Rootik-gen[Rtk] détecté par Avast

gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   -  
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

Sur mon PC windows XP sp2, je n'ai plus accès à rien depuis deux jours...
Mon bureau s'affiche après un très long démarrage, le curseur de la souris se dépace mais rien ne réagis aux clics. La barre de tache ne s'affiche plus. Si je tente de cliquer plusieurs fois, un bip se fait entendre de l'unité centrale et le curseur de la souris se bloque.
Ce matin, j'ai laissé tourner la machine et un message d'alerte d'avast était affiché : "win32 : Rootkit-gen[Rtk]"
Il y avait aussi l'emplacement du fichier mais je ne l'ai pas noté sur l'instant...

J'ai eu beau chercher dans les forums, je n'ai pas trouvé de problèmes réellement similaires puisque chez moi, plus rien ne peut s'ouvrir !!

Si quelqu'un peut m'aider, je vous en remercie d'avance.

A+

Gastonlagaf
A voir également:

88 réponses

Précédent
Réponse 41 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Re,

bon, MBAM ne trouve rien.

On essaye comme ça :

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver::
a9zakd0w

rootkit::
c:\windows\system32\68BCA742D1.sys




Enregistre ce fichier sous le nom CFscript avec l'extension txt


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour,


Voici le rapport Combofix suite à tes instructions. Pendant le scan au cours de l'analyse, Combofix a redémarré l'ordi (là pas de soucis), mais une fois relancé, Antivir s'est ouvert automatiquement et ComboFix m'a demandé de le désactiver. J'avais bien sûr tout désactivé avant la manip comme convenu. J'espère que ça n'a pas causé d'interférences ?!

Merci.


ComboFix 09-02-02.04 - G 2009-02-06 9:56:46.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.253 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\68BCA742D1.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 ))))))))))))))))))))))))))))))))))))
.

2009-02-03 12:32 . 2009-02-03 12:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\program files\Avira
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-28 14:57 . 2009-01-28 16:56 <REP> d-------- C:\Lop SD
2009-01-27 12:37 . 2009-01-27 13:35 <REP> d-------- c:\windows\BDOSCAN8
2009-01-26 17:09 . 2009-01-26 17:09 <REP> d-------- c:\program files\CCleaner
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 16:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 12:38 . 2009-01-26 12:47 <REP> d-------- C:\ToolBar SD
2009-01-26 12:03 . 2009-01-26 12:04 <REP> d-------- C:\rsit
2009-01-26 12:03 . 2009-01-26 13:02 <REP> d-------- c:\program files\trend micro
2009-01-22 16:06 . 2009-01-22 16:22 <REP> d-------- c:\program files\Ballance
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 15:46 . 2009-01-22 15:46 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 15:45 . 2009-01-22 16:19 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 08:53 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-23 17:00 --------- d-----w c:\program files\eMule
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_14.46.32.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-06 09:02:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_618.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-11-30 13532]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 10:03:32
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-06 10:08:29 - La machine a redémarré [G]
ComboFix-quarantined-files.txt 2009-02-06 09:08:22
ComboFix2.txt 2009-02-05 08:54:23
ComboFix3.txt 2009-02-04 13:15:58
ComboFix4.txt 2009-02-03 13:48:16

Avant-CF: 82 000 916 480 octets libres
Après-CF: 81,985,515,520 octets libres

169 --- E O F --- 2009-01-14 21:47:08
0
Réponse 42 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Bonjour,

mets à jour Internet explorer :

ouvre ce lien, télécharge et installe.

https://support.microsoft.com/fr-fr/allproducts
0
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Re,

Internet explorer 7 est installé... et mis à jour.
0
Réponse 43 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Re,

mets à jour Windows en installant le SP :

démarrer, Aide et support, maintenir son ordinateur à jour ..., tu suis les instructions.
0
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour,

ça y'est, me voilà équipé du SP3...
0
Réponse 44 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Bonjour,

remets un rapport RSIT.
0
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour,

Voici le rapport RSIT :

Logfile of random's system information tool 1.05 (written by random/random)
Run by G at 2009-02-07 19:23:04
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 77 GB (66%) free of 117 GB
Total RAM: 511 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:25, on 07/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\G\Bureau\RSIT.exe
C:\Documents and Settings\G\Bureau\G.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS4\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Bonsoir,

quelque chose résiste.

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver::
SjyPkt
aqmhfynk

rootkit::
C:\WINDOWS\System32\Drivers\SjyPkt.sys
C:\WINDOWS\system32\drivers\aqmhfynk.sys



Enregistre ce fichier sous le nom CFscript avec l'extension txt


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour,

Voici le rapport ComboFix :



ComboFix 09-02-02.04 - G 2009-02-08 9:29:23.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.244 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Drivers\SjyPkt.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-08 au 2009-02-08 ))))))))))))))))))))))))))))))))))))
.

2009-02-07 08:18 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-07 08:17 . 2008-10-16 21:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-07 08:17 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-07 08:17 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-07 08:17 . 2008-10-16 21:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-07 08:17 . 2008-10-16 21:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-07 08:17 . 2008-10-16 21:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-07 08:17 . 2008-10-16 21:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-07 08:17 . 2008-10-16 21:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-07 08:17 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-07 08:16 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-07 08:15 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-07 08:15 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-07 08:15 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 08:15 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-07 08:15 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-07 08:15 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-07 08:15 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-07 08:14 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-07 08:14 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\windows\system32\fr
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\windows\system32\bits
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\windows\l2schemas
2009-02-06 12:40 . 2009-02-06 12:52 <REP> d-------- c:\windows\ServicePackFiles
2009-02-06 12:24 . 2009-02-06 12:24 <REP> d-------- c:\windows\EHome
2009-02-06 11:33 . 2009-02-07 09:53 <REP> d-------- c:\windows\system32\fr-fr
2009-02-06 11:28 . 2009-02-07 09:53 1,355 --a------ c:\windows\imsins.BAK
2009-02-03 12:32 . 2009-02-03 12:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\program files\Avira
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-28 14:57 . 2009-01-28 16:56 <REP> d-------- C:\Lop SD
2009-01-27 12:37 . 2009-01-27 13:35 <REP> d-------- c:\windows\BDOSCAN8
2009-01-26 17:09 . 2009-01-26 17:09 <REP> d-------- c:\program files\CCleaner
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 16:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 12:38 . 2009-01-26 12:47 <REP> d-------- C:\ToolBar SD
2009-01-26 12:03 . 2009-01-26 12:04 <REP> d-------- C:\rsit
2009-01-26 12:03 . 2009-01-26 13:02 <REP> d-------- c:\program files\trend micro
2009-01-22 16:06 . 2009-01-22 16:22 <REP> d-------- c:\program files\Ballance
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 15:46 . 2009-01-22 15:46 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 15:45 . 2009-01-22 16:19 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 08:26 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-23 17:00 --------- d-----w c:\program files\eMule
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_14.46.32.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
+ 2008-04-14 02:33:18 39,424 ----a-w c:\windows\AppPatch\acadproc.dll
- 2004-08-05 12:00:00 1,852,416 ----a-w c:\windows\AppPatch\AcGenral.dll
+ 2008-04-14 02:33:18 1,852,928 ----a-w c:\windows\AppPatch\acgenral.dll
- 2004-08-05 12:00:00 450,048 ----a-w c:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 02:33:18 451,072 ----a-w c:\windows\AppPatch\aclayers.dll
- 2004-08-05 12:00:00 137,728 ----a-w c:\windows\AppPatch\AcLua.dll
+ 2008-04-14 02:33:18 141,312 ----a-w c:\windows\AppPatch\aclua.dll
- 2004-08-05 12:00:00 244,736 ----a-w c:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 02:33:18 245,248 ----a-w c:\windows\AppPatch\acspecfc.dll
- 2004-08-05 12:00:00 116,224 ----a-w c:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 02:33:18 116,224 ----a-w c:\windows\AppPatch\acxtrnal.dll
- 2008-06-14 17:59:52 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-06-14 17:33:37 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
- 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2008-08-14 13:44:35 2,138,112 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:23:44 2,147,328 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-08-14 13:44:39 2,059,776 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:23:49 2,068,096 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-08-14 13:44:33 2,017,792 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:23:44 2,025,984 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-08-14 13:44:37 2,182,400 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:23:49 2,191,232 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2007-06-13 13:22:28 1,037,312 ----a-w c:\windows\explorer.exe
+ 2008-04-14 02:34:03 1,037,824 ----a-w c:\windows\explorer.exe
- 2004-08-05 12:00:00 34,816 ----a-w c:\windows\Help\sniffpol.dll
+ 2008-04-14 02:33:41 34,816 ----a-w c:\windows\Help\sniffpol.dll
- 2004-08-05 12:00:00 33,280 ----a-w c:\windows\Help\sstub.dll
+ 2008-04-14 02:33:46 33,280 ----a-w c:\windows\Help\sstub.dll
- 2004-08-05 12:00:00 279,040 ----a-w c:\windows\Help\tshoot.dll
+ 2008-04-14 02:33:46 279,040 ----a-w c:\windows\Help\tshoot.dll
- 2005-05-26 23:22:01 10,752 ----a-w c:\windows\hh.exe
+ 2008-04-14 02:34:06 10,752 ----a-w c:\windows\hh.exe
+ 2004-08-05 12:00:00 61,440 -c----w c:\windows\ie7\admparse.dll
+ 2004-08-05 12:00:00 101,888 -c----w c:\windows\ie7\advpack.dll
+ 2004-08-05 12:00:00 35,328 -c----w c:\windows\ie7\corpol.dll
+ 2004-05-11 22:18:58 28,672 -c----w c:\windows\ie7\custsat.dll
+ 2008-10-16 10:23:42 357,888 -c----w c:\windows\ie7\dxtmsft.dll
+ 2008-10-16 10:23:42 205,312 -c----w c:\windows\ie7\dxtrans.dll
+ 2008-10-16 10:23:42 55,808 -c----w c:\windows\ie7\extmgr.dll
+ 2004-08-05 12:00:00 38,912 -c----w c:\windows\ie7\hmmapi.dll
+ 2004-08-05 12:00:00 34,304 -c----w c:\windows\ie7\ie4uinit.exe
+ 2004-08-05 12:00:00 139,264 -c----w c:\windows\ie7\ieakeng.dll
+ 2004-08-05 12:00:00 221,696 -c----w c:\windows\ie7\ieaksie.dll
+ 2004-08-05 12:00:00 245,760 -c----w c:\windows\ie7\ieakui.dll
+ 2004-08-05 12:00:00 323,584 -c----w c:\windows\ie7\iedkcs32.dll
+ 2008-10-15 14:18:21 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2004-08-05 12:00:00 81,920 -c----w c:\windows\ie7\ieencode.dll
+ 2008-10-16 10:23:42 251,904 -c----w c:\windows\ie7\iepeers.dll
+ 2004-08-05 12:00:00 49,152 -c----w c:\windows\ie7\iernonce.dll
+ 2004-08-05 12:00:00 63,488 -c----w c:\windows\ie7\iesetup.dll
+ 2004-08-05 12:00:00 93,184 -c----w c:\windows\ie7\iexplore.exe
+ 2004-08-05 12:00:00 35,840 -c----w c:\windows\ie7\imgutil.dll
+ 2008-10-16 10:23:42 96,768 -c----w c:\windows\ie7\inseng.dll
+ 2007-12-18 14:41:58 450,560 -c----w c:\windows\ie7\jscript.dll
+ 2008-10-16 10:23:44 16,384 -c----w c:\windows\ie7\jsproxy.dll
+ 2004-08-05 12:00:00 22,528 -c----w c:\windows\ie7\licmgr10.dll
+ 2004-08-05 12:00:00 29,184 -c----w c:\windows\ie7\mshta.exe
+ 2008-12-12 17:29:30 3,088,384 -c----w c:\windows\ie7\mshtml.dll
+ 2008-10-16 10:23:44 449,024 -c----w c:\windows\ie7\mshtmled.dll
+ 2004-08-05 12:00:00 57,344 -c----w c:\windows\ie7\mshtmler.dll
+ 2004-08-05 12:00:00 146,432 -c----w c:\windows\ie7\msls31.dll
+ 2008-10-16 10:23:42 146,432 -c----w c:\windows\ie7\msrating.dll
+ 2008-10-16 10:23:42 532,480 -c----w c:\windows\ie7\mstime.dll
+ 2004-08-05 12:00:00 97,280 -c----w c:\windows\ie7\occache.dll
+ 2008-10-16 10:23:42 39,424 -c----w c:\windows\ie7\pngfilt.dll
+ 2007-09-26 17:34:42 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-09-26 17:32:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:28 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:30 394,976 -c----w c:\windows\ie7\spuninst\updspapi.dll
+ 2004-08-05 12:00:00 37,888 -c----w c:\windows\ie7\url.dll
+ 2008-10-16 10:23:45 621,056 -c----w c:\windows\ie7\urlmon.dll
+ 2007-12-18 14:41:59 417,792 -c----w c:\windows\ie7\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c----w c:\windows\ie7\vgx.dll
+ 2004-08-05 12:00:00 281,600 -c----w c:\windows\ie7\webcheck.dll
+ 2008-10-16 10:23:43 671,744 -c----w c:\windows\ie7\wininet.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 17:39:00 123,904 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2007-08-13 17:35:46 346,624 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2007-08-13 17:35:38 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2007-08-13 17:39:26 152,064 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2007-08-13 17:39:54 229,376 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2007-08-13 16:56:54 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2007-08-13 17:54:10 6,049,280 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2007-08-13 17:34:04 266,752 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2007-08-13 17:54:10 27,136 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:10 475,648 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2007-08-13 17:36:12 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2007-08-13 17:54:10 1,162,240 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2007-08-13 17:54:10 818,688 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2004-08-05 12:00:00 220,160 ----a-w c:\windows\ime\mscandui.dll
+ 2008-04-14 02:33:30 220,160 ----a-w c:\windows\ime\mscandui.dll
- 2004-08-05 12:00:00 130,048 ----a-w c:\windows\ime\SOFTKBD.DLL
+ 2008-04-14 02:33:41 130,048 ----a-w c:\windows\ime\softkbd.dll
- 2004-08-05 12:00:00 62,976 ----a-w c:\windows\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ----a-w c:\windows\ime\spgrmr.dll
- 2004-08-05 12:00:00 272,384 ----a-w c:\windows\ime\SPTIP.dll
+ 2008-04-14 02:33:46 272,384 ----a-w c:\windows\ime\sptip.dll
+ 2008-01-18 15:13:09 2,247 ------w c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w c:\windows\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w c:\windows\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 02:33:06 25,600 ------w c:\windows\Installer\tsclientmsitrans\tscupdc.dll
- 2004-08-05 12:00:00 24,064 ----a-w c:\windows\msagent\agentanm.dll
+ 2008-04-14 02:33:18 24,064 ----a-w c:\windows\msagent\agentanm.dll
- 2004-08-05 12:00:00 214,016 ----a-w c:\windows\msagent\agentctl.dll
+ 2008-04-14 02:33:18 214,016 ----a-w c:\windows\msagent\agentctl.dll
- 2006-10-12 13:55:58 42,496 ----a-w c:\windows\msagent\agentdp2.dll
+ 2008-04-14 02:33:18 42,496 ----a-w c:\windows\msagent\agentdp2.dll
- 2007-03-09 14:00:38 57,344 ----a-w c:\windows\msagent\agentdpv.dll
+ 2008-04-14 02:33:18 57,344 ----a-w c:\windows\msagent\agentdpv.dll
- 2004-08-05 12:00:00 49,152 ----a-w c:\windows\msagent\agentmpx.dll
+ 2008-04-14 02:33:18 49,152 ----a-w c:\windows\msagent\agentmpx.dll
- 2004-08-05 12:00:00 24,064 ----a-w c:\windows\msagent\agentpsh.dll
+ 2008-04-14 02:33:18 24,064 ----a-w c:\windows\msagent\agentpsh.dll
- 2004-08-05 12:00:00 44,032 ----a-w c:\windows\msagent\agentsr.dll
+ 2008-04-14 02:33:18 44,032 ----a-w c:\windows\msagent\agentsr.dll
- 2006-10-12 11:54:07 256,512 ----a-w c:\windows\msagent\agentsvr.exe
+ 2008-04-14 02:33:53 256,512 ----a-w c:\windows\msagent\agentsvr.exe
- 2004-08-05 12:00:00 24,064 ----a-w c:\windows\msagent\agtintl.dll
+ 2008-04-14 02:33:19 24,064 ----a-w c:\windows\msagent\agtintl.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\msagent\intl\agt0405.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\msagent\intl\agt0406.dll
- 2004-08-05 12:00:00 21,504 ----a-w c:\windows\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ----a-w c:\windows\msagent\intl\agt0407.dll
- 2004-08-05 12:00:00 22,016 ----a-w c:\windows\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ----a-w c:\windows\msagent\intl\agt0408.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ----a-w c:\windows\msagent\intl\agt0409.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ----a-w c:\windows\msagent\intl\agt040b.dll
- 2004-08-05 12:00:00 21,504 ----a-w c:\windows\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ----a-w c:\windows\msagent\intl\agt040c.dll
- 2004-08-05 12:00:00 19,968 ----a-w c:\windows\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ----a-w c:\windows\msagent\intl\agt040e.dll
- 2004-08-05 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ----a-w c:\windows\msagent\intl\agt0410.dll
- 2004-08-05 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ----a-w c:\windows\msagent\intl\agt0413.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt0414.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt0415.dll
- 2004-08-05 12:00:00 20,480 ----a-w c:\windows\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ----a-w c:\windows\msagent\intl\agt0416.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt0419.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt041d.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt041f.dll
- 2004-08-05 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ----a-w c:\windows\msagent\intl\agt0816.dll
- 2004-08-05 12:00:00 20,480 ----a-w c:\windows\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ----a-w c:\windows\msagent\intl\agt0c0a.dll
- 2004-08-05 12:00:00 39,936 ----a-w c:\windows\msagent\mslwvtts.dll
+ 2008-04-14 02:33:32 39,936 ----a-w c:\windows\msagent\mslwvtts.dll
+ 2008-04-14 02:33:22 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2008-04-13 18:53:32 558,080 ------w c:\windows\network diagnostic\xpnetdiag.exe
- 2004-08-05 12:00:00 70,656 ----a-w c:\windows\NOTEPAD.EXE
+ 2008-04-14 02:34:15 70,656 ----a-w c:\windows\notepad.exe
- 2004-08-05 12:00:00 768,512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 02:34:06 769,024 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-05 12:00:00 743,936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 02:34:06 744,448 ----a-w c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-05 12:00:00 18,944 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 02:34:06 18,432 ----a-w c:\windows\pchealth\helpctr\binaries\hscupd.exe
- 2004-08-05 12:00:00 160,768 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 02:34:12 172,544 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-05 12:00:00 381,952 ----a-w c:\windows\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 02:33:32 382,464 ----a-w c:\windows\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-05 12:00:00 102,400 ----a-w c:\windows\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 02:33:38 102,912 ----a-w c:\windows\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-05 12:00:00 38,912 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 02:33:38 38,400 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
- 2005-07-29 14:31:58 76,507 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-02-06 11:54:55 76,507 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2005-07-29 14:31:58 2,398 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-02-06 11:54:55 2,704 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-05 12:00:00 151,040 ----a-w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 02:34:26 151,040 ----a-w c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-05 12:00:00 151,552 ----a-w c:\windows\PeerNet\sqldb20.dll
+ 2008-04-14 02:33:46 151,552 ----a-w c:\windows\PeerNet\sqldb20.dll
- 2004-08-05 12:00:00 462,848 ----a-w c:\windows\PeerNet\sqlqp20.dll
+ 2008-04-14 02:33:46 462,848 ----a-w c:\windows\PeerNet\sqlqp20.dll
- 2004-08-05 12:00:00 110,592 ----a-w c:\windows\PeerNet\sqlse20.dll
+ 2008-04-14 02:33:46 110,592 ----a-w c:\windows\PeerNet\sqlse20.dll
- 2004-08-05 12:00:00 153,088 ----a-w c:\windows\regedit.exe
+ 2008-04-14 02:34:19 153,088 ----a-w c:\windows\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w c:\windows\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w c:\windows\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w c:\windows\ServicePackFiles\i386\61883.sys
+ 2008-04-14 02:33:18 100,352 ------w c:\windows\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 02:33:18 136,192 ------w c:\windows\ServicePackFiles\i386\aaclient.dll
+ 2004-08-03 20:32:22 231,552 ------w c:\windows\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-03 20:32:32 84,480 ------w c:\windows\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 02:33:18 39,424 ------w c:\windows\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 02:33:53 190,464 ------w c:\windows\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 02:33:18 1,852,928 ------w c:\windows\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 02:33:18 451,072 ------w c:\windows\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 02:33:18 141,312 ------w c:\windows\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 02:33:18 120,320 ------w c:\windows\ServicePackFiles\i386\aclui.dll
+ 2008-04-14 01:52:42 188,672 ------w c:\windows\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 02:33:18 245,248 ------w c:\windows\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 02:33:18 193,536 ------w c:\windows\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 02:33:53 4,096 ------w c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 02:33:18 98,304 ------w c:\windows\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 02:33:18 116,224 ------w c:\windows\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 02:33:18 20,540 ------w c:\windows\ServicePackFiles\i386\admin.dll
+ 2008-04-14 02:33:53 16,439 ------w c:\windows\ServicePackFiles\i386\admin.exe
+ 2004-08-03 20:32:24 10,880 ------w c:\windows\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 02:33:18 61,440 ------w c:\windows\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 02:33:18 175,616 ------w c:\windows\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 02:33:18 143,360 ------w c:\windows\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 02:33:18 68,096 ------w c:\windows\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 02:33:18 263,680 ------w c:\windows\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 02:33:18 4,255 ------w c:\windows\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 02:33:18 3,967 ------w c:\windows\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 02:33:18 3,615 ------w c:\windows\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 02:33:18 3,647 ------w c:\windows\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 02:33:18 3,135 ------w c:\windows\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 02:33:18 3,711 ------w c:\windows\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 02:33:18 3,775 ------w c:\windows\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 02:33:18 685,568 ------w c:\windows\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 02:33:18 101,888 ------w c:\windows\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w c:\windows\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w c:\windows\ServicePackFiles\i386\afd.sys
+ 2008-04-14 02:33:18 24,064 ------w c:\windows\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 02:33:18 214,016 ------w c:\windows\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 02:33:18 42,496 ------w c:\windows\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 02:33:18 57,344 ------w c:\windows\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 02:33:18 49,152 ------w c:\windows\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 02:33:18 24,064 ------w c:\windows\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 02:33:18 44,032 ------w c:\windows\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 02:33:53 256,512 ------w c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w c:\windows\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w c:\windows\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w c:\windows\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w c:\windows\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w c:\windows\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w c:\windows\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w c:\windows\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w c:\windows\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w c:\windows\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w c:\windows\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 02:33:19 24,064 ------w c:\windows\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 02:33:53 98,304 ------w c:\windows\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 02:33:53 44,544 ------w c:\windows\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w c:\windows\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 02:33:19 17,408 ------w c:\windows\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w c:\windows\ServicePackFiles\i386\amdagp.sys
+ 2008-04-14 01:54:28 41,472 ------w c:\windows\ServicePackFiles\i386\amdk6.sys
+ 2008-04-14 01:54:29 41,856 ------w c:\windows\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 02:33:19 70,656 ------w c:\windows\ServicePackFiles\i386\amstream.dll
+ 2004-08-03 20:31:20 36,224 ------w c:\windows\ServicePackFiles\i386\an983.sys
+ 2008-04-14 02:33:19 125,952 ------w c:\windows\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 02:33:19 334,336 ------w c:\windows\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w c:\windows\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 02:33:19 65,024 ------w c:\windows\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w c:\windows\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 02:33:53 25,088 ------w c:\windows\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w c:\windows\ServicePackFiles\i386\atapi.sys
+ 2004-08-03 20:29:30 56,623 ------w c:\windows\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-03 20:29:30 11,615 ------w c:\windows\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-03 20:29:30 12,047 ------w c:\windows\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-03 20:29:32 30,671 ------w c:\windows\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-03 20:29:32 63,663 ------w c:\windows\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-03 20:29:32 26,367 ------w c:\windows\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-03 20:29:32 21,343 ------w c:\windows\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-03 20:29:32 36,463 ------w c:\windows\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-03 20:29:32 29,455 ------w c:\windows\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-03 20:29:32 34,735 ------w c:\windows\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 02:33:19 229,376 ------w c:\windows\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 02:33:19 377,984 ------w c:\windows\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 02:33:19 201,728 ------w c:\windows\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-03 22:38:42 327,168 ------w c:\windows\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-03 22:38:44 701,440 ------w c:\windows\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 02:33:19 870,784 ------w c:\windows\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 02:33:19 1,057,760 ------w c:\windows\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 02:33:19 1,888,992 ------w c:\windows\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-03 20:29:28 57,856 ------w c:\windows\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-03 20:29:30 13,824 ------w c:\windows\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-03 20:29:30 14,336 ------w c:\windows\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-03 20:29:30 52,224 ------w c:\windows\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-03 20:29:32 104,960 ------w c:\windows\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-03 20:29:32 28,672 ------w c:\windows\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-03 20:29:32 13,824 ------w c:\windows\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-03 20:29:32 73,216 ------w c:\windows\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-03 20:29:32 31,744 ------w c:\windows\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-03 20:29:32 63,488 ------w c:\windows\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 02:33:19 32,768 ------w c:\windows\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 02:33:19 516,768 ------w c:\windows\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 02:33:19 58,880 ------w c:\windows\ServicePackFiles\i386\atl.dll
+ 2008-04-14 02:33:53 11,264 ------w c:\windows\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w c:\windows\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 02:31:00 285,696 ------w c:\windows\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w c:\windows\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 02:33:19 30,208 ------w c:\windows\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 02:33:53 12,288 ------w c:\windows\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 02:33:19 21,183 ------w c:\windows\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 02:33:19 11,359 ------w c:\windows\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 02:33:19 25,471 ------w c:\windows\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 02:33:19 14,143 ------w c:\windows\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 02:33:19 17,279 ------w c:\windows\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 02:33:19 42,496 ------w c:\windows\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 02:33:53 14,336 ------w c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 02:33:19 20,540 ------w c:\windows\ServicePackFiles\i386\author.dll
+ 2008-04-14 02:33:53 16,439 ------w c:\windows\ServicePackFiles\i386\author.exe
+ 2008-04-14 02:33:19 62,464 ------w c:\windows\ServicePackFiles\i386\authz.dll
+ 2008-04-14 02:33:53 625,152 ------w c:\windows\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 02:33:53 638,976 ------w c:\windows\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 02:33:54 616,960 ------w c:\windows\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 02:33:54 11,264 ------w c:\windows\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w c:\windows\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w c:\windows\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 02:33:19 85,504 ------w c:\windows\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 02:33:19 233,472 ------w c:\windows\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 02:33:19 52,736 ------w c:\windows\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 02:33:19 29,184 ------w c:\windows\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 02:33:19 8,704 ------w c:\windows\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w c:\windows\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w c:\windows\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 02:33:19 17,408 ------w c:\windows\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 02:33:19 8,192 ------w c:\windows\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 02:33:19 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 02:33:19 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 02:33:55 71,680 ------w c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2008-04-13 18:53:23 71,552 ------w c:\windows\ServicePackFiles\i386\bridge.sys
+ 2008-04-14 01:57:48 70,144 ------w c:\windows\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 02:33:20 77,824 ------w c:\windows\ServicePackFiles\i386\browser.dll
+ 2008-04-14 02:33:20 1,025,024 ------w c:\windows\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 02:33:20 78,336 ------w c:\windows\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 02:33:20 20,992 ------w c:\windows\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w c:\windows\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w c:\windows\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w c:\windows\ServicePackFiles\i386\bthpan.sys
+ 2008-04-14 01:58:00 273,664 ------w c:\windows\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w c:\windows\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 02:33:20 30,208 ------w c:\windows\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w c:\windows\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 02:33:20 50,688 ------w c:\windows\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 02:33:20 218,112 ------w c:\windows\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 02:33:20 60,416 ------w c:\windows\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 02:33:20 85,504 ------w c:\windows\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 02:33:55 20,992 ------w c:\windows\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 02:33:20 385,024 ------w c:\windows\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 02:33:20 121,856 ------w c:\windows\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 02:33:20 50,688 ------w c:\windows\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 02:33:20 153,600 ------w c:\windows\ServicePackFiles\i386\capesnpn.dll
+ 2008-04-14 02:33:20 226,304 ------w c:\windows\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 02:33:20 85,504 ------w c:\windows\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 02:33:20 625,664 ------w c:\windows\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w c:\windows\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 19:14:21 63,744 ------w c:\windows\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 02:33:20 152,064 ------w c:\windows\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 02:33:20 66,560 ------w c:\windows\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 02:33:20 2,091,520 ------w c:\windows\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 18:40:46 62,976 ------w c:\windows\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 02:33:20 200,192 ------w c:\windows\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 02:33:20 467,968 ------w c:\windows\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 02:33:20 39,424 ------w c:\windows\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 02:31:03 16,896 ------w c:\windows\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 02:33:56 188,480 ------w c:\windows\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 02:33:20 15,423 ------w c:\windows\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192 ------w c:\windows\ServicePackFiles\i386\changer.sys
+ 2008-04-14 02:33:20 148,480 ------w c:\windows\ServicePackFiles\i386\cic.dll
+ 2008-04-14 02:33:20 1,359,360 ------w c:\windows\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 02:33:20 69,120 ------w c:\windows\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 02:33:57 5,632 ------w c:\windows\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 19:16:22 49,536 ------w c:\windows\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 02:33:21 110,592 ------w c:\windows\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 02:33:21 498,688 ------w c:\windows\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 02:33:57 65,536 ------w c:\windows\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 02:33:21 77,824 ------w c:\windows\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 02:33:57 20,480 ------w c:\windows\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 02:33:57 104,448 ------w c:\windows\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 02:33:57 33,280 ------w c:\windows\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 02:33:21 58,368 ------w c:\windows\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 18:36:37 13,952 ------w c:\windows\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 02:33:21 15,872 ------w c:\windows\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 02:33:57 401,408 ------w c:\windows\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 02:33:21 353,280 ------w c:\windows\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 02:33:57 25,600 ------w c:\windows\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 02:33:57 39,936 ------w c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 02:33:21 191,488 ------w c:\windows\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 02:33:21 13,312 ------w c:\windows\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 02:33:57 65,536 ------w c:\windows\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 02:33:21 40,960 ------w c:\windows\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 02:33:21 50,688 ------w c:\windows\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 02:33:21 83,968 ------w c:\windows\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-13 16:44:16 17,920 ------w c:\windows\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 02:33:21 60,416 ------w c:\windows\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 02:33:21 28,160 ------w c:\windows\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 02:33:21 195,072 ------w c:\windows\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 02:33:21 617,472 ------w c:\windows\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 02:33:21 281,600 ------w c:\windows\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 02:33:21 253,440 ------w c:\windows\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 18:36:37 10,240 ------w c:\windows\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 02:33:21 230,912 ------w c:\windows\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 02:33:21 97,792 ------w c:\windows\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 02:33:57 9,728 ------w c:\windows\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 02:33:57 6,144 ------w c:\windows\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 02:33:21 851,968 ------w c:\windows\ServicePackFiles\i386\comres.dll
+ 2008-04-14 02:33:21 274,944 ------w c:\windows\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 02:33:21 167,424 ------w c:\windows\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 02:33:21 1,267,200 ------w c:\windows\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 02:33:21 539,648 ------w c:\windows\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 02:33:58 1,044,480 ------w c:\windows\ServicePackFiles\i386\conf.exe
+ 2008-04-14 02:33:21 45,056 ------w c:\windows\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 02:33:21 358,400 ------w c:\windows\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 02:33:59 27,648 ------w c:\windows\ServicePackFiles\i386\conime.exe
+ 2008-04-14 02:33:21 35,328 ------w c:\windows\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 02:33:21 12,800 ------w c:\windows\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 02:33:21 165,888 ------w c:\windows\ServicePackFiles\i386\credui.dll
+ 2008-04-14 02:02:47 40,960 ------w c:\windows\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 02:33:21 606,208 ------w c:\windows\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 02:33:21 75,776 ------w c:\windows\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 02:33:21 33,280 ------w c:\windows\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 02:33:21 54,784 ------w c:\windows\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 02:33:21 64,512 ------w c:\windows\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 02:33:21 62,464 ------w c:\windows\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 02:33:21 530,432 ------w c:\windows\ServicePackFiles\i386\cryptui.dll
+ 2008-04-14 02:33:21 102,912 ------w c:\windows\ServicePackFiles\i386\cscdll.dll
+ 2008-04-14 02:33:59 139,264 ------w c:\windows\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 02:33:21 337,920 ------w c:\windows\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 02:33:22 32,256 ------w c:\windows\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 02:33:59 6,144 ------w c:\windows\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 02:33:59 15,360 ------w c:\windows\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 02:33:22 252,416 ------w c:\windows\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 02:33:22 33,792 ------w c:\windows\ServicePackFiles\i386\custsat.dll
+ 2004-08-03 20:32:26 48,640 ------w c:\windows\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 02:33:22 1,179,648 ------w c:\windows\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 02:33:22 8,192 ------w c:\windows\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 02:33:22 1,689,088 ------w c:\windows\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 02:33:22 824,320 ------w c:\windows\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 02:33:22 1,056,768 ------w c:\windows\ServicePackFiles\i386\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w c:\windows\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 02:33:22 55,296 ------w c:\windows\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 02:33:22 165,376 ------w c:\windows\ServicePackFiles\i386\datime.dll
+ 2008-04-14 02:33:22 25,600 ------w c:\windows\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 02:33:22 640,000 ------w c:\windows\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 02:33:22 24,576 ------w c:\windows\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 02:33:22 110,592 ------w c:\windows\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 02:33:22 28,672 ------w c:\windows\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 02:50:20 1,804 ------w c:\windows\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 02:33:22 40,960 ------w c:\windows\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 02:33:22 8,704 ------w c:\windows\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 02:33:59 6,144 ------w c:\windows\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 02:33:59 31,744 ------w c:\windows\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 02:33:22 279,552 ------w c:\windows\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 02:33:22 27,136 ------w c:\windows\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 02:33:59 25,088 ------w c:\windows\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 02:33:22 59,904 ------w c:\windows\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 02:33:22 290,816 ------w c:\windows\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 02:33:59 82,944 ------w c:\windows\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 02:33:59 105,472 ------w c:\windows\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 02:33:22 39,936 ------w c:\windows\ServicePackFiles\i386\dfrgsnap.dll
+ 2008-04-14 02:33:22 124,416 ------w c:\windows\ServicePackFiles\i386\dfrgui.dll
+ 2008-04-14 02:33:22 28,672 ------w c:\windows\ServicePackFiles\i386\dfsshlex.dll
+ 2008-04-14 02:33:22 115,200 ------w c:\windows\ServicePackFiles\i386\dgnet.dll
+ 2008-04-14 02:33:22 127,488 ------w c:\windows\ServicePackFiles\i386\dhcpcsvc.dll
+ 2008-04-14 02:33:22 411,136 ------w c:\windows\ServicePackFiles\i386\dhcpmon.dll
+ 2008-04-14 02:33:22 49,152 ------w c:\windows\ServicePackFiles\i386\dhcpqec.dll
+ 2008-04-14 02:33:59 548,352 ------w c:\windows\ServicePackFiles\i386\dialer.exe
+ 2008-04-14 02:34:00 87,040 ------w c:\windows\ServicePackFiles\i386\diantz.exe
+ 2004-08-05 12:00:00 887,784 ------w c:\windows\ServicePackFiles\i386\digcore.exe
+ 2008-04-14 02:33:22 68,608 ------w c:\windows\ServicePackFiles\i386\digest.dll
+ 2008-04-14 02:33:22 19,456 ------w c:\windows\ServicePackFiles\i386\dimsntfy.dll
+ 2008-04-14 02:33:22 39,936 ------w c:\windows\ServicePackFiles\i386\dimsroam.dll
+ 2008-04-14 02:33:22 165,376 ------w c:\windows\ServicePackFiles\i386\dinput.dll
+ 2008-04-14 02:33:22 187,904 ------w c:\windows\ServicePackFiles\i386\dinput8.dll
+ 2008-04-14 02:33:22 86,528 ------w c:\windows\ServicePackFiles\i386\directdb.dll
+ 2008-04-13 18:40:47 36,352 ------w c:\windows\ServicePackFiles\i386\disk.sys
+ 2008-04-14 02:33:22 1,504,768 ------w c:\windows\ServicePackFiles\i386\diskcopy.dll
+ 2008-04-13 18:40:44 14,208 ------w c:\windows\ServicePackFiles\i386\diskdump.sys
+ 2008-04-14 02:34:00 167,936 ------w c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2008-04-14 02:33:22 32,768 ------w c:\windows\ServicePackFiles\i386\dispex.dll
+ 2008-04-14 02:34:00 5,120 ------w c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2008-04-13 18:40:51 8,320 ------w c:\windows\ServicePackFiles\i386\dlttape.sys
+ 2008-04-14 02:34:00 225,280 ------w c:\windows\ServicePackFiles\i386\dmadmin.exe
+ 2008-04-14 02:33:22 28,672 ------w c:\windows\ServicePackFiles\i386\dmband.dll
+ 2008-04-14 02:05:07 800,256 ------w c:\windows\ServicePackFiles\i386\dmboot.sys
+ 2008-04-14 02:33:22 61,440 ------w c:\windows\ServicePackFiles\i386\dmcompos.dll
+ 2008-04-14 02:33:22 285,184 ------w c:\windows\ServicePackFiles\i386\dmdlgs.dll
+ 2008-04-14 02:33:22 200,704 ------w c:\windows\ServicePackFiles\i386\dmdskmgr.dll
+ 2008-04-14 02:33:22 181,248 ------w c:\windows\ServicePackFiles\i386\dmime.dll
+ 2008-04-14 02:05:12 154,496 ------w c:\windows\ServicePackFiles\i386\dmio.sys
+ 2008-04-14 02:33:22 35,840 ------w c:\windows\ServicePackFiles\i386\dmloader.dll
+ 2008-04-14 02:34:00 15,872 ------w c:\windows\ServicePackFiles\i386\dmremote.exe
+ 2008-04-14 02:33:22 82,432 ------w c:\windows\ServicePackFiles\i386\dmscript.dll
+ 2008-04-14 02:33:22 24,576 ------w c:\windows\ServicePackFiles\i386\dmserver.dll
+ 2008-04-14 02:33:22 105,984 ------w c:\windows\ServicePackFiles\i386\dmstyle.dll
+ 2008-04-14 02:33:22 103,424 ------w c:\windows\ServicePackFiles\i386\dmsynth.dll
+ 2008-04-14 02:33:22 104,448 ------w c:\windows\ServicePackFiles\i386\dmusic.dll
+ 2008-04-13 18:45:01 52,864 ------w c:\windows\ServicePackFiles\i386\dmusic.sys
+ 2008-04-14 02:33:22 58,880 ------w c:\windows\ServicePackFiles\i386\dmutil.dll
+ 2008-04-14 02:33:22 147,968 ------w c:\windows\ServicePackFiles\i386\dnsapi.dll
+ 2008-04-14 02:33:22 45,568 ------w c:\windows\ServicePackFiles\i386\dnsrslvr.dll
+ 2008-04-14 02:33:22 48,640 ------w c:\windows\ServicePackFiles\i386\docprop2.dll
+ 2004-08-05 12:00:00 54,080 ------w c:\windows\ServicePackFiles\i386\dosx.exe
+ 2008-04-14 02:33:22 26,112 ------w c:\windows\ServicePackFiles\i386\dot3api.dll
+ 2008-04-14 02:33:22 60,928 ------w c:\windows\ServicePackFiles\i386\dot3cfg.dll
+ 2008-04-14 02:33:22 39,936 ------w c:\windows\ServicePackFiles\i386\dot3clnt.dll
+ 2008-04-14 02:33:22 9,216 ------w c:\windows\ServicePackFiles\i386\dot3dlg.dll
+ 2008-04-14 02:33:22 56,832 ------w c:\windows\ServicePackFiles\i386\dot3msm.dll
+ 2008-04-14 02:33:22 133,120 ------w c:\windows\ServicePackFiles\i386\dot3svc.dll
+ 2008-04-14 02:33:22 651,264 ------w c:\windows\ServicePackFiles\i386\dot3ui.dll
+ 2008-04-13 18:39:46 206,976 ------w c:\windows\ServicePackFiles\i386\dot4.sys
+ 2008-04-14 01:54:17 103,936 ------w c:\windows\ServicePackFiles\i386\dpcdll.dll
+ 2008-04-14 02:34:01 29,696 ------w c:\windows\ServicePackFiles\i386\dplaysvr.exe
+ 2008-04-14 02:33:22 229,888 ------w c:\windows\ServicePackFiles\i386\dplayx.dll
+ 2008-04-14 02:33:23 24,064 ------w c:\windows\ServicePackFiles\i386\dpmodemx.dll
+ 2008-04-14 02:31:14 3,072 ------w c:\windows\ServicePackFiles\i386\dpnaddr.dll
+ 2008-04-14 02:33:23 375,296 ------w c:\windows\ServicePackFiles\i386\dpnet.dll
+ 2008-04-14 02:33:23 35,328 ------w c:\windows\ServicePackFiles\i386\dpnhpast.dll
+ 2008-04-14 02:33:23 60,928 ------w c:\windows\ServicePackFiles\i386\dpnhupnp.dll
+ 2008-04-14 02:31:14 3,072 ------w c:\windows\ServicePackFiles\i386\dpnlobby.dll
+ 2008-04-14 02:34:01 18,432 ------w c:\windows\ServicePackFiles\i386\dpnsvr.exe
+ 2008-04-14 02:33:23 21,504 ------w c:\windows\ServicePackFiles\i386\dpvacm.dll
+ 2008-04-14 02:33:23 213,504 ------w c:\windows\ServicePackFiles\i386\dpvoice.dll
+ 2008-04-14 02:34:01 83,456 ------w c:\windows\ServicePackFiles\i386\dpvsetup.exe
+ 2008-04-14 02:33:23 116,736 ------w c:\windows\ServicePackFiles\i386\dpvvox.dll
+ 2008-04-14 02:33:23 57,344 ------w c:\windows\ServicePackFiles\i386\dpwsockx.dll
+ 2008-04-13 18:45:14 60,160 ------w c:\windows\ServicePackFiles\i386\drmk.sys
+ 2008-04-13 18:45:13 2,944 ------w c:\windows\ServicePackFiles\i386\drmkaud.sys
+ 2008-04-14 02:33:23 14,336 ------w c:\windows\ServicePackFiles\i386\drprov.dll
+ 2004-08-05 12:00:00 4,656 ------w c:\windows\ServicePackFiles\i386\ds16gt.dll
+ 2008-04-14 02:33:23 16,384 ------w c:\windows\ServicePackFiles\i386\ds32gt.dll
+ 2008-04-14 02:33:23 181,248 ------w c:\windows\ServicePackFiles\i386\dsdmo.dll
+ 2008-04-14 02:33:23 72,192 ------w c:\windows\ServicePackFiles\i386\dsdmoprp.dll
+ 2008-04-14 02:33:23 93,696 ------w c:\windows\ServicePackFiles\i386\dskquota.dll
+ 2008-04-14 02:33:23 161,280 ------w c:\windows\ServicePackFiles\i386\dskquoui.dll
+ 2008-04-14 02:33:23 367,616 ------w c:\windows\ServicePackFiles\i386\dsound.dll
+ 2008-04-14 02:33:23 1,293,824 ------w c:\windows\ServicePackFiles\i386\dsound3d.dll
+ 2008-04-14 02:33:23 145,920 ------w c:\windows\ServicePackFiles\i386\dsprop.dll
+ 2008-04-14 02:06:29 4,096 ------w c:\windows\ServicePackFiles\i386\dsprpres.dll
+ 2008-04-14 02:33:23 240,640 ------w c:\windows\ServicePackFiles\i386\dsquery.dll
+ 2008-04-14 02:33:23 52,736 ------w c:\windows\ServicePackFiles\i386\dssec.dll
+ 2008-04-13 17:37:57 138,752 ------w c:\windows\ServicePackFiles\i386\dssenh.dll
+ 2008-04-14 02:33:23 113,664 ------w c:\windows\ServicePackFiles\i386\dsuiext.dll
+ 2008-04-14 02:33:23 19,456 ------w c:\windows\ServicePackFiles\i386\dswave.dll
+ 2008-04-14 02:34:01 10,752 ------w c:\windows\ServicePackFiles\i386\dumprep.exe
+ 2008-04-14 02:33:23 304,128 ------w c:\windows\ServicePackFiles\i386\duser.dll
+ 2008-04-14 02:34:01 17,920 ------w c:\windows\ServicePackFiles\i386\dvdupgrd.exe
+ 2008-04-14 02:34:01 180,224 ------w c:\windows\ServicePackFiles\i386\dwwin.exe
+ 2008-04-14 02:33:23 619,008 ------w c:\windows\ServicePackFiles\i386\dx7vb.dll
+ 2008-04-14 02:33:23 1,227,264 ------w c:\windows\ServicePackFiles\i386\dx8vb.dll
+ 2008-04-14 02:34:01 1,298,432 ------w c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2008-04-14 02:33:23 2,113,536 ------w c:\windows\ServicePackFiles\i386\dxdiagn.dll
+ 2008-04-13 18:38:29 71,168 ------w c:\windows\ServicePackFiles\i386\dxg.sys
+ 2008-04-14 02:33:23 357,888 ------w c:\windows\ServicePackFiles\i386\dxtmsft.dll
+ 2008-04-14 02:33:23 205,312 ------w c:\windows\ServicePackFiles\i386\dxtrans.dll
+ 2008-04-14 02:33:23 30,720 ------w c:\windows\ServicePackFiles\i386\eapolqec.dll
+ 2008-04-14 02:33:23 184,832 ------w c:\windows\ServicePackFiles\i386\eapp3hst.dll
+ 2008-04-14 02:33:23 126,976 ------w c:\windows\ServicePackFiles\i386\eappcfg.dll
+ 2008-04-14 02:33:23 94,720 ------w c:\windows\ServicePackFiles\i386\eappgnui.dll
+ 2008-04-14 02:33:23 180,736 ------w c:\windows\ServicePackFiles\i386\eapphost.dll
+ 2008-04-14 02:33:23 40,960 ------w c:\windows\ServicePackFiles\i386\eappprxy.dll
+ 2008-04-14 02:33:23 59,392 ------w c:\windows\ServicePackFiles\i386\eapqec.dll
+ 2008-04-14 02:33:23 33,792 ------w c:\windows\ServicePackFiles\i386\eapsvc.dll
+ 2008-04-14 02:33:23 175,616 ------w c:\windows\ServicePackFiles\i386\ediskeer.dll
+ 2008-04-14 02:33:23 187,392 ------w c:\windows\ServicePackFiles\i386\els.dll
+ 2008-04-14 02:33:23 20,480 ------w c:\windows\ServicePackFiles\i386\encapi.dll
+ 2008-04-14 02:33:23 186,880 ------w c:\windows\ServicePackFiles\i386\encdec.dll
+ 2008-04-14 01:56:19 40,960 ------w c:\windows\ServicePackFiles\i386\ep9res.dll
+ 2004-08-03 22:37:52 121,344 ------w c:\windows\ServicePackFiles\i386\epcl5res.dll
+ 2008-04-14 02:33:24 23,040 ------w c:\windows\ServicePackFiles\i386\ersvc.dll
+ 2008-04-14 02:33:24 246,272 ------w c:\windows\ServicePackFiles\i386\es.dll
+ 2008-04-14 02:33:24 1,097,728 ------w c:\windows\ServicePackFiles\i386\esent.dll
+ 2008-04-14 02:33:24 247,808 ------w c:\windows\ServicePackFiles\i386\esscli.dll
+ 2004-08-03 20:32:28 137,088 ------w c:\windows\ServicePackFiles\i386\essm2e.sys
+ 2008-04-14 02:34:01 195,072 ------w c:\windows\ServicePackFiles\i386\eudcedit.exe
+ 2008-04-14 02:33:24 56,320 ------w c:\windows\ServicePackFiles\i386\eventlog.dll
+ 2008-04-14 02:33:24 109,568 ------w c:\windows\ServicePackFiles\i386\evntagnt.dll
+ 2008-04-14 02:34:01 26,112 ------w c:\windows\ServicePackFiles\i386\evntcmd.exe
+ 2008-04-14 02:33:24 21,504 ------w c:\windows\ServicePackFiles\i386\evntrprv.dll
+ 2008-04-14 02:34:02 94,720 ------w c:\windows\ServicePackFiles\i386\evntwin.exe
+ 2008-04-14 02:34:03 1,037,824 ------w c:\windows\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 02:33:24 380,445 ------w c:\windows\ServicePackFiles\i386\expsrv.dll
+ 2008-04-14 02:33:24 55,808 ------w c:\windows\ServicePackFiles\i386\extmgr.dll
+ 2008-04-14 02:34:04 24,064 ------w c:\windows\ServicePackFiles\i386\extrac32.exe
+ 2008-04-14 02:33:24 125,952 ------w c:\windows\ServicePackFiles\i386\exts.dll
+ 2008-04-14 02:31:21 7,168 ------w c:\windows\ServicePackFiles\i386\f3ahvoas.dll
+ 2008-04-13 19:14:29 143,744 ------w c:\windows\ServicePackFiles\i386\fastfat.sys
+ 2008-04-14 02:33:24 472,064 ------w c:\windows\ServicePackFiles\i386\fastprox.dll
+ 2008-04-14 02:33:24 80,896 ------w c:\windows\ServicePackFiles\i386\faultrep.dll
+ 2008-04-14 02:34:04 20,992 ------w c:\windows\ServicePackFiles\i386\faxpatch.exe
+ 2008-04-13 18:40:25 27,392 ------w c:\windows\ServicePackFiles\i386\fdc.sys
+ 2008-04-14 02:33:24 21,504 ------w c:\windows\ServicePackFiles\i386\feclient.dll
+ 2008-04-14 02:33:24 348,160 ------w c:\windows\ServicePackFiles\i386\filemgmt.dll
+ 2008-04-14 02:34:04 29,184 ------w c:\windows\ServicePackFiles\i386\findstr.exe
+ 2008-04-14 01:57:38 44,672 ------w c:\windows\ServicePackFiles\i386\fips.sys
+ 2008-04-14 02:33:24 88,064 ------w c:\windows\ServicePackFiles\i386\fldrclnr.dll
+ 2008-04-13 18:40:25 20,480 ------w c:\windows\ServicePackFiles\i386\flpydisk.sys
+ 2008-04-14 02:33:24 16,896 ------w c:\windows\ServicePackFiles\i386\fltlib.dll
+ 2008-04-14 02:34:04 23,040 ------w c:\windows\ServicePackFiles\i386\fltmc.exe
+ 2008-04-13 18:32:59 129,792 ------w c:\windows\ServicePackFiles\i386\fltmgr.sys
+ 2008-04-14 02:33:24 386,560 ------w c:\windows\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 02:33:24 80,896 ------w c:\windows\ServicePackFiles\i386\fontsub.dll
+ 2008-04-14 02:34:04 21,504 ------w c:\windows\ServicePackFiles\i386\fontview.exe
+ 2008-04-14 02:34:04 7,680 ------w c:\windows\ServicePackFiles\i386\forcedos.exe
+ 2004-08-03 20:31:24 34,173 ------w c:\windows\ServicePackFiles\i386\forehe.sys
+ 2008-04-14 02:34:31 29,696 ------w c:\windows\ServicePackFiles\i386\format.com
+ 2008-04-14 02:33:24 32,828 ------w c:\windows\ServicePackFiles\i386\fp40ext.dll
+ 2008-04-14 02:33:24 184,435 ------w c:\windows\ServicePackFiles\i386\fp4amsft.dll
+ 2008-04-14 02:33:24 82,035 ------w c:\windows\ServicePackFiles\i386\fp4anscp.dll
+ 2008-04-14 02:33:24 147,513 ------w c:\windows\ServicePackFiles\i386\fp4apws.dll
+ 2008-04-14 02:33:24 49,210 ------w c:\windows\ServicePackFiles\i386\fp4areg.dll
+ 2008-04-14 02:33:24 102,509 ------w c:\windows\ServicePackFiles\i386\fp4atxt.dll
+ 2008-04-14 02:33:24 618,605 ------w c:\windows\ServicePackFiles\i386\fp4autl.dll
+ 2008-04-14 02:33:24 41,020 ------w c:\windows\ServicePackFiles\i386\fp4avnb.dll
+ 2008-04-14 02:33:24 32,826 ------w c:\windows\ServicePackFiles\i386\fp4avss.dll
+ 2008-04-14 02:33:24 49,212 ------w c:\windows\ServicePackFiles\i386\fp4awebs.dll
+ 2008-04-14 02:33:24 876,653 ------w c:\windows\ServicePackFiles\i386\fp4awel.dll
+ 2008-04-14 02:34:04 15,120 ------w c:\windows\ServicePackFiles\i386\fp98sadm.exe
+ 2008-04-14 02:34:04 109,840 ------w c:\windows\ServicePackFiles\i386\fp98swin.exe
+ 2008-04-14 02:34:04 24,632 ------w c:\windows\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 02:33:24 20,541 ------w c:\windows\ServicePackFiles\i386\fpadmdll.dll
+ 2008-04-14 02:34:04 188,494 ------w c:\windows\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 02:33:24 94,208 ------w c:\windows\ServicePackFiles\i386\fpencode.dll
+ 2008-04-14 02:33:25 20,541 ------w c:\windows\ServicePackFiles\i386\fpexedll.dll
+ 2008-04-14 02:33:25 598,071 ------w c:\windows\ServicePackFiles\i386\fpmmc.dll
+ 2003-04-14 18:29:34 217,088 ------w c:\windows\ServicePackFiles\i386\fpmmcsat.dll
+ 2008-04-14 02:34:04 20,538 ------w c:\windows\ServicePackFiles\i386\fpremadm.exe
+ 2008-04-14 02:34:04 28,728 ------w c:\windows\ServicePackFiles\i386\fpsrvadm.exe
+ 2008-04-14 02:31:23 9,344 ------w c:\windows\ServicePackFiles\i386\framebuf.dll
+ 2008-04-14 02:33:25 185,344 ------w c:\windows\ServicePackFiles\i386\framedyn.dll
+ 2008-04-14 02:34:04 193,024 ------w c:\windows\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 02:34:04 46,080 ------w c:\windows\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 02:33:25 60,416 ------w c:\windows\ServicePackFiles\i386\fwcfg.dll
+ 2008-04-14 02:33:25 451,584 ------w c:\windows\ServicePackFiles\i386\fxsapi.dll
+ 2008-04-14 02:34:04 142,848 ------w c:\windows\ServicePackFiles\i386\fxsclnt.exe
+ 2008-04-14 02:33:25 72,192 ------w c:\windows\ServicePackFiles\i386\fxscom.dll
+ 2008-04-14 02:33:25 285,184 ------w c:\windows\ServicePackFiles\i386\fxscomex.dll
+ 2008-04-14 02:34:04 238,592 ------w c:\windows\ServicePackFiles\i386\fxscover.exe
+ 2008-04-14 02:33:25 26,624 ------w c:\windows\ServicePackFiles\i386\fxsdrv.dll
+ 2008-04-14 02:33:25 66,048 ------w c:
0
Réponse 46 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Bonjour,

le rapport est incomplet.
0
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Re,

Désolé !! Le post est un peu long et j'ai des coupures réseau... je réessais :


ComboFix 09-02-02.04 - G 2009-02-08 9:29:23.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.244 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Drivers\SjyPkt.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-08 au 2009-02-08 ))))))))))))))))))))))))))))))))))))
.

2009-02-07 08:18 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-07 08:17 . 2008-10-16 21:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-07 08:17 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-07 08:17 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-07 08:17 . 2008-10-16 21:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-07 08:17 . 2008-10-16 21:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-07 08:17 . 2008-10-16 21:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-07 08:17 . 2008-10-16 21:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-07 08:17 . 2008-10-16 21:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-07 08:17 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-07 08:16 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-07 08:15 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-07 08:15 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-07 08:15 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 08:15 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-07 08:15 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-07 08:15 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-07 08:15 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-07 08:14 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-07 08:14 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\windows\system32\fr
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\windows\system32\bits
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\windows\l2schemas
2009-02-06 12:40 . 2009-02-06 12:52 <REP> d-------- c:\windows\ServicePackFiles
2009-02-06 12:24 . 2009-02-06 12:24 <REP> d-------- c:\windows\EHome
2009-02-06 11:33 . 2009-02-07 09:53 <REP> d-------- c:\windows\system32\fr-fr
2009-02-06 11:28 . 2009-02-07 09:53 1,355 --a------ c:\windows\imsins.BAK
2009-02-03 12:32 . 2009-02-03 12:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\program files\Avira
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-28 14:57 . 2009-01-28 16:56 <REP> d-------- C:\Lop SD
2009-01-27 12:37 . 2009-01-27 13:35 <REP> d-------- c:\windows\BDOSCAN8
2009-01-26 17:09 . 2009-01-26 17:09 <REP> d-------- c:\program files\CCleaner
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 16:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 12:38 . 2009-01-26 12:47 <REP> d-------- C:\ToolBar SD
2009-01-26 12:03 . 2009-01-26 12:04 <REP> d-------- C:\rsit
2009-01-26 12:03 . 2009-01-26 13:02 <REP> d-------- c:\program files\trend micro
2009-01-22 16:06 . 2009-01-22 16:22 <REP> d-------- c:\program files\Ballance
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 15:46 . 2009-01-22 15:46 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 15:45 . 2009-01-22 16:19 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 08:26 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-23 17:00 --------- d-----w c:\program files\eMule
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_14.46.32.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
+ 2008-04-14 02:33:18 39,424 ----a-w c:\windows\AppPatch\acadproc.dll
- 2004-08-05 12:00:00 1,852,416 ----a-w c:\windows\AppPatch\AcGenral.dll
+ 2008-04-14 02:33:18 1,852,928 ----a-w c:\windows\AppPatch\acgenral.dll
- 2004-08-05 12:00:00 450,048 ----a-w c:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 02:33:18 451,072 ----a-w c:\windows\AppPatch\aclayers.dll
- 2004-08-05 12:00:00 137,728 ----a-w c:\windows\AppPatch\AcLua.dll
+ 2008-04-14 02:33:18 141,312 ----a-w c:\windows\AppPatch\aclua.dll
- 2004-08-05 12:00:00 244,736 ----a-w c:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 02:33:18 245,248 ----a-w c:\windows\AppPatch\acspecfc.dll
- 2004-08-05 12:00:00 116,224 ----a-w c:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 02:33:18 116,224 ----a-w c:\windows\AppPatch\acxtrnal.dll
- 2008-06-14 17:59:52 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-06-14 17:33:37 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
- 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2008-08-14 13:44:35 2,138,112 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:23:44 2,147,328 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-08-14 13:44:39 2,059,776 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:23:49 2,068,096 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-08-14 13:44:33 2,017,792 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:23:44 2,025,984 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-08-14 13:44:37 2,182,400 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:23:49 2,191,232 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2007-06-13 13:22:28 1,037,312 ----a-w c:\windows\explorer.exe
+ 2008-04-14 02:34:03 1,037,824 ----a-w c:\windows\explorer.exe
- 2004-08-05 12:00:00 34,816 ----a-w c:\windows\Help\sniffpol.dll
+ 2008-04-14 02:33:41 34,816 ----a-w c:\windows\Help\sniffpol.dll
- 2004-08-05 12:00:00 33,280 ----a-w c:\windows\Help\sstub.dll
+ 2008-04-14 02:33:46 33,280 ----a-w c:\windows\Help\sstub.dll
- 2004-08-05 12:00:00 279,040 ----a-w c:\windows\Help\tshoot.dll
+ 2008-04-14 02:33:46 279,040 ----a-w c:\windows\Help\tshoot.dll
- 2005-05-26 23:22:01 10,752 ----a-w c:\windows\hh.exe
+ 2008-04-14 02:34:06 10,752 ----a-w c:\windows\hh.exe
+ 2004-08-05 12:00:00 61,440 -c----w c:\windows\ie7\admparse.dll
+ 2004-08-05 12:00:00 101,888 -c----w c:\windows\ie7\advpack.dll
+ 2004-08-05 12:00:00 35,328 -c----w c:\windows\ie7\corpol.dll
+ 2004-05-11 22:18:58 28,672 -c----w c:\windows\ie7\custsat.dll
+ 2008-10-16 10:23:42 357,888 -c----w c:\windows\ie7\dxtmsft.dll
+ 2008-10-16 10:23:42 205,312 -c----w c:\windows\ie7\dxtrans.dll
+ 2008-10-16 10:23:42 55,808 -c----w c:\windows\ie7\extmgr.dll
+ 2004-08-05 12:00:00 38,912 -c----w c:\windows\ie7\hmmapi.dll
+ 2004-08-05 12:00:00 34,304 -c----w c:\windows\ie7\ie4uinit.exe
+ 2004-08-05 12:00:00 139,264 -c----w c:\windows\ie7\ieakeng.dll
+ 2004-08-05 12:00:00 221,696 -c----w c:\windows\ie7\ieaksie.dll
+ 2004-08-05 12:00:00 245,760 -c----w c:\windows\ie7\ieakui.dll
+ 2004-08-05 12:00:00 323,584 -c----w c:\windows\ie7\iedkcs32.dll
+ 2008-10-15 14:18:21 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2004-08-05 12:00:00 81,920 -c----w c:\windows\ie7\ieencode.dll
+ 2008-10-16 10:23:42 251,904 -c----w c:\windows\ie7\iepeers.dll
+ 2004-08-05 12:00:00 49,152 -c----w c:\windows\ie7\iernonce.dll
+ 2004-08-05 12:00:00 63,488 -c----w c:\windows\ie7\iesetup.dll
+ 2004-08-05 12:00:00 93,184 -c----w c:\windows\ie7\iexplore.exe
+ 2004-08-05 12:00:00 35,840 -c----w c:\windows\ie7\imgutil.dll
+ 2008-10-16 10:23:42 96,768 -c----w c:\windows\ie7\inseng.dll
+ 2007-12-18 14:41:58 450,560 -c----w c:\windows\ie7\jscript.dll
+ 2008-10-16 10:23:44 16,384 -c----w c:\windows\ie7\jsproxy.dll
+ 2004-08-05 12:00:00 22,528 -c----w c:\windows\ie7\licmgr10.dll
+ 2004-08-05 12:00:00 29,184 -c----w c:\windows\ie7\mshta.exe
+ 2008-12-12 17:29:30 3,088,384 -c----w c:\windows\ie7\mshtml.dll
+ 2008-10-16 10:23:44 449,024 -c----w c:\windows\ie7\mshtmled.dll
+ 2004-08-05 12:00:00 57,344 -c----w c:\windows\ie7\mshtmler.dll
+ 2004-08-05 12:00:00 146,432 -c----w c:\windows\ie7\msls31.dll
+ 2008-10-16 10:23:42 146,432 -c----w c:\windows\ie7\msrating.dll
+ 2008-10-16 10:23:42 532,480 -c----w c:\windows\ie7\mstime.dll
+ 2004-08-05 12:00:00 97,280 -c----w c:\windows\ie7\occache.dll
+ 2008-10-16 10:23:42 39,424 -c----w c:\windows\ie7\pngfilt.dll
+ 2007-09-26 17:34:42 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-09-26 17:32:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:28 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:30 394,976 -c----w c:\windows\ie7\spuninst\updspapi.dll
+ 2004-08-05 12:00:00 37,888 -c----w c:\windows\ie7\url.dll
+ 2008-10-16 10:23:45 621,056 -c----w c:\windows\ie7\urlmon.dll
+ 2007-12-18 14:41:59 417,792 -c----w c:\windows\ie7\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c----w c:\windows\ie7\vgx.dll
+ 2004-08-05 12:00:00 281,600 -c----w c:\windows\ie7\webcheck.dll
+ 2008-10-16 10:23:43 671,744 -c----w c:\windows\ie7\wininet.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 17:39:00 123,904 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2007-08-13 17:35:46 346,624 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2007-08-13 17:35:38 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2007-08-13 17:39:26 152,064 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2007-08-13 17:39:54 229,376 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2007-08-13 16:56:54 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2007-08-13 17:54:10 6,049,280 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2007-08-13 17:34:04 266,752 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2007-08-13 17:54:10 27,136 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:10 475,648 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2007-08-13 17:36:12 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2007-08-13 17:54:10 1,162,240 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2007-08-13 17:54:10 818,688 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2004-08-05 12:00:00 220,160 ----a-w c:\windows\ime\mscandui.dll
+ 2008-04-14 02:33:30 220,160 ----a-w c:\windows\ime\mscandui.dll
- 2004-08-05 12:00:00 130,048 ----a-w c:\windows\ime\SOFTKBD.DLL
+ 2008-04-14 02:33:41 130,048 ----a-w c:\windows\ime\softkbd.dll
- 2004-08-05 12:00:00 62,976 ----a-w c:\windows\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ----a-w c:\windows\ime\spgrmr.dll
- 2004-08-05 12:00:00 272,384 ----a-w c:\windows\ime\SPTIP.dll
+ 2008-04-14 02:33:46 272,384 ----a-w c:\windows\ime\sptip.dll
+ 2008-01-18 15:13:09 2,247 ------w c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w c:\windows\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w c:\windows\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 02:33:06 25,600 ------w c:\windows\Installer\tsclientmsitrans\tscupdc.dll
- 2004-08-05 12:00:00 24,064 ----a-w c:\windows\msagent\agentanm.dll
+ 2008-04-14 02:33:18 24,064 ----a-w c:\windows\msagent\agentanm.dll
- 2004-08-05 12:00:00 214,016 ----a-w c:\windows\msagent\agentctl.dll
+ 2008-04-14 02:33:18 214,016 ----a-w c:\windows\msagent\agentctl.dll
- 2006-10-12 13:55:58 42,496 ----a-w c:\windows\msagent\agentdp2.dll
+ 2008-04-14 02:33:18 42,496 ----a-w c:\windows\msagent\agentdp2.dll
- 2007-03-09 14:00:38 57,344 ----a-w c:\windows\msagent\agentdpv.dll
+ 2008-04-14 02:33:18 57,344 ----a-w c:\windows\msagent\agentdpv.dll
- 2004-08-05 12:00:00 49,152 ----a-w c:\windows\msagent\agentmpx.dll
+ 2008-04-14 02:33:18 49,152 ----a-w c:\windows\msagent\agentmpx.dll
- 2004-08-05 12:00:00 24,064 ----a-w c:\windows\msagent\agentpsh.dll
+ 2008-04-14 02:33:18 24,064 ----a-w c:\windows\msagent\agentpsh.dll
- 2004-08-05 12:00:00 44,032 ----a-w c:\windows\msagent\agentsr.dll
+ 2008-04-14 02:33:18 44,032 ----a-w c:\windows\msagent\agentsr.dll
- 2006-10-12 11:54:07 256,512 ----a-w c:\windows\msagent\agentsvr.exe
+ 2008-04-14 02:33:53 256,512 ----a-w c:\windows\msagent\agentsvr.exe
- 2004-08-05 12:00:00 24,064 ----a-w c:\windows\msagent\agtintl.dll
+ 2008-04-14 02:33:19 24,064 ----a-w c:\windows\msagent\agtintl.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\msagent\intl\agt0405.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\msagent\intl\agt0406.dll
- 2004-08-05 12:00:00 21,504 ----a-w c:\windows\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ----a-w c:\windows\msagent\intl\agt0407.dll
- 2004-08-05 12:00:00 22,016 ----a-w c:\windows\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ----a-w c:\windows\msagent\intl\agt0408.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ----a-w c:\windows\msagent\intl\agt0409.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ----a-w c:\windows\msagent\intl\agt040b.dll
- 2004-08-05 12:00:00 21,504 ----a-w c:\windows\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ----a-w c:\windows\msagent\intl\agt040c.dll
- 2004-08-05 12:00:00 19,968 ----a-w c:\windows\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ----a-w c:\windows\msagent\intl\agt040e.dll
- 2004-08-05 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ----a-w c:\windows\msagent\intl\agt0410.dll
- 2004-08-05 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ----a-w c:\windows\msagent\intl\agt0413.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt0414.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt0415.dll
- 2004-08-05 12:00:00 20,480 ----a-w c:\windows\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ----a-w c:\windows\msagent\intl\agt0416.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt0419.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt041d.dll
- 2004-08-05 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt041f.dll
- 2004-08-05 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ----a-w c:\windows\msagent\intl\agt0816.dll
- 2004-08-05 12:00:00 20,480 ----a-w c:\windows\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ----a-w c:\windows\msagent\intl\agt0c0a.dll
- 2004-08-05 12:00:00 39,936 ----a-w c:\windows\msagent\mslwvtts.dll
+ 2008-04-14 02:33:32 39,936 ----a-w c:\windows\msagent\mslwvtts.dll
+ 2008-04-14 02:33:22 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2008-04-13 18:53:32 558,080 ------w c:\windows\network diagnostic\xpnetdiag.exe
- 2004-08-05 12:00:00 70,656 ----a-w c:\windows\NOTEPAD.EXE
+ 2008-04-14 02:34:15 70,656 ----a-w c:\windows\notepad.exe
- 2004-08-05 12:00:00 768,512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 02:34:06 769,024 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-05 12:00:00 743,936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 02:34:06 744,448 ----a-w c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-05 12:00:00 18,944 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 02:34:06 18,432 ----a-w c:\windows\pchealth\helpctr\binaries\hscupd.exe
- 2004-08-05 12:00:00 160,768 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 02:34:12 172,544 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-05 12:00:00 381,952 ----a-w c:\windows\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 02:33:32 382,464 ----a-w c:\windows\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-05 12:00:00 102,400 ----a-w c:\windows\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 02:33:38 102,912 ----a-w c:\windows\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-05 12:00:00 38,912 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 02:33:38 38,400 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
- 2005-07-29 14:31:58 76,507 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-02-06 11:54:55 76,507 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2005-07-29 14:31:58 2,398 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-02-06 11:54:55 2,704 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-05 12:00:00 151,040 ----a-w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 02:34:26 151,040 ----a-w c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-05 12:00:00 151,552 ----a-w c:\windows\PeerNet\sqldb20.dll
+ 2008-04-14 02:33:46 151,552 ----a-w c:\windows\PeerNet\sqldb20.dll
- 2004-08-05 12:00:00 462,848 ----a-w c:\windows\PeerNet\sqlqp20.dll
+ 2008-04-14 02:33:46 462,848 ----a-w c:\windows\PeerNet\sqlqp20.dll
- 2004-08-05 12:00:00 110,592 ----a-w c:\windows\PeerNet\sqlse20.dll
+ 2008-04-14 02:33:46 110,592 ----a-w c:\windows\PeerNet\sqlse20.dll
- 2004-08-05 12:00:00 153,088 ----a-w c:\windows\regedit.exe
+ 2008-04-14 02:34:19 153,088 ----a-w c:\windows\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w c:\windows\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w c:\windows\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w c:\windows\ServicePackFiles\i386\61883.sys
+ 2008-04-14 02:33:18 100,352 ------w c:\windows\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 02:33:18 136,192 ------w c:\windows\ServicePackFiles\i386\aaclient.dll
+ 2004-08-03 20:32:22 231,552 ------w c:\windows\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-03 20:32:32 84,480 ------w c:\windows\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 02:33:18 39,424 ------w c:\windows\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 02:33:53 190,464 ------w c:\windows\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 02:33:18 1,852,928 ------w c:\windows\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 02:33:18 451,072 ------w c:\windows\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 02:33:18 141,312 ------w c:\windows\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 02:33:18 120,320 ------w c:\windows\ServicePackFiles\i386\aclui.dll
+ 2008-04-14 01:52:42 188,672 ------w c:\windows\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 02:33:18 245,248 ------w c:\windows\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 02:33:18 193,536 ------w c:\windows\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 02:33:53 4,096 ------w c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 02:33:18 98,304 ------w c:\windows\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 02:33:18 116,224 ------w c:\windows\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 02:33:18 20,540 ------w c:\windows\ServicePackFiles\i386\admin.dll
+ 2008-04-14 02:33:53 16,439 ------w c:\windows\ServicePackFiles\i386\admin.exe
+ 2004-08-03 20:32:24 10,880 ------w c:\windows\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 02:33:18 61,440 ------w c:\windows\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 02:33:18 175,616 ------w c:\windows\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 02:33:18 143,360 ------w c:\windows\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 02:33:18 68,096 ------w c:\windows\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 02:33:18 263,680 ------w c:\windows\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 02:33:18 4,255 ------w c:\windows\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 02:33:18 3,967 ------w c:\windows\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 02:33:18 3,615 ------w c:\windows\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 02:33:18 3,647 ------w c:\windows\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 02:33:18 3,135 ------w c:\windows\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 02:33:18 3,711 ------w c:\windows\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 02:33:18 3,775 ------w c:\windows\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 02:33:18 685,568 ------w c:\windows\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 02:33:18 101,888 ------w c:\windows\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w c:\windows\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w c:\windows\ServicePackFiles\i386\afd.sys
+ 2008-04-14 02:33:18 24,064 ------w c:\windows\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 02:33:18 214,016 ------w c:\windows\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 02:33:18 42,496 ------w c:\windows\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 02:33:18 57,344 ------w c:\windows\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 02:33:18 49,152 ------w c:\windows\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 02:33:18 24,064 ------w c:\windows\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 02:33:18 44,032 ------w c:\windows\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 02:33:53 256,512 ------w c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w c:\windows\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w c:\windows\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w c:\windows\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w c:\windows\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w c:\windows\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w c:\windows\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w c:\windows\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w c:\windows\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w c:\windows\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w c:\windows\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 02:33:19 24,064 ------w c:\windows\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 02:33:53 98,304 ------w c:\windows\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 02:33:53 44,544 ------w c:\windows\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w c:\windows\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 02:33:19 17,408 ------w c:\windows\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w c:\windows\ServicePackFiles\i386\amdagp.sys
+ 2008-04-14 01:54:28 41,472 ------w c:\windows\ServicePackFiles\i386\amdk6.sys
+ 2008-04-14 01:54:29 41,856 ------w c:\windows\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 02:33:19 70,656 ------w c:\windows\ServicePackFiles\i386\amstream.dll
+ 2004-08-03 20:31:20 36,224 ------w c:\windows\ServicePackFiles\i386\an983.sys
+ 2008-04-14 02:33:19 125,952 ------w c:\windows\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 02:33:19 334,336 ------w c:\windows\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w c:\windows\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 02:33:19 65,024 ------w c:\windows\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w c:\windows\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 02:33:53 25,088 ------w c:\windows\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w c:\windows\ServicePackFiles\i386\atapi.sys
+ 2004-08-03 20:29:30 56,623 ------w c:\windows\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-03 20:29:30 11,615 ------w c:\windows\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-03 20:29:30 12,047 ------w c:\windows\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-03 20:29:32 30,671 ------w c:\windows\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-03 20:29:32 63,663 ------w c:\windows\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-03 20:29:32 26,367 ------w c:\windows\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-03 20:29:32 21,343 ------w c:\windows\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-03 20:29:32 36,463 ------w c:\windows\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-03 20:29:32 29,455 ------w c:\windows\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-03 20:29:32 34,735 ------w c:\windows\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 02:33:19 229,376 ------w c:\windows\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 02:33:19 377,984 ------w c:\windows\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 02:33:19 201,728 ------w c:\windows\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-03 22:38:42 327,168 ------w c:\windows\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-03 22:38:44 701,440 ------w c:\windows\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 02:33:19 870,784 ------w c:\windows\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 02:33:19 1,057,760 ------w c:\windows\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 02:33:19 1,888,992 ------w c:\windows\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-03 20:29:28 57,856 ------w c:\windows\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-03 20:29:30 13,824 ------w c:\windows\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-03 20:29:30 14,336 ------w c:\windows\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-03 20:29:30 52,224 ------w c:\windows\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-03 20:29:32 104,960 ------w c:\windows\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-03 20:29:32 28,672 ------w c:\windows\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-03 20:29:32 13,824 ------w c:\windows\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-03 20:29:32 73,216 ------w c:\windows\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-03 20:29:32 31,744 ------w c:\windows\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-03 20:29:32 63,488 ------w c:\windows\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 02:33:19 32,768 ------w c:\windows\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 02:33:19 516,768 ------w c:\windows\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 02:33:19 58,880 ------w c:\windows\ServicePackFiles\i386\atl.dll
+ 2008-04-14 02:33:53 11,264 ------w c:\windows\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w c:\windows\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 02:31:00 285,696 ------w c:\windows\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w c:\windows\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 02:33:19 30,208 ------w c:\windows\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 02:33:53 12,288 ------w c:\windows\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 02:33:19 21,183 ------w c:\windows\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 02:33:19 11,359 ------w c:\windows\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 02:33:19 25,471 ------w c:\windows\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 02:33:19 14,143 ------w c:\windows\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 02:33:19 17,279 ------w c:\windows\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 02:33:19 42,496 ------w c:\windows\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 02:33:53 14,336 ------w c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 02:33:19 20,540 ------w c:\windows\ServicePackFiles\i386\author.dll
+ 2008-04-14 02:33:53 16,439 ------w c:\windows\ServicePackFiles\i386\author.exe
+ 2008-04-14 02:33:19 62,464 ------w c:\windows\ServicePackFiles\i386\authz.dll
+ 2008-04-14 02:33:53 625,152 ------w c:\windows\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 02:33:53 638,976 ------w c:\windows\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 02:33:54 616,960 ------w c:\windows\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 02:33:54 11,264 ------w c:\windows\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w c:\windows\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w c:\windows\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 02:33:19 85,504 ------w c:\windows\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 02:33:19 233,472 ------w c:\windows\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 02:33:19 52,736 ------w c:\windows\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 02:33:19 29,184 ------w c:\windows\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 02:33:19 8,704 ------w c:\windows\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w c:\windows\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w c:\windows\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 02:33:19 17,408 ------w c:\windows\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 02:33:19 8,192 ------w c:\windows\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 02:33:19 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 02:33:19 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 02:33:55 71,680 ------w c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2008-04-13 18:53:23 71,552 ------w c:\windows\ServicePackFiles\i386\bridge.sys
+ 2008-04-14 01:57:48 70,144 ------w c:\windows\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 02:33:20 77,824 ------w c:\windows\ServicePackFiles\i386\browser.dll
+ 2008-04-14 02:33:20 1,025,024 ------w c:\windows\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 02:33:20 78,336 ------w c:\windows\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 02:33:20 20,992 ------w c:\windows\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w c:\windows\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w c:\windows\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w c:\windows\ServicePackFiles\i386\bthpan.sys
+ 2008-04-14 01:58:00 273,664 ------w c:\windows\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w c:\windows\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 02:33:20 30,208 ------w c:\windows\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w c:\windows\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 02:33:20 50,688 ------w c:\windows\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 02:33:20 218,112 ------w c:\windows\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 02:33:20 60,416 ------w c:\windows\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 02:33:20 85,504 ------w c:\windows\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 02:33:55 20,992 ------w c:\windows\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 02:33:20 385,024 ------w c:\windows\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 02:33:20 121,856 ------w c:\windows\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 02:33:20 50,688 ------w c:\windows\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 02:33:20 153,600 ------w c:\windows\ServicePackFiles\i386\capesnpn.dll
+ 2008-04-14 02:33:20 226,304 ------w c:\windows\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 02:33:20 85,504 ------w c:\windows\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 02:33:20 625,664 ------w c:\windows\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w c:\windows\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 19:14:21 63,744 ------w c:\windows\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 02:33:20 152,064 ------w c:\windows\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 02:33:20 66,560 ------w c:\windows\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 02:33:20 2,091,520 ------w c:\windows\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 18:40:46 62,976 ------w c:\windows\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 02:33:20 200,192 ------w c:\windows\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 02:33:20 467,968 ------w c:\windows\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 02:33:20 39,424 ------w c:\windows\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 02:31:03 16,896 ------w c:\windows\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 02:33:56 188,480 ------w c:\windows\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 02:33:20 15,423 ------w c:\windows\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192 ------w c:\windows\ServicePackFiles\i386\changer.sys
+ 2008-04-14 02:33:20 148,480 ------w c:\windows\ServicePackFiles\i386\cic.dll
+ 2008-04-14 02:33:20 1,359,360 ------w c:\windows\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 02:33:20 69,120 ------w c:\windows\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 02:33:57 5,632 ------w c:\windows\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 19:16:22 49,536 ------w c:\windows\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 02:33:21 110,592 ------w c:\windows\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 02:33:21 498,688 ------w c:\windows\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 02:33:57 65,536 ------w c:\windows\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 02:33:21 77,824 ------w c:\windows\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 02:33:57 20,480 ------w c:\windows\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 02:33:57 104,448 ------w c:\windows\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 02:33:57 33,280 ------w c:\windows\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 02:33:21 58,368 ------w c:\windows\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 18:36:37 13,952 ------w c:\windows\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 02:33:21 15,872 ------w c:\windows\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 02:33:57 401,408 ------w c:\windows\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 02:33:21 353,280 ------w c:\windows\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 02:33:57 25,600 ------w c:\windows\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 02:33:57 39,936 ------w c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 02:33:21 191,488 ------w c:\windows\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 02:33:21 13,312 ------w c:\windows\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 02:33:57 65,536 ------w c:\windows\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 02:33:21 40,960 ------w c:\windows\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 02:33:21 50,688 ------w c:\windows\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 02:33:21 83,968 ------w c:\windows\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-13 16:44:16 17,920 ------w c:\windows\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 02:33:21 60,416 ------w c:\windows\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 02:33:21 28,160 ------w c:\windows\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 02:33:21 195,072 ------w c:\windows\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 02:33:21 617,472 ------w c:\windows\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 02:33:21 281,600 ------w c:\windows\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 02:33:21 253,440 ------w c:\windows\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 18:36:37 10,240 ------w c:\windows\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 02:33:21 230,912 ------w c:\windows\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 02:33:21 97,792 ------w c:\windows\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 02:33:57 9,728 ------w c:\windows\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 02:33:57 6,144 ------w c:\windows\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 02:33:21 851,968 ------w c:\windows\ServicePackFiles\i386\comres.dll
+ 2008-04-14 02:33:21 274,944 ------w c:\windows\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 02:33:21 167,424 ------w c:\windows\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 02:33:21 1,267,200 ------w c:\windows\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 02:33:21 539,648 ------w c:\windows\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 02:33:58 1,044,480 ------w c:\windows\ServicePackFiles\i386\conf.exe
+ 2008-04-14 02:33:21 45,056 ------w c:\windows\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 02:33:21 358,400 ------w c:\windows\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 02:33:59 27,648 ------w c:\windows\ServicePackFiles\i386\conime.exe
+ 2008-04-14 02:33:21 35,328 ------w c:\windows\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 02:33:21 12,800 ------w c:\windows\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 02:33:21 165,888 ------w c:\windows\ServicePackFiles\i386\credui.dll
+ 2008-04-14 02:02:47 40,960 ------w c:\windows\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 02:33:21 606,208 ------w c:\windows\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 02:33:21 75,776 ------w c:\windows\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 02:33:21 33,280 ------w c:\windows\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 02:33:21 54,784 ------w c:\windows\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 02:33:21 64,512 ------w c:\windows\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 02:33:21 62,464 ------w c:\windows\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 02:33:21 530,432 ------w c:\windows\ServicePackFiles\i386\cryptui.dll
+ 2008-04-14 02:33:21 102,912 ------w c:\windows\ServicePackFiles\i386\cscdll.dll
+ 2008-04-14 02:33:59 139,264 ------w c:\windows\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 02:33:21 337,920 ------w c:\windows\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 02:33:22 32,256 ------w c:\windows\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 02:33:59 6,144 ------w c:\windows\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 02:33:59 15,360 ------w c:\windows\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 02:33:22 252,416 ------w c:\windows\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 02:33:22 33,792 ------w c:\windows\ServicePackFiles\i386\custsat.dll
+ 2004-08-03 20:32:26 48,640 ------w c:\windows\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 02:33:22 1,179,648 ------w c:\windows\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 02:33:22 8,192 ------w c:\windows\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 02:33:22 1,689,088 ------w c:\windows\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 02:33:22 824,320 ------w c:\windows\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 02:33:22 1,056,768 ------w c:\windows\ServicePackFiles\i386\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w c:\windows\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 02:33:22 55,296 ------w c:\windows\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 02:33:22 165,376 ------w c:\windows\ServicePackFiles\i386\datime.dll
+ 2008-04-14 02:33:22 25,600 ------w c:\windows\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 02:33:22 640,000 ------w c:\windows\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 02:33:22 24,576 ------w c:\windows\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 02:33:22 110,592 ------w c:\windows\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 02:33:22 28,672 ------w c:\windows\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 02:50:20 1,804 ------w c:\windows\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 02:33:22 40,960 ------w c:\windows\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 02:33:22 8,704 ------w c:\windows\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 02:33:59 6,144 ------w c:\windows\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 02:33:59 31,744 ------w c:\windows\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 02:33:22 279,552 ------w c:\windows\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 02:33:22 27,136 ------w c:\windows\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 02:33:59 25,088 ------w c:\windows\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 02:33:22 59,904 ------w c:\windows\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 02:33:22 290,816 ------w c:\windows\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 02:33:59 82,944 ------w c:\windows\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 02:33:59 105,472 ------w c:\windows\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 02:33:22 39,936 ------w c:\windows\ServicePackFiles\i386\dfrgsnap.dll
+ 2008-04-14 02:33:22 124,416 ------w c:\windows\ServicePackFiles\i386\dfrgui.dll
+ 2008-04-14 02:33:22 28,672 ------w c:\windows\ServicePackFiles\i386\dfsshlex.dll
+ 2008-04-14 02:33:22 115,200 ------w c:\windows\ServicePackFiles\i386\dgnet.dll
+ 2008-04-14 02:33:22 127,488 ------w c:\windows\ServicePackFiles\i386\dhcpcsvc.dll
+ 2008-04-14 02:33:22 411,136 ------w c:\windows\ServicePackFiles\i386\dhcpmon.dll
+ 2008-04-14 02:33:22 49,152 ------w c:\windows\ServicePackFiles\i386\dhcpqec.dll
+ 2008-04-14 02:33:59 548,352 ------w c:\windows\ServicePackFiles\i386\dialer.exe
+ 2008-04-14 02:34:00 87,040 ------w c:\windows\ServicePackFiles\i386\diantz.exe
+ 2004-08-05 12:00:00 887,784 ------w c:\windows\ServicePackFiles\i386\digcore.exe
+ 2008-04-14 02:33:22 68,608 ------w c:\windows\ServicePackFiles\i386\digest.dll
+ 2008-04-14 02:33:22 19,456 ------w c:\windows\ServicePackFiles\i386\dimsntfy.dll
+ 2008-04-14 02:33:22 39,936 ------w c:\windows\ServicePackFiles\i386\dimsroam.dll
+ 2008-04-14 02:33:22 165,376 ------w c:\windows\ServicePackFiles\i386\dinput.dll
+ 2008-04-14 02:33:22 187,904 ------w c:\windows\ServicePackFiles\i386\dinput8.dll
+ 2008-04-14 02:33:22 86,528 ------w c:\windows\ServicePackFiles\i386\directdb.dll
+ 2008-04-13 18:40:47 36,352 ------w c:\windows\ServicePackFiles\i386\disk.sys
+ 2008-04-14 02:33:22 1,504,768 ------w c:\windows\ServicePackFiles\i386\diskcopy.dll
+ 2008-04-13 18:40:44 14,208 ------w c:\windows\ServicePackFiles\i386\diskdump.sys
+ 2008-04-14 02:34:00 167,936 ------w c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2008-04-14 02:33:22 32,768 ------w c:\windows\ServicePackFiles\i386\dispex.dll
+ 2008-04-14 02:34:00 5,120 ------w c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2008-04-13 18:40:51 8,320 ------w c:\windows\ServicePackFiles\i386\dlttape.sys
+ 2008-04-14 02:34:00 225,280 ------w c:\windows\ServicePackFiles\i386\dmadmin.exe
+ 2008-04-14 02:33:22 28,672 ------w c:\windows\ServicePackFiles\i386\dmband.dll
+ 2008-04-14 02:05:07 800,256 ------w c:\windows\ServicePackFiles\i386\dmboot.sys
+ 2008-04-14 02:33:22 61,440 ------w c:\windows\ServicePackFiles\i386\dmcompos.dll
+ 2008-04-14 02:33:22 285,184 ------w c:\windows\ServicePackFiles\i386\dmdlgs.dll
+ 2008-04-14 02:33:22 200,704 ------w c:\windows\ServicePackFiles\i386\dmdskmgr.dll
+ 2008-04-14 02:33:22 181,248 ------w c:\windows\ServicePackFiles\i386\dmime.dll
+ 2008-04-14 02:05:12 154,496 ------w c:\windows\ServicePackFiles\i386\dmio.sys
+ 2008-04-14 02:33:22 35,840 ------w c:\windows\ServicePackFiles\i386\dmloader.dll
+ 2008-04-14 02:34:00 15,872 ------w c:\windows\ServicePackFiles\i386\dmremote.exe
+ 2008-04-14 02:33:22 82,432 ------w c:\windows\ServicePackFiles\i386\dmscript.dll
+ 2008-04-14 02:33:22 24,576 ------w c:\windows\ServicePackFiles\i386\dmserver.dll
+ 2008-04-14 02:33:22 105,984 ------w c:\windows\ServicePackFiles\i386\dmstyle.dll
+ 2008-04-14 02:33:22 103,424 ------w c:\windows\ServicePackFiles\i386\dmsynth.dll
+ 2008-04-14 02:33:22 104,448 ------w c:\windows\ServicePackFiles\i386\dmusic.dll
+ 2008-04-13 18:45:01 52,864 ------w c:\windows\ServicePackFiles\i386\dmusic.sys
+ 2008-04-14 02:33:22 58,880 ------w c:\windows\ServicePackFiles\i386\dmutil.dll
+ 2008-04-14 02:33:22 147,968 ------w c:\windows\ServicePackFiles\i386\dnsapi.dll
+ 2008-04-14 02:33:22 45,568 ------w c:\windows\ServicePackFiles\i386\dnsrslvr.dll
+ 2008-04-14 02:33:22 48,640 ------w c:\windows\ServicePackFiles\i386\docprop2.dll
+ 2004-08-05 12:00:00 54,080 ------w c:\windows\ServicePackFiles\i386\dosx.exe
+ 2008-04-14 02:33:22 26,112 ------w c:\windows\ServicePackFiles\i386\dot3api.dll
+ 2008-04-14 02:33:22 60,928 ------w c:\windows\ServicePackFiles\i386\dot3cfg.dll
+ 2008-04-14 02:33:22 39,936 ------w c:\windows\ServicePackFiles\i386\dot3clnt.dll
+ 2008-04-14 02:33:22 9,216 ------w c:\windows\ServicePackFiles\i386\dot3dlg.dll
+ 2008-04-14 02:33:22 56,832 ------w c:\windows\ServicePackFiles\i386\dot3msm.dll
+ 2008-04-14 02:33:22 133,120 ------w c:\windows\ServicePackFiles\i386\dot3svc.dll
+ 2008-04-14 02:33:22 651,264 ------w c:\windows\ServicePackFiles\i386\dot3ui.dll
+ 2008-04-13 18:39:46 206,976 ------w c:\windows\ServicePackFiles\i386\dot4.sys
+ 2008-04-14 01:54:17 103,936 ------w c:\windows\ServicePackFiles\i386\dpcdll.dll
+ 2008-04-14 02:34:01 29,696 ------w c:\windows\ServicePackFiles\i386\dplaysvr.exe
+ 2008-04-14 02:33:22 229,888 ------w c:\windows\ServicePackFiles\i386\dplayx.dll
+ 2008-04-14 02:33:23 24,064 ------w c:\windows\ServicePackFiles\i386\dpmodemx.dll
+ 2008-04-14 02:31:14 3,072 ------w c:\windows\ServicePackFiles\i386\dpnaddr.dll
+ 2008-04-14 02:33:23 375,296 ------w c:\windows\ServicePackFiles\i386\dpnet.dll
+ 2008-04-14 02:33:23 35,328 ------w c:\windows\ServicePackFiles\i386\dpnhpast.dll
+ 2008-04-14 02:33:23 60,928 ------w c:\windows\ServicePackFiles\i386\dpnhupnp.dll
+ 2008-04-14 02:31:14 3,072 ------w c:\windows\ServicePackFiles\i386\dpnlobby.dll
+ 2008-04-14 02:34:01 18,432 ------w c:\windows\ServicePackFiles\i386\dpnsvr.exe
+ 2008-04-14 02:33:23 21,504 ------w c:\windows\ServicePackFiles\i386\dpvacm.dll
+ 2008-04-14 02:33:23 213,504 ------w c:\windows\ServicePackFiles\i386\dpvoice.dll
+ 2008-04-14 02:34:01 83,456 ------w c:\windows\ServicePackFiles\i386\dpvsetup.exe
+ 2008-04-14 02:33:23 116,736 ------w c:\windows\ServicePackFiles\i386\dpvvox.dll
+ 2008-04-14 02:33:23 57,344 ------w c:\windows\ServicePackFiles\i386\dpwsockx.dll
+ 2008-04-13 18:45:14 60,160 ------w c:\windows\ServicePackFiles\i386\drmk.sys
+ 2008-04-13 18:45:13 2,944 ------w c:\windows\ServicePackFiles\i386\drmkaud.sys
+ 2008-04-14 02:33:23 14,336 ------w c:\windows\ServicePackFiles\i386\drprov.dll
+ 2004-08-05 12:00:00 4,656 ------w c:\windows\ServicePackFiles\i386\ds16gt.dll
+ 2008-04-14 02:33:23 16,384 ------w c:\windows\ServicePackFiles\i386\ds32gt.dll
+ 2008-04-14 02:33:23 181,248 ------w c:\windows\ServicePackFiles\i386\dsdmo.dll
+ 2008-04-14 02:33:23 72,192 ------w c:\windows\ServicePackFiles\i386\dsdmoprp.dll
+ 2008-04-14 02:33:23 93,696 ------w c:\windows\ServicePackFiles\i386\dskquota.dll
+ 2008-04-14 02:33:23 161,280 ------w c:\windows\ServicePackFiles\i386\dskquoui.dll
+ 2008-04-14 02:33:23 367,616 ------w c:\windows\ServicePackFiles\i386\dsound.dll
+ 2008-04-14 02:33:23 1,293,824 ------w c:\windows\ServicePackFiles\i386\dsound3d.dll
+ 2008-04-14 02:33:23 145,920 ------w c:\windows\ServicePackFiles\i386\dsprop.dll
+ 2008-04-14 02:06:29 4,096 ------w c:\windows\ServicePackFiles\i386\dsprpres.dll
+ 2008-04-14 02:33:23 240,640 ------w c:\windows\ServicePackFiles\i386\dsquery.dll
+ 2008-04-14 02:33:23 52,736 ------w c:\windows\ServicePackFiles\i386\dssec.dll
+ 2008-04-13 17:37:57 138,752 ------w c:\windows\ServicePackFiles\i386\dssenh.dll
+ 2008-04-14 02:33:23 113,664 ------w c:\windows\ServicePackFiles\i386\dsuiext.dll
+ 2008-04-14 02:33:23 19,456 ------w c:\windows\ServicePackFiles\i386\dswave.dll
+ 2008-04-14 02:34:01 10,752 ------w c:\windows\ServicePackFiles\i386\dumprep.exe
+ 2008-04-14 02:33:23 304,128 ------w c:\windows\ServicePackFiles\i386\duser.dll
+ 2008-04-14 02:34:01 17,920 ------w c:\windows\ServicePackFiles\i386\dvdupgrd.exe
+ 2008-04-14 02:34:01 180,224 ------w c:\windows\ServicePackFiles\i386\dwwin.exe
+ 2008-04-14 02:33:23 619,008 ------w c:\windows\ServicePackFiles\i386\dx7vb.dll
+ 2008-04-14 02:33:23 1,227,264 ------w c:\windows\ServicePackFiles\i386\dx8vb.dll
+ 2008-04-14 02:34:01 1,298,432 ------w c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2008-04-14 02:33:23 2,113,536 ------w c:\windows\ServicePackFiles\i386\dxdiagn.dll
+ 2008-04-13 18:38:29 71,168 ------w c:\windows\ServicePackFiles\i386\dxg.sys
+ 2008-04-14 02:33:23 357,888 ------w c:\windows\ServicePackFiles\i386\dxtmsft.dll
+ 2008-04-14 02:33:23 205,312 ------w c:\windows\ServicePackFiles\i386\dxtrans.dll
+ 2008-04-14 02:33:23 30,720 ------w c:\windows\ServicePackFiles\i386\eapolqec.dll
+ 2008-04-14 02:33:23 184,832 ------w c:\windows\ServicePackFiles\i386\eapp3hst.dll
+ 2008-04-14 02:33:23 126,976 ------w c:\windows\ServicePackFiles\i386\eappcfg.dll
+ 2008-04-14 02:33:23 94,720 ------w c:\windows\ServicePackFiles\i386\eappgnui.dll
+ 2008-04-14 02:33:23 180,736 ------w c:\windows\ServicePackFiles\i386\eapphost.dll
+ 2008-04-14 02:33:23 40,960 ------w c:\windows\ServicePackFiles\i386\eappprxy.dll
+ 2008-04-14 02:33:23 59,392 ------w c:\windows\ServicePackFiles\i386\eapqec.dll
+ 2008-04-14 02:33:23 33,792 ------w c:\windows\ServicePackFiles\i386\eapsvc.dll
+ 2008-04-14 02:33:23 175,616 ------w c:\windows\ServicePackFiles\i386\ediskeer.dll
+ 2008-04-14 02:33:23 187,392 ------w c:\windows\ServicePackFiles\i386\els.dll
+ 2008-04-14 02:33:23 20,480 ------w c:\windows\ServicePackFiles\i386\encapi.dll
+ 2008-04-14 02:33:23 186,880 ------w c:\windows\ServicePackFiles\i386\encdec.dll
+ 2008-04-14 01:56:19 40,960 ------w c:\windows\ServicePackFiles\i386\ep9res.dll
+ 2004-08-03 22:37:52 121,344 ------w c:\windows\ServicePackFiles\i386\epcl5res.dll
+ 2008-04-14 02:33:24 23,040 ------w c:\windows\ServicePackFiles\i386\ersvc.dll
+ 2008-04-14 02:33:24 246,272 ------w c:\windows\ServicePackFiles\i386\es.dll
+ 2008-04-14 02:33:24 1,097,728 ------w c:\windows\ServicePackFiles\i386\esent.dll
+ 2008-04-14 02:33:24 247,808 ------w c:\windows\ServicePackFiles\i386\esscli.dll
+ 2004-08-03 20:32:28 137,088 ------w c:\windows\ServicePackFiles\i386\essm2e.sys
+ 2008-04-14 02:34:01 195,072 ------w c:\windows\ServicePackFiles\i386\eudcedit.exe
+ 2008-04-14 02:33:24 56,320 ------w c:\windows\ServicePackFiles\i386\eventlog.dll
+ 2008-04-14 02:33:24 109,568 ------w c:\windows\ServicePackFiles\i386\evntagnt.dll
+ 2008-04-14 02:34:01 26,112 ------w c:\windows\ServicePackFiles\i386\evntcmd.exe
+ 2008-04-14 02:33:24 21,504 ------w c:\windows\ServicePackFiles\i386\evntrprv.dll
+ 2008-04-14 02:34:02 94,720 ------w c:\windows\ServicePackFiles\i386\evntwin.exe
+ 2008-04-14 02:34:03 1,037,824 ------w c:\windows\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 02:33:24 380,445 ------w c:\windows\ServicePackFiles\i386\expsrv.dll
+ 2008-04-14 02:33:24 55,808 ------w c:\windows\ServicePackFiles\i386\extmgr.dll
+ 2008-04-14 02:34:04 24,064 ------w c:\windows\ServicePackFiles\i386\extrac32.exe
+ 2008-04-14 02:33:24 125,952 ------w c:\windows\ServicePackFiles\i386\exts.dll
+ 2008-04-14 02:31:21 7,168 ------w c:\windows\ServicePackFiles\i386\f3ahvoas.dll
+ 2008-04-13 19:14:29 143,744 ------w c:\windows\ServicePackFiles\i386\fastfat.sys
+ 2008-04-14 02:33:24 472,064 ------w c:\windows\ServicePackFiles\i386\fastprox.dll
+ 2008-04-14 02:33:24 80,896 ------w c:\windows\ServicePackFiles\i386\faultrep.dll
+ 2008-04-14 02:34:04 20,992 ------w c:\windows\ServicePackFiles\i386\faxpatch.exe
+ 2008-04-13 18:40:25 27,392 ------w c:\windows\ServicePackFiles\i386\fdc.sys
+ 2008-04-14 02:33:24 21,504 ------w c:\windows\ServicePackFiles\i386\feclient.dll
+ 2008-04-14 02:33:24 348,160 ------w c:\windows\ServicePackFiles\i386\filemgmt.dll
+ 2008-04-14 02:34:04 29,184 ------w c:\windows\ServicePackFiles\i386\findstr.exe
+ 2008-04-14 01:57:38 44,672 ------w c:\windows\ServicePackFiles\i386\fips.sys
+ 2008-04-14 02:33:24 88,064 ------w c:\windows\ServicePackFiles\i386\fldrclnr.dll
+ 2008-04-13 18:40:25 20,480 ------w c:\windows\ServicePackFiles\i386\flpydisk.sys
+ 2008-04-14 02:33:24 16,896 ------w c:\windows\ServicePackFiles\i386\fltlib.dll
+ 2008-04-14 02:34:04 23,040 ------w c:\windows\ServicePackFiles\i386\fltmc.exe
+ 2008-04-13 18:32:59 129,792 ------w c:\windows\ServicePackFiles\i386\fltmgr.sys
+ 2008-04-14 02:33:24 386,560 ------w c:\windows\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 02:33:24 80,896 ------w c:\windows\ServicePackFiles\i386\fontsub.dll
+ 2008-04-14 02:34:04 21,504 ------w c:\windows\ServicePackFiles\i386\fontview.exe
+ 2008-04-14 02:34:04 7,680 ------w c:\windows\ServicePackFiles\i386\forcedos.exe
+ 2004-08-03 20:31:24 34,173 ------w c:\windows\ServicePackFiles\i386\forehe.sys
+ 2008-04-14 02:34:31 29,696 ------w c:\windows\ServicePackFiles\i386\format.com
+ 2008-04-14 02:33:24 32,828 ------w c:\windows\ServicePackFiles\i386\fp40ext.dll
+ 2008-04-14 02:33:24 184,435 ------w c:\windows\ServicePackFiles\i386\fp4amsft.dll
+ 2008-04-14 02:33:24 82,035 ------w c:\windows\ServicePackFiles\i386\fp4anscp.dll
+ 2008-04-14 02:33:24 147,513 ------w c:\windows\ServicePackFiles\i386\fp4apws.dll
+ 2008-04-14 02:33:24 49,210 ------w c:\windows\ServicePackFiles\i386\fp4areg.dll
+ 2008-04-14 02:33:24 102,509 ------w c:\windows\ServicePackFiles\i386\fp4atxt.dll
+ 2008-04-14 02:33:24 618,605 ------w c:\windows\ServicePackFiles\i386\fp4autl.dll
+ 2008-04-14 02:33:24 41,020 ------w c:\windows\ServicePackFiles\i386\fp4avnb.dll
+ 2008-04-14 02:33:24 32,826 ------w c:\windows\ServicePackFiles\i386\fp4avss.dll
+ 2008-04-14 02:33:24 49,212 ------w c:\windows\ServicePackFiles\i386\fp4awebs.dll
+ 2008-04-14 02:33:24 876,653 ------w c:\windows\ServicePackFiles\i386\fp4awel.dll
+ 2008-04-14 02:34:04 15,120 ------w c:\windows\ServicePackFiles\i386\fp98sadm.exe
+ 2008-04-14 02:34:04 109,840 ------w c:\windows\ServicePackFiles\i386\fp98swin.exe
+ 2008-04-14 02:34:04 24,632 ------w c:\windows\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 02:33:24 20,541 ------w c:\windows\ServicePackFiles\i386\fpadmdll.dll
+ 2008-04-14 02:34:04 188,494 ------w c:\windows\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 02:33:24 94,208 ------w c:\windows\ServicePackFiles\i386\fpencode.dll
+ 2008-04-14 02:33:25 20,541 ------w c:\windows\ServicePackFiles\i386\fpexedll.dll
+ 2008-04-14 02:33:25 598,071 ------w c:\windows\ServicePackFiles\i386\fpmmc.dll
+ 2003-04-14 18:29:34 217,088 ------w c:\windows\ServicePackFiles\i386\fpmmcsat.dll
+ 2008-04-14 02:34:04 20,538 ------w c:\windows\ServicePackFiles\i386\fpremadm.exe
+ 2008-04-14 02:34:04 28,728 ------w c:\windows\ServicePackFiles\i386\fpsrvadm.exe
+ 2008-04-14 02:31:23 9,344 ------w c:\windows\ServicePackFiles\i386\framebuf.dll
+ 2008-04-14 02:33:25 185,344 ------w c:\windows\ServicePackFiles\i386\framedyn.dll
+ 2008-04-14 02:34:04 193,024 ------w c:\windows\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 02:34:04 46,080 ------w c:\windows\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 02:33:25 60,416 ------w c:\windows\ServicePackFiles\i386\fwcfg.dll
+ 2008-04-14 02:33:25 451,584 ------w c:\windows\ServicePackFiles\i386\fxsapi.dll
+ 2008-04-14 02:34:04 142,848 ------w c:\windows\ServicePackFiles\i386\fxsclnt.exe
+ 2008-04-14 02:33:25 72,192 ------w c:\windows\ServicePackFiles\i386\fxscom.dll
+ 2008-04-14 02:33:25 285,184 ------w c:\windows\ServicePackFiles\i386\fxscomex.dll
+ 2008-04-14 02:34:04 238,592 ------w c:\windows\ServicePackFiles\i386\fxscover.exe
+ 2008-04-14 02:33:25 26,624 ------w c:\windows\ServicePackFiles\i386\fxsdrv.dll
+
0
Réponse 47 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Re,

il ne passera pas en un morceau.

saute la fin de "snapshot" et poste la suite.
0
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Re,

Voici la fin du rapport ComboFix :

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\GAROCHE\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\GAROCHE\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\GAROCHE\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 09:36:17
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-08 9:41:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-08 08:41:26
ComboFix2.txt 2009-02-06 09:08:32
ComboFix3.txt 2009-02-05 08:54:23
ComboFix4.txt 2009-02-04 13:15:58
ComboFix5.txt 2009-02-08 08:28:11

Avant-CF: 83 215 691 776 octets libres
Après-CF: 83,202,990,080 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
4654 --- E O F --- 2009-02-07 08:54:45
0
Réponse 48 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Re,

tu peux faire ça :

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
.

=======================================
Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : c:\windows\System32\Drivers\SjyPkt.sys

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant
0
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Re,

Désolé mais je ne trouve pas le fichier : c:\windows\System32\Drivers\SjyPkt.sys ?!

Gastonlagaf
0
Réponse 49 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Re,

on a avancé;

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver::
SjyPkt


rootkit::
C:\WINDOWS\System32\Drivers\SjyPkt.sys




Enregistre ce fichier sous le nom CFscript avec l'extension txt


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour,

Voici le rapport :

ComboFix 09-02-02.04 - G 2009-02-09 12:27:15.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.234 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Drivers\SjyPkt.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SjyPkt


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.

2009-02-07 08:18 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-07 08:17 . 2008-10-16 21:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-07 08:17 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-07 08:17 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-07 08:17 . 2008-10-16 21:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-07 08:17 . 2008-10-16 21:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-07 08:17 . 2008-10-16 21:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-07 08:17 . 2008-10-16 21:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-07 08:17 . 2008-10-16 21:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-07 08:17 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-07 08:16 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-07 08:15 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-07 08:15 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-07 08:15 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 08:15 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-07 08:15 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-07 08:15 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-07 08:15 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-07 08:14 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-07 08:14 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\windows\system32\fr
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\windows\system32\bits
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\windows\l2schemas
2009-02-06 12:40 . 2009-02-06 12:52 <REP> d-------- c:\windows\ServicePackFiles
2009-02-06 12:24 . 2009-02-06 12:24 <REP> d-------- c:\windows\EHome
2009-02-06 11:33 . 2009-02-07 09:53 <REP> d-------- c:\windows\system32\fr-fr
2009-02-06 11:28 . 2009-02-07 09:53 1,355 --a------ c:\windows\imsins.BAK
2009-02-03 12:32 . 2009-02-03 12:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\program files\Avira
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-28 14:57 . 2009-01-28 16:56 <REP> d-------- C:\Lop SD
2009-01-27 12:37 . 2009-01-27 13:35 <REP> d-------- c:\windows\BDOSCAN8
2009-01-26 17:09 . 2009-01-26 17:09 <REP> d-------- c:\program files\CCleaner
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 16:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 12:38 . 2009-01-26 12:47 <REP> d-------- C:\ToolBar SD
2009-01-26 12:03 . 2009-01-26 12:04 <REP> d-------- C:\rsit
2009-01-26 12:03 . 2009-01-26 13:02 <REP> d-------- c:\program files\trend micro
2009-01-22 16:06 . 2009-01-22 16:22 <REP> d-------- c:\program files\Ballance
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 15:46 . 2009-01-22 15:46 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 15:45 . 2009-01-22 16:19 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 11:24 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-23 17:00 --------- d-----w c:\program files\eMule
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2009-02-08_ 9.40.06.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:33:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 12:39:43
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-09 12:43:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-09 11:43:33
ComboFix2.txt 2009-02-08 08:41:36
ComboFix3.txt 2009-02-06 09:08:32
ComboFix4.txt 2009-02-05 08:54:23
ComboFix5.txt 2009-02-09 11:26:03

Avant-CF: 83 276 431 360 octets libres
Après-CF: 83,263,377,408 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
202 --- E O F --- 2009-02-07 08:54:45
0
Réponse 50 / 88
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour Lyonnais92,

ça fait longtemps maintenant que je n'ai pas eu de réponses ! j'ai laissé passer le temps sans rien toucher à l'ordi qui était en panne car peut-être étais-tu en vacances....
Je me permet de te relancer car je n'ai pas eu de réponse à mon dernier post et maintenant, lorsque j'allume l'ordi en mode normal, le démarage se bloque sur l'écran Windows XP avec le curseur qui se bloque également...

Merci d'avance.
0
Réponse 51 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Bonjour,

j'étais en congé et ton post est resté au fond du puits. Désolé.

Démarre en mode sans échec avec prise en charge réseau, fais un scan avec antivir et poste le rapport.

Laisse l'ordi allumé.
0
Réponse 52 / 88
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour Lyonnais92,

Merci d'avoir répondu !

Voici le scan Antivir demandé. Par contre, entre temps, quelqu'un est passé derrière moi et a étent l'ordi...





Avira AntiVir Personal
Date de création du fichier de rapport : jeudi 12 mars 2009 14:47

La recherche porte sur 1251008 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 3) [5.1.2600]
Mode Boot : Mode sans échec avec assistance réseau
Identifiant : G
Nom de l'ordinateur :BOB

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 12:44:08
ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 11/02/2009 12:44:08
ANTIVIR3.VDF : 7.1.2.36 146944 Bytes 17/02/2009 12:44:10
Version du moteur: 8.2.0.79
AEVDF.DLL : 8.1.1.0 106868 Bytes 01/02/2009 20:16:29
AESCRIPT.DLL : 8.1.1.47 348539 Bytes 17/02/2009 12:44:17
AESCN.DLL : 8.1.1.7 127347 Bytes 17/02/2009 12:44:14
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 05/02/2009 11:40:43
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 30/01/2009 09:29:47
AEHEUR.DLL : 8.1.0.90 1573237 Bytes 05/02/2009 11:40:41
AEHELP.DLL : 8.1.2.0 119159 Bytes 30/01/2009 09:29:38
AEGEN.DLL : 8.1.1.16 332148 Bytes 17/02/2009 12:44:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.6.5 176501 Bytes 17/02/2009 12:44:11
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : jeudi 12 mars 2009 14:47

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'13' processus ont été contrôlés avec '13' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '63' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Documents and Settings\G\Bureau\ComboFix.exe
[0] Type d'archive: RAR SFX (self extracting)
--> 32788R22FWJFW\Prep.com
[RESULTAT] Contient le cheval de Troie TR/Agent2.doi
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a261565.qua' !
C:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !


Fin de la recherche : jeudi 12 mars 2009 15:40
Temps nécessaire: 52:51 Minute(s)

La recherche a été effectuée intégralement

5514 Les répertoires ont été contrôlés
329962 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
1 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
329959 Fichiers non infectés
1773 Les archives ont été contrôlées
2 Avertissements
1 Consignes





Merci
0
Réponse 53 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Bonjour,

reste en mode sans échec avec prise en charge réseau.


Supprime combofix.exe sur tin Bureau.

On va utiliser la dernière version der ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
0
Réponse 54 / 88
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour Lyonnais92,

Voici enfin le rapport Combofix demandé...
J'ai du, avant de lancer réellement Combofix, désinstaller Antivir car je ne parvenais pas à le désactiver. Je travaille donc une clé USB entre mes deux ordi pour les téléchargements qu'il faut effectuer.
Merci.



ComboFix 09-03-12.01 - G 2009-03-13 12:24:36.7 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.334 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-13 au 2009-03-13 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 16:23 --------- d-----w c:\program files\eMule
2009-02-09 11:24 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-03 11:31 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-30 08:45 --------- d-----w c:\program files\Avira
2009-01-26 16:09 --------- d-----w c:\program files\CCleaner
2009-01-26 15:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-26 15:45 --------- d-----w c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 12:02 --------- d-----w c:\program files\trend micro
2009-01-22 15:22 --------- d-----w c:\program files\Ballance
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 15:19 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Lite
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 14:52 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-22 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 14:46 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2009-02-08_ 9.40.06.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB960715\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB960715\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB960715\update\spcustom.dll
+ 2008-11-15 17:18:14 767,352 ----a-w c:\windows\$hf_mig$\KB960715\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB960715\update\updspapi.dll
+ 2008-12-20 23:47:28 124,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\advpack.dll
+ 2008-12-20 23:47:28 347,136 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtmsft.dll
+ 2008-12-20 23:47:28 214,528 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtrans.dll
+ 2008-12-20 23:47:28 132,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\extmgr.dll
+ 2008-12-20 23:47:28 63,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\icardie.dll
+ 2008-12-19 09:41:51 70,656 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ie4uinit.exe
+ 2008-12-20 23:47:28 153,088 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakeng.dll
+ 2008-12-20 23:47:28 230,400 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieaksie.dll
+ 2008-12-19 05:24:02 161,792 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dat
+ 2008-12-20 23:47:29 380,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dll
+ 2008-12-20 23:47:29 388,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iedkcs32.dll
+ 2008-12-20 23:47:30 6,068,736 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieframe.dll
+ 2008-12-20 23:47:30 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iernonce.dll
+ 2008-12-20 23:47:31 267,776 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iertutil.dll
+ 2008-12-19 09:41:52 13,824 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieudinit.exe
+ 2008-12-19 05:25:30 634,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
+ 2008-12-20 23:47:31 27,648 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\jsproxy.dll
+ 2008-12-20 23:47:31 459,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeeds.dll
+ 2008-12-20 23:47:31 52,224 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeedsbs.dll
+ 2009-01-16 16:20:14 3,596,288 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
+ 2008-12-20 23:47:33 477,696 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtmled.dll
+ 2008-12-20 23:47:33 193,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msrating.dll
+ 2008-12-20 23:47:34 671,232 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mstime.dll
+ 2008-12-20 23:47:34 102,912 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\occache.dll
+ 2008-12-20 23:47:34 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\pngfilt.dll
+ 2008-12-20 23:47:34 105,984 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\url.dll
+ 2008-12-20 23:47:35 1,163,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\urlmon.dll
+ 2008-12-20 23:47:35 233,472 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\webcheck.dll
+ 2008-12-20 23:47:36 827,904 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\updspapi.dll
+ 2008-07-09 07:40:24 234,872 -c----w c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe
+ 2008-07-09 07:40:35 406,392 -c----w c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll
+ 2008-10-16 20:18:31 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:18:31 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:18:31 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:18:31 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:18:32 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:12:20 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:18:32 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:18:32 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:18:32 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:18:32 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:18:35 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:18:35 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:18:36 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:18:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:18:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:37:56 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:18:40 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:18:40 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:18:41 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:18:41 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:18:41 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:18:41 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:18:42 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:18:43 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 22:46:48 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-16 20:18:31 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 22:46:48 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:18:31 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:18:31 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 22:46:48 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:18:31 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 22:46:49 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 22:46:49 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:12:20 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:18:32 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:18:32 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 22:46:49 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:18:32 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 22:46:50 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 22:46:54 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:18:35 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 22:46:54 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 22:46:54 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:18:36 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 22:46:56 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:37:56 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 20:15:42 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:18:40 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 22:47:01 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:18:40 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 22:47:01 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:18:41 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 22:47:02 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:18:41 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 22:47:02 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:18:41 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 22:47:02 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:18:41 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 22:47:02 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:18:42 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:47:03 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:18:42 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 22:47:03 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:18:43 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 22:47:04 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 22:46:48 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 22:46:49 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 22:46:49 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:12:20 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 22:46:49 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 22:46:50 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 22:46:54 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 22:46:54 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 22:46:54 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 22:46:56 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 20:15:42 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 22:47:01 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 22:47:01 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 22:47:02 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 22:47:02 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 22:47:02 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 22:47:02 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 22:47:03 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 22:47:03 233,472 ----a-w c:\windows\system32\webcheck.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-10-05 235936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\GAROCHE\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\GAROCHE\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 12:26:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-13 12:28:33
ComboFix-quarantined-files.txt 2009-03-13 11:28:18
ComboFix2.txt 2009-02-09 11:43:47
ComboFix3.txt 2009-02-08 08:41:36
ComboFix4.txt 2009-02-06 09:08:32
ComboFix5.txt 2009-03-13 11:23:41

Avant-CF: 85 022 212 096 octets libres
Après-CF: 85,010,890,752 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
342 --- E O F --- 2009-02-12 22:28:48
0
Réponse 55 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Bonjour,

rien dans le rapport Combofix semble justifier ce blocage du démarrage.

fais ceci :


Télécharger GMER ( http://www2.gmer.net/gmer.zip )
Extraire le contenu du ZIP puis renommer "gmer.exe" en "bypass.exe"
Onglet "Rootkit" ;

Vérifiiez que tous les items sur la droite sont cochés (de system à ADS)

cliquez sur "SCAN" puis patienter...
En fin de traitement cliquez sur "SAVE" et enregistrer sur votre bureau "160309.txt"
Double cliquez sur "160309.txt" ; le fichier s'ouvre dans le bloc-notes.
Copiez le contenu et collez le sur votre prochain message.
0
Réponse 56 / 88
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Re,

J'ai suivi tes instructions, lorsque j'ouvre "bypass.exe" j'ai un message d'erreur : "GMER device error\\.\aujasnkj: le fichier est introuvable".
Lorsque je clique sur ok, le programme s'exécute quand même mais il m'est impossible de cocher les cases de "system" jusqu'à "libraries" inclues.
J'ai quand même cliqué sur SCAN puis sur SAVE, mais le fichier txt "160309.txt" est vièrge ; je ne l'ai donc pas posté ...
0
Réponse 57 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Re,

supprime tout ce qui concerne gmer.

recommence la maneuvre.

Quand tu as téléchargé le zip; déconnecte toi d'Internet et désactive antivir.

dézippe le fichier.

Ne le renomme pas.

Exécute le comme indiqué.

réactive antivir.

Poste le rapport.

0
Réponse 58 / 88
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Re,

Voici le rapport GMER :

Merci.



GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-16 15:43:40
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spmp.sys ZwCreateKey [0xF84D60E0]
SSDT F8C74D84 ZwCreateThread
SSDT spmp.sys ZwEnumerateKey [0xF84F4CA2]
SSDT spmp.sys ZwEnumerateValueKey [0xF84F5030]
SSDT spmp.sys ZwOpenKey [0xF84D60C0]
SSDT F8C74D70 ZwOpenProcess
SSDT F8C74D75 ZwOpenThread
SSDT spmp.sys ZwQueryKey [0xF84F5108]
SSDT spmp.sys ZwQueryValueKey [0xF84F4F88]
SSDT spmp.sys ZwSetValueKey [0xF84F519A]
SSDT F8C74D7F ZwTerminateProcess
SSDT F8C74D7A ZwWriteVirtualMemory

INT 0x62 ? 82F71BF8
INT 0x63 ? 82BFCF00
INT 0x63 ? 82BFCF00
INT 0x63 ? 82BFCF00
INT 0x63 ? 82BFCF00
INT 0x63 ? 82BFCF00
INT 0x63 ? 82BFCF00
INT 0x82 ? 82F71BF8
INT 0x83 ? 82F73BF8

---- Kernel code sections - GMER 1.0.15 ----

? spmp.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F79D98AC 5 Bytes JMP 82BFC4E0
.text a61iuv5p.SYS F7879386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a61iuv5p.SYS F78793AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a61iuv5p.SYS F78793C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a61iuv5p.SYS F78793C9 1 Byte [2E]
.text a61iuv5p.SYS F78793C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F732D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8507C4C] spmp.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8507CA0] spmp.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F84D7040] spmp.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F84D713C] spmp.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84D70BE] spmp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84D77FC] spmp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84D76D2] spmp.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82BFC5E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84E7048] spmp.sys
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\a61iuv5p.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82FDD1F8
Device \FileSystem\Fastfat \FatCdrom 82775500
Device \Driver\usbuhci \Device\USBPDO-0 82BF9500
Device \Driver\usbuhci \Device\USBPDO-1 82BF9500
Device \Driver\usbuhci \Device\USBPDO-2 82BF9500
Device \Driver\usbuhci \Device\USBPDO-3 82BF9500
Device \Driver\usbehci \Device\USBPDO-4 82C17500
Device \Driver\sptd \Device\4229127704 spmp.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 82FDF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FAADA303-9E48-4837-9027-EA0EFA769A58} 82BE2500
Device \Driver\Cdrom \Device\CdRom0 82BCF500
Device \Driver\Cdrom \Device\CdRom1 82BCF500
Device \Driver\USBSTOR \Device\00000077 825931F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82BE2500
Device \Driver\PCI_PNP2704 \Device\0000004a spmp.sys
Device \Driver\PCI_PNP2704 \Device\0000004a spmp.sys
Device \Driver\USBSTOR \Device\00000078 825931F8
Device \Driver\NetBT \Device\NetbiosSmb 82BE2500
Device \Driver\usbuhci \Device\USBFDO-0 82BF9500
Device \Driver\usbuhci \Device\USBFDO-1 82BF9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82C1A500
Device \Driver\usbuhci \Device\USBFDO-2 82BF9500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82C1A500
Device \Driver\usbuhci \Device\USBFDO-3 82BF9500
Device \Driver\usbehci \Device\USBFDO-4 82C17500
Device \Driver\Ftdisk \Device\FtControl 82FDF1F8
Device \Driver\viamraid \Device\Scsi\viamraid1 82FDE1F8
Device \Driver\a61iuv5p \Device\Scsi\a61iuv5p1Port3Path0Target0Lun0 82C10500
Device \Driver\a61iuv5p \Device\Scsi\a61iuv5p1 82C10500
Device \FileSystem\Fastfat \Fat 82775500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 82C2A500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x1C 0xC6 0xE4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0xB6 0x1A 0x6E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0x59 0x6D 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x1C 0xC6 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0xB6 0x1A 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0x59 0x6D 0x7B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x1C 0xC6 0xE4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0xB6 0x1A 0x6E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0x59 0x6D 0x7B ...

---- EOF - GMER 1.0.15 ----
0
Réponse 59 / 88
Lyonnais92 Messages postés 25159 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 537
 
Re,

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Killall::

Driver::
a61iuv5p

Rootkit::
C:\WINDOWS\System32\Drivers\a61iuv5p.SYS




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 60 / 88
gastonlagaf Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   2
 
Re,

Voici le rapport Combofix puis le rapport Hijackthis :


ComboFix 09-03-12.01 - G 2009-03-16 20:12:19.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.159 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Drivers\a61iuv5p.SYS

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_a61iuv5p


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-16 au 2009-03-16 ))))))))))))))))))))))))))))))))))))
.

2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\program files\Avira
2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 19:09 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-12 16:23 --------- d-----w c:\program files\eMule
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-26 16:09 --------- d-----w c:\program files\CCleaner
2009-01-26 15:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-26 15:45 --------- d-----w c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 12:02 --------- d-----w c:\program files\trend micro
2009-01-22 15:22 --------- d-----w c:\program files\Ballance
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 15:19 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Lite
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 14:52 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-22 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 14:46 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2009-02-08_ 9.40.06.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB960715\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB960715\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB960715\update\spcustom.dll
+ 2008-11-15 17:18:14 767,352 ----a-w c:\windows\$hf_mig$\KB960715\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB960715\update\updspapi.dll
+ 2008-12-20 23:47:28 124,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\advpack.dll
+ 2008-12-20 23:47:28 347,136 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtmsft.dll
+ 2008-12-20 23:47:28 214,528 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtrans.dll
+ 2008-12-20 23:47:28 132,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\extmgr.dll
+ 2008-12-20 23:47:28 63,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\icardie.dll
+ 2008-12-19 09:41:51 70,656 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ie4uinit.exe
+ 2008-12-20 23:47:28 153,088 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakeng.dll
+ 2008-12-20 23:47:28 230,400 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieaksie.dll
+ 2008-12-19 05:24:02 161,792 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dat
+ 2008-12-20 23:47:29 380,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dll
+ 2008-12-20 23:47:29 388,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iedkcs32.dll
+ 2008-12-20 23:47:30 6,068,736 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieframe.dll
+ 2008-12-20 23:47:30 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iernonce.dll
+ 2008-12-20 23:47:31 267,776 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iertutil.dll
+ 2008-12-19 09:41:52 13,824 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieudinit.exe
+ 2008-12-19 05:25:30 634,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
+ 2008-12-20 23:47:31 27,648 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\jsproxy.dll
+ 2008-12-20 23:47:31 459,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeeds.dll
+ 2008-12-20 23:47:31 52,224 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeedsbs.dll
+ 2009-01-16 16:20:14 3,596,288 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
+ 2008-12-20 23:47:33 477,696 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtmled.dll
+ 2008-12-20 23:47:33 193,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msrating.dll
+ 2008-12-20 23:47:34 671,232 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mstime.dll
+ 2008-12-20 23:47:34 102,912 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\occache.dll
+ 2008-12-20 23:47:34 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\pngfilt.dll
+ 2008-12-20 23:47:34 105,984 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\url.dll
+ 2008-12-20 23:47:35 1,163,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\urlmon.dll
+ 2008-12-20 23:47:35 233,472 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\webcheck.dll
+ 2008-12-20 23:47:36 827,904 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\updspapi.dll
+ 2008-07-09 07:40:24 234,872 -c----w c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe
+ 2008-07-09 07:40:35 406,392 -c----w c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll
+ 2008-10-16 20:18:31 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:18:31 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:18:31 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:18:31 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:18:32 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:12:20 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:18:32 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:18:32 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:18:32 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:18:32 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:18:35 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:18:35 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:18:36 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:18:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:18:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:37:56 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:18:40 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:18:40 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:18:41 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:18:41 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:18:41 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:18:41 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:18:42 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:18:43 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 22:46:48 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-16 20:18:31 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 22:46:48 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:18:31 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:18:31 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 22:46:48 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:18:31 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 22:46:49 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 22:46:49 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:12:20 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:18:32 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:18:32 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 22:46:49 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:18:32 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 22:46:50 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 22:46:54 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:18:35 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 22:46:54 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 22:46:54 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:18:36 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 22:46:56 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:37:56 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 20:15:42 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:18:40 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 22:47:01 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:18:40 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 22:47:01 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:18:41 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 22:47:02 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:18:41 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 22:47:02 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:18:41 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 22:47:02 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:18:41 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 22:47:02 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:18:42 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:47:03 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:18:42 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 22:47:03 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:18:43 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 22:47:04 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 22:46:48 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 22:46:49 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 22:46:49 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:12:20 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 22:46:49 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 22:46:50 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 22:46:54 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 22:46:54 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 22:46:54 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 22:46:56 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 20:15:42 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 22:47:01 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 22:47:01 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 22:47:02 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 22:47:02 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 22:47:02 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 22:47:02 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 22:47:03 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 22:47:03 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-10-16 20:18:43 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 22:47:04 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2009-03-16 19:18:23 16,384 ----atw c:\windows\temp\Perflib_Perfdata_168.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - SSMDRV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 20:19:48
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-03-16 20:24:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-16 19:24:00
ComboFix2.txt 2009-03-13 11:28:34
ComboFix3.txt 2009-02-09 11:43:47
ComboFix4.txt 2009-02-08 08:41:36
ComboFix5.txt 2009-03-16 19:10:52

Avant-CF: 84 751 953 920 octets libres
Après-CF: 84,740,980,736 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
361 --- E O F --- 2009-02-12 22:28:48




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:32, on 16/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\G\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS4\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
0

Discussions similaires

Livebox 4 Réseau Orange non détecté
Azfun -
brupala -

10 réponses
Phishing faux mail d'avast
Colette34 -
Gerper -

2 réponses
Prélèvement dri Avast software
Ml -
dadout -

2 réponses
Livebox s'allume mais marque pas de réseau orange
Bebelle -
kaumune -

9 réponses
Arnaque installation Avast Premium security
Eldanield -
bazfile -

9 réponses