Antivir detecte TR/Rootkit.gen
Dernière réponse : dans Sécurité
Bonjour;
Google, ne me donnant pas trop de résultats, j'ai préféré vous demander.
J'ai trouvé le virus TR/Rootkit.gen détecté par avira antivir sur plusieurs répertoires, notamment dans le fichier drivers. Je n'ose pas redémarrer mon PC ou le restaurer. Des solutions pour moi ? (Je fais actuellement un scan antivirus) et une débile m'a installé TOR et S4 league récemment. Voila.
Merci.
J'ai l'impression que mon antivirus est infiltré, il ne scane pas vite du tout. Voir pas du tout (44,6% , 14900 fichiers inspectés, 21:23)
(Nouveauté pour le scan : 44,7%, 22584 fichiers, 21h47)
OK, je télécharge une version de Findykill pour regarder au cas ou ... La version correspond pas au tuto, je lance une recherche. Puis tout de suite après, Antivir Guard me détecte BDS/Papras.CQ, qui est un programme backdoor.
Je fais quoi (Suprimmer, renommer, refuser l'acces, ignorer, quarantaine ?) J'ai fermé le scan.
Autres pages sur : antivir detecte rootkit gen
Lassé par la pub ? Créez un compte
Bonjour
arrête le scan antivirus... il pourrait shooter des programmes légitimes infectés ou bloquer sur une infection et faire redémarrer le pc en boucle...
on regarde avant:
Télécharge DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton bureau.)
arrête le scan antivirus... il pourrait shooter des programmes légitimes infectés ou bloquer sur une infection et faire redémarrer le pc en boucle...
on regarde avant:
Télécharge DDS et sauvegarde-le sur ton bureau.
DDS (A la fin du téléchargement me fait ouvrir un fichier (300-250.swf), j'en fais quoi ? Il vient de http://imgext.spartoo.com .
vu que je sais pas où tu as dl ta version de findykill, tu arrêtes tout.
la home est ici:
http://pagesperso-orange.fr/NosTools/fyk_page.html
la home est ici:
http://pagesperso-orange.fr/NosTools/fyk_page.html
RAPPORT DE DDS :
DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 22:02:31,54 on 09/03/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.512 [GMT 1:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1296 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office\msohtmed.exe
C:\WINDOWS\TEMP\~TM26.tmp
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\User\Bureau\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
uSearch Bar = hxxp://internetsearchservice.com/ie6.html
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mSearch Page =
mStart Page = hxxp://fr.yahoo.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uSearchAssistant = hxxp://internetsearchservice.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
mSearchAssistant = hxxp://internetsearchservice.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\geBUmNDT.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {ae54fe20-5a26-4e29-9dc3-c45dcc26736e} - c:\windows\system32\xXPhfggE.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Internet Service: {51d81dd5-55b7-497f-95db-d356429bb54e} - c:\program files\netproject\wamdl.dll
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
mRun: [Disk Monitor] c:\program files\generic\usb card reader driver v1.9e3\Disk_Monitor.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [EoEngine]
mRun: [EoWeather]
mRun: [ItsTV] "c:\program files\eorezo\eoweather\ItsTV.exe"
mRun: [LVCOMS] c:\program files\fichiers communs\logitech\qcdriver2\LVCOMS.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MySight 2006 BS Check&Random] c:\program files\mysight 2006\quickbs.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [sysgif32] c:\windows\temp\~TM26.tmp
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [some] c:\program files\netproject\scit.exe
mExplorerRun: [start] c:\program files\netproject\sbmntr.exe
StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\documents and settings\user\menu démarrer\programmes\démarrage\winesm32.exe
StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: geBUmNDT - geBUmNDT.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\geBUmNDT.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xXPhfggE
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\nwf80hj4.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-30 111184]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-9-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-26 185089]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-30 20560]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-26 56816]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2008-3-22 152576]
R3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-10-2 666624]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-30 155160]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 aaudstum;aaudstum;c:\docume~1\user\locals~1\temp\aaudstum.sys [2004-10-23 31744]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-30 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-30 352920]
S3 XDva114;XDva114;\??\c:\windows\system32\xdva114.sys --> c:\windows\system32\XDva114.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
=============== Created Last 30 ================
2010-03-09 20:26:45 0 d-----w- C:\FyK
2010-03-09 19:42:03 802304 ----a-w- c:\windows\system32\drivers\enqexeg.sys
2010-03-09 19:40:28 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-09 19:40:28 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-09 19:40:06 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-09 19:40:06 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-09 19:39:43 802304 ----a-w- c:\windows\system32\drivers\eaglent.VIR
2010-03-09 19:39:40 802304 ----a-w- c:\windows\system32\drivers\OLD32.tmp
2010-03-09 19:39:33 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-09 19:39:33 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-09 19:36:33 802304 ----a-w- c:\windows\system32\drivers\OLD29.tmp
2010-03-09 19:35:29 160 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-03-09 19:35:24 4 ----a-w- c:\docume~1\user\applic~1\avdrn.dat
2010-03-08 21:08:57 0 d-----w- c:\program files\alaplaya
2010-03-08 20:57:29 0 d-----w- c:\program files\Vidalia Bundle
2010-03-06 20:06:56 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-06 20:05:04 0 d-----w- c:\program files\dumps
2010-02-09 17:20:10 0 d-----w- c:\docume~1\user\applic~1\Fantasy Grounds II
2010-02-09 17:20:09 0 d-----w- c:\program files\Fantasy Grounds II
==================== Find3M ====================
2010-03-09 19:39:45 802304 ----a-w- c:\windows\system32\drivers\hamachi.VIR
2010-02-05 07:04:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2008-12-25 22:23:01 563253 --sha-w- c:\windows\system32\EggfhPXx.ini2
============= FINISH: 22:02:55,31 ===============
RAPPORT DE CATCHME :
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 22:06:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\enqexeg]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Group"="Boot Bus Extender"
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\User\Menu Démarrer\Programmes\Démarrage\winesm32.exe 30208 bytes executable
DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 22:02:31,54 on 09/03/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.512 [GMT 1:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1296 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office\msohtmed.exe
C:\WINDOWS\TEMP\~TM26.tmp
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\User\Bureau\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
uSearch Bar = hxxp://internetsearchservice.com/ie6.html
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mSearch Page =
mStart Page = hxxp://fr.yahoo.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uSearchAssistant = hxxp://internetsearchservice.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
mSearchAssistant = hxxp://internetsearchservice.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\geBUmNDT.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {ae54fe20-5a26-4e29-9dc3-c45dcc26736e} - c:\windows\system32\xXPhfggE.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Internet Service: {51d81dd5-55b7-497f-95db-d356429bb54e} - c:\program files\netproject\wamdl.dll
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
mRun: [Disk Monitor] c:\program files\generic\usb card reader driver v1.9e3\Disk_Monitor.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [EoEngine]
mRun: [EoWeather]
mRun: [ItsTV] "c:\program files\eorezo\eoweather\ItsTV.exe"
mRun: [LVCOMS] c:\program files\fichiers communs\logitech\qcdriver2\LVCOMS.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MySight 2006 BS Check&Random] c:\program files\mysight 2006\quickbs.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [sysgif32] c:\windows\temp\~TM26.tmp
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [some] c:\program files\netproject\scit.exe
mExplorerRun: [start] c:\program files\netproject\sbmntr.exe
StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\documents and settings\user\menu démarrer\programmes\démarrage\winesm32.exe
StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: geBUmNDT - geBUmNDT.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\geBUmNDT.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xXPhfggE
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\nwf80hj4.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-30 111184]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-9-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-26 185089]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-30 20560]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-26 56816]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2008-3-22 152576]
R3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-10-2 666624]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-30 155160]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 aaudstum;aaudstum;c:\docume~1\user\locals~1\temp\aaudstum.sys [2004-10-23 31744]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-30 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-30 352920]
S3 XDva114;XDva114;\??\c:\windows\system32\xdva114.sys --> c:\windows\system32\XDva114.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
=============== Created Last 30 ================
2010-03-09 20:26:45 0 d-----w- C:\FyK
2010-03-09 19:42:03 802304 ----a-w- c:\windows\system32\drivers\enqexeg.sys
2010-03-09 19:40:28 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-09 19:40:28 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-09 19:40:06 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-09 19:40:06 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-09 19:39:43 802304 ----a-w- c:\windows\system32\drivers\eaglent.VIR
2010-03-09 19:39:40 802304 ----a-w- c:\windows\system32\drivers\OLD32.tmp
2010-03-09 19:39:33 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-09 19:39:33 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-09 19:36:33 802304 ----a-w- c:\windows\system32\drivers\OLD29.tmp
2010-03-09 19:35:29 160 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-03-09 19:35:24 4 ----a-w- c:\docume~1\user\applic~1\avdrn.dat
2010-03-08 21:08:57 0 d-----w- c:\program files\alaplaya
2010-03-08 20:57:29 0 d-----w- c:\program files\Vidalia Bundle
2010-03-06 20:06:56 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-06 20:05:04 0 d-----w- c:\program files\dumps
2010-02-09 17:20:10 0 d-----w- c:\docume~1\user\applic~1\Fantasy Grounds II
2010-02-09 17:20:09 0 d-----w- c:\program files\Fantasy Grounds II
==================== Find3M ====================
2010-03-09 19:39:45 802304 ----a-w- c:\windows\system32\drivers\hamachi.VIR
2010-02-05 07:04:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2008-12-25 22:23:01 563253 --sha-w- c:\windows\system32\EggfhPXx.ini2
============= FINISH: 22:02:55,31 ===============
RAPPORT DE CATCHME :
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 22:06:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\enqexeg]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Group"="Boot Bus Extender"
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\User\Menu Démarrer\Programmes\Démarrage\winesm32.exe 30208 bytes executable
re
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
J'ai un problème, un fichier sans image d'icône est apparu sur mon bureau, avec le nom Combofix, le fichier apparemment en cours d'utilisation ne peut être supprimé ou renommé. Et y'a pas moyen de donner ce nom au combofix avec icône. J'ai quand même essayé de lancer un combofix avec icône, ça m'a directement mis la fenêtre qui dit que le logiciel n'a pas de rapport avec ces sites. Puis, je mes "Ok" et plus rien.
Voila pour le rapport combofix :
ComboFix 10-03-09.08 - User 10/03/2010 13:16:45.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.783 [GMT 1:00]
Lancé depuis: c:\documents and settings\User\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1296 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Application Data\avdrn.dat
c:\documents and settings\User\Application Data\inst.exe
c:\documents and settings\User\Favoris\Online Security Test.url
c:\windows\system32\247880
c:\windows\system32\drivers\enqexeg.sys
c:\windows\system32\EggfhPXx.ini
c:\windows\system32\EggfhPXx.ini2
c:\windows\system32\geBUmNDT.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\xwevlwgj.ini
Une copie infectée de c:\windows\system32\wuauclt.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-10 au 2010-03-10 ))))))))))))))))))))))))))))))))))))
.
2010-03-10 06:39 . 2010-03-10 06:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-03-10 06:37 . 2010-03-10 06:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 06:33 . 2010-03-10 06:33 -------- d-----w- c:\program files\Steam(3)
2010-03-10 06:06 . 2010-03-10 06:18 -------- d-----w- C:\32788R22FWJFW(2)
2010-03-10 00:13 . 2010-03-10 00:13 1208 ----a-w- C:\FindyKill_Upload_Me_PROPRIETAIRE.zip
2010-03-09 21:34 . 2010-03-10 06:14 -------- d-----w- c:\documents and settings\User\Application Data\Vidalia(2)
2010-03-09 20:26 . 2010-03-10 06:18 -------- d-----w- C:\FyK
2010-03-09 19:39 . 2010-03-09 19:39 802304 ----a-w- c:\windows\system32\drivers\eaglent.VIR
2010-03-08 21:08 . 2010-03-08 21:08 -------- d-----w- c:\program files\alaplaya
2010-03-08 20:57 . 2010-03-10 06:19 -------- d-----w- c:\program files\Vidalia Bundle
2010-03-05 15:43 . 2010-03-10 06:32 -------- d-s---w- c:\documents and settings\Invité
2010-02-09 17:20 . 2010-02-09 17:30 -------- d-----w- c:\documents and settings\User\Application Data\Fantasy Grounds II
2010-02-09 17:20 . 2010-02-09 17:22 -------- d-----w- c:\program files\Fantasy Grounds II
2010-02-08 17:28 . 2010-02-08 17:28 -------- d-----w- c:\documents and settings\Leeroy\Application Data\Subversion
2010-02-08 17:27 . 2004-08-05 12:00 4096 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 12:25 . 2009-10-27 19:21 -------- d-----w- c:\program files\Steam
2010-03-10 12:04 . 2009-12-31 20:05 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-03-10 12:02 . 2009-12-31 20:12 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-03-10 06:36 . 2009-08-23 16:06 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-03-10 06:18 . 2008-03-22 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:18 . 2008-10-26 19:33 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2010-03-10 05:31 . 2004-08-05 12:00 571150 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 05:31 . 2004-08-05 12:00 112198 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-09 19:39 . 2009-06-05 18:07 802304 ----a-w- c:\windows\system32\drivers\hamachi.VIR
2010-03-08 21:08 . 2008-03-22 10:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-02-25 02:23 . 2009-09-16 17:31 -------- d-----w- c:\documents and settings\User\Application Data\codeblocks
2010-02-08 17:26 . 2009-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-08 17:26 . 2009-09-26 16:17 -------- d-----w- c:\program files\Vuze
2010-02-08 17:24 . 2008-05-23 12:29 -------- d-----w- c:\program files\Slayers Online
2010-02-08 17:23 . 2008-11-27 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2010-02-08 17:23 . 2009-01-25 21:12 -------- d-----w- c:\program files\PC Alarm Clock
2010-02-08 17:22 . 2008-03-22 14:27 -------- d-----w- c:\program files\Opera
2010-02-08 17:17 . 2010-02-08 17:17 -------- d-----w- c:\documents and settings\Leeroy\Application Data\ItsLabel
2010-02-08 16:19 . 2009-06-05 18:07 -------- d-----w- c:\documents and settings\User\Application Data\Hamachi
2010-02-07 20:28 . 2010-02-07 20:28 -------- d-----w- c:\program files\JeffProd
2010-02-05 07:04 . 2010-01-31 21:36 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-01-31 21:29 . 2010-01-31 21:29 -------- d-----w- c:\program files\VUGames
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\documents and settings\User\Application Data\Megaupload
2010-01-29 17:59 . 2010-01-29 17:59 -------- d-----w- c:\program files\Megaupload
2010-01-27 18:54 . 2010-01-27 18:48 -------- d-----w- c:\program files\Google
2009-12-31 20:12 . 2009-12-31 20:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]
"Steam"="c:\program files\steam\steam.exe" [2009-11-09 1217808]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disk Monitor"="c:\program files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 466944]
"SoundMan"="SOUNDMAN.EXE" [2008-03-22 57344]
"D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2004-05-25 1015808]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-03-22 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"MySight 2006 BS Check&Random"="c:\program files\MySight 2006\quickbs.exe" [2008-03-22 409088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxofblades\\garrysmod\\hl2.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxofblades\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\User\\Mes documents\\Downloads\\SRO_L4.5_Full_Client_Downloader.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mount and blade demo\\runme.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/11/2008 18:01 111184]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/09/2009 17:57 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/11/2008 18:01 20560]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [22/03/2008 15:04 152576]
R3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [02/10/2003 14:47 666624]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/01/2010 19:48 135664]
S3 aaudstum;aaudstum;\??\c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys [?]
S3 XDva114;XDva114;\??\c:\windows\system32\XDva114.sys --> c:\windows\system32\XDva114.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:48]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:48]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2000478354-682003330-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 03:15]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2000478354-682003330-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 03:15]
2010-03-07 c:\windows\Tasks\Norton Security Scan for User.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-11-04 15:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mStart Page = hxxp://fr.yahoo.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uSearchAssistant = hxxp://internetsearchservice.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nwf80hj4.default\
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{AE54FE20-5A26-4E29-9DC3-C45DCC26736E} - c:\windows\system32\xXPhfggE.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKLM-Run-ANIWZCS2Service - c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoWeather - (no file)
HKLM-Run-ItsTV - c:\program files\EoRezo\EoWeather\ItsTV.exe
Notify-geBUmNDT - geBUmNDT.dll
AddRemove-ItsTV_is1 - c:\program files\EoRezo\EoWeather\unins001.exe
AddRemove-Secure Browsing - c:\program files\NetProject\sbun.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
AddRemove-L3DT Standard (v2.6.0.0) - c:\program files\Bundysoft\L3DT Standard 2.6\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 13:26
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2856)
c:\program files\Xfire\xfire_toucan_28888.dll
c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\SOUNDMAN.EXE
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Xfire\xfire.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2010-03-10 13:32:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-10 12:32
Avant-CF: 79 340 646 400 octets libres
Après-CF: 83 440 922 624 octets libres
- - End Of File - - 184CF40171A94CE4DA3473C606C602AF
ComboFix 10-03-09.08 - User 10/03/2010 13:16:45.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.783 [GMT 1:00]
Lancé depuis: c:\documents and settings\User\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1296 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Application Data\avdrn.dat
c:\documents and settings\User\Application Data\inst.exe
c:\documents and settings\User\Favoris\Online Security Test.url
c:\windows\system32\247880
c:\windows\system32\drivers\enqexeg.sys
c:\windows\system32\EggfhPXx.ini
c:\windows\system32\EggfhPXx.ini2
c:\windows\system32\geBUmNDT.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\xwevlwgj.ini
Une copie infectée de c:\windows\system32\wuauclt.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-10 au 2010-03-10 ))))))))))))))))))))))))))))))))))))
.
2010-03-10 06:39 . 2010-03-10 06:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-03-10 06:37 . 2010-03-10 06:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 06:33 . 2010-03-10 06:33 -------- d-----w- c:\program files\Steam(3)
2010-03-10 06:06 . 2010-03-10 06:18 -------- d-----w- C:\32788R22FWJFW(2)
2010-03-10 00:13 . 2010-03-10 00:13 1208 ----a-w- C:\FindyKill_Upload_Me_PROPRIETAIRE.zip
2010-03-09 21:34 . 2010-03-10 06:14 -------- d-----w- c:\documents and settings\User\Application Data\Vidalia(2)
2010-03-09 20:26 . 2010-03-10 06:18 -------- d-----w- C:\FyK
2010-03-09 19:39 . 2010-03-09 19:39 802304 ----a-w- c:\windows\system32\drivers\eaglent.VIR
2010-03-08 21:08 . 2010-03-08 21:08 -------- d-----w- c:\program files\alaplaya
2010-03-08 20:57 . 2010-03-10 06:19 -------- d-----w- c:\program files\Vidalia Bundle
2010-03-05 15:43 . 2010-03-10 06:32 -------- d-s---w- c:\documents and settings\Invité
2010-02-09 17:20 . 2010-02-09 17:30 -------- d-----w- c:\documents and settings\User\Application Data\Fantasy Grounds II
2010-02-09 17:20 . 2010-02-09 17:22 -------- d-----w- c:\program files\Fantasy Grounds II
2010-02-08 17:28 . 2010-02-08 17:28 -------- d-----w- c:\documents and settings\Leeroy\Application Data\Subversion
2010-02-08 17:27 . 2004-08-05 12:00 4096 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 12:25 . 2009-10-27 19:21 -------- d-----w- c:\program files\Steam
2010-03-10 12:04 . 2009-12-31 20:05 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-03-10 12:02 . 2009-12-31 20:12 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-03-10 06:36 . 2009-08-23 16:06 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-03-10 06:18 . 2008-03-22 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:18 . 2008-10-26 19:33 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2010-03-10 05:31 . 2004-08-05 12:00 571150 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 05:31 . 2004-08-05 12:00 112198 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-09 19:39 . 2009-06-05 18:07 802304 ----a-w- c:\windows\system32\drivers\hamachi.VIR
2010-03-08 21:08 . 2008-03-22 10:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-02-25 02:23 . 2009-09-16 17:31 -------- d-----w- c:\documents and settings\User\Application Data\codeblocks
2010-02-08 17:26 . 2009-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-08 17:26 . 2009-09-26 16:17 -------- d-----w- c:\program files\Vuze
2010-02-08 17:24 . 2008-05-23 12:29 -------- d-----w- c:\program files\Slayers Online
2010-02-08 17:23 . 2008-11-27 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2010-02-08 17:23 . 2009-01-25 21:12 -------- d-----w- c:\program files\PC Alarm Clock
2010-02-08 17:22 . 2008-03-22 14:27 -------- d-----w- c:\program files\Opera
2010-02-08 17:17 . 2010-02-08 17:17 -------- d-----w- c:\documents and settings\Leeroy\Application Data\ItsLabel
2010-02-08 16:19 . 2009-06-05 18:07 -------- d-----w- c:\documents and settings\User\Application Data\Hamachi
2010-02-07 20:28 . 2010-02-07 20:28 -------- d-----w- c:\program files\JeffProd
2010-02-05 07:04 . 2010-01-31 21:36 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-01-31 21:29 . 2010-01-31 21:29 -------- d-----w- c:\program files\VUGames
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\documents and settings\User\Application Data\Megaupload
2010-01-29 17:59 . 2010-01-29 17:59 -------- d-----w- c:\program files\Megaupload
2010-01-27 18:54 . 2010-01-27 18:48 -------- d-----w- c:\program files\Google
2009-12-31 20:12 . 2009-12-31 20:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]
"Steam"="c:\program files\steam\steam.exe" [2009-11-09 1217808]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disk Monitor"="c:\program files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 466944]
"SoundMan"="SOUNDMAN.EXE" [2008-03-22 57344]
"D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2004-05-25 1015808]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-03-22 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"MySight 2006 BS Check&Random"="c:\program files\MySight 2006\quickbs.exe" [2008-03-22 409088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxofblades\\garrysmod\\hl2.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxofblades\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\User\\Mes documents\\Downloads\\SRO_L4.5_Full_Client_Downloader.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mount and blade demo\\runme.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/11/2008 18:01 111184]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/09/2009 17:57 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/11/2008 18:01 20560]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [22/03/2008 15:04 152576]
R3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [02/10/2003 14:47 666624]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/01/2010 19:48 135664]
S3 aaudstum;aaudstum;\??\c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys [?]
S3 XDva114;XDva114;\??\c:\windows\system32\XDva114.sys --> c:\windows\system32\XDva114.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:48]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:48]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2000478354-682003330-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 03:15]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2000478354-682003330-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 03:15]
2010-03-07 c:\windows\Tasks\Norton Security Scan for User.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-11-04 15:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mStart Page = hxxp://fr.yahoo.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uSearchAssistant = hxxp://internetsearchservice.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nwf80hj4.default\
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{AE54FE20-5A26-4E29-9DC3-C45DCC26736E} - c:\windows\system32\xXPhfggE.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKLM-Run-ANIWZCS2Service - c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoWeather - (no file)
HKLM-Run-ItsTV - c:\program files\EoRezo\EoWeather\ItsTV.exe
Notify-geBUmNDT - geBUmNDT.dll
AddRemove-ItsTV_is1 - c:\program files\EoRezo\EoWeather\unins001.exe
AddRemove-Secure Browsing - c:\program files\NetProject\sbun.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
AddRemove-L3DT Standard (v2.6.0.0) - c:\program files\Bundysoft\L3DT Standard 2.6\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 13:26
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2856)
c:\program files\Xfire\xfire_toucan_28888.dll
c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\SOUNDMAN.EXE
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Xfire\xfire.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2010-03-10 13:32:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-10 12:32
Avant-CF: 79 340 646 400 octets libres
Après-CF: 83 440 922 624 octets libres
- - End Of File - - 184CF40171A94CE4DA3473C606C602AF
re
c'est toi qui a fait la modif en .vir?
c:\windows\system32\drivers\hamachi.VIR
1
Désinstalle correctement Avast!
2
Copie (Ctrl+C) le texte ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
![]()
Combofix se lance, laisse toi guider..
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
3
Mets à jour antivir...
Voici une vidéo faites par angélique pour configurer antivir correctement : http://www.malekal.com/fichiers/antivir/ConfigurationAn...
fais un scan avec et poste le rapport.
c'est toi qui a fait la modif en .vir?
c:\windows\system32\drivers\hamachi.VIR
1
Désinstalle correctement Avast!
2
Copie (Ctrl+C) le texte ci-dessous :
Driver::
aaudstum
File::
c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys
aaudstum
File::
c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Ne touche à rien tant que le scan n'est pas terminé.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
3
Mets à jour antivir...
Voici une vidéo faites par angélique pour configurer antivir correctement : http://www.malekal.com/fichiers/antivir/ConfigurationAn...
fais un scan avec et poste le rapport.
RAPPORT COMBOFIX :
ComboFix 10-03-09.08 - User 12/03/2010 18:52:34.4.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.810 [GMT 1:00]
Lancé depuis: c:\documents and settings\User\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\User\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AAUDSTUM
-------\Service_aaudstum
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-12 au 2010-03-12 ))))))))))))))))))))))))))))))))))))
.
2010-03-12 18:03 . 2010-03-12 18:03 -------- d-----w- c:\windows\LastGood
2010-03-12 17:11 . 2010-03-12 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-10 19:54 . 2010-03-10 19:54 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\WMTools Downloaded Files
2010-03-10 06:39 . 2010-03-10 06:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-03-10 06:37 . 2010-03-10 06:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 06:33 . 2010-03-10 06:33 -------- d-----w- c:\program files\Steam(3)
2010-03-10 06:06 . 2010-03-10 06:18 -------- d-----w- C:\32788R22FWJFW(2)
2010-03-10 00:13 . 2010-03-10 00:13 1208 ----a-w- C:\FindyKill_Upload_Me_PROPRIETAIRE.zip
2010-03-09 21:34 . 2010-03-10 06:14 -------- d-----w- c:\documents and settings\User\Application Data\Vidalia(2)
2010-03-09 20:26 . 2010-03-10 06:18 -------- d-----w- C:\FyK
2010-03-09 19:39 . 2010-03-09 19:39 802304 ----a-w- c:\windows\system32\drivers\eaglent.VIR
2010-03-08 21:08 . 2010-03-08 21:08 -------- d-----w- c:\program files\alaplaya
2010-03-05 15:43 . 2010-03-10 06:32 -------- d-s---w- c:\documents and settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 18:24 . 2009-12-31 20:05 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-03-12 18:21 . 2009-10-27 19:21 -------- d-----w- c:\program files\Steam
2010-03-12 17:44 . 2008-06-06 22:37 -------- d-----w- c:\program files\Alwil Software
2010-03-12 16:02 . 2009-12-31 20:12 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-03-12 16:02 . 2010-01-31 21:36 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-10 06:36 . 2009-08-23 16:06 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-03-10 06:18 . 2008-03-22 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:18 . 2008-10-26 19:33 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2010-03-10 05:31 . 2004-08-05 12:00 571150 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 05:31 . 2004-08-05 12:00 112198 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-09 19:39 . 2009-06-05 18:07 802304 ----a-w- c:\windows\system32\drivers\hamachi.VIR
2010-03-08 21:08 . 2008-03-22 10:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-02-25 02:23 . 2009-09-16 17:31 -------- d-----w- c:\documents and settings\User\Application Data\codeblocks
2010-02-09 17:30 . 2010-02-09 17:20 -------- d-----w- c:\documents and settings\User\Application Data\Fantasy Grounds II
2010-02-09 17:22 . 2010-02-09 17:20 -------- d-----w- c:\program files\Fantasy Grounds II
2010-02-08 17:28 . 2010-02-08 17:28 -------- d-----w- c:\documents and settings\Leeroy\Application Data\Subversion
2010-02-08 17:26 . 2009-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-08 17:26 . 2009-09-26 16:17 -------- d-----w- c:\program files\Vuze
2010-02-08 17:24 . 2008-05-23 12:29 -------- d-----w- c:\program files\Slayers Online
2010-02-08 17:23 . 2008-11-27 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2010-02-08 17:23 . 2009-01-25 21:12 -------- d-----w- c:\program files\PC Alarm Clock
2010-02-08 17:22 . 2008-03-22 14:27 -------- d-----w- c:\program files\Opera
2010-02-08 17:17 . 2010-02-08 17:17 -------- d-----w- c:\documents and settings\Leeroy\Application Data\ItsLabel
2010-02-08 16:19 . 2009-06-05 18:07 -------- d-----w- c:\documents and settings\User\Application Data\Hamachi
2010-02-07 20:28 . 2010-02-07 20:28 -------- d-----w- c:\program files\JeffProd
2010-01-31 21:29 . 2010-01-31 21:29 -------- d-----w- c:\program files\VUGames
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\documents and settings\User\Application Data\Megaupload
2010-01-29 17:59 . 2010-01-29 17:59 -------- d-----w- c:\program files\Megaupload
2010-01-27 18:54 . 2010-01-27 18:48 -------- d-----w- c:\program files\Google
2009-12-31 20:12 . 2009-12-31 20:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.
((((((((((((((((((((((((((((( SnapShot@2010-03-10_12.25.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-12 18:02 . 2010-03-12 18:02 16384 c:\windows\Temp\Perflib_Perfdata_94.dat
+ 2010-03-12 18:22 . 2010-03-12 18:22 16384 c:\windows\Temp\Perflib_Perfdata_5b8.dat
+ 2007-07-30 18:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2008-03-22 10:52 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
+ 2010-03-10 12:36 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-03-10 12:36 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2008-03-22 15:30 . 2009-08-06 18:23 215920 c:\windows\system32\muweb.dll
+ 2008-03-22 15:30 . 2009-08-06 18:23 274288 c:\windows\system32\mucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-05 12:00 . 2009-11-21 16:42 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-05 12:00 . 2009-11-21 16:42 470528 c:\windows\AppPatch\aclayers.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]
"Steam"="c:\program files\steam\steam.exe" [2010-03-10 1217872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disk Monitor"="c:\program files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 466944]
"SoundMan"="SOUNDMAN.EXE" [2008-03-22 57344]
"D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2004-05-25 1015808]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-03-22 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"MySight 2006 BS Check&Random"="c:\program files\MySight 2006\quickbs.exe" [2008-03-22 409088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxofblades\\garrysmod\\hl2.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxofblades\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\User\\Mes documents\\Downloads\\SRO_L4.5_Full_Client_Downloader.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mount and blade demo\\runme.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/09/2009 17:57 108289]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [22/03/2008 15:04 152576]
R3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [02/10/2003 14:47 666624]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/01/2010 19:48 135664]
S3 XDva114;XDva114;\??\c:\windows\system32\XDva114.sys --> c:\windows\system32\XDva114.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:48]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:48]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2000478354-682003330-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 03:15]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2000478354-682003330-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 03:15]
2010-03-10 c:\windows\Tasks\Norton Security Scan for User.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-11-04 15:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mStart Page = hxxp://fr.yahoo.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uSearchAssistant = hxxp://internetsearchservice.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nwf80hj4.default\
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 19:21
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2448)
c:\program files\Xfire\xfire_toucan_28888.dll
c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\SOUNDMAN.EXE
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Xfire\xfire.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Avira\AntiVir Desktop\update.exe
.
**************************************************************************
.
Heure de fin: 2010-03-12 19:27:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-12 18:27
ComboFix2.txt 2010-03-11 23:16
ComboFix3.txt 2010-03-10 12:32
Avant-CF: 83 176 677 376 octets libres
Après-CF: 82 857 349 120 octets libres
- - End Of File - - FDD45159D3F6B7CAC4D74F4C5742D4C0
ComboFix 10-03-09.08 - User 12/03/2010 18:52:34.4.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.810 [GMT 1:00]
Lancé depuis: c:\documents and settings\User\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\User\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\User\LOCALS~1\Temp\aaudstum.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AAUDSTUM
-------\Service_aaudstum
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-12 au 2010-03-12 ))))))))))))))))))))))))))))))))))))
.
2010-03-12 18:03 . 2010-03-12 18:03 -------- d-----w- c:\windows\LastGood
2010-03-12 17:11 . 2010-03-12 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-10 19:54 . 2010-03-10 19:54 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\WMTools Downloaded Files
2010-03-10 06:39 . 2010-03-10 06:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-03-10 06:37 . 2010-03-10 06:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 06:33 . 2010-03-10 06:33 -------- d-----w- c:\program files\Steam(3)
2010-03-10 06:06 . 2010-03-10 06:18 -------- d-----w- C:\32788R22FWJFW(2)
2010-03-10 00:13 . 2010-03-10 00:13 1208 ----a-w- C:\FindyKill_Upload_Me_PROPRIETAIRE.zip
2010-03-09 21:34 . 2010-03-10 06:14 -------- d-----w- c:\documents and settings\User\Application Data\Vidalia(2)
2010-03-09 20:26 . 2010-03-10 06:18 -------- d-----w- C:\FyK
2010-03-09 19:39 . 2010-03-09 19:39 802304 ----a-w- c:\windows\system32\drivers\eaglent.VIR
2010-03-08 21:08 . 2010-03-08 21:08 -------- d-----w- c:\program files\alaplaya
2010-03-05 15:43 . 2010-03-10 06:32 -------- d-s---w- c:\documents and settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 18:24 . 2009-12-31 20:05 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-03-12 18:21 . 2009-10-27 19:21 -------- d-----w- c:\program files\Steam
2010-03-12 17:44 . 2008-06-06 22:37 -------- d-----w- c:\program files\Alwil Software
2010-03-12 16:02 . 2009-12-31 20:12 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-03-12 16:02 . 2010-01-31 21:36 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-10 06:36 . 2009-08-23 16:06 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-03-10 06:18 . 2008-03-22 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:18 . 2008-10-26 19:33 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2010-03-10 05:31 . 2004-08-05 12:00 571150 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 05:31 . 2004-08-05 12:00 112198 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-09 19:39 . 2009-06-05 18:07 802304 ----a-w- c:\windows\system32\drivers\hamachi.VIR
2010-03-08 21:08 . 2008-03-22 10:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-02-25 02:23 . 2009-09-16 17:31 -------- d-----w- c:\documents and settings\User\Application Data\codeblocks
2010-02-09 17:30 . 2010-02-09 17:20 -------- d-----w- c:\documents and settings\User\Application Data\Fantasy Grounds II
2010-02-09 17:22 . 2010-02-09 17:20 -------- d-----w- c:\program files\Fantasy Grounds II
2010-02-08 17:28 . 2010-02-08 17:28 -------- d-----w- c:\documents and settings\Leeroy\Application Data\Subversion
2010-02-08 17:26 . 2009-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-08 17:26 . 2009-09-26 16:17 -------- d-----w- c:\program files\Vuze
2010-02-08 17:24 . 2008-05-23 12:29 -------- d-----w- c:\program files\Slayers Online
2010-02-08 17:23 . 2008-11-27 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2010-02-08 17:23 . 2009-01-25 21:12 -------- d-----w- c:\program files\PC Alarm Clock
2010-02-08 17:22 . 2008-03-22 14:27 -------- d-----w- c:\program files\Opera
2010-02-08 17:17 . 2010-02-08 17:17 -------- d-----w- c:\documents and settings\Leeroy\Application Data\ItsLabel
2010-02-08 16:19 . 2009-06-05 18:07 -------- d-----w- c:\documents and settings\User\Application Data\Hamachi
2010-02-07 20:28 . 2010-02-07 20:28 -------- d-----w- c:\program files\JeffProd
2010-01-31 21:29 . 2010-01-31 21:29 -------- d-----w- c:\program files\VUGames
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\documents and settings\User\Application Data\Megaupload
2010-01-29 17:59 . 2010-01-29 17:59 -------- d-----w- c:\program files\Megaupload
2010-01-27 18:54 . 2010-01-27 18:48 -------- d-----w- c:\program files\Google
2009-12-31 20:12 . 2009-12-31 20:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.
((((((((((((((((((((((((((((( SnapShot@2010-03-10_12.25.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-12 18:02 . 2010-03-12 18:02 16384 c:\windows\Temp\Perflib_Perfdata_94.dat
+ 2010-03-12 18:22 . 2010-03-12 18:22 16384 c:\windows\Temp\Perflib_Perfdata_5b8.dat
+ 2007-07-30 18:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2008-03-22 10:52 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
+ 2010-03-10 12:36 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-03-10 12:36 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2008-03-22 15:30 . 2009-08-06 18:23 215920 c:\windows\system32\muweb.dll
+ 2008-03-22 15:30 . 2009-08-06 18:23 274288 c:\windows\system32\mucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-05 12:00 . 2009-11-21 16:42 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-05 12:00 . 2009-11-21 16:42 470528 c:\windows\AppPatch\aclayers.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]
"Steam"="c:\program files\steam\steam.exe" [2010-03-10 1217872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disk Monitor"="c:\program files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 466944]
"SoundMan"="SOUNDMAN.EXE" [2008-03-22 57344]
"D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2004-05-25 1015808]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-03-22 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"MySight 2006 BS Check&Random"="c:\program files\MySight 2006\quickbs.exe" [2008-03-22 409088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxofblades\\garrysmod\\hl2.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxofblades\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\User\\Mes documents\\Downloads\\SRO_L4.5_Full_Client_Downloader.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mount and blade demo\\runme.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/09/2009 17:57 108289]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [22/03/2008 15:04 152576]
R3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [02/10/2003 14:47 666624]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/01/2010 19:48 135664]
S3 XDva114;XDva114;\??\c:\windows\system32\XDva114.sys --> c:\windows\system32\XDva114.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:48]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:48]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2000478354-682003330-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 03:15]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2000478354-682003330-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 03:15]
2010-03-10 c:\windows\Tasks\Norton Security Scan for User.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-11-04 15:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mStart Page = hxxp://fr.yahoo.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uSearchAssistant = hxxp://internetsearchservice.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nwf80hj4.default\
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 19:21
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2448)
c:\program files\Xfire\xfire_toucan_28888.dll
c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\SOUNDMAN.EXE
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Xfire\xfire.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Avira\AntiVir Desktop\update.exe
.
**************************************************************************
.
Heure de fin: 2010-03-12 19:27:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-12 18:27
ComboFix2.txt 2010-03-11 23:16
ComboFix3.txt 2010-03-10 12:32
Avant-CF: 83 176 677 376 octets libres
Après-CF: 82 857 349 120 octets libres
- - End Of File - - FDD45159D3F6B7CAC4D74F4C5742D4C0
Voila pour le scan antivirr :
Avira AntiVir Personal
Date de création du fichier de rapport : vendredi 12 mars 2010 22:37
La recherche porte sur 1849583 souches de virus.
Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 2) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : PROPRIETAIRE
Informations de version :
BUILD.DAT : 9.0.0.75 21698 Bytes 22/01/2010 23:14:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 30/10/2009 21:11:49
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 21:11:49
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 21:11:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:23:39
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:33:26
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 16:15:52
VBASE005.VDF : 7.10.4.204 2048 Bytes 05/03/2010 16:15:52
VBASE006.VDF : 7.10.4.205 2048 Bytes 05/03/2010 16:15:52
VBASE007.VDF : 7.10.4.206 2048 Bytes 05/03/2010 16:15:52
VBASE008.VDF : 7.10.4.207 2048 Bytes 05/03/2010 16:15:52
VBASE009.VDF : 7.10.4.208 2048 Bytes 05/03/2010 16:15:52
VBASE010.VDF : 7.10.4.209 2048 Bytes 05/03/2010 16:15:53
VBASE011.VDF : 7.10.4.210 2048 Bytes 05/03/2010 16:15:53
VBASE012.VDF : 7.10.4.211 2048 Bytes 05/03/2010 16:15:53
VBASE013.VDF : 7.10.4.242 153088 Bytes 08/03/2010 19:53:23
VBASE014.VDF : 7.10.5.17 99328 Bytes 10/03/2010 16:54:35
VBASE015.VDF : 7.10.5.44 107008 Bytes 11/03/2010 16:54:39
VBASE016.VDF : 7.10.5.45 2048 Bytes 11/03/2010 16:54:39
VBASE017.VDF : 7.10.5.46 2048 Bytes 11/03/2010 16:54:39
VBASE018.VDF : 7.10.5.47 2048 Bytes 11/03/2010 16:54:39
VBASE019.VDF : 7.10.5.48 2048 Bytes 11/03/2010 16:54:39
VBASE020.VDF : 7.10.5.49 2048 Bytes 11/03/2010 16:54:39
VBASE021.VDF : 7.10.5.50 2048 Bytes 11/03/2010 16:54:39
VBASE022.VDF : 7.10.5.51 2048 Bytes 11/03/2010 16:54:39
VBASE023.VDF : 7.10.5.52 2048 Bytes 11/03/2010 16:54:39
VBASE024.VDF : 7.10.5.53 2048 Bytes 11/03/2010 16:54:40
VBASE025.VDF : 7.10.5.54 2048 Bytes 11/03/2010 16:54:40
VBASE026.VDF : 7.10.5.55 2048 Bytes 11/03/2010 16:54:40
VBASE027.VDF : 7.10.5.56 2048 Bytes 11/03/2010 16:54:40
VBASE028.VDF : 7.10.5.57 2048 Bytes 11/03/2010 16:54:41
VBASE029.VDF : 7.10.5.58 2048 Bytes 11/03/2010 16:54:41
VBASE030.VDF : 7.10.5.59 2048 Bytes 11/03/2010 16:54:41
VBASE031.VDF : 7.10.5.66 92672 Bytes 12/03/2010 18:27:09
Version du moteur : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 05/01/2010 16:23:51
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 12/03/2010 16:55:00
AESCN.DLL : 8.1.5.0 127347 Bytes 12/03/2010 16:54:57
AESBX.DLL : 8.1.2.0 254323 Bytes 12/03/2010 16:55:00
AERDL.DLL : 8.1.4.2 479602 Bytes 08/02/2010 19:28:48
AEPACK.DLL : 8.2.1.0 426356 Bytes 12/03/2010 16:54:56
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 12/03/2010 16:54:55
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 12/03/2010 16:54:54
AEHELP.DLL : 8.1.10.1 237942 Bytes 12/03/2010 16:54:48
AEGEN.DLL : 8.1.2.0 373107 Bytes 12/03/2010 16:54:48
AEEMU.DLL : 8.1.1.0 393587 Bytes 15/10/2009 11:22:40
AECORE.DLL : 8.1.12.2 188790 Bytes 12/03/2010 16:54:45
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 15/10/2009 11:22:41
AVREP.DLL : 8.0.0.7 159784 Bytes 12/03/2010 16:55:01
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/10/2009 11:22:28
RCTEXT.DLL : 9.0.73.0 88321 Bytes 30/10/2009 21:11:47
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR,
Début de la recherche : vendredi 12 mars 2010 22:37
La recherche d'objets cachés commence.
'49831' objets ont été contrôlés, '0' objets cachés ont été trouvés.
La recherche sur les processus démarrés commence :
Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SSScheduler.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'skypePM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'xfire.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleCrashHandler.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Skype.exe' - '1' module(s) sont contrôlés
Processus de recherche 'steam.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'realplay.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LVComS.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AirCFG.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SOUNDMAN.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'Disk_Monitor.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TSVNCache.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrB.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'48' processus ont été contrôlés avec '48' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '61' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\'
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Documents and Settings\User\Mes documents\Mes téléchargements\vidalia-bundle_vidalia_bundle_0.2.1.19-0.1.15_francais_281296.exe.megamanager
[0] Type d'archive: NSIS
--> ProgramFilesDir/QtNetwork4.dll
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\enqexeg.sys.vir
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582232.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582240.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582253.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582259.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582275.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582282.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582289.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582297.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582309.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582319.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582439.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582440.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0582786.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0582793.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0584028.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Bredolab.AA.58
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0585251.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\WINDOWS\system32\drivers\eaglent.VIR
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\WINDOWS\system32\drivers\hamachi.VIR
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
Début de la désinfection :
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\enqexeg.sys.vir
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c0bdede.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582232.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea1.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582240.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea2.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582253.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ab92b0b.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582259.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ab3c233.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582275.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aba3343.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582282.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea3.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582289.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '48b22a54.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582297.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea4.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582309.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abd082d.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582319.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea6.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582439.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea7.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582440.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '484ed2e0.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0582786.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea8.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0582793.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea9.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0584028.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Bredolab.AA.58
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '48434fe2.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0585251.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '484247ba.qua' !
C:\WINDOWS\system32\drivers\eaglent.VIR
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c01deda.qua' !
C:\WINDOWS\system32\drivers\hamachi.VIR
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c07deda.qua' !
Fin de la recherche : samedi 13 mars 2010 01:38
Temps nécessaire: 2:59:44 Heure(s)
La recherche a été effectuée intégralement
19779 Les répertoires ont été contrôlés
333375 Des fichiers ont été contrôlés
19 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
19 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
333354 Fichiers non infectés
2288 Les archives ont été contrôlées
4 Avertissements
21 Consignes
49831 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés
Avira AntiVir Personal
Date de création du fichier de rapport : vendredi 12 mars 2010 22:37
La recherche porte sur 1849583 souches de virus.
Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 2) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : PROPRIETAIRE
Informations de version :
BUILD.DAT : 9.0.0.75 21698 Bytes 22/01/2010 23:14:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 30/10/2009 21:11:49
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 21:11:49
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 21:11:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:23:39
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:33:26
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 16:15:52
VBASE005.VDF : 7.10.4.204 2048 Bytes 05/03/2010 16:15:52
VBASE006.VDF : 7.10.4.205 2048 Bytes 05/03/2010 16:15:52
VBASE007.VDF : 7.10.4.206 2048 Bytes 05/03/2010 16:15:52
VBASE008.VDF : 7.10.4.207 2048 Bytes 05/03/2010 16:15:52
VBASE009.VDF : 7.10.4.208 2048 Bytes 05/03/2010 16:15:52
VBASE010.VDF : 7.10.4.209 2048 Bytes 05/03/2010 16:15:53
VBASE011.VDF : 7.10.4.210 2048 Bytes 05/03/2010 16:15:53
VBASE012.VDF : 7.10.4.211 2048 Bytes 05/03/2010 16:15:53
VBASE013.VDF : 7.10.4.242 153088 Bytes 08/03/2010 19:53:23
VBASE014.VDF : 7.10.5.17 99328 Bytes 10/03/2010 16:54:35
VBASE015.VDF : 7.10.5.44 107008 Bytes 11/03/2010 16:54:39
VBASE016.VDF : 7.10.5.45 2048 Bytes 11/03/2010 16:54:39
VBASE017.VDF : 7.10.5.46 2048 Bytes 11/03/2010 16:54:39
VBASE018.VDF : 7.10.5.47 2048 Bytes 11/03/2010 16:54:39
VBASE019.VDF : 7.10.5.48 2048 Bytes 11/03/2010 16:54:39
VBASE020.VDF : 7.10.5.49 2048 Bytes 11/03/2010 16:54:39
VBASE021.VDF : 7.10.5.50 2048 Bytes 11/03/2010 16:54:39
VBASE022.VDF : 7.10.5.51 2048 Bytes 11/03/2010 16:54:39
VBASE023.VDF : 7.10.5.52 2048 Bytes 11/03/2010 16:54:39
VBASE024.VDF : 7.10.5.53 2048 Bytes 11/03/2010 16:54:40
VBASE025.VDF : 7.10.5.54 2048 Bytes 11/03/2010 16:54:40
VBASE026.VDF : 7.10.5.55 2048 Bytes 11/03/2010 16:54:40
VBASE027.VDF : 7.10.5.56 2048 Bytes 11/03/2010 16:54:40
VBASE028.VDF : 7.10.5.57 2048 Bytes 11/03/2010 16:54:41
VBASE029.VDF : 7.10.5.58 2048 Bytes 11/03/2010 16:54:41
VBASE030.VDF : 7.10.5.59 2048 Bytes 11/03/2010 16:54:41
VBASE031.VDF : 7.10.5.66 92672 Bytes 12/03/2010 18:27:09
Version du moteur : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 05/01/2010 16:23:51
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 12/03/2010 16:55:00
AESCN.DLL : 8.1.5.0 127347 Bytes 12/03/2010 16:54:57
AESBX.DLL : 8.1.2.0 254323 Bytes 12/03/2010 16:55:00
AERDL.DLL : 8.1.4.2 479602 Bytes 08/02/2010 19:28:48
AEPACK.DLL : 8.2.1.0 426356 Bytes 12/03/2010 16:54:56
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 12/03/2010 16:54:55
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 12/03/2010 16:54:54
AEHELP.DLL : 8.1.10.1 237942 Bytes 12/03/2010 16:54:48
AEGEN.DLL : 8.1.2.0 373107 Bytes 12/03/2010 16:54:48
AEEMU.DLL : 8.1.1.0 393587 Bytes 15/10/2009 11:22:40
AECORE.DLL : 8.1.12.2 188790 Bytes 12/03/2010 16:54:45
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 15/10/2009 11:22:41
AVREP.DLL : 8.0.0.7 159784 Bytes 12/03/2010 16:55:01
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/10/2009 11:22:28
RCTEXT.DLL : 9.0.73.0 88321 Bytes 30/10/2009 21:11:47
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR,
Début de la recherche : vendredi 12 mars 2010 22:37
La recherche d'objets cachés commence.
'49831' objets ont été contrôlés, '0' objets cachés ont été trouvés.
La recherche sur les processus démarrés commence :
Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SSScheduler.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'skypePM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'xfire.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleCrashHandler.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Skype.exe' - '1' module(s) sont contrôlés
Processus de recherche 'steam.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'realplay.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LVComS.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AirCFG.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SOUNDMAN.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'Disk_Monitor.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TSVNCache.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrB.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'48' processus ont été contrôlés avec '48' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '61' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\'
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Documents and Settings\User\Mes documents\Mes téléchargements\vidalia-bundle_vidalia_bundle_0.2.1.19-0.1.15_francais_281296.exe.megamanager
[0] Type d'archive: NSIS
--> ProgramFilesDir/QtNetwork4.dll
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\enqexeg.sys.vir
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582232.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582240.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582253.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582259.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582275.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582282.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582289.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582297.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582309.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582319.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582439.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582440.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0582786.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0582793.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0584028.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Bredolab.AA.58
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0585251.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\WINDOWS\system32\drivers\eaglent.VIR
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
C:\WINDOWS\system32\drivers\hamachi.VIR
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
Début de la désinfection :
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\enqexeg.sys.vir
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c0bdede.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582232.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea1.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582240.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea2.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582253.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ab92b0b.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582259.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ab3c233.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582275.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aba3343.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582282.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea3.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582289.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '48b22a54.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582297.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea4.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582309.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abd082d.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582319.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea6.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582439.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea7.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP281\A0582440.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '484ed2e0.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0582786.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea8.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0582793.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcfdea9.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0584028.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Bredolab.AA.58
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '48434fe2.qua' !
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP283\A0585251.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '484247ba.qua' !
C:\WINDOWS\system32\drivers\eaglent.VIR
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c01deda.qua' !
C:\WINDOWS\system32\drivers\hamachi.VIR
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c07deda.qua' !
Fin de la recherche : samedi 13 mars 2010 01:38
Temps nécessaire: 2:59:44 Heure(s)
La recherche a été effectuée intégralement
19779 Les répertoires ont été contrôlés
333375 Des fichiers ont été contrôlés
19 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
19 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
333354 Fichiers non infectés
2288 Les archives ont été contrôlées
4 Avertissements
21 Consignes
49831 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés
re
~Télécharge CCleaner:
http://www.filehippo.com/download_ccleaner/
~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html
+++++++++++++++++++
Défragmente ton disque dur:
http://www.vulgarisation-informatique.com/defragmenter....
et dis moi si c'est mieux...
~Télécharge CCleaner:
http://www.filehippo.com/download_ccleaner/
~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html
+++++++++++++++++++
Défragmente ton disque dur:
http://www.vulgarisation-informatique.com/defragmenter....
et dis moi si c'est mieux...
RAPPORT DDS :
DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 22:39:54,85 on 14/03/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.394 [GMT 1:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Bureau\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mStart Page = hxxp://fr.yahoo.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uSearchAssistant = hxxp://internetsearchservice.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Disk Monitor] c:\program files\generic\usb card reader driver v1.9e3\Disk_Monitor.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe
mRun: [LVCOMS] c:\program files\fichiers communs\logitech\qcdriver2\LVCOMS.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MySight 2006 BS Check&Random] c:\program files\mysight 2006\quickbs.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\nwf80hj4.default\
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-9-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-26 56816]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2008-3-22 152576]
R3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-10-2 666624]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 XDva114;XDva114;\??\c:\windows\system32\xdva114.sys --> c:\windows\system32\XDva114.sys [?]
=============== Created Last 30 ================
2010-03-14 20:13:58 150 ----a-w- c:\windows\system32\spupdsvc.inf
2010-03-14 20:12:00 0 d-----w- c:\program files\CCleaner
2010-03-14 20:08:43 0 d-----w- c:\windows\ServicePackFiles
2010-03-12 19:15:58 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-03-12 19:15:56 0 d-----w- c:\program files\McAfee Security Scan
2010-03-12 18:07:11 286208 ----a-w- c:\windows\system32\SET111.tmp
2010-03-12 18:07:11 227840 ----a-w- c:\windows\system32\wbem\SET112.tmp
2010-03-12 18:07:10 473088 ----a-w- c:\windows\system32\wbem\SET114.tmp
2010-03-12 18:07:10 399360 ------w- c:\windows\system32\SET110.tmp
2010-03-12 18:07:09 453120 ----a-w- c:\windows\system32\wbem\SET113.tmp
2010-03-12 17:49:52 351232 ----a-w- c:\windows\system32\SET38.tmp
2010-03-12 17:49:40 1106944 ----a-w- c:\windows\system32\SET2E.tmp
2010-03-12 17:11:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-10 19:53:57 169 ----a-w- c:\windows\RtlRack.ini
2010-03-10 12:46:03 10 ----a-w- c:\windows\WININIT.INI
2010-03-10 12:12:26 0 d-sha-r- C:\cmdcons
2010-03-10 12:11:20 98816 ----a-w- c:\windows\sed.exe
2010-03-10 12:11:20 77312 ----a-w- c:\windows\MBR.exe
2010-03-10 12:11:20 261632 ----a-w- c:\windows\PEV.exe
2010-03-10 12:11:20 161792 ----a-w- c:\windows\SWREG.exe
2010-03-10 06:37:48 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-10 06:33:03 0 d-----w- c:\program files\Steam(3)
2010-03-10 06:06:16 0 d-----w- C:\32788R22FWJFW(2)
2010-03-10 00:13:18 1208 ----a-w- C:\FindyKill_Upload_Me_PROPRIETAIRE.zip
2010-03-09 21:34:18 0 d-----w- c:\docume~1\user\applic~1\Vidalia(2)
2010-03-09 20:26:45 0 d-----w- C:\FyK
2010-03-08 21:08:57 0 d-----w- c:\program files\alaplaya
==================== Find3M ====================
2010-03-14 20:24:22 588212 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-14 20:24:22 119774 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-12 16:02:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
============= FINISH: 22:40:42,57 ===============
DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 22:39:54,85 on 14/03/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.394 [GMT 1:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Bureau\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mStart Page = hxxp://fr.yahoo.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uSearchAssistant = hxxp://internetsearchservice.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Disk Monitor] c:\program files\generic\usb card reader driver v1.9e3\Disk_Monitor.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe
mRun: [LVCOMS] c:\program files\fichiers communs\logitech\qcdriver2\LVCOMS.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MySight 2006 BS Check&Random] c:\program files\mysight 2006\quickbs.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\nwf80hj4.default\
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-9-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-26 56816]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2008-3-22 152576]
R3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-10-2 666624]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 XDva114;XDva114;\??\c:\windows\system32\xdva114.sys --> c:\windows\system32\XDva114.sys [?]
=============== Created Last 30 ================
2010-03-14 20:13:58 150 ----a-w- c:\windows\system32\spupdsvc.inf
2010-03-14 20:12:00 0 d-----w- c:\program files\CCleaner
2010-03-14 20:08:43 0 d-----w- c:\windows\ServicePackFiles
2010-03-12 19:15:58 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-03-12 19:15:56 0 d-----w- c:\program files\McAfee Security Scan
2010-03-12 18:07:11 286208 ----a-w- c:\windows\system32\SET111.tmp
2010-03-12 18:07:11 227840 ----a-w- c:\windows\system32\wbem\SET112.tmp
2010-03-12 18:07:10 473088 ----a-w- c:\windows\system32\wbem\SET114.tmp
2010-03-12 18:07:10 399360 ------w- c:\windows\system32\SET110.tmp
2010-03-12 18:07:09 453120 ----a-w- c:\windows\system32\wbem\SET113.tmp
2010-03-12 17:49:52 351232 ----a-w- c:\windows\system32\SET38.tmp
2010-03-12 17:49:40 1106944 ----a-w- c:\windows\system32\SET2E.tmp
2010-03-12 17:11:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-10 19:53:57 169 ----a-w- c:\windows\RtlRack.ini
2010-03-10 12:46:03 10 ----a-w- c:\windows\WININIT.INI
2010-03-10 12:12:26 0 d-sha-r- C:\cmdcons
2010-03-10 12:11:20 98816 ----a-w- c:\windows\sed.exe
2010-03-10 12:11:20 77312 ----a-w- c:\windows\MBR.exe
2010-03-10 12:11:20 261632 ----a-w- c:\windows\PEV.exe
2010-03-10 12:11:20 161792 ----a-w- c:\windows\SWREG.exe
2010-03-10 06:37:48 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-10 06:33:03 0 d-----w- c:\program files\Steam(3)
2010-03-10 06:06:16 0 d-----w- C:\32788R22FWJFW(2)
2010-03-10 00:13:18 1208 ----a-w- C:\FindyKill_Upload_Me_PROPRIETAIRE.zip
2010-03-09 21:34:18 0 d-----w- c:\docume~1\user\applic~1\Vidalia(2)
2010-03-09 20:26:45 0 d-----w- C:\FyK
2010-03-08 21:08:57 0 d-----w- c:\program files\alaplaya
==================== Find3M ====================
2010-03-14 20:24:22 588212 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-14 20:24:22 119774 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-12 16:02:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
============= FINISH: 22:40:42,57 ===============
NOUVEAU SCAN COMBOFIX :
ComboFix 10-03-14.06 - User 15/03/2010 18:23:31.5.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.855 [GMT 1:00]
Lancé depuis: c:\documents and settings\User\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-15 au 2010-03-15 ))))))))))))))))))))))))))))))))))))
.
2010-03-14 20:16 . 2010-03-14 20:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-03-14 20:12 . 2010-03-14 20:12 -------- d-----w- c:\program files\CCleaner
2010-03-14 20:08 . 2010-03-14 20:08 -------- d-----w- c:\windows\ServicePackFiles
2010-03-13 00:15 . 2010-03-13 00:15 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-03-12 19:15 . 2010-03-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-03-12 19:15 . 2010-03-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-12 19:15 . 2010-03-14 20:15 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-12 17:11 . 2010-03-12 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-10 19:54 . 2010-03-10 19:54 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\WMTools Downloaded Files
2010-03-10 06:39 . 2010-03-10 06:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-03-10 06:37 . 2010-03-10 06:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 06:33 . 2010-03-10 06:33 -------- d-----w- c:\program files\Steam(3)
2010-03-10 06:06 . 2010-03-10 06:18 -------- d-----w- C:\32788R22FWJFW(2)
2010-03-10 00:13 . 2010-03-10 00:13 1208 ----a-w- C:\FindyKill_Upload_Me_PROPRIETAIRE.zip
2010-03-09 21:34 . 2010-03-10 06:14 -------- d-----w- c:\documents and settings\User\Application Data\Vidalia(2)
2010-03-09 20:26 . 2010-03-10 06:18 -------- d-----w- C:\FyK
2010-03-08 21:08 . 2010-03-08 21:08 -------- d-----w- c:\program files\alaplaya
2010-03-05 15:43 . 2010-03-10 06:32 -------- d-s---w- c:\documents and settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 17:21 . 2009-12-31 20:05 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-03-15 16:30 . 2009-10-27 19:21 -------- d-----w- c:\program files\Steam
2010-03-15 16:25 . 2009-12-31 20:12 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-03-15 06:22 . 2004-08-05 12:00 588212 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-15 06:22 . 2004-08-05 12:00 119774 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-14 20:19 . 2009-09-26 16:18 -------- d-----w- c:\documents and settings\User\Application Data\Azureus
2010-03-12 17:44 . 2008-06-06 22:37 -------- d-----w- c:\program files\Alwil Software
2010-03-12 16:02 . 2010-01-31 21:36 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-10 06:36 . 2009-08-23 16:06 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-03-10 06:18 . 2008-03-22 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:18 . 2008-10-26 19:33 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2010-03-08 21:08 . 2008-03-22 10:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-02-25 02:23 . 2009-09-16 17:31 -------- d-----w- c:\documents and settings\User\Application Data\codeblocks
2010-02-09 17:30 . 2010-02-09 17:20 -------- d-----w- c:\documents and settings\User\Application Data\Fantasy Grounds II
2010-02-09 17:22 . 2010-02-09 17:20 -------- d-----w- c:\program files\Fantasy Grounds II
2010-02-08 17:28 . 2010-02-08 17:28 -------- d-----w- c:\documents and settings\Leeroy\Application Data\Subversion
2010-02-08 17:26 . 2009-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-08 17:26 . 2009-09-26 16:17 -------- d-----w- c:\program files\Vuze
2010-02-08 17:24 . 2008-05-23 12:29 -------- d-----w- c:\program files\Slayers Online
2010-02-08 17:23 . 2008-11-27 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2010-02-08 17:23 . 2009-01-25 21:12 -------- d-----w- c:\program files\PC Alarm Clock
2010-02-08 17:22 . 2008-03-22 14:27 -------- d-----w- c:\program files\Opera
2010-02-08 17:17 . 2010-02-08 17:17 -------- d-----w- c:\documents and settings\Leeroy\Application Data\ItsLabel
2010-02-08 16:19 . 2009-06-05 18:07 -------- d-----w- c:\documents and settings\User\Application Data\Hamachi
2010-02-07 20:28 . 2010-02-07 20:28 -------- d-----w- c:\program files\JeffProd
2010-01-31 21:29 . 2010-01-31 21:29 -------- d-----w- c:\program files\VUGames
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\documents and settings\User\Application Data\Megaupload
2010-01-29 17:59 . 2010-01-29 17:59 -------- d-----w- c:\program files\Megaupload
2010-01-27 18:54 . 2010-01-27 18:48 -------- d-----w- c:\program files\Google
2010-01-05 09:56 . 2004-08-05 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 20:12 . 2009-12-31 20:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-31 16:14 . 2004-08-05 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:59 . 2003-01-01 18:41 347648 ----a-w- c:\windows\system32\mspaint.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-03-10_12.25.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-15 16:24 . 2010-03-15 16:24 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2007-07-30 18:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 50176 c:\windows\system32\utilman.exe
+ 2004-08-05 12:00 . 2006-10-04 13:32 50176 c:\windows\system32\utilman.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 36864 c:\windows\system32\umandlg.dll
+ 2004-08-05 12:00 . 2006-10-04 13:38 36864 c:\windows\system32\umandlg.dll
+ 2007-11-13 11:31 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2004-08-05 12:00 . 2009-06-15 11:33 78848 c:\windows\system32\telnet.exe
- 2008-03-22 10:52 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2008-03-22 10:52 . 2008-07-09 07:40 26488 c:\windows\system32\spupdsvc.exe
+ 2008-03-22 10:52 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll
+ 2010-03-10 12:36 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-03-10 12:36 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-05 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2004-08-05 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 69632 c:\windows\system32\raschap.dll
+ 2004-08-05 12:00 . 2009-10-12 13:52 69632 c:\windows\system32\raschap.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 44544 c:\windows\system32\pngfilt.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-05 12:00 . 2010-03-15 06:22 98176 c:\windows\system32\perfc009.dat
+ 2004-08-05 12:00 . 2006-10-04 13:32 55296 c:\windows\system32\narrator.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 55296 c:\windows\system32\narrator.exe
+ 2003-01-01 18:41 . 2008-06-12 14:18 91648 c:\windows\system32\mtxoci.dll
- 2004-08-05 12:00 . 2006-03-01 19:43 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-05 12:00 . 2008-06-12 14:18 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:54 . 2009-11-27 17:34 17920 c:\windows\system32\msyuv.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 11264 c:\windows\system32\msrle32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 11264 c:\windows\system32\msrle32.dll
+ 2007-08-13 17:54 . 2010-01-05 09:56 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 17:54 . 2008-08-26 08:11 52224 c:\windows\system32\msfeedsbs.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 58880 c:\windows\system32\msdtclog.dll
- 2003-01-01 18:41 . 2004-08-05 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-05 12:00 . 2009-09-04 20:46 58880 c:\windows\system32\msasn1.dll
+ 2004-08-05 12:00 . 2006-10-04 13:32 73216 c:\windows\system32\magnify.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 73216 c:\windows\system32\magnify.exe
- 2008-03-22 17:37 . 2009-10-15 16:37 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-03-22 17:37 . 2010-03-12 19:23 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:54 . 2009-11-27 16:38 48128 c:\windows\system32\iyuv_32.dll
+ 2007-08-13 17:39 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 17:39 . 2008-08-25 08:38 13824 c:\windows\system32\ieudinit.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 44544 c:\windows\system32\iernonce.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 44544 c:\windows\system32\iernonce.dll
- 2004-08-05 12:00 . 2008-08-25 08:39 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-05 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 17:36 . 2010-01-05 09:56 63488 c:\windows\system32\icardie.dll
- 2007-08-13 17:36 . 2008-08-26 08:11 63488 c:\windows\system32\icardie.dll
+ 2004-08-05 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
+ 2004-08-05 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2003-01-01 18:43 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-05 12:00 . 2006-10-04 13:32 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 50176 c:\windows\system32\dllcache\utilman.exe
+ 2004-08-05 12:00 . 2006-10-04 13:38 36864 c:\windows\system32\dllcache\umandlg.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 36864 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-05 12:00 . 2009-06-15 11:33 78848 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-05 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-05 12:00 . 2009-10-12 13:52 69632 c:\windows\system32\dllcache\raschap.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 69632 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 55296 c:\windows\system32\dllcache\narrator.exe
+ 2004-08-05 12:00 . 2006-10-04 13:32 55296 c:\windows\system32\dllcache\narrator.exe
+ 2003-01-01 18:41 . 2008-06-12 14:18 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-05 12:00 . 2008-06-12 14:18 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-05 12:00 . 2006-03-01 19:43 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:34 . 2009-11-27 17:34 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 11264 c:\windows\system32\dllcache\msrle32.dll
- 2008-03-22 11:14 . 2008-08-26 08:11 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-03-22 11:14 . 2010-01-05 09:56 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2003-01-01 18:41 . 2004-08-05 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-05 12:00 . 2009-09-04 20:46 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-05 12:00 . 2006-10-04 13:32 73216 c:\windows\system32\dllcache\magnify.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 73216 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-05 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
- 2004-08-05 12:00 . 2008-08-26 08:11 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2008-03-22 11:14 . 2008-08-25 08:38 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-03-22 11:14 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-05 12:00 . 2007-08-13 17:45 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-05 12:00 . 2008-08-25 08:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-05 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-03-22 11:14 . 2008-08-26 08:11 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-03-22 11:14 . 2010-01-05 09:56 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-05 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-05 12:00 . 2009-12-14 07:36 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 85504 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-05 12:00 . 2009-07-17 18:56 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-05 12:00 . 2009-12-14 07:36 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 85504 c:\windows\system32\avifil32.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 85504 c:\windows\system32\avifil32.dll
+ 2004-08-05 12:00 . 2009-07-17 18:56 58880 c:\windows\system32\atl.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 58880 c:\windows\system32\atl.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-03-15 06:21 . 2008-08-25 08:38 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-03-15 06:21 . 2007-08-13 17:45 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-03-15 06:21 . 2008-08-25 08:39 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-03-15 06:21 . 2004-08-05 12:00 35328 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-11-27 17:34 . 2009-11-27 17:34 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\7017fa47ad602432f99b091803297dfb\WiaProxy32.ni.exe
+ 2010-03-14 20:30 . 2010-03-14 20:30 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-03-14 20:26 . 2010-03-14 20:26 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-03-14 20:26 . 2010-03-14 20:26 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\9482548fd51d13f6fa8655346409e6f1\PaintDotNet.StylusReader.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\3567e9f972165d48ab1ca52739705122\Interop.WIA.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-03-15 06:38 . 2010-03-15 06:38 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\DdsFileType\764d2a3b43bd801aaf7f00fbb26dd84f\DdsFileType.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-23 17:47 . 2009-11-27 16:38 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-05-09 18:53 . 2009-05-09 18:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-05-09 18:53 . 2009-05-09 18:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2006-10-16 10:40 . 2009-04-15 09:56 370176 c:\windows\system32\xpsp3res.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-05 12:00 . 2009-04-03 11:15 485376 c:\windows\system32\wmspdmod.dll
+ 2004-08-05 12:00 . 2009-07-13 01:18 233472 c:\windows\system32\wmpdxm.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-05 12:00 . 2009-06-10 06:30 132096 c:\windows\system32\wkssvc.dll
- 2004-08-05 12:00 . 2006-08-17 12:29 132096 c:\windows\system32\wkssvc.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-05 12:00 . 2008-12-16 12:49 351232 c:\windows\system32\winhttp.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 233472 c:\windows\system32\webcheck.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 233472 c:\windows\system32\webcheck.dll
+ 2003-01-01 18:41 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2003-01-01 18:41 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2003-01-01 18:41 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 105984 c:\windows\system32\url.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 105984 c:\windows\system32\url.dll
+ 2004-08-05 12:00 . 2009-10-15 21:51 119808 c:\windows\system32\t2embed.dll
+ 2004-08-05 12:00 . 2009-08-26 08:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-05 12:00 . 2009-12-08 09:12 474624 c:\windows\system32\shlwapi.dll
- 2004-08-05 12:00 . 2007-12-07 01:07 474624 c:\windows\system32\shlwapi.dll
+ 2004-08-05 12:00 . 2009-02-09 10:08 111104 c:\windows\system32\services.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
- 2004-08-05 12:00 . 2007-07-09 13:11 584192 c:\windows\system32\rpcrt4.dll
+ 2004-08-05 12:00 . 2009-04-15 15:17 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 113152 c:\windows\system32\rastls.dll
+ 2004-08-05 12:00 . 2009-10-12 13:52 113152 c:\windows\system32\rastls.dll
+ 2004-08-05 12:00 . 2010-03-15 06:22 508810 c:\windows\system32\perfh009.dat
- 2004-08-05 12:00 . 2004-08-05 12:00 286208 c:\windows\system32\pdh.dll
+ 2004-08-05 12:00 . 2009-03-06 14:46 286208 c:\windows\system32\pdh.dll
+ 2004-08-05 12:00 . 2006-10-04 13:32 216576 c:\windows\system32\osk.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 216576 c:\windows\system32\osk.exe
+ 2004-08-05 12:00 . 2010-01-05 09:56 102912 c:\windows\system32\occache.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 102912 c:\windows\system32\occache.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 267776 c:\windows\system32\oakley.dll
+ 2004-08-05 12:00 . 2009-10-13 10:52 267776 c:\windows\system32\oakley.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 739840 c:\windows\system32\ntdll.dll
+ 2008-03-22 15:30 . 2009-08-06 18:23 215920 c:\windows\system32\muweb.dll
+ 2008-03-22 15:30 . 2009-08-06 18:23 274288 c:\windows\system32\mucltui.dll
+ 2004-08-05 12:00 . 2009-08-05 09:06 205312 c:\windows\system32\mswebdvd.dll
+ 2004-08-05 12:00 . 2009-09-11 14:34 133632 c:\windows\system32\msv1_0.dll
+ 2003-01-01 18:41 . 2009-06-05 07:46 655872 c:\windows\system32\mstscax.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 671232 c:\windows\system32\mstime.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 671232 c:\windows\system32\mstime.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 193024 c:\windows\system32\msrating.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 193024 c:\windows\system32\msrating.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 477696 c:\windows\system32\mshtmled.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 17:54 . 2008-08-26 08:11 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54 . 2010-01-05 09:56 459264 c:\windows\system32\msfeeds.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 161792 c:\windows\system32\msdtcuiu.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 956928 c:\windows\system32\msdtctm.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 428032 c:\windows\system32\msdtcprx.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 731136 c:\windows\system32\lsasrv.dll
+ 2004-08-05 12:00 . 2008-06-10 00:31 103936 c:\windows\system32\logagent.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 103936 c:\windows\system32\logagent.exe
+ 2004-08-05 12:00 . 2009-05-07 15:43 347136 c:\windows\system32\localspl.dll
+ 2004-08-05 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
+ 2004-08-05 12:00 . 2009-08-13 15:20 512000 c:\windows\system32\jscript.dll
+ 2007-08-13 17:34 . 2010-01-05 09:56 268288 c:\windows\system32\iertutil.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 192512 c:\windows\system32\iepeers.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 11:27 . 2010-01-05 09:56 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-05 12:00 . 2008-08-23 05:54 161792 c:\windows\system32\ieakui.dll
+ 2004-08-05 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 230400 c:\windows\system32\ieaksie.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 230400 c:\windows\system32\ieaksie.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-05 12:00 . 2008-10-23 13:00 283648 c:\windows\system32\gdi32.dll
+ 2003-01-01 19:32 . 2010-03-15 07:00 152384 c:\windows\system32\FNTCACHE.DAT
- 2003-01-01 19:32 . 2009-11-10 21:31 152384 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-05 12:00 . 2010-01-05 09:56 133120 c:\windows\system32\extmgr.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 133120 c:\windows\system32\extmgr.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 214528 c:\windows\system32\dxtrans.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-05 12:00 . 2009-12-04 14:41 453760 c:\windows\system32\drivers\mrxsmb.sys
+ 2003-01-01 18:43 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2003-01-01 18:41 . 2008-04-21 21:27 219136 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-05 12:00 . 2009-04-03 11:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-05 12:00 . 2009-07-13 01:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2003-01-01 18:41 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2003-01-01 18:41 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-05 12:00 . 2009-06-10 06:30 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-05 12:00 . 2006-08-17 12:29 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-05 12:00 . 2008-12-16 12:49 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 105984 c:\windows\system32\dllcache\url.dll
+ 2003-01-01 18:42 . 2009-06-21 22:06 153088 c:\windows\system32\dllcache\triedit.dll
- 2003-01-01 18:42 . 2004-08-05 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-05 12:00 . 2009-10-15 21:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-05 12:00 . 2009-08-26 08:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-05 12:00 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
- 2004-08-05 12:00 . 2007-12-07 01:07 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-05 12:00 . 2009-12-08 09:12 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-05 12:00 . 2009-02-09 10:08 111104 c:\windows\system32\dllcache\services.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
- 2004-08-05 12:00 . 2007-07-09 13:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-05 12:00 . 2009-04-15 15:17 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-05 12:00 . 2009-10-12 13:52 113152 c:\windows\system32\dllcache\rastls.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 113152 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-05 12:00 . 2009-03-06 14:46 286208 c:\windows\system32\dllcache\pdh.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 286208 c:\windows\system32\dllcache\pdh.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 216576 c:\windows\system32\dllcache\osk.exe
+ 2004-08-05 12:00 . 2006-10-04 13:32 216576 c:\windows\system32\dllcache\osk.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 267776 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-05 12:00 . 2009-10-13 10:52 267776 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 739840 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-05 12:00 . 2009-08-05 09:06 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-05 12:00 . 2009-09-11 14:34 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2003-01-01 18:41 . 2009-06-05 07:46 655872 c:\windows\system32\dllcache\mstscax.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 193024 c:\windows\system32\dllcache\msrating.dll
- 2003-01-01 18:41 . 2004-08-05 12:00 347648 c:\windows\system32\dllcache\mspaint.exe
+ 2003-01-01 18:41 . 2009-12-17 07:59 347648 c:\windows\system32\dllcache\mspaint.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-03-22 11:14 . 2008-08-26 08:11 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-03-22 11:14 . 2010-01-05 09:56 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-05-05 09:41 . 2009-12-04 14:41 453760 c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-05 12:00 . 2009-06-25 08:44 731136 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 103936 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-05 12:00 . 2008-06-10 00:31 103936 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-05 12:00 . 2009-05-07 15:43 347136 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-05 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2004-08-05 12:00 . 2009-08-13 15:20 512000 c:\windows\system32\dllcache\jscript.dll
+ 2003-01-01 18:42 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2008-03-22 11:14 . 2010-01-05 09:56 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-03-22 11:14 . 2010-01-05 09:56 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-05 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-05 12:00 . 2008-08-23 05:54 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-05 12:00 . 2008-10-23 13:00 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2003-01-01 18:41 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 685056 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 685056 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-05 12:00 . 2009-11-21 16:42 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 124928 c:\windows\system32\advpack.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 124928 c:\windows\system32\advpack.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 685056 c:\windows\system32\advapi32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 685056 c:\windows\system32\advapi32.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 09:17 . 2008-07-25 09:17 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-03-14 20:21 . 2010-03-14 20:21 969728 c:\windows\Installer\5d9fe.msi
+ 2008-12-13 08:58 . 2008-12-13 08:58 754688 c:\windows\Installer\5d9f7.msp
+ 2009-03-20 10:48 . 2009-03-20 10:48 183808 c:\windows\Installer\5d9ca.msp
+ 2010-03-14 20:08 . 2010-03-14 20:08 195584 c:\windows\Installer\5d9c1.msi
+ 2010-03-15 06:21 . 2008-08-26 08:11 826368 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-03-15 06:21 . 2009-05-26 11:40 406392 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-03-15 06:21 . 2009-05-26 11:40 234872 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-03-15 06:21 . 2008-08-23 05:56 635848 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 267776 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-03-15 06:21 . 2007-08-13 17:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 384512 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 383488 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-03-15 06:21 . 2008-08-23 05:54 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2006-05-05 09:41 . 2009-12-04 14:41 453760 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-03-15 06:38 . 2010-03-15 06:38 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-03-14 20:30 . 2010-03-14 20:30 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-03-14 20:30 . 2010-03-14 20:30 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-03-14 20:30 . 2010-03-14 20:30 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-03-14 21:28 . 2010-03-14 21:28 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-03-14 20:29 . 2010-03-14 20:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-03-15 06:38 . 2010-03-15 06:38 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-03-14 20:28 . 2010-03-14 20:28 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-03-14 20:28 . 2010-03-14 20:28 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-03-14 20:28 . 2010-03-14 20:28 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-03-14 20:28 . 2010-03-14 20:28 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 601088 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\41989cec6b76b6e18fdced171a92d751\PaintDotNet.SystemLayer.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\f4f68305f1a654f0545f7cf5ec37a621\PaintDotNet.Resources.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 643072 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\aad2e51f7ef171d947163604cb8b07d9\PaintDotNet.Effects.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 695808 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\30b027ce2d75183df3ab9a21f5cfbb12\PaintDotNet.Data.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 227328 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\e2e8e0771e5eaa4f0eacf5e73592d689\PaintDotNet.Base.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-03-15 06:38 . 2010-03-15 06:38 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 504320 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\233ce4fa12a27fe43b42d3956043df75\ICSharpCode.SharpZipLib.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-03-15 06:37 . 2010-03-15 06:37 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-03-15 06:38 . 2010-03-15 06:38 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-03-14 20:20 . 2010-03-14 20:20 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2009-05-09 18:58 . 2009-05-09 18:58 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-03-14 20:20 . 2010-03-14 20:20 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-05-09 18:58 . 2009-05-09 18:58 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-03-14 20:20 . 2010-03-14 20:20 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-03-14 20:20 . 2010-03-14 20:20 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2009-05-09 18:58 . 2009-05-09 18:58 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b0
ComboFix 10-03-14.06 - User 15/03/2010 18:23:31.5.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.855 [GMT 1:00]
Lancé depuis: c:\documents and settings\User\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-15 au 2010-03-15 ))))))))))))))))))))))))))))))))))))
.
2010-03-14 20:16 . 2010-03-14 20:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-03-14 20:12 . 2010-03-14 20:12 -------- d-----w- c:\program files\CCleaner
2010-03-14 20:08 . 2010-03-14 20:08 -------- d-----w- c:\windows\ServicePackFiles
2010-03-13 00:15 . 2010-03-13 00:15 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-03-12 19:15 . 2010-03-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-03-12 19:15 . 2010-03-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-12 19:15 . 2010-03-14 20:15 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-12 17:11 . 2010-03-12 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-10 19:54 . 2010-03-10 19:54 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\WMTools Downloaded Files
2010-03-10 06:39 . 2010-03-10 06:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-03-10 06:37 . 2010-03-10 06:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 06:33 . 2010-03-10 06:33 -------- d-----w- c:\program files\Steam(3)
2010-03-10 06:06 . 2010-03-10 06:18 -------- d-----w- C:\32788R22FWJFW(2)
2010-03-10 00:13 . 2010-03-10 00:13 1208 ----a-w- C:\FindyKill_Upload_Me_PROPRIETAIRE.zip
2010-03-09 21:34 . 2010-03-10 06:14 -------- d-----w- c:\documents and settings\User\Application Data\Vidalia(2)
2010-03-09 20:26 . 2010-03-10 06:18 -------- d-----w- C:\FyK
2010-03-08 21:08 . 2010-03-08 21:08 -------- d-----w- c:\program files\alaplaya
2010-03-05 15:43 . 2010-03-10 06:32 -------- d-s---w- c:\documents and settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 17:21 . 2009-12-31 20:05 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-03-15 16:30 . 2009-10-27 19:21 -------- d-----w- c:\program files\Steam
2010-03-15 16:25 . 2009-12-31 20:12 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-03-15 06:22 . 2004-08-05 12:00 588212 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-15 06:22 . 2004-08-05 12:00 119774 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-14 20:19 . 2009-09-26 16:18 -------- d-----w- c:\documents and settings\User\Application Data\Azureus
2010-03-12 17:44 . 2008-06-06 22:37 -------- d-----w- c:\program files\Alwil Software
2010-03-12 16:02 . 2010-01-31 21:36 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-10 06:36 . 2009-08-23 16:06 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-03-10 06:18 . 2008-03-22 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:18 . 2008-10-26 19:33 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2010-03-08 21:08 . 2008-03-22 10:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-02-25 02:23 . 2009-09-16 17:31 -------- d-----w- c:\documents and settings\User\Application Data\codeblocks
2010-02-09 17:30 . 2010-02-09 17:20 -------- d-----w- c:\documents and settings\User\Application Data\Fantasy Grounds II
2010-02-09 17:22 . 2010-02-09 17:20 -------- d-----w- c:\program files\Fantasy Grounds II
2010-02-08 17:28 . 2010-02-08 17:28 -------- d-----w- c:\documents and settings\Leeroy\Application Data\Subversion
2010-02-08 17:26 . 2009-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-08 17:26 . 2009-09-26 16:17 -------- d-----w- c:\program files\Vuze
2010-02-08 17:24 . 2008-05-23 12:29 -------- d-----w- c:\program files\Slayers Online
2010-02-08 17:23 . 2008-11-27 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2010-02-08 17:23 . 2009-01-25 21:12 -------- d-----w- c:\program files\PC Alarm Clock
2010-02-08 17:22 . 2008-03-22 14:27 -------- d-----w- c:\program files\Opera
2010-02-08 17:17 . 2010-02-08 17:17 -------- d-----w- c:\documents and settings\Leeroy\Application Data\ItsLabel
2010-02-08 16:19 . 2009-06-05 18:07 -------- d-----w- c:\documents and settings\User\Application Data\Hamachi
2010-02-07 20:28 . 2010-02-07 20:28 -------- d-----w- c:\program files\JeffProd
2010-01-31 21:29 . 2010-01-31 21:29 -------- d-----w- c:\program files\VUGames
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\documents and settings\User\Application Data\Megaupload
2010-01-29 17:59 . 2010-01-29 17:59 -------- d-----w- c:\program files\Megaupload
2010-01-27 18:54 . 2010-01-27 18:48 -------- d-----w- c:\program files\Google
2010-01-05 09:56 . 2004-08-05 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 20:12 . 2009-12-31 20:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-31 16:14 . 2004-08-05 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:59 . 2003-01-01 18:41 347648 ----a-w- c:\windows\system32\mspaint.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-03-10_12.25.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-15 16:24 . 2010-03-15 16:24 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2007-07-30 18:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 50176 c:\windows\system32\utilman.exe
+ 2004-08-05 12:00 . 2006-10-04 13:32 50176 c:\windows\system32\utilman.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 36864 c:\windows\system32\umandlg.dll
+ 2004-08-05 12:00 . 2006-10-04 13:38 36864 c:\windows\system32\umandlg.dll
+ 2007-11-13 11:31 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2004-08-05 12:00 . 2009-06-15 11:33 78848 c:\windows\system32\telnet.exe
- 2008-03-22 10:52 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2008-03-22 10:52 . 2008-07-09 07:40 26488 c:\windows\system32\spupdsvc.exe
+ 2008-03-22 10:52 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll
+ 2010-03-10 12:36 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-03-10 12:36 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-05 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2004-08-05 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 69632 c:\windows\system32\raschap.dll
+ 2004-08-05 12:00 . 2009-10-12 13:52 69632 c:\windows\system32\raschap.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 44544 c:\windows\system32\pngfilt.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-05 12:00 . 2010-03-15 06:22 98176 c:\windows\system32\perfc009.dat
+ 2004-08-05 12:00 . 2006-10-04 13:32 55296 c:\windows\system32\narrator.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 55296 c:\windows\system32\narrator.exe
+ 2003-01-01 18:41 . 2008-06-12 14:18 91648 c:\windows\system32\mtxoci.dll
- 2004-08-05 12:00 . 2006-03-01 19:43 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-05 12:00 . 2008-06-12 14:18 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:54 . 2009-11-27 17:34 17920 c:\windows\system32\msyuv.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 11264 c:\windows\system32\msrle32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 11264 c:\windows\system32\msrle32.dll
+ 2007-08-13 17:54 . 2010-01-05 09:56 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 17:54 . 2008-08-26 08:11 52224 c:\windows\system32\msfeedsbs.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 58880 c:\windows\system32\msdtclog.dll
- 2003-01-01 18:41 . 2004-08-05 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-05 12:00 . 2009-09-04 20:46 58880 c:\windows\system32\msasn1.dll
+ 2004-08-05 12:00 . 2006-10-04 13:32 73216 c:\windows\system32\magnify.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 73216 c:\windows\system32\magnify.exe
- 2008-03-22 17:37 . 2009-10-15 16:37 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-03-22 17:37 . 2010-03-12 19:23 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:54 . 2009-11-27 16:38 48128 c:\windows\system32\iyuv_32.dll
+ 2007-08-13 17:39 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 17:39 . 2008-08-25 08:38 13824 c:\windows\system32\ieudinit.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 44544 c:\windows\system32\iernonce.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 44544 c:\windows\system32\iernonce.dll
- 2004-08-05 12:00 . 2008-08-25 08:39 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-05 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 17:36 . 2010-01-05 09:56 63488 c:\windows\system32\icardie.dll
- 2007-08-13 17:36 . 2008-08-26 08:11 63488 c:\windows\system32\icardie.dll
+ 2004-08-05 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
+ 2004-08-05 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2003-01-01 18:43 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-05 12:00 . 2006-10-04 13:32 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 50176 c:\windows\system32\dllcache\utilman.exe
+ 2004-08-05 12:00 . 2006-10-04 13:38 36864 c:\windows\system32\dllcache\umandlg.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 36864 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-05 12:00 . 2009-06-15 11:33 78848 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-05 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-05 12:00 . 2009-10-12 13:52 69632 c:\windows\system32\dllcache\raschap.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 69632 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 55296 c:\windows\system32\dllcache\narrator.exe
+ 2004-08-05 12:00 . 2006-10-04 13:32 55296 c:\windows\system32\dllcache\narrator.exe
+ 2003-01-01 18:41 . 2008-06-12 14:18 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-05 12:00 . 2008-06-12 14:18 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-05 12:00 . 2006-03-01 19:43 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:34 . 2009-11-27 17:34 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 11264 c:\windows\system32\dllcache\msrle32.dll
- 2008-03-22 11:14 . 2008-08-26 08:11 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-03-22 11:14 . 2010-01-05 09:56 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2003-01-01 18:41 . 2004-08-05 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-05 12:00 . 2009-09-04 20:46 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-05 12:00 . 2006-10-04 13:32 73216 c:\windows\system32\dllcache\magnify.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 73216 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-05 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
- 2004-08-05 12:00 . 2008-08-26 08:11 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2008-03-22 11:14 . 2008-08-25 08:38 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-03-22 11:14 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-05 12:00 . 2007-08-13 17:45 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-05 12:00 . 2008-08-25 08:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-05 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-03-22 11:14 . 2008-08-26 08:11 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-03-22 11:14 . 2010-01-05 09:56 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-05 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-05 12:00 . 2009-12-14 07:36 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 85504 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-05 12:00 . 2009-07-17 18:56 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-05 12:00 . 2009-12-14 07:36 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-05 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 85504 c:\windows\system32\avifil32.dll
+ 2004-08-05 12:00 . 2009-11-27 16:38 85504 c:\windows\system32\avifil32.dll
+ 2004-08-05 12:00 . 2009-07-17 18:56 58880 c:\windows\system32\atl.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 58880 c:\windows\system32\atl.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-03-15 06:21 . 2008-08-25 08:38 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-03-15 06:21 . 2007-08-13 17:45 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-03-15 06:21 . 2008-08-25 08:39 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-03-15 06:21 . 2004-08-05 12:00 35328 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-11-27 17:34 . 2009-11-27 17:34 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\7017fa47ad602432f99b091803297dfb\WiaProxy32.ni.exe
+ 2010-03-14 20:30 . 2010-03-14 20:30 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-03-14 20:26 . 2010-03-14 20:26 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-03-14 20:26 . 2010-03-14 20:26 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\9482548fd51d13f6fa8655346409e6f1\PaintDotNet.StylusReader.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\3567e9f972165d48ab1ca52739705122\Interop.WIA.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-03-15 06:38 . 2010-03-15 06:38 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\DdsFileType\764d2a3b43bd801aaf7f00fbb26dd84f\DdsFileType.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-23 17:47 . 2009-11-27 16:38 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-05-09 18:53 . 2009-05-09 18:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-05-09 18:53 . 2009-05-09 18:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2006-10-16 10:40 . 2009-04-15 09:56 370176 c:\windows\system32\xpsp3res.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-05 12:00 . 2009-04-03 11:15 485376 c:\windows\system32\wmspdmod.dll
+ 2004-08-05 12:00 . 2009-07-13 01:18 233472 c:\windows\system32\wmpdxm.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-05 12:00 . 2009-06-10 06:30 132096 c:\windows\system32\wkssvc.dll
- 2004-08-05 12:00 . 2006-08-17 12:29 132096 c:\windows\system32\wkssvc.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-05 12:00 . 2008-12-16 12:49 351232 c:\windows\system32\winhttp.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 233472 c:\windows\system32\webcheck.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 233472 c:\windows\system32\webcheck.dll
+ 2003-01-01 18:41 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2003-01-01 18:41 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2003-01-01 18:41 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 105984 c:\windows\system32\url.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 105984 c:\windows\system32\url.dll
+ 2004-08-05 12:00 . 2009-10-15 21:51 119808 c:\windows\system32\t2embed.dll
+ 2004-08-05 12:00 . 2009-08-26 08:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-05 12:00 . 2009-12-08 09:12 474624 c:\windows\system32\shlwapi.dll
- 2004-08-05 12:00 . 2007-12-07 01:07 474624 c:\windows\system32\shlwapi.dll
+ 2004-08-05 12:00 . 2009-02-09 10:08 111104 c:\windows\system32\services.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
- 2004-08-05 12:00 . 2007-07-09 13:11 584192 c:\windows\system32\rpcrt4.dll
+ 2004-08-05 12:00 . 2009-04-15 15:17 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 113152 c:\windows\system32\rastls.dll
+ 2004-08-05 12:00 . 2009-10-12 13:52 113152 c:\windows\system32\rastls.dll
+ 2004-08-05 12:00 . 2010-03-15 06:22 508810 c:\windows\system32\perfh009.dat
- 2004-08-05 12:00 . 2004-08-05 12:00 286208 c:\windows\system32\pdh.dll
+ 2004-08-05 12:00 . 2009-03-06 14:46 286208 c:\windows\system32\pdh.dll
+ 2004-08-05 12:00 . 2006-10-04 13:32 216576 c:\windows\system32\osk.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 216576 c:\windows\system32\osk.exe
+ 2004-08-05 12:00 . 2010-01-05 09:56 102912 c:\windows\system32\occache.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 102912 c:\windows\system32\occache.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 267776 c:\windows\system32\oakley.dll
+ 2004-08-05 12:00 . 2009-10-13 10:52 267776 c:\windows\system32\oakley.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 739840 c:\windows\system32\ntdll.dll
+ 2008-03-22 15:30 . 2009-08-06 18:23 215920 c:\windows\system32\muweb.dll
+ 2008-03-22 15:30 . 2009-08-06 18:23 274288 c:\windows\system32\mucltui.dll
+ 2004-08-05 12:00 . 2009-08-05 09:06 205312 c:\windows\system32\mswebdvd.dll
+ 2004-08-05 12:00 . 2009-09-11 14:34 133632 c:\windows\system32\msv1_0.dll
+ 2003-01-01 18:41 . 2009-06-05 07:46 655872 c:\windows\system32\mstscax.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 671232 c:\windows\system32\mstime.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 671232 c:\windows\system32\mstime.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 193024 c:\windows\system32\msrating.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 193024 c:\windows\system32\msrating.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 477696 c:\windows\system32\mshtmled.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 17:54 . 2008-08-26 08:11 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54 . 2010-01-05 09:56 459264 c:\windows\system32\msfeeds.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 161792 c:\windows\system32\msdtcuiu.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 956928 c:\windows\system32\msdtctm.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 428032 c:\windows\system32\msdtcprx.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 731136 c:\windows\system32\lsasrv.dll
+ 2004-08-05 12:00 . 2008-06-10 00:31 103936 c:\windows\system32\logagent.exe
- 2004-08-05 12:00 . 2004-08-05 12:00 103936 c:\windows\system32\logagent.exe
+ 2004-08-05 12:00 . 2009-05-07 15:43 347136 c:\windows\system32\localspl.dll
+ 2004-08-05 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
+ 2004-08-05 12:00 . 2009-08-13 15:20 512000 c:\windows\system32\jscript.dll
+ 2007-08-13 17:34 . 2010-01-05 09:56 268288 c:\windows\system32\iertutil.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 192512 c:\windows\system32\iepeers.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 11:27 . 2010-01-05 09:56 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-05 12:00 . 2008-08-23 05:54 161792 c:\windows\system32\ieakui.dll
+ 2004-08-05 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 230400 c:\windows\system32\ieaksie.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 230400 c:\windows\system32\ieaksie.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-05 12:00 . 2008-10-23 13:00 283648 c:\windows\system32\gdi32.dll
+ 2003-01-01 19:32 . 2010-03-15 07:00 152384 c:\windows\system32\FNTCACHE.DAT
- 2003-01-01 19:32 . 2009-11-10 21:31 152384 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-05 12:00 . 2010-01-05 09:56 133120 c:\windows\system32\extmgr.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 133120 c:\windows\system32\extmgr.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 214528 c:\windows\system32\dxtrans.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-05 12:00 . 2009-12-04 14:41 453760 c:\windows\system32\drivers\mrxsmb.sys
+ 2003-01-01 18:43 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2003-01-01 18:43 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2003-01-01 18:43 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2003-01-01 18:41 . 2008-04-21 21:27 219136 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-05 12:00 . 2009-04-03 11:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-05 12:00 . 2009-07-13 01:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2003-01-01 18:41 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2003-01-01 18:41 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-05 12:00 . 2009-06-10 06:30 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-05 12:00 . 2006-08-17 12:29 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-05 12:00 . 2008-12-16 12:49 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 105984 c:\windows\system32\dllcache\url.dll
+ 2003-01-01 18:42 . 2009-06-21 22:06 153088 c:\windows\system32\dllcache\triedit.dll
- 2003-01-01 18:42 . 2004-08-05 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-05 12:00 . 2009-10-15 21:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-05 12:00 . 2009-08-26 08:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-05 12:00 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
- 2004-08-05 12:00 . 2007-12-07 01:07 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-05 12:00 . 2009-12-08 09:12 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-05 12:00 . 2009-02-09 10:08 111104 c:\windows\system32\dllcache\services.exe
+ 2004-08-05 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
- 2004-08-05 12:00 . 2007-07-09 13:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-05 12:00 . 2009-04-15 15:17 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-05 12:00 . 2009-10-12 13:52 113152 c:\windows\system32\dllcache\rastls.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 113152 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-05 12:00 . 2009-03-06 14:46 286208 c:\windows\system32\dllcache\pdh.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 286208 c:\windows\system32\dllcache\pdh.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 216576 c:\windows\system32\dllcache\osk.exe
+ 2004-08-05 12:00 . 2006-10-04 13:32 216576 c:\windows\system32\dllcache\osk.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 267776 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-05 12:00 . 2009-10-13 10:52 267776 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 739840 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-05 12:00 . 2009-08-05 09:06 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-05 12:00 . 2009-09-11 14:34 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2003-01-01 18:41 . 2009-06-05 07:46 655872 c:\windows\system32\dllcache\mstscax.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 193024 c:\windows\system32\dllcache\msrating.dll
- 2003-01-01 18:41 . 2004-08-05 12:00 347648 c:\windows\system32\dllcache\mspaint.exe
+ 2003-01-01 18:41 . 2009-12-17 07:59 347648 c:\windows\system32\dllcache\mspaint.exe
- 2004-08-05 12:00 . 2008-08-26 08:11 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-03-22 11:14 . 2008-08-26 08:11 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-03-22 11:14 . 2010-01-05 09:56 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2003-01-01 18:41 . 2008-06-12 14:18 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-05-05 09:41 . 2009-12-04 14:41 453760 c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-05 12:00 . 2009-06-25 08:44 731136 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 103936 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-05 12:00 . 2008-06-10 00:31 103936 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-05 12:00 . 2009-05-07 15:43 347136 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-05 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2004-08-05 12:00 . 2009-08-13 15:20 512000 c:\windows\system32\dllcache\jscript.dll
+ 2003-01-01 18:42 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2008-03-22 11:14 . 2010-01-05 09:56 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-03-22 11:14 . 2010-01-05 09:56 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-05 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-05 12:00 . 2008-08-23 05:54 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-05 12:00 . 2008-10-23 13:00 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2003-01-01 18:41 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 685056 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 685056 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-05 12:00 . 2009-11-21 16:42 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-05 12:00 . 2010-01-05 09:56 124928 c:\windows\system32\advpack.dll
- 2004-08-05 12:00 . 2008-08-26 08:11 124928 c:\windows\system32\advpack.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 685056 c:\windows\system32\advapi32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 685056 c:\windows\system32\advapi32.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 09:17 . 2008-07-25 09:17 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-03-14 20:21 . 2010-03-14 20:21 969728 c:\windows\Installer\5d9fe.msi
+ 2008-12-13 08:58 . 2008-12-13 08:58 754688 c:\windows\Installer\5d9f7.msp
+ 2009-03-20 10:48 . 2009-03-20 10:48 183808 c:\windows\Installer\5d9ca.msp
+ 2010-03-14 20:08 . 2010-03-14 20:08 195584 c:\windows\Installer\5d9c1.msi
+ 2010-03-15 06:21 . 2008-08-26 08:11 826368 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-03-15 06:21 . 2009-05-26 11:40 406392 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-03-15 06:21 . 2009-05-26 11:40 234872 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-03-15 06:21 . 2008-08-23 05:56 635848 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-03-15 06:21 . 2008-08-26 08:11 267776 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-03-15 06:21 . 2007-08-13 17:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 384512 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 383488 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-03-15 06:21 . 2008-08-23 05:54 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-03-15 06:21 . 2008-08-26 08:11 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2006-05-05 09:41 . 2009-12-04 14:41 453760 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-03-15 06:38 . 2010-03-15 06:38 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-03-14 20:30 . 2010-03-14 20:30 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-03-14 20:30 . 2010-03-14 20:30 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-03-14 20:30 . 2010-03-14 20:30 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-03-15 06:40 . 2010-03-15 06:40 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-03-14 21:28 . 2010-03-14 21:28 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-03-14 20:29 . 2010-03-14 20:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-03-15 06:39 . 2010-03-15 06:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-03-15 06:38 . 2010-03-15 06:38 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-03-14 20:28 . 2010-03-14 20:28 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-03-14 20:28 . 2010-03-14 20:28 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-03-14 20:28 . 2010-03-14 20:28 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-03-14 20:28 . 2010-03-14 20:28 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 601088 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\41989cec6b76b6e18fdced171a92d751\PaintDotNet.SystemLayer.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\f4f68305f1a654f0545f7cf5ec37a621\PaintDotNet.Resources.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 643072 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\aad2e51f7ef171d947163604cb8b07d9\PaintDotNet.Effects.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 695808 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\30b027ce2d75183df3ab9a21f5cfbb12\PaintDotNet.Data.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 227328 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\e2e8e0771e5eaa4f0eacf5e73592d689\PaintDotNet.Base.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-03-15 06:38 . 2010-03-15 06:38 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 504320 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\233ce4fa12a27fe43b42d3956043df75\ICSharpCode.SharpZipLib.ni.dll
+ 2010-03-15 06:38 . 2010-03-15 06:38 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-03-15 06:37 . 2010-03-15 06:37 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-03-15 06:38 . 2010-03-15 06:38 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-03-14 20:20 . 2010-03-14 20:20 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2009-05-09 18:58 . 2009-05-09 18:58 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-03-14 20:20 . 2010-03-14 20:20 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-05-09 18:58 . 2009-05-09 18:58 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-03-14 20:20 . 2010-03-14 20:20 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-03-14 20:20 . 2010-03-14 20:20 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2009-05-09 18:58 . 2009-05-09 18:58 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-14 20:23 . 2010-03-14 20:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-03-14 20:24 . 2010-03-14 20:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-05-09 18:53 . 2009-05-09 18:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b0
bonsoir
Combofix n'est pas un jouet...![:o]( ":o")
en plus le rapport n'est pas complet...
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide : Comment utiliser MBAM.
Combofix n'est pas un jouet...
en plus le rapport n'est pas complet...
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Une fois l'installation et la mise à jour effectuées :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide :
Leger problème, comme un idiot j'ai lancé la mise a jour de windows. Le sympathique m'ai fait redemarrer mon ordinateur, et il se trouve que celui cit ce lance avec un truc bizare (Antivirus tool) qui m'a tout l'air d'être du phising. et qui m'empêche d'ouvrir aucun de mes programmes sous pretexte d'infectiion (même bloc notes). comment je fais ?
Non, me sortir du truc débile en restaurant la session en mode sans echec. J'ai toujours des trojans...
RAPPORT MALWAREBITE :
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3872
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
17/03/2010 19:02:43
mbam-log-2010-03-17 (19-02-43).txt
Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 278432
Temps écoulé: 3 hour(s), 18 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP291\A0593208.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
RAPPORT MALWAREBITE :
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3872
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
17/03/2010 19:02:43
mbam-log-2010-03-17 (19-02-43).txt
Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 278432
Temps écoulé: 3 hour(s), 18 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{5A81CC03-D74B-44B7-9DA2-1A4286ED0F03}\RP291\A0593208.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
re
ce ne sont que des clés de registre et un fichier dans la restauration (qui avait donc été shooté)
On va vérifier quelque chose:
1
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clique sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet "rootkit"
A droite, coche seulement Files, Services & Registry.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton Bureau et poste le contenu ici.
ce ne sont que des clés de registre et un fichier dans la restauration (qui avait donc été shooté)
On va vérifier quelque chose:
1
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Le rapport doit alors apparaître.
Rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:57, on 17/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MySight 2006 BS Check&Random] C:\Program Files\MySight 2006\quickbs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/updater/BFHU...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 8999 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:57, on 17/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr&rlz=1G1GGLQ_FRFR268
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MySight 2006 BS Check&Random] C:\Program Files\MySight 2006\quickbs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/updater/BFHU...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 8999 bytes
re
supprime avast et McAfee Security Scan:
désinstaller -antivirus
lis: Conséquences de la multi-protection
j'attends ton rapport GMER
supprime avast et McAfee Security Scan:
désinstaller -antivirus
lis: Conséquences de la multi-protection
j'attends ton rapport GMER
Rapport Gmer :
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-25 07:31:01
Windows 5.1.2600 Service Pack 2
Running: pw85vezl.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kxloypoc.sys
---- System - GMER 1.0.15 ----
SSDT F7AA383E ZwCreateKey
SSDT F7AA3834 ZwCreateThread
SSDT F7AA3843 ZwDeleteKey
SSDT F7AA384D ZwDeleteValueKey
SSDT F7AA3852 ZwLoadKey
SSDT F7AA3820 ZwOpenProcess
SSDT F7AA3825 ZwOpenThread
SSDT F7AA385C ZwReplaceKey
SSDT F7AA3857 ZwRestoreKey
SSDT F7AA3848 ZwSetValueKey
SSDT F7AA382F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xBA217870]
---- EOF - GMER 1.0.15 ----
Sinon j'ai des "troubles de l'internet" quand mon PC y est connécté il ralentit considérablement des fois. Et deux fois ça m'est arrivé que l'odinateur s'éteigne dès que je débranche internet.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-25 07:31:01
Windows 5.1.2600 Service Pack 2
Running: pw85vezl.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kxloypoc.sys
---- System - GMER 1.0.15 ----
SSDT F7AA383E ZwCreateKey
SSDT F7AA3834 ZwCreateThread
SSDT F7AA3843 ZwDeleteKey
SSDT F7AA384D ZwDeleteValueKey
SSDT F7AA3852 ZwLoadKey
SSDT F7AA3820 ZwOpenProcess
SSDT F7AA3825 ZwOpenThread
SSDT F7AA385C ZwReplaceKey
SSDT F7AA3857 ZwRestoreKey
SSDT F7AA3848 ZwSetValueKey
SSDT F7AA382F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xBA217870]
---- EOF - GMER 1.0.15 ----
Sinon j'ai des "troubles de l'internet" quand mon PC y est connécté il ralentit considérablement des fois. Et deux fois ça m'est arrivé que l'odinateur s'éteigne dès que je débranche internet.
Bonsoir
Tu as fais ce que je t'avais demandé? tu as viré tes multiples antivirus pour n'en garder qu'un?
possible que windows en ai pris un coup...
Insère ton CD de windows dans ton lecteur ( il faut que le CD corresponde à ta version de windows ).
Ferme toutes les programmes, fenêtres et applications en cours.
Déconnecte-toi d'internet.
Menu démarrer > exécuter.
Dans la fenêtre qui apparaît, tape : sfc /scannow puis valide par entrée.
Le PC va travailler, laisse-le tourner, cela peut prendre un bon moment.
Reviens me dire si ça a marché...
Tu as fais ce que je t'avais demandé? tu as viré tes multiples antivirus pour n'en garder qu'un?
possible que windows en ai pris un coup...
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumComment supprimer TR/Vundo.Gen détecté par antivir
- Forum[RESOLU]Imposible de suprimer TR/Vundo.Gen détecté par antivir
- Forum[Résolu] Virus détectés par antivir (TR/Crypt.XPACK.Gen,JAVA/Agent.BH)
- ForumRESOLU Virus Rootkit gen2
- ForumVirus TR/rootkit.gen a été trouvé
- ForumPC infecté par TR/Rootkit.gen [résolu]
- Forum[Résolu] Infecté par TR/Rootkit.gen
- Forum[Résolu] Antivir me détecte des virus
- ForumRootkit gen et Win 32 / Avast
- Voir plus
