninstall$\d3d9.dll
- 2003-05-30 09:00:02 797,184 -c----w c:\windows\$NtServicePackUninstall$\d3dim700.dll
+ 2004-08-19 23:09:22 825,344 -c----w c:\windows\$NtServicePackUninstall$\d3dim700.dll
- 2004-03-20 19:46:18 988,672 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
+ 2006-09-14 08:40:00 1,056,768 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
- 2004-03-01 18:55:22 561,179 -c----w c:\windows\$NtServicePackUninstall$\dao360.dll
+ 2004-08-19 23:09:22 561,179 -c----w c:\windows\$NtServicePackUninstall$\dao360.dll
- 2004-03-20 19:46:18 52,736 -c----w c:\windows\$NtServicePackUninstall$\dataclen.dll
+ 2004-08-19 23:09:22 55,296 -c----w c:\windows\$NtServicePackUninstall$\dataclen.dll
+ 2004-03-20 19:46:18 152,064 -c----w c:\windows\$NtServicePackUninstall$\d

Répondre à cynthia_38
Destrio5   25-02-2009 à 17:07:52
- 0 +

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.


/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.


Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Répondre à Destrio5
cynthia_38   26-02-2009 à 09:30:25
- 0 +

re

ComboFix 09-02-25.02 - cynthia 2009-02-26 9:00:45.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1014.471 [GMT 1:00]
Running from: c:\documents and settings\cynthia\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)
FW: Panda Internet Security 2008 *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-19 12:49 . 2009-02-19 12:49 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-19 12:49 . 2009-02-19 12:49 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-19 11:58 . 2009-02-19 11:58 131,072 --a------ c:\documents and settings\cynthia\client1.exe
2009-02-16 09:02 . 2009-02-16 09:02 <REP> d-------- c:\documents and settings\cynthia\Application Data\Malwarebytes
2009-02-16 08:57 . 2009-02-16 08:57 <REP> d--hs---- C:\found.000
2009-02-12 17:06 . 2009-02-12 17:06 94,720 --a------ c:\windows\system32\InstallAVg_77015112.exe.tmp
2009-02-12 09:19 . 2009-02-25 15:42 32,768 --a------ c:\windows\system32\drivers\ati0xexx.sys
2009-02-12 08:46 . 2009-02-12 08:47 1,374 --a------ c:\windows\imsins.BAK
2009-02-12 08:43 . 2009-02-12 08:49 32,768 --a------ c:\windows\system32\drivers\ati4tyxx.sys
2009-02-10 13:44 . 2009-02-10 13:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2009-02-09 18:16 . 2009-02-09 18:23 <REP> d-------- C:\IDN
2009-02-09 16:55 . 2009-02-16 15:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 16:55 . 2009-02-09 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 16:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 16:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 16:30 . 2009-02-09 16:49 <REP> d-------- c:\program files\FindyKill
2009-02-09 09:42 . 2009-02-09 09:43 <REP> d-------- C:\rsit
2009-02-09 09:08 . 2009-02-09 09:08 0 --a------ c:\windows\system32\system32xp.exe.tmp
2009-01-30 14:45 . 2009-02-01 00:03 <REP> d-------- c:\documents and settings\cynthia\download
2009-01-30 14:45 . 2009-02-01 00:03 60 --a------ c:\documents and settings\cynthia\ocsinventory.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 07:59 --------- d-----w c:\documents and settings\cynthia\Application Data\DNA
2009-02-26 07:50 --------- d-----w c:\documents and settings\cynthia\Application Data\BitTorrent
2009-02-25 14:48 --------- d-----w c:\program files\LBINT
2009-02-25 14:48 --------- d-----w c:\program files\DNA
2009-02-25 09:47 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-02-20 11:16 --------- d-----w c:\documents and settings\cynthia\Application Data\SolidDocuments
2009-02-19 17:15 3,532 ----a-w C:\drmHeader.bin
2009-02-19 11:49 --------- d-----w c:\program files\Java
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\DllCache\mshtml.dll
2009-01-14 10:56 --------- d-----w c:\program files\Panda Security
2009-01-13 10:50 --------- d-----w c:\program files\ESET
2009-01-13 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-13 10:45 --------- d-----w c:\program files\Fichiers communs\Panda Software
2009-01-13 10:26 0 ----a-w c:\windows\system32\drivers\wnmsav.dat
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\DllCache\wininet.dll
2008-12-20 22:47 671,232 ----a-w c:\windows\system32\DllCache\mstime.dll
2008-12-20 22:47 477,696 ----a-w c:\windows\system32\DllCache\mshtmled.dll
2008-12-20 22:47 44,544 ----a-w c:\windows\system32\DllCache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\DllCache\webcheck.dll
2008-12-20 22:47 193,024 ----a-w c:\windows\system32\DllCache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\DllCache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\DllCache\occache.dll
2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\DllCache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\DllCache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\DllCache\ieakui.dll
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\DllCache\srv.sys
2007-10-17 13:15 312 ----a-w c:\documents and settings\Administrateur.HEVEAFIL.000\Application Data\config.dat
2006-09-18 08:02 304 ----a-w c:\documents and settings\Administrateur.HEVEAFIL\Application Data\config.dat
2006-06-22 15:26 278 ----a-w c:\documents and settings\Sylviane\Application Data\config.dat
2005-12-06 10:54 225,280 ----a-w c:\program files\Patch_Window_A_0_14.exe
2008-09-10 07:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-13_16.13.58.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:02:15 8,517,632 ------w c:\windows\system32\DllCache\shell32.dll
- 2003-11-19 16:36:26 24,681 ----a-w c:\windows\system32\java.exe
+ 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\java.exe
- 2003-11-19 16:36:30 28,779 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-19 11:49:34 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2009-02-25 14:42:06 16,384 ----atw c:\windows\temp\Perflib_Perfdata_97c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-05-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-05-06 118784]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-07 180269]
"CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Client Net-Assistance.lnk - c:\program files\LBINT\Launch.exe [2008-11-05 36864]
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
EPSON Contr“le en arriŠre-plan.lnk - c:\program files\EPSON\ESM2\Stms.exe [1999-12-03 235008]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-08 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-02-08 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmCardRun]
--a------ 2003-09-16 16:50 229376 c:\windows\system32\CmWatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 09:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyeOnFiles.exe]
--a------ 2008-02-17 14:58 4838400 c:\program files\HGMB\EyeOnFiles\EyeOnFiles.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
--a------ 2003-09-09 10:25 102400 c:\program files\ScanSoft\PDF Converter\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-07 12:56 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2002-11-08 10:50 19968 c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\LBINT\\launch1.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LBINT\\Launch.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6129:TCP"= 6129:TCP:DameWare
"25:TCP"= 25:TCP:MailLbint

R0 ati0xexx;ati0xexx;c:\windows\system32\drivers\ati0xexx.sys [2009-02-12 32768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-21 14156]
S0 ati4tyxx;ati4tyxx;c:\windows\system32\drivers\ati4tyxx.sys [2009-02-12 32768]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-07-13 48512]
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-26 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm
uInternet Settings,ProxyOverride = localhost;*.local
LSP: c:\program files\ICRAplus\ICRAplus\lsp.dll
TCP: {3C682CED-F5BD-48AC-A7C8-327F26A53BA3} = 192.168.15.1,192.168.15.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 09:06:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\program files\ICRAplus\ICRAplus\lsp.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(536)
c:\program files\ICRAplus\ICRAplus\lsp.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-02-26 9:11:31
ComboFix-quarantined-files.txt 2009-02-26 08:10:13
ComboFix2.txt 2009-02-13 15:17:10
ComboFix3.txt 2008-08-07 13:12:12
ComboFix4.txt 2008-08-07 10:50:36

Pre-Run: 78 172 545 024 octets libres
Post-Run: 78,174,629,888 octets libres

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
223 --- E O F --- 2009-02-25 08:35:00

merci

Répondre à cynthia_38
Destrio5   26-02-2009 à 14:07:01
- 0 +

  • Fais analyser ces deux fichiers :

- c:\documents and settings\cynthia\client1.exe
- c:\windows\system32\drivers\ati0xexx.sys

Répondre à Destrio5
cynthia_38   26-02-2009 à 14:50:11
- 0 +

voila le 1er:

VirusTotal -Analyse gratuite en ligne de virus et malwares -Résultat Page 1 of 3

Suomi | ihMdI |


| ..... |


| Slovenšcina | Dansk | .......
| Româna
| Türkçe | Nederlands | ........
|


Svenska | Português | Italiano |


|


| Magyar | Deutsch | Cesky | Polski | Español | English

Virustotal est un service qui analyse les
fichiers suspects et facilite la détection rapide
des virus, vers, chevaux de Troie et toutes sortes
de malwares détectés par les moteurs antivirus.

Plus d'informations...

Impression des résultats
Fichier client1.exe reçu le 2009.02.26 14:46:14 (CET)
Situation actuelle: terminé
Résultat: 2/39 (5.13%
)



Formaté


Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.02.26
-
AhnLab-V3 5.0.0.2 2009.02.26
-
AntiVir 7.9.0.93 2009.02.26
-
Authentium 5.1.0.4 2009.02.26
-
Avast 4.8.1335.0 2009.02.25
-
AVG 8.0.0.237 2009.02.26
-
BitDefender 7.2 2009.02.26
-
CAT-QuickHeal 10.00 2009.02.26
-
ClamAV 0.94.1 2009.02.26
-
Comodo 986 2009.02.20
-
DrWeb 4.44.0.09170 2009.02.26
-
eSafe 7.0.17.0 2009.02.26
-
eTrust-Vet 31.6.6375 2009.02.26
-
F-Prot 4.4.4.56 2009.02.25
-
F-Secure 8.0.14470.0 2009.02.26
-
Fortinet 3.117.0.0 2009.02.26
-
GData 19 2009.02.26
-
Ikarus T3.1.1.45.0 2009.02.26
-
K7AntiVirus 7.10.647 2009.02.25
-
Kaspersky 7.0.0.125 2009.02.26
-
McAfee 5536 2009.02.25 New Malware.ac
McAfee+Artemis 5536 2009.02.25 New Malware.ac
Microsoft 1.4306 2009.02.26
-


http://www.virustotal.com/fr/anali [...] 7571620c84 26/02/2009


VirusTotal -Analyse gratuite en ligne de virus et malwares -Résultat Page 2 of 3

NOD32 3890 2009.02.26
-
Norman 6.00.06 2009.02.26
-
nProtect 2009.1.8.0 2009.02.26
-
Panda 10.0.0.10 2009.02.26
-
PCTools 4.4.2.0 2009.02.26
-
Prevx1 V2 2009.02.26
-
Rising 21.18.32.00 2009.02.26
-
SecureWeb-Gateway 6.0.0 2009.02.26
-
Sophos 4.39.0 2009.02.26
-
Sunbelt 3.2.1858.2 2009.02.25
-
Symantec 10 2009.02.26
-
TheHacker 6.3.2.5.265 2009.02.25
-
TrendMicro 8.700.0.1004 2009.02.26
-
VBA32 3.12.10.0 2009.02.26
-
ViRobot 2009.2.26.1625 2009.02.26
-
VirusBuster 4.5.11.0 2009.02.25
-


Information additionnelle

File size: 131072 bytes
MD5...: 0b52172f524ca4e038e92b447b1138b5
SHA1..: 678dd661ee51a3994e9df5aab4e33b9221c3b9fe
SHA256: 1054de45c37de73ee33951124543d37cfbd9c26008fc09d8c06eb8b0ca965feb
SHA512: c8ca038c8898ce34c3960730770e3bc569832ee18124058b4be6e2d9ca08ddec


dc808dcbe7fa57e397dd89a962e8a23b60b961ac072a6cd08c8c2c8f3d696335


ssdeep: 1536:x15u4lZnqerFIc3gxAzKeiqLT8dgwWsx377iTbqd3KGSZb2FipCKzo+YbRc
awg2f:x15u6ZrJ3gezKeiqLTogwWQ377YkEL
PEiD..:
-
TrID..: File type identification


Win32 Executable Generic (68.0%
)
Generic Win/DOS Executable (15.9%
)
DOS Executable Generic (15.9%
)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%
)


PEInfo: PE Structure information


( base data
)
entrypointaddress.: 0x4011fc
timedatestamp.....: 0x499ac07e (Tue Feb 17 13:49:50 2009)
machinetype.......: 0x14c (I386)


( 3 sections
)
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1db28 0x1e000 5.36 db03db0c3d2786ed1dcb2037f60943a5
.data 0x1f000 0x2d8c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x22000 0xc24 0x1000 4.58 b7beba4ce8163612e5a3c6a871d9061f


http://www.virustotal.com/fr/anali [...] 7571620c84 26/02/2009


VirusTotal -Analyse gratuite en ligne de virus et malwares -Résultat Page 3 of 3

( 1 imports
)
> MSVBVM60.DLL: MethCallEngine, -, -, -, -, -, -, -, -, -, -
,
EVENT_SINK_AddRef, -, -, DllFunctionCall, -, EVENT_SINK_Release, -
,
EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, -, -, -, -
,
ProcCallEngine, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -,
-


( 0 exports
)



ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a
aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de
détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui
offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans
danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la
détection des virus et malwares.
VirusTotal © Hispasec Sistemas -Blog -Contact: info@virustotal.com -Terms of Service & Privacy Policy

http://www.virustotal.com/fr/anali [...] 7571620c84 26/02/2009


Répondre à cynthia_38
cynthia_38   26-02-2009 à 14:53:52
- 0 +

je n'arrive pas à faire analyser le 2e, voila le message:
0 bytes size received / Se ha recibido un archivo vacio

Répondre à cynthia_38
Destrio5   26-02-2009 à 15:02:32
- 0 +

Ok, je te fais une procédure.

Répondre à Destrio5
Destrio5   26-02-2009 à 15:09:03
- 0 +

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :


:processes
explorer.exe

:services
ati0xexx
ati4tyxx

:files
c:\documents and settings\cynthia\client1.exe
c:\windows\system32\InstallAVg_77015112.exe.tmp
c:\windows\system32\drivers\ati0xexx.sys
c:\windows\system32\drivers\ati4tyxx.sys
c:\windows\system32\system32xp.exe.tmp

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0xexx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4tyxx.sys]

:commands
[purity]
[emptytemp]
[reboot]



  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.


---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\

---> Le nom du rapport correspond au moment de sa création : date_heure.log

Répondre à Destrio5
cynthia_38   26-02-2009 à 16:28:07
- 0 +

Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Unable to stop service ati0xexx .
Service ati4tyxx stopped successfully.
Service ati4tyxx deleted successfully.
========== FILES ==========
c:\documents and settings\alexis\client1.exe moved successfully.
c:\windows\system32\InstallAVg_77015112.exe.tmp moved successfully.
File move failed. c:\windows\system32\drivers\ati0xexx.sys scheduled to be moved on reboot.
c:\windows\system32\drivers\ati4tyxx.sys moved successfully.
c:\windows\system32\system32xp.exe.tmp moved successfully.
========== REGISTRY ==========
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys\\ .
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys\\ deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0xexx.sys\\ .
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4tyxx.sys\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\HVF_TMP.ldb scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\HVF_TMP.MDB scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\JET793.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\JET846.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\JET847.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\JETDAE2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\~DF11A8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\~DF9A8A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_97c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02262009_160409

Répondre à cynthia_38
Destrio5   26-02-2009 à 16:30:53
- 0 +

Peux-tu refaire la manip' mais en mode sans échec ?

Pour redémarrer en mode sans échec :

  • Redémarre ton PC.
  • Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
  • Dans le menu d'options avancées, choisis Mode sans échec.
  • Choisis ta session.

Répondre à Destrio5
cynthia_38   26-02-2009 à 16:55:15
- 0 +

je n'arrive pas à me reconnecter en mode sans echec, le pc ne reconnait pas mon mot de passe

Répondre à cynthia_38
Destrio5   26-02-2009 à 17:00:46
- 0 +

Refais un scan ComboFix pour que je vérifie quelque chose.

Répondre à Destrio5
cynthia_38   27-02-2009 à 09:29:38
- 0 +

bonjour,
voila le rapport:

ComboFix 09-02-25.02 - cynthia 2009-02-27 8:54:14.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1014.467 [GMT 1:00]
Lancé depuis: c:\documents and settings\cynthia\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)
FW: Panda Internet Security 2008 *disabled*
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-27 au 2009-02-27 ))))))))))))))))))))))))))))))))))))
.

2009-02-26 16:04 . 2009-02-26 16:04 <REP> d-------- C:\_OTMoveIt
2009-02-19 12:49 . 2009-02-19 12:49 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-19 12:49 . 2009-02-19 12:49 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-19 11:58 . 2009-02-19 11:58 131,072 --a------ c:\documents and settings\cynthia\client1.exe
2009-02-16 09:02 . 2009-02-16 09:02 <REP> d-------- c:\documents and settings\cynthia\Application Data\Malwarebytes
2009-02-16 08:57 . 2009-02-16 08:57 <REP> d--hs---- C:\found.000
2009-02-12 09:19 . 2009-02-26 16:39 32,768 --a------ c:\windows\system32\drivers\ati0xexx.sys
2009-02-12 08:46 . 2009-02-12 08:47 1,374 --a------ c:\windows\imsins.BAK
2009-02-10 13:44 . 2009-02-10 13:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2009-02-09 18:16 . 2009-02-09 18:23 <REP> d-------- C:\IDN
2009-02-09 16:55 . 2009-02-16 15:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 16:55 . 2009-02-09 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 16:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 16:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 16:30 . 2009-02-09 16:49 <REP> d-------- c:\program files\FindyKill
2009-02-09 09:42 . 2009-02-09 09:43 <REP> d-------- C:\rsit
2009-01-30 14:45 . 2009-02-01 00:03 <REP> d-------- c:\documents and settings\cynthia\download
2009-01-30 14:45 . 2009-02-01 00:03 60 --a------ c:\documents and settings\cynthia\ocsinventory.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 07:51 --------- d-----w c:\documents and settings\cynthia\Application Data\DNA
2009-02-27 07:47 --------- d-----w c:\documents and settings\cynthia\Application Data\BitTorrent
2009-02-26 15:39 --------- d-----w c:\program files\LBINT
2009-02-26 15:39 --------- d-----w c:\program files\DNA
2009-02-26 09:53 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-02-20 11:16 --------- d-----w c:\documents and settings\cynthia\Application Data\SolidDocuments
2009-02-19 17:15 3,532 ----a-w C:\drmHeader.bin
2009-02-19 11:49 --------- d-----w c:\program files\Java
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\DllCache\mshtml.dll
2009-01-14 10:56 --------- d-----w c:\program files\Panda Security
2009-01-13 10:50 --------- d-----w c:\program files\ESET
2009-01-13 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-13 10:45 --------- d-----w c:\program files\Fichiers communs\Panda Software
2009-01-13 10:26 0 ----a-w c:\windows\system32\drivers\wnmsav.dat
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\DllCache\wininet.dll
2008-12-20 22:47 671,232 ----a-w c:\windows\system32\DllCache\mstime.dll
2008-12-20 22:47 477,696 ----a-w c:\windows\system32\DllCache\mshtmled.dll
2008-12-20 22:47 44,544 ----a-w c:\windows\system32\DllCache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\DllCache\webcheck.dll
2008-12-20 22:47 193,024 ----a-w c:\windows\system32\DllCache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\DllCache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\DllCache\occache.dll
2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\DllCache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\DllCache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\DllCache\ieakui.dll
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\DllCache\srv.sys
2007-10-17 13:15 312 ----a-w c:\documents and settings\Administrateur.HEVEAFIL.000\Application Data\config.dat
2006-09-18 08:02 304 ----a-w c:\documents and settings\Administrateur.HEVEAFIL\Application Data\config.dat
2006-06-22 15:26 278 ----a-w c:\documents and settings\Sylviane\Application Data\config.dat
2005-12-06 10:54 225,280 ----a-w c:\program files\Patch_Window_A_0_14.exe
2008-09-10 07:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-13_16.13.58.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:02:15 8,517,632 ------w c:\windows\system32\DllCache\shell32.dll
- 2008-10-15 01:13:38 163,528 ----a-w c:\windows\system32\fntcache.dat
+ 2009-02-26 15:31:46 163,528 ----a-w c:\windows\system32\fntcache.dat
- 2003-11-19 16:36:26 24,681 ----a-w c:\windows\system32\java.exe
+ 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\java.exe
- 2003-11-19 16:36:30 28,779 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-19 11:49:34 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2009-02-26 15:39:17 16,384 ----atw c:\windows\temp\Perflib_Perfdata_708.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-05-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-05-06 118784]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-07 180269]
"CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Client Net-Assistance.lnk - c:\program files\LBINT\Launch.exe [2008-11-05 36864]
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
EPSON Contr“le en arriŠre-plan.lnk - c:\program files\EPSON\ESM2\Stms.exe [1999-12-03 235008]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-08 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-02-08 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmCardRun]
--a------ 2003-09-16 16:50 229376 c:\windows\system32\CmWatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 09:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyeOnFiles.exe]
--a------ 2008-02-17 14:58 4838400 c:\program files\HGMB\EyeOnFiles\EyeOnFiles.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
--a------ 2003-09-09 10:25 102400 c:\program files\ScanSoft\PDF Converter\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-07 12:56 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2002-11-08 10:50 19968 c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\LBINT\\launch1.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LBINT\\Launch.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6129:TCP"= 6129:TCP:DameWare
"25:TCP"= 25:TCP:MailLbint

R0 ati0xexx;ati0xexx;c:\windows\system32\drivers\ati0xexx.sys [2009-02-12 32768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-21 14156]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-07-13 48512]
.
Contenu du dossier 'Tâches planifiées'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-27 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm
uInternet Settings,ProxyOverride = localhost;*.local
LSP: c:\program files\ICRAplus\ICRAplus\lsp.dll
TCP: {3C682CED-F5BD-48AC-A7C8-327F26A53BA3} = 192.168.15.1,192.168.15.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 09:00:11
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\program files\ICRAplus\ICRAplus\lsp.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(532)
c:\program files\ICRAplus\ICRAplus\lsp.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Heure de fin: 2009-02-27 9:04:55
ComboFix-quarantined-files.txt 2009-02-27 08:03:37
ComboFix2.txt 2009-02-26 08:11:33
ComboFix3.txt 2009-02-13 15:17:10
ComboFix4.txt 2008-08-07 13:12:12
ComboFix5.txt 2009-02-27 07:53:48

Avant-CF: 67 263 619 072 octets libres
Après-CF: 67,252,678,656 octets libres

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
220 --- E O F --- 2009-02-25 08:35:00

Répondre à cynthia_38
Destrio5   27-02-2009 à 16:07:06
- 0 +

Je te donne des nouvelles plus tard ;)

Répondre à Destrio5
cynthia_38   27-02-2009 à 16:42:43
- 0 +

ok, de toute façon je pars en week end,
a lundi
merci

Répondre à cynthia_38
Destrio5   03-03-2009 à 12:22:33
- 0 +

/!\ Seul cynthia_38 peut suivre cette procédure /!\

Désactive toute protection résidente (Antivirus...) !

---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

KillAll::

Driver::
ati0xexx

File::
c:\windows\system32\drivers\ati0xexx.sys

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]



---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.

---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

http://membres.lycos.fr/wawaseb8/images/help/cfscript.gif

  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt


;)

Répondre à Destrio5
cynthia_38   03-03-2009 à 18:04:04
- 0 +

ComboFix 09-03-02.03 - cynthia 2009-03-03 17:24:23.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1014.340 [GMT 1:00]
Lancé depuis: c:\documents and settings\cynthia\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\cynthia\Bureau\CFScript .txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)
FW: Panda Internet Security 2008 *disabled*
* Un nouveau point de restauration a été créé
* Resident AV is active


FILE ::
c:\windows\system32\drivers\ati0xexx.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\windows\system32\drivers\ati0xexx.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI0XEXX
-------\Service_ati0xexx


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-02-27 16:24 . 2009-02-27 16:24 131,072 --a------ c:\documents and settings\cynthia\client1.exe
2009-02-26 16:04 . 2009-02-26 16:04 <REP> d-------- C:\_OTMoveIt
2009-02-19 12:49 . 2009-02-19 12:49 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-19 12:49 . 2009-02-19 12:49 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-16 09:02 . 2009-02-16 09:02 <REP> d-------- c:\documents and settings\cynthia\Application Data\Malwarebytes
2009-02-16 08:57 . 2009-02-16 08:57 <REP> d--hs---- C:\found.000
2009-02-12 08:46 . 2009-02-12 08:47 1,374 --a------ c:\windows\imsins.BAK
2009-02-10 13:44 . 2009-02-10 13:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2009-02-09 18:16 . 2009-02-09 18:23 <REP> d-------- C:\IDN
2009-02-09 16:55 . 2009-02-16 15:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 16:55 . 2009-02-09 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 16:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 16:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 16:30 . 2009-02-09 16:49 <REP> d-------- c:\program files\FindyKill
2009-02-09 09:42 . 2009-02-09 09:43 <REP> d-------- C:\rsit

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 16:34 --------- d-----w c:\program files\LBINT
2009-03-03 16:34 --------- d-----w c:\program files\DNA
2009-03-03 16:34 --------- d-----w c:\documents and settings\cynthia\Application Data\DNA
2009-03-03 16:06 --------- d-----w c:\documents and settings\cynthia\Application Data\SolidDocuments
2009-03-03 13:47 --------- d-----w c:\documents and settings\cynthia\Application Data\BitTorrent
2009-03-02 09:56 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-03-01 17:35 60 ----a-w c:\documents and settings\cynthia\ocsinventory.dat
2009-02-19 17:15 3,532 ----a-w C:\drmHeader.bin
2009-02-19 11:49 --------- d-----w c:\program files\Java
2009-01-14 10:56 --------- d-----w c:\program files\Panda Security
2009-01-13 10:50 --------- d-----w c:\program files\ESET
2009-01-13 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-13 10:45 --------- d-----w c:\program files\Fichiers communs\Panda Software
2009-01-13 10:26 0 ----a-w c:\windows\system32\drivers\wnmsav.dat
2007-10-17 13:15 312 ----a-w c:\documents and settings\Administrateur.HEVEAFIL.000\Application Data\config.dat
2006-09-18 08:02 304 ----a-w c:\documents and settings\Administrateur.HEVEAFIL\Application Data\config.dat
2006-06-22 15:26 278 ----a-w c:\documents and settings\Sylviane\Application Data\config.dat
2005-12-06 10:54 225,280 ----a-w c:\program files\Patch_Window_A_0_14.exe
2008-09-10 07:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-13_16.13.58.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-02-13 14:55:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-03 10:56:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-13 14:55:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-03-03 10:56:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2009-02-13 14:55:12 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-03 10:56:30 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-17 19:02:15 8,517,632 ------w c:\windows\system32\DllCache\shell32.dll
- 2008-10-15 01:13:38 163,528 ----a-w c:\windows\system32\fntcache.dat
+ 2009-02-26 15:31:46 163,528 ----a-w c:\windows\system32\fntcache.dat
- 2003-11-19 16:36:26 24,681 ----a-w c:\windows\system32\java.exe
+ 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\java.exe
- 2003-11-19 16:36:30 28,779 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-19 11:49:34 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2009-03-03 16:33:29 16,384 ----atw c:\windows\temp\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-05-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-05-06 118784]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-07 180269]
"CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Client Net-Assistance.lnk - c:\program files\LBINT\Launch.exe [2008-11-05 36864]
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
EPSON Contr“le en arriŠre-plan.lnk - c:\program files\EPSON\ESM2\Stms.exe [1999-12-03 235008]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-08 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-02-08 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmCardRun]
--a------ 2003-09-16 16:50 229376 c:\windows\system32\CmWatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 09:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyeOnFiles.exe]
--a------ 2008-02-17 14:58 4838400 c:\program files\HGMB\EyeOnFiles\EyeOnFiles.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
--a------ 2003-09-09 10:25 102400 c:\program files\ScanSoft\PDF Converter\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-07 12:56 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2002-11-08 10:50 19968 c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\LBINT\\launch1.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LBINT\\Launch.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6129:TCP"= 6129:TCP:DameWare
"25:TCP"= 25:TCP:MailLbint

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-21 14156]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-07-13 48512]
.
Contenu du dossier 'Tâches planifiées'

2009-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-03 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm
uInternet Settings,ProxyOverride = localhost;*.local
LSP: c:\program files\ICRAplus\ICRAplus\lsp.dll
TCP: {3C682CED-F5BD-48AC-A7C8-327F26A53BA3} = 192.168.15.1,192.168.15.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 17:34:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\program files\ICRAplus\ICRAplus\lsp.dll

- - - - - - - > 'lsass.exe'(528)
c:\program files\ICRAplus\ICRAplus\lsp.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\EPSON\ESM2\eEBSvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\BAsfIpM.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DWRCS.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\ICRAplus\ICRAplus\ICRAplus.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\system32\DWRCST.exe
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
c:\documents and settings\alexis\client1.exe
.
**************************************************************************
.
Heure de fin: 2009-03-03 17:42:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-03 16:41:15
ComboFix2.txt 2009-02-27 08:04:57
ComboFix3.txt 2009-02-26 08:11:33
ComboFix4.txt 2009-02-13 15:17:10
ComboFix5.txt 2009-03-03 16:22:17

Avant-CF: 26 783 739 904 octets libres
Après-CF: 26,808,414,208 octets libres

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
238 --- E O F --- 2009-02-25 08:35:00

Répondre à cynthia_38
Destrio5   03-03-2009 à 20:30:14
- 0 +

Des changements ?

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.


  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.


  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Répondre à Destrio5
cynthia_38   04-03-2009 à 11:47:13
- 0 +

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1815
Windows 5.1.2600 Service Pack 3

04/03/2009 10:41:42
mbam-log-2009-03-04 (10-41-42).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 165991
Temps écoulé: 40 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Répondre à cynthia_38
cynthia_38   05-03-2009 à 09:19:24
- 0 +

non pas vraiment je n'ai pas de virus mais internet est toujours aussi lent (ça me rappelle l'epoque des 56K)

Répondre à cynthia_38
Destrio5   05-03-2009 à 15:33:10
- 0 +

  • Télécharge le scanner portable AVPTool sur ton Bureau.
  • Lance l'exécutable intitulé setup_7.0xxxxx en double-cliquant dessus.
  • Réponds Oui à la question Do you want to continue installation ?.
  • Clique sur Next pour les deux fenêtres suivantes : AVPTool s'installe sur ton Bureau dans un dossier nommé Kaspersky Lab Tool.
  • L'outil se lance tout seul : coche toutes les cases dans l'onglet Automatic Scan.
  • Clique maintenant sur Scan. Le scan commence, une nouvelle fenêtre s'ouvre indiquant la progression du balayage en pourcentage.
  • A la fin du scan, AVPTool signale les objets infectés par l'intermédiaire d'un pop-up : coche alors Apply to all et clique sur Disinfect ou sur Delete selon ce que propose la fenêtre.
  • Une fois les infections traitées par l'intermédiaire des pop-ups, il se peut que des fichiers malsains n'aient pas été supprimés : ils apparaissent en rouge dans la liste : clique alors sur le bouton Neutralize all de la fenêtre de progression du scan : si une pop-up indique qu'il faut redémarrer, accepte en cliquant sur OK.
  • Rends-toi maintenant dans l'onglet Events de la fenêtre de progression du scan et décoche Show all events.
  • Clique enfin sur Reports puis Save to file et enregistre le rapport sur ton Bureau sous le nom Rapport AVPTool.
  • Ferme les fenêtres d'AVPTool : un message apparaît proposant de désinstaller le logiciel : choisis Yes.
  • Un message d'alerte indique que le PC doit être redémarré pour finir la désinstallation. À la question Would you like to restart now, réponds Oui et laisse ton ordinateur redémarrer en Mode normal.
  • Poste le rapport dans ta prochaine réponse.

Répondre à Destrio5
cynthia_38   09-03-2009 à 09:31:07
- 0 +

Bonjour,
le scan s'est bien passé, il a trouvé 2 virus :

deleted: malware Hoax.Win32.Renos.efr File: C:\Documents and Settings\cynthia\Bureau\divers\SmitfraudFix\IEDFix.exe

deleted: malware Hoax.Win32.Renos.efr File: C:\System Volume Information\_restore{5F985532-CDFA-45C3-8CDC-756D8B17D761}\RP68\A0021576.exe

Mais impossible de récuperer le rapport, je l'enregistre en fichier txt mais quand je veux l'ouvrir il bug, je pense que ça doit provenir de la taille du fichier: 151mo!
si tu connais un moyen de couper le texte en plusieur parties...

Répondre à cynthia_38
Destrio5   09-03-2009 à 09:43:29
- 0 +

En fait, il n'a pas trouvé de virus, c'est juste un composant de SmitfraudFix.

Tu es en wifi ?

Répondre à Destrio5
cynthia_38   10-03-2009 à 17:08:00
- 0 +

non, je suis en réseau avec 1 livebox

Répondre à cynthia_38
Destrio5   12-03-2009 à 00:35:59
- 0 +

Je ne sais pas pourquoi ton Internet rame.

Je cherche.

Répondre à Destrio5
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Internet lent
Aller à :

Il y a 732 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,511 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens