Rootkit Fichier caché.
Kira
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
je viens chercher de l'aide car en effet AVG 8.0, fonctin Anti-Rootkit m'a détecté un Rootkit qui malheurseusement n'est pas supprimable, c'est un "Pilote Masqué" et plus ennyeux c'est qu'il change de nom a chaque nouvelle analyse...
De plus il semble avoir affecté mon lecteur CD/DVD qui réagit lorsque j'insère un CD mais qui ne s'affiche pas sur l'ordi...
Si quelqu'un pouvait me sauver...
je viens chercher de l'aide car en effet AVG 8.0, fonctin Anti-Rootkit m'a détecté un Rootkit qui malheurseusement n'est pas supprimable, c'est un "Pilote Masqué" et plus ennyeux c'est qu'il change de nom a chaque nouvelle analyse...
De plus il semble avoir affecté mon lecteur CD/DVD qui réagit lorsque j'insère un CD mais qui ne s'affiche pas sur l'ordi...
Si quelqu'un pouvait me sauver...
A voir également:
- Rootkit Fichier caché.
- Fichier bin - Guide
- Fichier epub - Guide
- Fichier rar - Guide
- Comment réduire la taille d'un fichier - Guide
- Fichier .dat - Guide
73 réponses
vire ces deux fichiers
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
______________
analyse ce fichier sur virus total et colle le rapport https://www.virustotal.com/gui/
c:\windows\wusa.lock
_____________
pour voir si il existe bien un rootkit ce qui m'etonne vu les rapports
essaye sophos antirootkit, panda antirootkit , rootkit hunter,mac afee rootkit
si rien je pense que c'est un faux positif
http://www.commentcamarche.net/telecharger/logiciel 110 anti rootkit
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
______________
analyse ce fichier sur virus total et colle le rapport https://www.virustotal.com/gui/
c:\windows\wusa.lock
_____________
pour voir si il existe bien un rootkit ce qui m'etonne vu les rapports
essaye sophos antirootkit, panda antirootkit , rootkit hunter,mac afee rootkit
si rien je pense que c'est un faux positif
http://www.commentcamarche.net/telecharger/logiciel 110 anti rootkit
Alors je n'ai pu virer :
-C:\32788R22FWJFW.0.tmp
et voilà ce que m'indique virustotal:
0 bytes size received / Se ha recibido un archivo vacio
Que faire si c'est un "faux positif"?
-C:\32788R22FWJFW.0.tmp
et voilà ce que m'indique virustotal:
0 bytes size received / Se ha recibido un archivo vacio
Que faire si c'est un "faux positif"?
si c'est un faux positif il faut l'ignorer enparamettrant avg 8 ou alors mets antivir a la place d'avg 8
https://www.malekal.com/avira-free-security-antivirus-gratuit/
_______________
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe
(de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
:files
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
c:\windows\wusa.lock
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
c:\windows\wusa.lock
le pc pour achever la suppression.si c'est le cas accepte par Yes.
https://www.malekal.com/avira-free-security-antivirus-gratuit/
_______________
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe
(de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
:files
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
c:\windows\wusa.lock
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
c:\windows\wusa.lock
le pc pour achever la suppression.si c'est le cas accepte par Yes.
========== FILES ==========
File/Folder C:\32788R22FWJFW.0.tmp not found.
File/Folder C:\edfe6c060c8fb4b80e95eb6092f8 not found.
File/Folder c:\windows\wusa.lock not found.
voilà ;-)
File/Folder C:\32788R22FWJFW.0.tmp not found.
File/Folder C:\edfe6c060c8fb4b80e95eb6092f8 not found.
File/Folder c:\windows\wusa.lock not found.
voilà ;-)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
c:\windows\wusa.lock
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
c:\windows\wusa.lock
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ComboFix 09-02-15.01 - Step 2009-02-18 12:52:08.6 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.893.257 [GMT 1:00]
Lancé depuis: c:\users\Step\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Step\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
c:\windows\wusa.lock
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-18 au 2009-02-18 ))))))))))))))))))))))))))))))))))))
.
2009-02-18 10:50 . 2009-02-18 10:50 <REP> d-------- C:\ef72b07650eb81e63c9b73ee91a30bcf
2009-02-17 23:23 . 2009-02-17 23:23 <REP> d-------- c:\users\Step\AppData\Roaming\Netscape
2009-02-17 23:22 . 2009-02-17 23:46 <REP> d-------- c:\program files\Netscape
2009-02-16 16:05 . 2009-02-16 16:05 <REP> d-------- c:\users\Step\AppData\Roaming\OpenOffice.org
2009-02-16 15:56 . 2009-02-16 15:56 <REP> d-------- c:\program files\OpenOffice.org 3
2009-02-08 21:53 . 2009-02-14 19:25 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-08 21:53 . 2009-02-14 19:25 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-08 21:53 . 2009-02-15 00:06 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-08 21:48 . 2009-02-15 00:06 <REP> d-------- c:\program files\eMule
2009-02-04 18:22 . 2009-02-05 20:51 <REP> d-------- c:\program files\Common Files\Softwin
2009-02-04 18:04 . 2009-02-04 18:04 <REP> d-------- C:\_OTMoveIt
2009-02-02 13:10 . 2009-02-07 14:21 <REP> d-------- c:\program files\Panda Security
2009-02-02 13:02 . 2009-02-05 21:15 <REP> d-------- c:\windows\BDOSCAN8
2009-02-02 12:59 . 2009-02-07 14:19 <REP> d-------- c:\program files\Sophos
2009-02-02 12:34 . 2009-02-05 21:15 <REP> d-------- c:\program files\Navilog1
2009-02-01 20:20 . 2009-02-05 21:15 <REP> d-------- C:\ToolBar SD
2009-02-01 19:47 . 2009-02-01 19:48 <REP> d-------- C:\rsit
2009-02-01 19:47 . 2009-02-07 20:17 <REP> d-------- c:\program files\trend micro
2009-02-01 01:43 . 2009-02-01 01:43 <REP> d-------- c:\users\Step\AppData\Roaming\Malwarebytes
2009-02-01 01:42 . 2009-02-01 01:42 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-01 01:42 . 2009-02-01 01:42 <REP> d-------- c:\programdata\Malwarebytes
2009-02-01 01:42 . 2009-02-02 20:31 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-01 00:10 . 2009-02-01 16:43 250 --a------ c:\windows\gmer.ini
2009-01-24 05:24 . 2009-02-05 21:15 <REP> d-------- c:\program files\aquaplay
2009-01-23 20:26 . 2009-02-05 20:04 <REP> d-------- c:\users\All Users\Sports Interactive
2009-01-23 20:26 . 2009-02-05 20:04 <REP> d-------- c:\programdata\Sports Interactive
2009-01-23 20:24 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-01-23 20:24 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-01-23 20:24 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-01-23 20:24 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-01-23 20:24 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-01-23 20:24 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-01-23 20:24 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-01-23 20:24 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-01-23 20:24 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-01-23 20:24 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 09:41 --------- d-----w c:\program files\Yahoo!
2009-02-17 22:21 --------- d-----w c:\program files\VirginMega
2009-02-14 23:06 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-14 23:06 --------- d-----w c:\program files\CCleaner
2009-02-05 20:23 --------- d-----w c:\program files\Paint.NET
2009-02-05 20:15 --------- d-----w c:\users\Step\AppData\Roaming\DAEMON Tools
2009-02-05 20:15 --------- d-----w c:\users\Step\AppData\Roaming\Azureus
2009-02-05 20:15 --------- d-----w c:\program files\Windows Defender
2009-01-24 04:45 --------- d-----w c:\users\Step\AppData\Roaming\Sports Interactive
2009-01-23 18:09 --------- d-----w c:\program files\Sports Interactive
2009-01-21 20:30 --------- d-----w c:\program files\Azureus
2009-01-15 16:58 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-13 19:49 --------- d-----w c:\users\Step\AppData\Roaming\aAvgApi
2009-01-12 20:18 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-12 20:18 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-12 20:18 --------- d-----w c:\programdata\avg8
2009-01-12 20:17 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-11 16:00 --------- d-----w c:\program files\Common Files\Adobe
2008-12-31 13:55 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-30 14:56 --------- d-----w c:\users\Step\AppData\Roaming\InterVideo
2008-12-28 12:35 --------- d-----w c:\programdata\Messenger Plus!
2008-12-28 11:55 --------- d-----w c:\users\Step\AppData\Roaming\Canneverbe_Limited
2008-12-28 11:54 --------- d-----w c:\program files\CDBurnerXP
2008-12-28 10:32 --------- d-----w c:\users\Step\AppData\Roaming\Ahead
2008-12-28 10:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 10:10 --------- d-----w c:\program files\Microsoft Reader
2008-12-28 10:03 --------- d-----w c:\users\TEMP\AppData\Roaming\ATI
2008-12-28 00:46 --------- d-----w c:\program files\BitTorrent
2008-12-28 00:24 --------- d-----w c:\program files\iPod
2008-12-28 00:24 --------- d-----w c:\program files\Bonjour
2008-12-28 00:21 --------- d-----w c:\program files\Windows Sidebar
2008-12-28 00:21 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-28 00:21 --------- d-----w c:\program files\SplitCam
2008-12-28 00:21 --------- d-----w c:\program files\QuickTime
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft
2008-12-27 23:47 --------- d-----w c:\users\Step\AppData\Roaming\Apple Computer
2008-12-27 23:46 --------- d-----w c:\program files\iTunes
2008-12-27 23:46 --------- d-----w c:\program files\Common Files\Apple
2008-12-27 23:45 --------- d-----w c:\programdata\Apple Computer
2008-12-27 23:37 --------- d-----w c:\program files\Apple Software Update
2008-12-27 21:16 --------- d-----w c:\programdata\ma-config.com
2008-12-27 21:16 --------- d-----w c:\program files\ma-config.com
2008-12-18 10:57 --------- d-----w c:\program files\Windows Live
2008-12-18 09:45 --------- d-----w c:\program files\Windows Mail
2008-12-17 19:25 174 --sha-w c:\program files\desktop.ini
2008-12-17 18:38 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-17 18:38 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-06-25 17:58 1,664,591 ----a-w c:\users\2007\pf-setup.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-17_ 3.30.03.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-16 18:54:51 941,680 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-02-18 11:40:36 1,140,816 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-02-17 02:00:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-18 11:41:51 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-17 02:00:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-18 11:41:51 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-28 20:29:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-17 21:14:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-28 20:29:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 21:14:58 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-28 20:29:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-17 21:14:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-17 02:02:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-18 11:43:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-02-17 02:02:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-18 11:43:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-01-19 07:33:43 128,000 ----a-w c:\windows\System32\advpack.dll
+ 2009-01-15 10:03:11 128,512 ----a-w c:\windows\System32\advpack.dll
- 2009-02-17 02:14:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-18 11:57:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-17 02:14:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-18 11:57:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-17 02:14:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-18 11:57:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-16 15:10:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-02-18 11:57:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-01-19 07:34:08 347,136 ----a-w c:\windows\System32\dxtmsft.dll
+ 2009-01-15 10:01:21 348,160 ----a-w c:\windows\System32\dxtmsft.dll
- 2008-01-19 07:34:08 214,528 ----a-w c:\windows\System32\dxtrans.dll
+ 2009-01-15 10:01:14 216,064 ----a-w c:\windows\System32\dxtrans.dll
- 2008-01-19 07:34:28 63,488 ----a-w c:\windows\System32\icardie.dll
+ 2009-01-15 10:01:38 59,904 ----a-w c:\windows\System32\icardie.dll
- 2008-01-19 07:33:12 70,656 ----a-w c:\windows\System32\ie4uinit.exe
+ 2009-01-15 10:03:26 172,544 ----a-w c:\windows\System32\ie4uinit.exe
- 2008-01-19 07:34:28 153,088 ----a-w c:\windows\System32\ieakeng.dll
+ 2009-01-15 10:03:41 125,952 ----a-w c:\windows\System32\ieakeng.dll
- 2008-01-19 07:34:28 230,400 ----a-w c:\windows\System32\ieaksie.dll
+ 2009-01-15 10:03:48 228,352 ----a-w c:\windows\System32\ieaksie.dll
- 2006-11-02 09:39:30 161,792 ----a-w c:\windows\System32\ieakui.dll
+ 2009-01-15 10:03:19 163,840 ----a-w c:\windows\System32\ieakui.dll
- 2007-09-23 10:44:58 2,455,488 ----a-w c:\windows\System32\ieapfltr.dat
+ 2008-12-15 01:12:40 3,698,040 ----a-w c:\windows\System32\ieapfltr.dat
- 2008-01-19 07:34:28 383,488 ----a-w c:\windows\System32\ieapfltr.dll
+ 2009-01-15 09:35:08 445,440 ----a-w c:\windows\System32\ieapfltr.dll
- 2008-01-19 07:34:29 388,096 ----a-w c:\windows\System32\iedkcs32.dll
+ 2009-01-15 10:17:21 392,040 ----a-w c:\windows\System32\iedkcs32.dll
- 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\System32\ieframe.dll
+ 2009-01-15 10:12:11 10,963,968 ----a-w c:\windows\System32\ieframe.dll
- 2008-01-19 07:34:31 193,024 ----a-w c:\windows\System32\iepeers.dll
+ 2009-01-15 10:01:50 183,808 ----a-w c:\windows\System32\iepeers.dll
- 2008-01-19 07:34:31 44,544 ----a-w c:\windows\System32\iernonce.dll
+ 2009-01-15 10:03:13 55,808 ----a-w c:\windows\System32\iernonce.dll
- 2008-10-16 04:47:29 270,336 ----a-w c:\windows\System32\iertutil.dll
+ 2009-01-15 10:02:48 1,975,296 ----a-w c:\windows\System32\iertutil.dll
- 2008-01-19 07:34:31 180,736 ----a-w c:\windows\System32\ieui.dll
+ 2009-01-15 09:50:48 164,352 ----a-w c:\windows\System32\ieui.dll
- 2008-01-19 07:34:34 93,696 ----a-w c:\windows\System32\inseng.dll
+ 2009-01-15 10:03:12 94,720 ----a-w c:\windows\System32\inseng.dll
- 2008-05-08 21:59:28 512,000 ----a-w c:\windows\System32\jscript.dll
+ 2009-01-15 10:03:56 724,992 ----a-w c:\windows\System32\jscript.dll
- 2008-10-16 04:47:30 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2009-01-15 10:04:14 25,600 ----a-w c:\windows\System32\jsproxy.dll
- 2008-04-11 06:42:20 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
+ 2009-01-15 10:04:18 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\System32\mrt.exe
- 2008-01-19 07:34:58 458,240 ----a-w c:\windows\System32\msfeeds.dll
+ 2009-01-15 10:02:38 593,920 ----a-w c:\windows\System32\msfeeds.dll
- 2008-01-19 07:34:58 52,224 ----a-w c:\windows\System32\msfeedsbs.dll
+ 2009-01-15 10:01:38 54,272 ----a-w c:\windows\System32\msfeedsbs.dll
- 2008-01-19 07:33:16 12,800 ----a-w c:\windows\System32\msfeedssync.exe
+ 2009-01-15 10:01:41 13,312 ----a-w c:\windows\System32\msfeedssync.exe
- 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2009-01-15 10:13:17 5,888,512 ----a-w c:\windows\System32\mshtml.dll
- 2008-01-19 07:34:59 476,672 ----a-w c:\windows\System32\mshtmled.dll
+ 2009-01-15 10:01:05 66,560 ----a-w c:\windows\System32\mshtmled.dll
- 2008-01-19 07:35:12 193,024 ----a-w c:\windows\System32\msrating.dll
+ 2009-01-15 10:05:33 193,536 ----a-w c:\windows\System32\msrating.dll
- 2008-10-16 04:47:32 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2009-01-15 10:02:19 611,840 ----a-w c:\windows\System32\mstime.dll
- 2008-01-19 07:36:00 102,912 ----a-w c:\windows\System32\occache.dll
+ 2009-01-15 10:05:33 109,056 ----a-w c:\windows\System32\occache.dll
- 2008-01-19 07:36:06 45,056 ----a-w c:\windows\System32\pngfilt.dll
+ 2009-01-15 10:01:16 46,592 ----a-w c:\windows\System32\pngfilt.dll
- 2009-02-17 02:08:10 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-02-17 14:59:21 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-01-19 07:36:46 105,984 ----a-w c:\windows\System32\url.dll
+ 2009-01-15 10:05:58 105,984 ----a-w c:\windows\System32\url.dll
- 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2009-01-15 10:06:46 1,182,720 ----a-w c:\windows\System32\urlmon.dll
- 2009-02-17 02:02:51 13,846 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3104662218-1256191170-3440181771-1002_UserData.bin
+ 2009-02-18 11:44:07 13,886 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3104662218-1256191170-3440181771-1002_UserData.bin
- 2009-02-17 02:02:50 71,036 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-18 11:44:07 71,414 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-16 18:54:42 4,370 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-17 13:43:20 4,370 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-02-16 13:06:53 58,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-18 11:43:58 58,422 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-19 07:36:52 233,984 ----a-w c:\windows\System32\webcheck.dll
+ 2009-01-15 10:06:07 236,544 ----a-w c:\windows\System32\webcheck.dll
- 2008-01-19 07:33:37 208,384 ----a-w c:\windows\System32\WinFXDocObj.exe
+ 2009-01-15 10:06:20 208,384 ----a-w c:\windows\System32\WinFXDocObj.exe
- 2009-02-17 02:08:18 191,005,605 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-17 14:52:38 196,504,260 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-15 10:03:11 128,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18372_none_8e6ad0c808d4cd48\advpack.dll
+ 2009-01-15 10:04:05 107,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18372_none_eb166cf8d70d9a7c\SetIEInstalledDate.exe
+ 2009-01-15 10:01:16 46,592 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18372_none_d065da77296db347\pngfilt.dll
+ 2009-01-15 10:06:46 1,182,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18372_none_97828329ecce2aab\urlmon.dll
+ 2009-01-15 10:02:19 611,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18372_none_c36511f29276ea1a\mstime.dll
+ 2009-01-15 10:04:26 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18372_none_6f0a64fd61b66334\corpol.dll
+ 2009-01-15 10:04:14 25,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18372_none_e4885ecbb7d7513e\jsproxy.dll
+ 2009-01-15 10:05:40 911,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18372_none_e4885ecbb7d7513e\wininet.dll
+ 2009-01-15 10:04:18 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18372_none_e4885ecbb7d7513e\WininetPlugin.dll
+ 2009-01-15 10:17:21 392,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18372_none_56efd7c76d817205\iedkcs32.dll
+ 2009-01-15 10:03:41 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18372_none_86b5a17dde37d53a\ieakeng.dll
+ 2009-01-15 10:03:31 72,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18372_none_90d18d1b1cca28e4\admparse.dll
+ 2009-01-15 10:03:48 228,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18372_none_90d18d1b1cca28e4\ieaksie.dll
+ 2009-01-15 10:03:19 163,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18372_none_90d18d1b1cca28e4\ieakui.dll
+ 2008-12-15 01:12:40 3,698,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18372_none_de3181a581c2cb91\ieapfltr.dat
+ 2009-01-15 09:35:08 445,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18372_none_de3181a581c2cb91\ieapfltr.dll
+ 2009-01-15 10:01:50 183,808 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18372_none_1f62effd081219a0\iepeers.dll
+ 2009-01-15 10:05:33 43,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18372_none_ac80c33865f6f825\licmgr10.dll
+ 2009-01-15 10:07:32 736,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18372_none_1e44781e55da9d7f\iedvtool.dll
+ 2009-01-15 10:01:21 348,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18372_none_7a65ba5d97a851bf\dxtmsft.dll
+ 2009-01-15 10:01:14 216,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18372_none_7a65ba5d97a851bf\dxtrans.dll
+ 2009-01-15 10:02:38 593,920 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18372_none_4285f59a507aa3f6\msfeeds.dll
+ 2009-01-15 10:01:38 54,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18372_none_deed5a57f0c6431d\msfeedsbs.dll
+ 2009-01-15 10:01:41 13,312 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18372_none_deed5a57f0c6431d\msfeedssync.exe
+ 2009-01-15 10:04:05 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18372_none_0a88416b39d399f7\RegisterIEPKEYs.exe
+ 2009-01-15 10:04:05 103,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18372_none_934a5a5607dc0ab7\SetDepNx.exe
+ 2009-01-15 10:00:37 45,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18372_none_3bf95a8f1f61ce38\mshta.exe
+ 2009-01-15 10:01:05 66,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18372_none_2ac854b55969044c\mshtmled.dll
+ 2009-01-15 10:00:44 48,128 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18372_none_d60cf1ced02adb99\mshtmler.dll
+ 2009-01-15 10:13:17 5,888,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18372_none_f5e27dea382dba74\mshtml.dll
+ 2009-01-15 10:04:05 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18372_none_a085c086aa922a39\iecleanup.exe
+ 2009-01-15 10:06:45 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18372_none_838ef3c446ee6331\iecompat.dll
+ 2009-01-09 23:47:53 79,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18386_none_8388250046f2e47e\iecompat.dll
+ 2009-01-09 22:35:51 79,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22482_none_840dc0a360141eec\iecompat.dll
+ 2009-01-15 10:04:59 115,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18372_none_e9157774873ef983\ielowutil.exe
+ 2009-01-15 10:04:40 245,760 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18372_none_72ce4fad6094dbbd\ieproxy.dll
+ 2009-01-15 10:04:20 193,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18372_none_2a2c9b43b03d422b\IEShims.dll
+ 2009-01-15 10:02:56 169,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18372_none_471b482f54b63138\iexpress.exe
+ 2009-01-15 10:03:04 66,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18372_none_471b482f54b63138\wextract.exe
+ 2009-01-15 10:01:25 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18372_none_209434220912bb05\imgutil.dll
+ 2009-01-15 10:06:47 143,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18372_none_109d2beed989d5a6\ExtExport.exe
+ 2009-01-15 10:01:38 59,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18372_none_3d3aeab47a42467d\icardie.dll
+ 2009-01-15 10:04:05 132,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18372_none_12016b573002c021\ieUnatt.exe
+ 2009-01-15 10:17:20 636,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18372_none_12016b573002c021\iexplore.exe
+ 2009-01-15 10:06:38 519,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18372_none_9d0bba2be3a97c27\jsdbgui.dll
+ 2009-01-15 10:06:39 118,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18372_none_ed4707bd47637a4e\JSProfilerCore.dll
+ 2009-01-15 10:07:05 231,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18372_none_d59e64f5e43736e5\jsprofilerui.dll
+ 2009-01-15 10:05:33 109,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18372_none_19c5d37a2a275509\occache.dll
+ 2009-01-15 10:06:07 236,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18372_none_43cb4e4667bdcfed\webcheck.dll
+ 2008-10-10 20:42:04 265,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18372_none_d01555fafe902944\msdbg2.dll
+ 2008-10-10 20:42:05 355,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18372_none_d01555fafe902944\pdm.dll
+ 2009-01-15 10:04:05 109,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18372_none_d01555fafe902944\PDMSetup.exe
+ 2009-01-15 10:05:33 193,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18372_none_aa31a9a272bf7a1f\msrating.dll
+ 2009-01-15 10:02:48 1,975,296 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18372_none_2a4315a7a2886f9b\iertutil.dll
+ 2009-01-15 10:17:21 141,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18372_none_2a4315a7a2886f9b\sqmapi.dll
+ 2009-01-15 10:03:26 172,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18372_none_a8702072747d88c6\ie4uinit.exe
+ 2009-01-15 10:03:13 55,808 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18372_none_a8702072747d88c6\iernonce.dll
+ 2009-01-15 10:03:16 71,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18372_none_a8702072747d88c6\iesetup.dll
+ 2009-01-15 10:03:12 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18372_none_7bdec6f45dcc8c96\inseng.dll
+ 2009-01-15 10:04:10 109,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18372_none_fe31851ed000c58b\iesysprep.dll
+ 2009-01-15 10:04:55 755,200 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18372_none_cfd67cb8febf36da\VGX.dll
+ 2009-01-15 10:06:20 208,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18372_none_d45682f2305b1e8e\WinFXDocObj.exe
+ 2009-01-15 10:05:58 105,984 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18372_none_d2ca3c9473ce9fe8\url.dll
+ 2009-01-15 10:12:11 10,963,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18372_none_4741d7edc42348a1\ieframe.dll
+ 2009-01-15 09:50:48 164,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18372_none_4741d7edc42348a1\ieui.dll
+ 2009-01-15 10:04:50 256,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18372_none_cb3b446ca7a69cd9\ieinstal.exe
+ 2009-01-15 10:06:35 120,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18372_none_1d97a2aa14b916c7\jsdebuggeride.dll
+ 2009-01-15 09:50:37 156,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18372_none_ae9f3f04b877fd43\msls31.dll
+ 2009-01-15 10:03:56 724,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18372_none_657f53e50d289665\jscript.dll
+ 2009-01-15 10:03:34 420,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18372_none_2af96e9d43eb42a1\vbscript.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-20 77824]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-12 1601304]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
c:\users\2007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5FD91A4C-4DB7-4928-B53A-6D5FC34295DB}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{419DCCF4-F449-4FAA-9255-14B244D9CD47}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{6DF018C9-6C18-4C79-AA7D-1E3C34979C0B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{1B957FE3-F7B2-45B8-B14B-20E8D8BF36E3}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"TCP Query User{BBBE5863-238E-4B75-8719-4F5342394360}c:\\users\\2007\\appdata\\local\\temp\\rar$ex00.171\\emule\\emule.exe"= UDP:c:\users\2007\appdata\local\temp\rar$ex00.171\emule\emule.exe:emule.exe
"UDP Query User{67500115-DC8F-4C89-BA3C-A4744AD4E436}c:\\users\\2007\\appdata\\local\\temp\\rar$ex00.171\\emule\\emule.exe"= TCP:c:\users\2007\appdata\local\temp\rar$ex00.171\emule\emule.exe:emule.exe
"TCP Query User{9CEF591D-A89A-4C92-BAEB-0D3CB26BD49F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4B70F833-BC74-460F-9282-3FB9FB9BB736}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F56905EA-E544-4CC3-AB7E-EE1214E1E8CC}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{F78F6B5B-FEF5-47C6-A315-7DE628CA3D75}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{D7C874C2-43D8-479E-8B7A-AB41451EEF90}"= Disabled:UDP:c:\program files\fm.exe:Football Manager 2008
"{5B3DCBAC-B132-46F6-9393-B35D886DC396}"= Disabled:TCP:c:\program files\fm.exe:Football Manager 2008
"TCP Query User{20EDBEE9-47B9-4FDB-A3B1-41A241D2A7FE}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{9521B02B-9AC6-4227-8949-0E57CEB5B2B8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{161C8511-8AA2-4B90-98E3-4E7160E5F9E8}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{F4AA48FC-F466-4A90-9A76-9EA89684E16E}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{39F9BBEB-2BC8-43E3-BB42-FBCBCDCA3EAD}c:\\program files\\ppmate\\ppmate\\ppmate.exe"= UDP:c:\program files\ppmate\ppmate\ppmate.exe:PPMate P2P TV
"UDP Query User{ACBAF6E3-97E3-45CB-8842-CAE637A0EF29}c:\\program files\\ppmate\\ppmate\\ppmate.exe"= TCP:c:\program files\ppmate\ppmate\ppmate.exe:PPMate P2P TV
"TCP Query User{2A05CA98-2A5A-4F74-9CEF-7672D26610B5}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{75F44963-AB3D-44C1-A755-9B8940C9C4AB}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{9DDA4A41-30BD-4196-85D0-9EA7DB44F854}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6763BFB0-A49B-4277-A9CE-A19578701E25}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{38713D86-3CA7-499A-9B2A-14AF270526B4}c:\\users\\2007\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\2007\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{299B3A3B-3B1C-4974-8F50-0153917864D8}c:\\users\\2007\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\2007\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{0D9D7D59-AADB-4947-87D4-98C717CDE973}c:\\users\\2007\\appdata\\local\\temp\\rar$ex02.766\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= UDP:c:\users\2007\appdata\local\temp\rar$ex02.766\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"UDP Query User{6DF04E2B-4701-4509-8054-4AE12924940E}c:\\users\\2007\\appdata\\local\\temp\\rar$ex02.766\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= TCP:c:\users\2007\appdata\local\temp\rar$ex02.766\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"TCP Query User{17A35D09-AE7C-4F5C-B13D-FC286C30EF4D}c:\\users\\2007\\desktop\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= UDP:c:\users\2007\desktop\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"UDP Query User{9A5627BA-9821-424D-8218-EF7212B6654F}c:\\users\\2007\\desktop\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= TCP:c:\users\2007\desktop\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"{41459E7D-92F3-4E24-8F71-D5C96095655D}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{13B6E290-630B-4DA0-84A9-1F716AFFAB55}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{A4673DA1-B535-40B4-94BC-1C31865E8EA3}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{620635BF-FE10-4A5E-8303-A28AC3A25581}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{55EE90A1-CE93-47BB-AE27-65FE0F2B89CA}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{414DF850-822B-4472-A942-E2B9C9F47B22}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{FCF6337D-B51F-488B-8F32-325683A80121}c:\\program files\\x-chat 2\\xchat.exe"= UDP:c:\program files\x-chat 2\xchat.exe:X-Chat IRC Client
"UDP Query User{86EF4704-CDAE-4FFC-A2E3-2233AA84B20B}c:\\program files\\x-chat 2\\xchat.exe"= TCP:c:\program files\x-chat 2\xchat.exe:X-Chat IRC Client
"{8EE34478-C877-4132-8760-01BA327FEEA2}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A2A9274B-85DB-4921-A9B9-0AB54253676B}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{84BD71E7-5322-40FC-9D41-75009201E747}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{CCE87925-0BEA-4C21-A2C2-36BB72ECC53A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{EB21003F-AFFE-4796-9980-E3DA1E3D189F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{5DDEEE1B-4615-4B66-AFCE-91AD14CEEFD8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D21EC17D-59F9-4560-AF55-965F1D2F1680}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5967084E-B8D9-4D40-AFE7-3EA8E4830CA3}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= c:\program files\PPMate\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\uusee\\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-11-15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-11-15 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-11-15 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-12 298264]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2008-12-18 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/home.php
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Step\AppData\Roaming\Mozilla\Firefox\Profiles\rw1nhsww.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 12:58:21
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????P?Qe?U??0???X?????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-18 13:03:14
ComboFix-quarantined-files.txt 2009-02-18 12:02:51
ComboFix2.txt 2009-02-17 02:33:54
ComboFix3.txt 2009-02-07 20:33:12
ComboFix4.txt 2009-02-02 14:04:21
Avant-CF: 13 687 234 560 octets libres
Après-CF: 13,485,559,808 octets libres
455 --- E O F --- 2009-02-17 02:10:15
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.893.257 [GMT 1:00]
Lancé depuis: c:\users\Step\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Step\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
C:\32788R22FWJFW.0.tmp
C:\edfe6c060c8fb4b80e95eb6092f8
c:\windows\wusa.lock
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-18 au 2009-02-18 ))))))))))))))))))))))))))))))))))))
.
2009-02-18 10:50 . 2009-02-18 10:50 <REP> d-------- C:\ef72b07650eb81e63c9b73ee91a30bcf
2009-02-17 23:23 . 2009-02-17 23:23 <REP> d-------- c:\users\Step\AppData\Roaming\Netscape
2009-02-17 23:22 . 2009-02-17 23:46 <REP> d-------- c:\program files\Netscape
2009-02-16 16:05 . 2009-02-16 16:05 <REP> d-------- c:\users\Step\AppData\Roaming\OpenOffice.org
2009-02-16 15:56 . 2009-02-16 15:56 <REP> d-------- c:\program files\OpenOffice.org 3
2009-02-08 21:53 . 2009-02-14 19:25 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-08 21:53 . 2009-02-14 19:25 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-08 21:53 . 2009-02-15 00:06 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-08 21:48 . 2009-02-15 00:06 <REP> d-------- c:\program files\eMule
2009-02-04 18:22 . 2009-02-05 20:51 <REP> d-------- c:\program files\Common Files\Softwin
2009-02-04 18:04 . 2009-02-04 18:04 <REP> d-------- C:\_OTMoveIt
2009-02-02 13:10 . 2009-02-07 14:21 <REP> d-------- c:\program files\Panda Security
2009-02-02 13:02 . 2009-02-05 21:15 <REP> d-------- c:\windows\BDOSCAN8
2009-02-02 12:59 . 2009-02-07 14:19 <REP> d-------- c:\program files\Sophos
2009-02-02 12:34 . 2009-02-05 21:15 <REP> d-------- c:\program files\Navilog1
2009-02-01 20:20 . 2009-02-05 21:15 <REP> d-------- C:\ToolBar SD
2009-02-01 19:47 . 2009-02-01 19:48 <REP> d-------- C:\rsit
2009-02-01 19:47 . 2009-02-07 20:17 <REP> d-------- c:\program files\trend micro
2009-02-01 01:43 . 2009-02-01 01:43 <REP> d-------- c:\users\Step\AppData\Roaming\Malwarebytes
2009-02-01 01:42 . 2009-02-01 01:42 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-01 01:42 . 2009-02-01 01:42 <REP> d-------- c:\programdata\Malwarebytes
2009-02-01 01:42 . 2009-02-02 20:31 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-01 00:10 . 2009-02-01 16:43 250 --a------ c:\windows\gmer.ini
2009-01-24 05:24 . 2009-02-05 21:15 <REP> d-------- c:\program files\aquaplay
2009-01-23 20:26 . 2009-02-05 20:04 <REP> d-------- c:\users\All Users\Sports Interactive
2009-01-23 20:26 . 2009-02-05 20:04 <REP> d-------- c:\programdata\Sports Interactive
2009-01-23 20:24 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-01-23 20:24 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-01-23 20:24 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-01-23 20:24 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-01-23 20:24 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-01-23 20:24 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-01-23 20:24 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-01-23 20:24 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-01-23 20:24 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-01-23 20:24 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 09:41 --------- d-----w c:\program files\Yahoo!
2009-02-17 22:21 --------- d-----w c:\program files\VirginMega
2009-02-14 23:06 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-14 23:06 --------- d-----w c:\program files\CCleaner
2009-02-05 20:23 --------- d-----w c:\program files\Paint.NET
2009-02-05 20:15 --------- d-----w c:\users\Step\AppData\Roaming\DAEMON Tools
2009-02-05 20:15 --------- d-----w c:\users\Step\AppData\Roaming\Azureus
2009-02-05 20:15 --------- d-----w c:\program files\Windows Defender
2009-01-24 04:45 --------- d-----w c:\users\Step\AppData\Roaming\Sports Interactive
2009-01-23 18:09 --------- d-----w c:\program files\Sports Interactive
2009-01-21 20:30 --------- d-----w c:\program files\Azureus
2009-01-15 16:58 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-13 19:49 --------- d-----w c:\users\Step\AppData\Roaming\aAvgApi
2009-01-12 20:18 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-12 20:18 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-12 20:18 --------- d-----w c:\programdata\avg8
2009-01-12 20:17 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-11 16:00 --------- d-----w c:\program files\Common Files\Adobe
2008-12-31 13:55 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-30 14:56 --------- d-----w c:\users\Step\AppData\Roaming\InterVideo
2008-12-28 12:35 --------- d-----w c:\programdata\Messenger Plus!
2008-12-28 11:55 --------- d-----w c:\users\Step\AppData\Roaming\Canneverbe_Limited
2008-12-28 11:54 --------- d-----w c:\program files\CDBurnerXP
2008-12-28 10:32 --------- d-----w c:\users\Step\AppData\Roaming\Ahead
2008-12-28 10:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 10:10 --------- d-----w c:\program files\Microsoft Reader
2008-12-28 10:03 --------- d-----w c:\users\TEMP\AppData\Roaming\ATI
2008-12-28 00:46 --------- d-----w c:\program files\BitTorrent
2008-12-28 00:24 --------- d-----w c:\program files\iPod
2008-12-28 00:24 --------- d-----w c:\program files\Bonjour
2008-12-28 00:21 --------- d-----w c:\program files\Windows Sidebar
2008-12-28 00:21 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-28 00:21 --------- d-----w c:\program files\SplitCam
2008-12-28 00:21 --------- d-----w c:\program files\QuickTime
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft
2008-12-27 23:47 --------- d-----w c:\users\Step\AppData\Roaming\Apple Computer
2008-12-27 23:46 --------- d-----w c:\program files\iTunes
2008-12-27 23:46 --------- d-----w c:\program files\Common Files\Apple
2008-12-27 23:45 --------- d-----w c:\programdata\Apple Computer
2008-12-27 23:37 --------- d-----w c:\program files\Apple Software Update
2008-12-27 21:16 --------- d-----w c:\programdata\ma-config.com
2008-12-27 21:16 --------- d-----w c:\program files\ma-config.com
2008-12-18 10:57 --------- d-----w c:\program files\Windows Live
2008-12-18 09:45 --------- d-----w c:\program files\Windows Mail
2008-12-17 19:25 174 --sha-w c:\program files\desktop.ini
2008-12-17 18:38 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-17 18:38 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-06-25 17:58 1,664,591 ----a-w c:\users\2007\pf-setup.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-17_ 3.30.03.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-16 18:54:51 941,680 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-02-18 11:40:36 1,140,816 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-02-17 02:00:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-18 11:41:51 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-17 02:00:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-18 11:41:51 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-28 20:29:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-17 21:14:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-28 20:29:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 21:14:58 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-28 20:29:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-17 21:14:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-17 02:02:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-18 11:43:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-02-17 02:02:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-18 11:43:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-01-19 07:33:43 128,000 ----a-w c:\windows\System32\advpack.dll
+ 2009-01-15 10:03:11 128,512 ----a-w c:\windows\System32\advpack.dll
- 2009-02-17 02:14:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-18 11:57:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-17 02:14:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-18 11:57:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-17 02:14:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-18 11:57:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-16 15:10:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-02-18 11:57:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-01-19 07:34:08 347,136 ----a-w c:\windows\System32\dxtmsft.dll
+ 2009-01-15 10:01:21 348,160 ----a-w c:\windows\System32\dxtmsft.dll
- 2008-01-19 07:34:08 214,528 ----a-w c:\windows\System32\dxtrans.dll
+ 2009-01-15 10:01:14 216,064 ----a-w c:\windows\System32\dxtrans.dll
- 2008-01-19 07:34:28 63,488 ----a-w c:\windows\System32\icardie.dll
+ 2009-01-15 10:01:38 59,904 ----a-w c:\windows\System32\icardie.dll
- 2008-01-19 07:33:12 70,656 ----a-w c:\windows\System32\ie4uinit.exe
+ 2009-01-15 10:03:26 172,544 ----a-w c:\windows\System32\ie4uinit.exe
- 2008-01-19 07:34:28 153,088 ----a-w c:\windows\System32\ieakeng.dll
+ 2009-01-15 10:03:41 125,952 ----a-w c:\windows\System32\ieakeng.dll
- 2008-01-19 07:34:28 230,400 ----a-w c:\windows\System32\ieaksie.dll
+ 2009-01-15 10:03:48 228,352 ----a-w c:\windows\System32\ieaksie.dll
- 2006-11-02 09:39:30 161,792 ----a-w c:\windows\System32\ieakui.dll
+ 2009-01-15 10:03:19 163,840 ----a-w c:\windows\System32\ieakui.dll
- 2007-09-23 10:44:58 2,455,488 ----a-w c:\windows\System32\ieapfltr.dat
+ 2008-12-15 01:12:40 3,698,040 ----a-w c:\windows\System32\ieapfltr.dat
- 2008-01-19 07:34:28 383,488 ----a-w c:\windows\System32\ieapfltr.dll
+ 2009-01-15 09:35:08 445,440 ----a-w c:\windows\System32\ieapfltr.dll
- 2008-01-19 07:34:29 388,096 ----a-w c:\windows\System32\iedkcs32.dll
+ 2009-01-15 10:17:21 392,040 ----a-w c:\windows\System32\iedkcs32.dll
- 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\System32\ieframe.dll
+ 2009-01-15 10:12:11 10,963,968 ----a-w c:\windows\System32\ieframe.dll
- 2008-01-19 07:34:31 193,024 ----a-w c:\windows\System32\iepeers.dll
+ 2009-01-15 10:01:50 183,808 ----a-w c:\windows\System32\iepeers.dll
- 2008-01-19 07:34:31 44,544 ----a-w c:\windows\System32\iernonce.dll
+ 2009-01-15 10:03:13 55,808 ----a-w c:\windows\System32\iernonce.dll
- 2008-10-16 04:47:29 270,336 ----a-w c:\windows\System32\iertutil.dll
+ 2009-01-15 10:02:48 1,975,296 ----a-w c:\windows\System32\iertutil.dll
- 2008-01-19 07:34:31 180,736 ----a-w c:\windows\System32\ieui.dll
+ 2009-01-15 09:50:48 164,352 ----a-w c:\windows\System32\ieui.dll
- 2008-01-19 07:34:34 93,696 ----a-w c:\windows\System32\inseng.dll
+ 2009-01-15 10:03:12 94,720 ----a-w c:\windows\System32\inseng.dll
- 2008-05-08 21:59:28 512,000 ----a-w c:\windows\System32\jscript.dll
+ 2009-01-15 10:03:56 724,992 ----a-w c:\windows\System32\jscript.dll
- 2008-10-16 04:47:30 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2009-01-15 10:04:14 25,600 ----a-w c:\windows\System32\jsproxy.dll
- 2008-04-11 06:42:20 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
+ 2009-01-15 10:04:18 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\System32\mrt.exe
- 2008-01-19 07:34:58 458,240 ----a-w c:\windows\System32\msfeeds.dll
+ 2009-01-15 10:02:38 593,920 ----a-w c:\windows\System32\msfeeds.dll
- 2008-01-19 07:34:58 52,224 ----a-w c:\windows\System32\msfeedsbs.dll
+ 2009-01-15 10:01:38 54,272 ----a-w c:\windows\System32\msfeedsbs.dll
- 2008-01-19 07:33:16 12,800 ----a-w c:\windows\System32\msfeedssync.exe
+ 2009-01-15 10:01:41 13,312 ----a-w c:\windows\System32\msfeedssync.exe
- 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2009-01-15 10:13:17 5,888,512 ----a-w c:\windows\System32\mshtml.dll
- 2008-01-19 07:34:59 476,672 ----a-w c:\windows\System32\mshtmled.dll
+ 2009-01-15 10:01:05 66,560 ----a-w c:\windows\System32\mshtmled.dll
- 2008-01-19 07:35:12 193,024 ----a-w c:\windows\System32\msrating.dll
+ 2009-01-15 10:05:33 193,536 ----a-w c:\windows\System32\msrating.dll
- 2008-10-16 04:47:32 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2009-01-15 10:02:19 611,840 ----a-w c:\windows\System32\mstime.dll
- 2008-01-19 07:36:00 102,912 ----a-w c:\windows\System32\occache.dll
+ 2009-01-15 10:05:33 109,056 ----a-w c:\windows\System32\occache.dll
- 2008-01-19 07:36:06 45,056 ----a-w c:\windows\System32\pngfilt.dll
+ 2009-01-15 10:01:16 46,592 ----a-w c:\windows\System32\pngfilt.dll
- 2009-02-17 02:08:10 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-02-17 14:59:21 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-01-19 07:36:46 105,984 ----a-w c:\windows\System32\url.dll
+ 2009-01-15 10:05:58 105,984 ----a-w c:\windows\System32\url.dll
- 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2009-01-15 10:06:46 1,182,720 ----a-w c:\windows\System32\urlmon.dll
- 2009-02-17 02:02:51 13,846 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3104662218-1256191170-3440181771-1002_UserData.bin
+ 2009-02-18 11:44:07 13,886 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3104662218-1256191170-3440181771-1002_UserData.bin
- 2009-02-17 02:02:50 71,036 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-18 11:44:07 71,414 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-16 18:54:42 4,370 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-17 13:43:20 4,370 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-02-16 13:06:53 58,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-18 11:43:58 58,422 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-19 07:36:52 233,984 ----a-w c:\windows\System32\webcheck.dll
+ 2009-01-15 10:06:07 236,544 ----a-w c:\windows\System32\webcheck.dll
- 2008-01-19 07:33:37 208,384 ----a-w c:\windows\System32\WinFXDocObj.exe
+ 2009-01-15 10:06:20 208,384 ----a-w c:\windows\System32\WinFXDocObj.exe
- 2009-02-17 02:08:18 191,005,605 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-17 14:52:38 196,504,260 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-15 10:03:11 128,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18372_none_8e6ad0c808d4cd48\advpack.dll
+ 2009-01-15 10:04:05 107,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18372_none_eb166cf8d70d9a7c\SetIEInstalledDate.exe
+ 2009-01-15 10:01:16 46,592 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18372_none_d065da77296db347\pngfilt.dll
+ 2009-01-15 10:06:46 1,182,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18372_none_97828329ecce2aab\urlmon.dll
+ 2009-01-15 10:02:19 611,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18372_none_c36511f29276ea1a\mstime.dll
+ 2009-01-15 10:04:26 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18372_none_6f0a64fd61b66334\corpol.dll
+ 2009-01-15 10:04:14 25,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18372_none_e4885ecbb7d7513e\jsproxy.dll
+ 2009-01-15 10:05:40 911,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18372_none_e4885ecbb7d7513e\wininet.dll
+ 2009-01-15 10:04:18 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18372_none_e4885ecbb7d7513e\WininetPlugin.dll
+ 2009-01-15 10:17:21 392,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18372_none_56efd7c76d817205\iedkcs32.dll
+ 2009-01-15 10:03:41 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18372_none_86b5a17dde37d53a\ieakeng.dll
+ 2009-01-15 10:03:31 72,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18372_none_90d18d1b1cca28e4\admparse.dll
+ 2009-01-15 10:03:48 228,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18372_none_90d18d1b1cca28e4\ieaksie.dll
+ 2009-01-15 10:03:19 163,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18372_none_90d18d1b1cca28e4\ieakui.dll
+ 2008-12-15 01:12:40 3,698,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18372_none_de3181a581c2cb91\ieapfltr.dat
+ 2009-01-15 09:35:08 445,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18372_none_de3181a581c2cb91\ieapfltr.dll
+ 2009-01-15 10:01:50 183,808 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18372_none_1f62effd081219a0\iepeers.dll
+ 2009-01-15 10:05:33 43,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18372_none_ac80c33865f6f825\licmgr10.dll
+ 2009-01-15 10:07:32 736,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18372_none_1e44781e55da9d7f\iedvtool.dll
+ 2009-01-15 10:01:21 348,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18372_none_7a65ba5d97a851bf\dxtmsft.dll
+ 2009-01-15 10:01:14 216,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18372_none_7a65ba5d97a851bf\dxtrans.dll
+ 2009-01-15 10:02:38 593,920 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18372_none_4285f59a507aa3f6\msfeeds.dll
+ 2009-01-15 10:01:38 54,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18372_none_deed5a57f0c6431d\msfeedsbs.dll
+ 2009-01-15 10:01:41 13,312 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18372_none_deed5a57f0c6431d\msfeedssync.exe
+ 2009-01-15 10:04:05 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18372_none_0a88416b39d399f7\RegisterIEPKEYs.exe
+ 2009-01-15 10:04:05 103,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18372_none_934a5a5607dc0ab7\SetDepNx.exe
+ 2009-01-15 10:00:37 45,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18372_none_3bf95a8f1f61ce38\mshta.exe
+ 2009-01-15 10:01:05 66,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18372_none_2ac854b55969044c\mshtmled.dll
+ 2009-01-15 10:00:44 48,128 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18372_none_d60cf1ced02adb99\mshtmler.dll
+ 2009-01-15 10:13:17 5,888,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18372_none_f5e27dea382dba74\mshtml.dll
+ 2009-01-15 10:04:05 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18372_none_a085c086aa922a39\iecleanup.exe
+ 2009-01-15 10:06:45 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18372_none_838ef3c446ee6331\iecompat.dll
+ 2009-01-09 23:47:53 79,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18386_none_8388250046f2e47e\iecompat.dll
+ 2009-01-09 22:35:51 79,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22482_none_840dc0a360141eec\iecompat.dll
+ 2009-01-15 10:04:59 115,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18372_none_e9157774873ef983\ielowutil.exe
+ 2009-01-15 10:04:40 245,760 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18372_none_72ce4fad6094dbbd\ieproxy.dll
+ 2009-01-15 10:04:20 193,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18372_none_2a2c9b43b03d422b\IEShims.dll
+ 2009-01-15 10:02:56 169,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18372_none_471b482f54b63138\iexpress.exe
+ 2009-01-15 10:03:04 66,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18372_none_471b482f54b63138\wextract.exe
+ 2009-01-15 10:01:25 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18372_none_209434220912bb05\imgutil.dll
+ 2009-01-15 10:06:47 143,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18372_none_109d2beed989d5a6\ExtExport.exe
+ 2009-01-15 10:01:38 59,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18372_none_3d3aeab47a42467d\icardie.dll
+ 2009-01-15 10:04:05 132,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18372_none_12016b573002c021\ieUnatt.exe
+ 2009-01-15 10:17:20 636,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18372_none_12016b573002c021\iexplore.exe
+ 2009-01-15 10:06:38 519,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18372_none_9d0bba2be3a97c27\jsdbgui.dll
+ 2009-01-15 10:06:39 118,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18372_none_ed4707bd47637a4e\JSProfilerCore.dll
+ 2009-01-15 10:07:05 231,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18372_none_d59e64f5e43736e5\jsprofilerui.dll
+ 2009-01-15 10:05:33 109,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18372_none_19c5d37a2a275509\occache.dll
+ 2009-01-15 10:06:07 236,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18372_none_43cb4e4667bdcfed\webcheck.dll
+ 2008-10-10 20:42:04 265,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18372_none_d01555fafe902944\msdbg2.dll
+ 2008-10-10 20:42:05 355,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18372_none_d01555fafe902944\pdm.dll
+ 2009-01-15 10:04:05 109,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18372_none_d01555fafe902944\PDMSetup.exe
+ 2009-01-15 10:05:33 193,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18372_none_aa31a9a272bf7a1f\msrating.dll
+ 2009-01-15 10:02:48 1,975,296 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18372_none_2a4315a7a2886f9b\iertutil.dll
+ 2009-01-15 10:17:21 141,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18372_none_2a4315a7a2886f9b\sqmapi.dll
+ 2009-01-15 10:03:26 172,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18372_none_a8702072747d88c6\ie4uinit.exe
+ 2009-01-15 10:03:13 55,808 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18372_none_a8702072747d88c6\iernonce.dll
+ 2009-01-15 10:03:16 71,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18372_none_a8702072747d88c6\iesetup.dll
+ 2009-01-15 10:03:12 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18372_none_7bdec6f45dcc8c96\inseng.dll
+ 2009-01-15 10:04:10 109,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18372_none_fe31851ed000c58b\iesysprep.dll
+ 2009-01-15 10:04:55 755,200 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18372_none_cfd67cb8febf36da\VGX.dll
+ 2009-01-15 10:06:20 208,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18372_none_d45682f2305b1e8e\WinFXDocObj.exe
+ 2009-01-15 10:05:58 105,984 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18372_none_d2ca3c9473ce9fe8\url.dll
+ 2009-01-15 10:12:11 10,963,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18372_none_4741d7edc42348a1\ieframe.dll
+ 2009-01-15 09:50:48 164,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18372_none_4741d7edc42348a1\ieui.dll
+ 2009-01-15 10:04:50 256,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18372_none_cb3b446ca7a69cd9\ieinstal.exe
+ 2009-01-15 10:06:35 120,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18372_none_1d97a2aa14b916c7\jsdebuggeride.dll
+ 2009-01-15 09:50:37 156,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18372_none_ae9f3f04b877fd43\msls31.dll
+ 2009-01-15 10:03:56 724,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18372_none_657f53e50d289665\jscript.dll
+ 2009-01-15 10:03:34 420,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18372_none_2af96e9d43eb42a1\vbscript.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-20 77824]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-12 1601304]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
c:\users\2007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5FD91A4C-4DB7-4928-B53A-6D5FC34295DB}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{419DCCF4-F449-4FAA-9255-14B244D9CD47}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{6DF018C9-6C18-4C79-AA7D-1E3C34979C0B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{1B957FE3-F7B2-45B8-B14B-20E8D8BF36E3}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"TCP Query User{BBBE5863-238E-4B75-8719-4F5342394360}c:\\users\\2007\\appdata\\local\\temp\\rar$ex00.171\\emule\\emule.exe"= UDP:c:\users\2007\appdata\local\temp\rar$ex00.171\emule\emule.exe:emule.exe
"UDP Query User{67500115-DC8F-4C89-BA3C-A4744AD4E436}c:\\users\\2007\\appdata\\local\\temp\\rar$ex00.171\\emule\\emule.exe"= TCP:c:\users\2007\appdata\local\temp\rar$ex00.171\emule\emule.exe:emule.exe
"TCP Query User{9CEF591D-A89A-4C92-BAEB-0D3CB26BD49F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4B70F833-BC74-460F-9282-3FB9FB9BB736}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F56905EA-E544-4CC3-AB7E-EE1214E1E8CC}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{F78F6B5B-FEF5-47C6-A315-7DE628CA3D75}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{D7C874C2-43D8-479E-8B7A-AB41451EEF90}"= Disabled:UDP:c:\program files\fm.exe:Football Manager 2008
"{5B3DCBAC-B132-46F6-9393-B35D886DC396}"= Disabled:TCP:c:\program files\fm.exe:Football Manager 2008
"TCP Query User{20EDBEE9-47B9-4FDB-A3B1-41A241D2A7FE}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{9521B02B-9AC6-4227-8949-0E57CEB5B2B8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{161C8511-8AA2-4B90-98E3-4E7160E5F9E8}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{F4AA48FC-F466-4A90-9A76-9EA89684E16E}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{39F9BBEB-2BC8-43E3-BB42-FBCBCDCA3EAD}c:\\program files\\ppmate\\ppmate\\ppmate.exe"= UDP:c:\program files\ppmate\ppmate\ppmate.exe:PPMate P2P TV
"UDP Query User{ACBAF6E3-97E3-45CB-8842-CAE637A0EF29}c:\\program files\\ppmate\\ppmate\\ppmate.exe"= TCP:c:\program files\ppmate\ppmate\ppmate.exe:PPMate P2P TV
"TCP Query User{2A05CA98-2A5A-4F74-9CEF-7672D26610B5}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{75F44963-AB3D-44C1-A755-9B8940C9C4AB}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{9DDA4A41-30BD-4196-85D0-9EA7DB44F854}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6763BFB0-A49B-4277-A9CE-A19578701E25}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{38713D86-3CA7-499A-9B2A-14AF270526B4}c:\\users\\2007\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\2007\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{299B3A3B-3B1C-4974-8F50-0153917864D8}c:\\users\\2007\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\2007\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{0D9D7D59-AADB-4947-87D4-98C717CDE973}c:\\users\\2007\\appdata\\local\\temp\\rar$ex02.766\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= UDP:c:\users\2007\appdata\local\temp\rar$ex02.766\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"UDP Query User{6DF04E2B-4701-4509-8054-4AE12924940E}c:\\users\\2007\\appdata\\local\\temp\\rar$ex02.766\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= TCP:c:\users\2007\appdata\local\temp\rar$ex02.766\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"TCP Query User{17A35D09-AE7C-4F5C-B13D-FC286C30EF4D}c:\\users\\2007\\desktop\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= UDP:c:\users\2007\desktop\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"UDP Query User{9A5627BA-9821-424D-8218-EF7212B6654F}c:\\users\\2007\\desktop\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= TCP:c:\users\2007\desktop\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"{41459E7D-92F3-4E24-8F71-D5C96095655D}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{13B6E290-630B-4DA0-84A9-1F716AFFAB55}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{A4673DA1-B535-40B4-94BC-1C31865E8EA3}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{620635BF-FE10-4A5E-8303-A28AC3A25581}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{55EE90A1-CE93-47BB-AE27-65FE0F2B89CA}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{414DF850-822B-4472-A942-E2B9C9F47B22}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{FCF6337D-B51F-488B-8F32-325683A80121}c:\\program files\\x-chat 2\\xchat.exe"= UDP:c:\program files\x-chat 2\xchat.exe:X-Chat IRC Client
"UDP Query User{86EF4704-CDAE-4FFC-A2E3-2233AA84B20B}c:\\program files\\x-chat 2\\xchat.exe"= TCP:c:\program files\x-chat 2\xchat.exe:X-Chat IRC Client
"{8EE34478-C877-4132-8760-01BA327FEEA2}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A2A9274B-85DB-4921-A9B9-0AB54253676B}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{84BD71E7-5322-40FC-9D41-75009201E747}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{CCE87925-0BEA-4C21-A2C2-36BB72ECC53A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{EB21003F-AFFE-4796-9980-E3DA1E3D189F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{5DDEEE1B-4615-4B66-AFCE-91AD14CEEFD8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D21EC17D-59F9-4560-AF55-965F1D2F1680}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5967084E-B8D9-4D40-AFE7-3EA8E4830CA3}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= c:\program files\PPMate\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\uusee\\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-11-15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-11-15 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-11-15 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-12 298264]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2008-12-18 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/home.php
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Step\AppData\Roaming\Mozilla\Firefox\Profiles\rw1nhsww.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 12:58:21
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????P?Qe?U??0???X?????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-18 13:03:14
ComboFix-quarantined-files.txt 2009-02-18 12:02:51
ComboFix2.txt 2009-02-17 02:33:54
ComboFix3.txt 2009-02-07 20:33:12
ComboFix4.txt 2009-02-02 14:04:21
Avant-CF: 13 687 234 560 octets libres
Après-CF: 13,485,559,808 octets libres
455 --- E O F --- 2009-02-17 02:10:15
j'ai mis ignorer (enfin je crois) mmais sa marche pas des masses, et sa m'énerve un peu d'avoir payer AVG pour le virer quoi...
y'aurait-il un tutoriel expliquant comment ignorer sur AVG 8.0?
y'aurait-il un tutoriel expliquant comment ignorer sur AVG 8.0?
En mode sans échec je n'arrive pas a accéder a l'interface , en effet il lance direct une analyse ...
j'ai un gros problème plus important que ce rootkit, c'est que depuis son apparition , mon lecteur cd ne lis plus...
Pourtant le lecteur cd de mon portable s'ouvre, et le CD tourne.
Le lecteur est un toshiba K8032GSX ATA Device.
PQFERUV 1A7WA5A7 SCSI Cdrom Device.
Pourtant le lecteur cd de mon portable s'ouvre, et le CD tourne.
Le lecteur est un toshiba K8032GSX ATA Device.
PQFERUV 1A7WA5A7 SCSI Cdrom Device.
tu as regardé ici les pilotes?
https://fr.dynabook.com/support/drivers/
http://fr.computers.toshiba-europe.com/innovation/generic/SUPPORT_PORTAL/
https://fr.dynabook.com/support/drivers/
http://fr.computers.toshiba-europe.com/innovation/generic/SUPPORT_PORTAL/
Non car je ne m'y retrouve pas trop...
Mon PC est un portable satellite L-30 mais après je m'y perds.
Mon PC est un portable satellite L-30 mais après je m'y perds.
tu vas ici
https://fr.dynabook.com/support/drivers/
puis dans categorie tu mets portable
puis Famille : sattelite
Séries produit : L30
....
a
Type de Driver tu mets utilities
https://fr.dynabook.com/support/drivers/
puis dans categorie tu mets portable
puis Famille : sattelite
Séries produit : L30
....
a
Type de Driver tu mets utilities
