Sujet Précédent Sujet Suivant

Connexion extrêmement ralentie

Résolu/Fermé
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 - 21 mars 2009 à 17:45
 Utilisateur anonyme - 30 mars 2009 à 22:35
Bonjour,
J'ai un problème avec ma connexion internet : je suis en réseau (2 postes), l'ancien poste avec Win 98 SE tourne encore bien. Le plus récent (XP) a une connexion internet très ralentie 30 kbp/s au lieu de 1024. Je soupçonne un virus, trojan ou autre mais après de nombreuses analyses, je n'ai rien trouvé.
J'ai effectué la commande netsh winsock reset, mais ce n'est pas mieux. J'ai supprimé NIS 2009 qui utilisait 98 % de CPU, j'ai remplacé temporairement par AVG. J'ai réinstallé le driver de la carte réseau, etc ...
Bref, je ne sais pas plus quoi faire.
Y aurait-il quelqu'un pour m'aider ?
Merci d'avance.
DJ

Voici le rapport de HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:00, on 21/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dany\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: GoogleCalendarSync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80D5ED38-4B06-48FD-BD5B-12457A268F56}: NameServer = 80.10.246.1,80.10.246.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{80D5ED38-4B06-48FD-BD5B-12457A268F56}: NameServer = 80.10.246.1,80.10.246.130
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A voir également:

114 réponses

Précédent
Réponse 81 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
26 mars 2009 à 10:03
Concernant Antivir, oui je n'avais pas lu jusqu'au bout.
Ceci dit, j'ai fait une 2e analyse avec l'analyse Heuristique élevée et il n'a plus rien trouvé.
Je mettrai le rapport de la 2e analyse dès que je serai de retour chez moi.

Concernant Dr. Web ok je le referai. Le problème c'est que je découvre les outils de désinfection les uns après les autres, donc je ne connais pas les arcanes de chacun ...

Question subsidiaire : un modem-routeur peut-il être infecté ?
0
Réponse 82 / 114
Utilisateur anonyme
26 mars 2009 à 11:12
un modem-routeur peut-il être infecté = franchement j'ai jamais eu affaire à un truc de ce genre je répondrais dans le doute = je n en sais rien
0
Réponse 83 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
27 mars 2009 à 18:32
Voici le rapport de l'analyse avec Dr. Web

Qu'est ce que je fais avec les fichiers qui ne sont ni supprimés, ni en quarantaine ? (ex 1e ligne)

A0024672.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP37\A0024672.exe;Tool.Prockill;;
A0024672.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP37;L'archive contient des éléments infectés;Quarantaine.;
A0008367.reg;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP6;Trojan.StartPage.1505;Supprimé.;
A0028939.bat;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP61;Probablement BATCH.Virus;Quarantaine.;
A0029159.bat;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP61;Probablement BATCH.Virus;Quarantaine.;
A0029188.EXE;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP61;Program.PsExec.170;Quarantaine.;
A0029244.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP61;Tool.Prockill;Quarantaine.;
A0030653.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP63;Tool.Prockill;Quarantaine.;
A0030822.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP63;Tool.Prockill;Quarantaine.;
A0030981.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67\A0030981.exe;Tool.Prockill;;
A0030981.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67\A0030981.exe;Tool.ShutDown.14;;
A0030981.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;L'archive contient des éléments infectés;Quarantaine.;
A0031030.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Tool.Prockill;Quarantaine.;
A0031098.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Tool.Prockill;Quarantaine.;
A0031107.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Tool.Prockill;Quarantaine.;
A0031109.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Tool.ShutDown.14;Quarantaine.;
A0031133.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Tool.Prockill;Quarantaine.;
A0031163.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67\A0031163.exe/data002;Probablement BATCH.Virus;;
A0031163.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67\A0031163.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;L'archive contient des éléments infectés;;
A0031163.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Conteneur comporte des objets infectés;Quarantaine.;
A0031164.exe\data013;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67\A0031164.exe;Tool.Prockill;;
A0031164.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Conteneur comporte des objets infectés;Quarantaine.;
A0031165.exe/data001/setup.zip\3;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67\A0031165.exe/data001/setup.zip;Tool.Prockill;;
setup.zip;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;L'archive contient des éléments infectés;;
data001;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Conteneur comporte des objets infectés;;
A0031165.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Conteneur comporte des objets infectés;Quarantaine.;
A0031166.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67\A0031166.exe/data002;Probablement BATCH.Virus;;
A0031166.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67\A0031166.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;L'archive contient des éléments infectés;;
A0031166.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Conteneur comporte des objets infectés;Quarantaine.;
A0031227.bat;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Probablement BATCH.Virus;Quarantaine.;
A0031276.bat;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Probablement BATCH.Virus;Quarantaine.;
A0031289.EXE;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Program.PsExec.170;Quarantaine.;
A0031358.bat;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Probablement BATCH.Virus;Quarantaine.;
A0031372.EXE;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP67;Program.PsExec.170;Quarantaine.;
A0031458.bat;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP68;Probablement BATCH.Virus;Quarantaine.;
A0031472.EXE;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP68;Program.PsExec.170;Quarantaine.;
A0031824.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP71\A0031824.exe/data002;Probablement BATCH.Virus;;
A0031824.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP71\A0031824.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP71;L'archive contient des éléments infectés;;
A0031824.exe;C:\System Volume Information\_restore{18332373-10A4-4A16-8808-E3C2D01955F4}\RP71;Conteneur comporte des objets infectés;Quarantaine.;
RegUBP2b-Dany.reg;D:\Vieux DD 40 Go\All Users\Application Data\Spybot - Search & Destroy\Snapshots;Trojan.StartPage.1505;Supprimé.;
0
Réponse 84 / 114
Utilisateur anonyme
27 mars 2009 à 18:45
ta connection reseau s'est elle arrangée apres redémarrage ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 85 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
27 mars 2009 à 19:02
Toujours pas bon : la page d'accueil (Google) s'affiche partiellement puis plus rien, comme si la communication était interceptée ...
C'est un truc de ouf ...
0
Réponse 86 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
27 mars 2009 à 19:42
J'ai désinstallé IE 8, j'ai réinstallé le firmware du routeur.
Je ne sais pas pour combien de temps, mais pour l'instant, c'est mieux.
0
Réponse 87 / 114
Utilisateur anonyme
27 mars 2009 à 20:16
Telecharge :
-------------

PureRA

coche tout a droite et "clean"

ensuite :
-----------

CleaAfterMe

meme chose tu coches tout et "clean selected items"

ensuite :

relance un scan superanitspyware en mode sans echec sans prise en charge reseau

ensuite relances rsit stp
0
Réponse 88 / 114
loloetseb Messages postés 5508 Date d'inscription dimanche 14 décembre 2008 Statut Membre Dernière intervention 22 avril 2012 174
27 mars 2009 à 20:36
i be back!!!!!!!!
0
Réponse 89 / 114
loloetseb Messages postés 5508 Date d'inscription dimanche 14 décembre 2008 Statut Membre Dernière intervention 22 avril 2012 174
27 mars 2009 à 20:46
P..... y 'a de sacré rootkit dans les pays de l'est,c'est quoi les fichiers de ces photos roumanie que antivir a decelé!!!!
0
Réponse 90 / 114
Utilisateur anonyme
28 mars 2009 à 06:52
salut a tous

oui lionel et c'est pas fini :)

d-Jacky on attend tes rapports :)
0
Réponse 91 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
28 mars 2009 à 15:41
Et oui, j'étais en Roumanie en 2006, par contre j'ignorais que des virus pouvaient se cacher dans des fichiers .jpeg !!!

Premier rapport :

SUPERAntiSpyware journal de bord
https://www.superantispyware.com/

Généré 03/28/2009 at 00:49 AM

Version du Logiciel : 4.26.1000

Core Rules Database Version : 3816
Trace Rules Database Version: 1770

Genre de Scan : Scan Complète
Temps total du Scan : 03:38:11

Articles du Mémoire analysés : 223
Risques de dommage de Mémoire détectés : 0
Articles du Registre analysés : 4954
Risques de dommage de Registre détectés : 0
Articles de fichier scannés : 57785
Risques du Dommage de Fichier Détectés : 0
0
Réponse 92 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
28 mars 2009 à 15:42
2e rapport :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dany at 2009-03-28 08:26:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 278 GB (91%) free of 305 GB
Total RAM: 2047 MB (76% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{AAB5F4A0-34AB-4FBD-8CC5-089F5A9AB70A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-17 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Dany\Menu Démarrer\Programmes\Démarrage
GoogleCalendarSync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 240128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=cli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-03-28 08:26:41 ----D---- C:\Program Files\trend micro
2009-03-28 08:26:40 ----D---- C:\rsit
2009-03-27 21:05:13 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-27 20:37:55 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-03-27 20:27:00 ----A---- C:\PureRa.txt
2009-03-26 22:41:03 ----D---- C:\Documents and Settings\Dany\Application Data\Cimaware
2009-03-26 22:35:54 ----D---- C:\Program Files\Cimaware
2009-03-25 12:10:33 ----D---- C:\Program Files\Avira
2009-03-25 12:10:33 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-25 11:55:28 ----D---- C:\Program Files\TCPView
2009-03-25 00:01:59 ----D---- C:\WINDOWS\ie8updates
2009-03-24 23:58:27 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-03-24 20:40:01 ----A---- C:\Program Files\procexp.exe
2009-03-24 12:57:51 ----SHD---- C:\RECYCLER
2009-03-24 12:57:48 ----D---- C:\_OTMoveIt
2009-03-23 18:12:40 ----A---- C:\ComboFix.txt
2009-03-23 13:03:48 ----A---- C:\log.txt
2009-03-23 12:50:11 ----ASH---- C:\BOOT.BAK
2009-03-23 12:49:55 ----RSHD---- C:\cmdcons
2009-03-23 12:49:55 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-03-23 12:49:54 ----D---- C:\WINDOWS\setup.pss
2009-03-23 12:39:07 ----D---- C:\WINDOWS\temp
2009-03-23 12:35:47 ----A---- C:\WINDOWS\zip.exe
2009-03-23 12:35:47 ----A---- C:\WINDOWS\VFIND.exe
2009-03-23 12:35:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-23 12:35:47 ----A---- C:\WINDOWS\SWSC.exe
2009-03-23 12:35:47 ----A---- C:\WINDOWS\SWREG.exe
2009-03-23 12:35:47 ----A---- C:\WINDOWS\sed.exe
2009-03-23 12:35:47 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-23 12:35:47 ----A---- C:\WINDOWS\grep.exe
2009-03-23 12:35:47 ----A---- C:\WINDOWS\fdsv.exe
2009-03-23 12:28:59 ----D---- C:\Qoobox
2009-03-22 21:50:16 ----A---- C:\TCleaner.txt
2009-03-21 19:53:09 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 19:52:58 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-21 19:52:58 ----D---- C:\Documents and Settings\Dany\Application Data\SUPERAntiSpyware.com
2009-03-21 13:01:56 ----D---- C:\Program Files\Marvell
2009-03-20 23:27:35 ----A---- C:\WINDOWS\system32\tmp.txt
2009-03-19 21:49:45 ----D---- C:\Documents and Settings\Dany\Application Data\Malwarebytes
2009-03-19 21:49:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-18 23:40:49 ----A---- C:\lopR2.txt
2009-03-18 23:15:55 ----D---- C:\Documents and Settings\Dany\Application Data\Grisoft
2009-03-18 22:48:17 ----A---- C:\cleannavi2.txt
2009-03-18 22:43:17 ----A---- C:\rapport2.txt
2009-03-18 22:40:14 ----A---- C:\rapport.txt
2009-03-18 22:38:26 ----A---- C:\ComboFix2.txt
2009-03-18 22:25:49 ----D---- C:\WINDOWS\ERDNT
2009-03-18 11:10:40 ----D---- C:\Program Files\DiagInternet
2009-03-18 08:47:42 ----D---- C:\Program Files\AVG
2009-03-17 23:46:22 ----D---- C:\Program Files\a-squared Free
2009-03-16 21:37:55 ----A---- C:\WINDOWS\system32\LCamCpl.dll
2009-03-16 21:37:54 ----A---- C:\WINDOWS\system32\Lvkrn12n.dll
2009-03-16 21:37:53 ----A---- C:\WINDOWS\system32\MFC71u.dll
2009-03-16 21:37:53 ----A---- C:\WINDOWS\system32\MFC71KOR.DLL
2009-03-16 21:37:53 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
2009-03-16 21:37:53 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL
2009-03-16 21:37:53 ----A---- C:\WINDOWS\system32\MFC71ESP.DLL
2009-03-16 21:37:53 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2009-03-16 21:37:52 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL
2009-03-16 21:37:52 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL
2009-03-16 21:37:52 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL
2009-03-16 21:37:52 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-03-16 21:37:51 ----A---- C:\WINDOWS\system32\QCUI2.dll
2009-03-16 21:37:51 ----A---- C:\WINDOWS\system32\Ltwvc12n.dll
2009-03-16 21:37:51 ----A---- C:\WINDOWS\system32\ltkrn12n.dll
2009-03-16 21:37:51 ----A---- C:\WINDOWS\system32\ltimg12n.dll
2009-03-16 21:37:51 ----A---- C:\WINDOWS\system32\atl71.dll
2009-03-16 21:37:50 ----A---- C:\WINDOWS\system32\ltfil12n.DLL
2009-03-16 21:37:50 ----A---- C:\WINDOWS\system32\ltefx12n.dll
2009-03-16 21:37:50 ----A---- C:\WINDOWS\system32\LTDIS12n.dll
2009-03-16 21:37:50 ----A---- C:\WINDOWS\system32\lftif12n.dll
2009-03-16 21:37:50 ----A---- C:\WINDOWS\system32\lffax12n.dll
2009-03-16 21:37:50 ----A---- C:\WINDOWS\system32\LFCMP12n.DLL
2009-03-16 21:37:50 ----A---- C:\WINDOWS\system32\lfbmp12n.dll
2009-03-16 21:37:48 ----A---- C:\WINDOWS\system32\LQCUI2.dll
2009-03-16 21:37:13 ----D---- C:\Program Files\Logitech
2009-03-12 20:06:11 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-11 18:26:42 ----D---- C:\WINDOWS\system32\Lang
2009-03-11 18:14:43 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-03-11 18:14:14 ----D---- C:\Program Files\Realtek AC97
2009-03-11 18:14:11 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-03-11 18:14:09 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-03-11 18:14:09 ----A---- C:\WINDOWS\soundman.exe
2009-03-11 18:14:07 ----A---- C:\WINDOWS\alcupd.exe
2009-03-11 18:14:07 ----A---- C:\WINDOWS\Alcrmv.exe
2009-03-11 18:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 18:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-03-11 17:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 17:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-11 17:51:01 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2009-03-11 17:51:01 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2009-03-11 17:36:40 ----D---- C:\Documents and Settings\Dany\Application Data\Creative
2009-03-11 17:23:39 ----D---- C:\Program Files\Fichiers communs\Creative
2009-03-11 17:23:33 ----HD---- C:\Program Files\Creative Installation Information
2009-03-11 01:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-11 01:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-10 18:49:04 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-03-10 18:48:50 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-03-10 18:46:18 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-03-10 12:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-10 09:08:06 ----D---- C:\WINDOWS\Prefetch
2009-03-09 23:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-09 23:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-03-09 23:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-09 23:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-09 23:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-03-09 23:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-09 23:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-09 23:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-09 23:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-09 23:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-09 23:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-09 23:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-03-09 23:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-03-09 23:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-09 23:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-09 23:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-09 23:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-09 23:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-09 22:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-09 22:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-09 22:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-09 22:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-09 22:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-03-09 22:47:14 ----D---- C:\WINDOWS\ServicePackFiles
2009-03-09 22:37:40 ----A---- C:\WINDOWS\003233_.tmp
2009-03-09 22:33:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-09 21:37:28 ----A---- C:\WINDOWS\SET8D8.tmp
2009-03-09 21:37:26 ----A---- C:\WINDOWS\system32\SET8B8.tmp
2009-03-09 21:37:25 ----A---- C:\WINDOWS\system32\SET8B4.tmp
2009-03-09 21:37:25 ----A---- C:\WINDOWS\system32\SET8B2.tmp
2009-03-09 21:37:24 ----A---- C:\WINDOWS\system32\SET8AF.tmp
2009-03-09 21:37:24 ----A---- C:\WINDOWS\system32\SET8AC.tmp
2009-03-09 21:37:24 ----A---- C:\WINDOWS\system32\SET8AA.tmp
2009-03-09 21:37:24 ----A---- C:\WINDOWS\system32\SET8A7.tmp
2009-03-09 21:37:23 ----A---- C:\WINDOWS\system32\SET8A1.tmp
2009-03-09 21:37:23 ----A---- C:\WINDOWS\system32\SET89C.tmp
2009-03-09 21:37:22 ----A---- C:\WINDOWS\system32\SET89B.tmp
2009-03-09 21:37:22 ----A---- C:\WINDOWS\system32\SET897.tmp
2009-03-09 21:37:22 ----A---- C:\WINDOWS\system32\SET896.tmp
2009-03-09 21:37:22 ----A---- C:\WINDOWS\system32\SET892.tmp
2009-03-09 21:37:21 ----A---- C:\WINDOWS\system32\SET891.tmp
2009-03-09 21:37:21 ----A---- C:\WINDOWS\system32\SET890.tmp
2009-03-09 21:37:21 ----A---- C:\WINDOWS\system32\SET88A.tmp
2009-03-09 21:37:20 ----A---- C:\WINDOWS\system32\SET888.tmp
2009-03-09 21:37:20 ----A---- C:\WINDOWS\system32\SET885.tmp
2009-03-09 21:37:19 ----A---- C:\WINDOWS\system32\SET881.tmp
2009-03-09 21:37:19 ----A---- C:\WINDOWS\system32\SET87C.tmp
2009-03-09 21:37:19 ----A---- C:\WINDOWS\system32\SET876.tmp
2009-03-09 21:37:18 ----A---- C:\WINDOWS\system32\SET86E.tmp
2009-03-09 21:37:18 ----A---- C:\WINDOWS\system32\SET86D.tmp
2009-03-09 21:37:15 ----A---- C:\WINDOWS\system32\SET868.tmp
2009-03-09 21:37:15 ----A---- C:\WINDOWS\system32\SET866.tmp
2009-03-09 21:37:14 ----A---- C:\WINDOWS\system32\SET863.tmp
2009-03-09 21:37:14 ----A---- C:\WINDOWS\system32\SET861.tmp
2009-03-09 21:37:14 ----A---- C:\WINDOWS\system32\SET860.tmp
2009-03-09 21:37:14 ----A---- C:\WINDOWS\system32\SET85E.tmp
2009-03-09 21:37:14 ----A---- C:\WINDOWS\system32\SET85C.tmp
2009-03-09 21:37:13 ----A---- C:\WINDOWS\system32\SET85B.tmp
2009-03-09 21:37:13 ----A---- C:\WINDOWS\system32\SET85A.tmp
2009-03-09 21:37:13 ----A---- C:\WINDOWS\system32\SET859.tmp
2009-03-09 21:37:13 ----A---- C:\WINDOWS\system32\SET857.tmp
2009-03-09 21:37:12 ----A---- C:\WINDOWS\system32\SET856.tmp
2009-03-09 21:37:12 ----A---- C:\WINDOWS\system32\SET855.tmp
2009-03-09 21:37:12 ----A---- C:\WINDOWS\system32\SET84E.tmp
2009-03-09 21:37:10 ----A---- C:\WINDOWS\system32\SET836.tmp
2009-03-09 21:37:09 ----A---- C:\WINDOWS\system32\SET822.tmp
2009-03-09 21:37:08 ----A---- C:\WINDOWS\system32\SET821.tmp
2009-03-09 21:37:08 ----A---- C:\WINDOWS\system32\SET819.tmp
2009-03-09 21:37:07 ----A---- C:\WINDOWS\system32\SET80E.tmp
2009-03-09 21:37:07 ----A---- C:\WINDOWS\system32\SET808.tmp
2009-03-09 21:37:06 ----A---- C:\WINDOWS\system32\SET803.tmp
2009-03-09 21:37:05 ----A---- C:\WINDOWS\system32\SET7FF.tmp
2009-03-09 21:37:04 ----A---- C:\WINDOWS\system32\SET7F5.tmp
2009-03-09 21:37:04 ----A---- C:\WINDOWS\system32\SET7F4.tmp
2009-03-09 21:37:03 ----A---- C:\WINDOWS\system32\SET7F3.tmp
2009-03-09 21:37:03 ----A---- C:\WINDOWS\system32\SET7F1.tmp
2009-03-09 21:37:03 ----A---- C:\WINDOWS\system32\SET7F0.tmp
2009-03-09 21:37:02 ----A---- C:\WINDOWS\system32\SET7ED.tmp
2009-03-09 21:37:02 ----A---- C:\WINDOWS\system32\SET7E9.tmp
2009-03-09 21:37:01 ----A---- C:\WINDOWS\system32\SET7E0.tmp
2009-03-09 21:37:01 ----A---- C:\WINDOWS\system32\SET7DC.tmp
2009-03-09 21:37:00 ----A---- C:\WINDOWS\system32\SET7D6.tmp
2009-03-09 21:37:00 ----A---- C:\WINDOWS\system32\SET7D5.tmp
2009-03-09 21:37:00 ----A---- C:\WINDOWS\system32\SET7D3.tmp
2009-03-09 21:37:00 ----A---- C:\WINDOWS\system32\SET7D1.tmp
2009-03-09 21:36:59 ----A---- C:\WINDOWS\system32\SET7CC.tmp
2009-03-09 21:36:58 ----A---- C:\WINDOWS\system32\SET7BC.tmp
2009-03-09 21:36:57 ----A---- C:\WINDOWS\system32\SET7B6.tmp
2009-03-09 21:36:57 ----A---- C:\WINDOWS\system32\SET7B4.tmp
2009-03-09 21:36:57 ----A---- C:\WINDOWS\system32\SET7B2.tmp
2009-03-09 21:36:56 ----A---- C:\WINDOWS\system32\SET7B1.tmp
2009-03-09 21:36:56 ----A---- C:\WINDOWS\system32\SET7AE.tmp
2009-03-09 21:36:56 ----A---- C:\WINDOWS\system32\SET7A6.tmp
2009-03-09 21:36:56 ----A---- C:\WINDOWS\system32\SET7A3.tmp
2009-03-09 21:36:55 ----A---- C:\WINDOWS\system32\SET7A0.tmp
2009-03-09 21:36:54 ----A---- C:\WINDOWS\system32\SET79D.tmp
2009-03-09 21:36:54 ----A---- C:\WINDOWS\system32\SET79A.tmp
2009-03-09 21:36:53 ----A---- C:\WINDOWS\system32\SET791.tmp
2009-03-09 21:36:53 ----A---- C:\WINDOWS\system32\SET78D.tmp
2009-03-09 21:36:52 ----A---- C:\WINDOWS\system32\SET777.tmp
2009-03-09 21:36:52 ----A---- C:\WINDOWS\system32\SET775.tmp
2009-03-09 21:36:51 ----A---- C:\WINDOWS\system32\SET768.tmp
2009-03-09 21:36:51 ----A---- C:\WINDOWS\system32\SET767.tmp
2009-03-09 21:36:50 ----A---- C:\WINDOWS\system32\SET763.tmp
2009-03-09 21:36:50 ----A---- C:\WINDOWS\system32\SET756.tmp
2009-03-09 21:36:49 ----A---- C:\WINDOWS\system32\SET74B.tmp
2009-03-09 21:36:49 ----A---- C:\WINDOWS\system32\SET746.tmp
2009-03-09 21:36:49 ----A---- C:\WINDOWS\system32\SET741.tmp
2009-03-09 21:36:48 ----A---- C:\WINDOWS\system32\SET740.tmp
2009-03-09 21:36:48 ----A---- C:\WINDOWS\system32\SET73F.tmp
2009-03-09 21:36:48 ----A---- C:\WINDOWS\system32\SET73D.tmp
2009-03-09 21:36:47 ----A---- C:\WINDOWS\system32\SET738.tmp
2009-03-09 21:36:46 ----A---- C:\WINDOWS\system32\SET72C.tmp
2009-03-09 21:36:46 ----A---- C:\WINDOWS\system32\SET725.tmp
2009-03-09 21:36:46 ----A---- C:\WINDOWS\system32\SET724.tmp
2009-03-09 21:36:45 ----A---- C:\WINDOWS\system32\SET722.tmp
2009-03-09 21:36:43 ----A---- C:\WINDOWS\system32\SET71E.tmp
2009-03-09 21:36:43 ----A---- C:\WINDOWS\system32\SET71D.tmp
2009-03-09 21:36:43 ----A---- C:\WINDOWS\system32\SET71B.tmp
2009-03-09 21:36:42 ----A---- C:\WINDOWS\system32\SET717.tmp
2009-03-09 21:36:42 ----A---- C:\WINDOWS\system32\SET716.tmp
2009-03-09 21:36:42 ----A---- C:\WINDOWS\system32\SET715.tmp
2009-03-09 21:36:42 ----A---- C:\WINDOWS\system32\SET713.tmp
2009-03-09 21:36:41 ----A---- C:\WINDOWS\system32\SET70D.tmp
2009-03-09 21:36:41 ----A---- C:\WINDOWS\system32\SET70B.tmp
2009-03-09 21:36:40 ----A---- C:\WINDOWS\system32\SET706.tmp
2009-03-09 21:36:40 ----A---- C:\WINDOWS\system32\SET701.tmp
2009-03-09 21:36:40 ----A---- C:\WINDOWS\system32\SET6FC.tmp
2009-03-09 21:36:39 ----A---- C:\WINDOWS\system32\SET6FB.tmp
2009-03-09 21:36:39 ----A---- C:\WINDOWS\system32\SET6F9.tmp
2009-03-09 21:36:39 ----A---- C:\WINDOWS\system32\SET6F7.tmp
2009-03-09 21:36:39 ----A---- C:\WINDOWS\system32\SET6F6.tmp
2009-03-09 21:36:39 ----A---- C:\WINDOWS\system32\SET6F5.tmp
2009-03-09 21:36:38 ----A---- C:\WINDOWS\system32\SET6F4.tmp
2009-03-09 21:36:38 ----A---- C:\WINDOWS\system32\SET6F3.tmp
2009-03-09 21:36:38 ----A---- C:\WINDOWS\system32\SET6F1.tmp
2009-03-09 21:36:37 ----A---- C:\WINDOWS\system32\SET6F0.tmp
2009-03-09 21:36:37 ----A---- C:\WINDOWS\system32\SET6ED.tmp
2009-03-09 21:36:37 ----A---- C:\WINDOWS\system32\SET6E9.tmp
2009-03-09 21:36:37 ----A---- C:\WINDOWS\system32\SET6E6.tmp
2009-03-09 21:36:37 ----A---- C:\WINDOWS\system32\SET6E5.tmp
2009-03-09 21:36:36 ----A---- C:\WINDOWS\system32\SET6DF.tmp
2009-03-09 21:36:36 ----A---- C:\WINDOWS\system32\SET6DE.tmp
2009-03-09 21:36:36 ----A---- C:\WINDOWS\system32\SET6DD.tmp
2009-03-09 21:36:36 ----A---- C:\WINDOWS\system32\SET6DC.tmp
2009-03-09 21:36:35 ----A---- C:\WINDOWS\system32\SET6DA.tmp
2009-03-09 21:36:35 ----A---- C:\WINDOWS\system32\SET6D6.tmp
2009-03-09 21:36:33 ----A---- C:\WINDOWS\system32\SET6C4.tmp
2009-03-09 21:36:33 ----A---- C:\WINDOWS\system32\SET6C2.tmp
2009-03-09 21:36:33 ----A---- C:\WINDOWS\system32\SET6BF.tmp
2009-03-09 21:36:32 ----A---- C:\WINDOWS\system32\SET6BE.tmp
2009-03-09 21:36:32 ----A---- C:\WINDOWS\system32\SET6BD.tmp
2009-03-09 21:36:32 ----A---- C:\WINDOWS\system32\SET6B5.tmp
2009-03-09 21:36:31 ----A---- C:\WINDOWS\system32\SET6B4.tmp
2009-03-09 21:36:31 ----A---- C:\WINDOWS\system32\SET6AC.tmp
2009-03-09 21:36:30 ----A---- C:\WINDOWS\system32\SET6A5.tmp
2009-03-09 21:36:30 ----A---- C:\WINDOWS\system32\SET6A2.tmp
2009-03-09 21:36:30 ----A---- C:\WINDOWS\system32\SET6A1.tmp
2009-03-09 21:36:30 ----A---- C:\WINDOWS\system32\SET698.tmp
2009-03-09 21:36:29 ----A---- C:\WINDOWS\system32\SET690.tmp
2009-03-09 21:36:29 ----A---- C:\WINDOWS\system32\SET68F.tmp
2009-03-09 21:36:29 ----A---- C:\WINDOWS\system32\SET68B.tmp
2009-03-09 21:36:29 ----A---- C:\WINDOWS\system32\SET689.tmp
2009-03-09 21:36:28 ----A---- C:\WINDOWS\system32\SET684.tmp
2009-03-09 21:36:28 ----A---- C:\WINDOWS\system32\SET67F.tmp
2009-03-09 21:36:28 ----A---- C:\WINDOWS\system32\SET67A.tmp
2009-03-09 21:36:27 ----A---- C:\WINDOWS\system32\SET678.tmp
2009-03-09 21:36:27 ----A---- C:\WINDOWS\system32\SET677.tmp
2009-03-09 21:36:27 ----A---- C:\WINDOWS\system32\SET66B.tmp
2009-03-09 21:36:26 ----A---- C:\WINDOWS\system32\SET66A.tmp
2009-03-09 21:36:26 ----A---- C:\WINDOWS\system32\SET669.tmp
2009-03-09 21:36:26 ----A---- C:\WINDOWS\system32\SET663.tmp
2009-03-09 21:36:25 ----A---- C:\WINDOWS\system32\SET65D.tmp
2009-03-09 21:36:25 ----A---- C:\WINDOWS\system32\SET657.tmp
2009-03-09 21:36:25 ----A---- C:\WINDOWS\system32\SET656.tmp
2009-03-09 21:36:25 ----A---- C:\WINDOWS\system32\SET655.tmp
2009-03-09 21:36:25 ----A---- C:\WINDOWS\system32\SET652.tmp
2009-03-09 21:36:24 ----A---- C:\WINDOWS\system32\SET64F.tmp
2009-03-09 21:36:24 ----A---- C:\WINDOWS\system32\SET64D.tmp
2009-03-09 21:36:23 ----A---- C:\WINDOWS\system32\SET643.tmp
2009-03-09 21:36:23 ----A---- C:\WINDOWS\system32\SET63F.tmp
2009-03-09 21:36:23 ----A---- C:\WINDOWS\system32\SET63E.tmp
2009-03-09 21:36:23 ----A---- C:\WINDOWS\system32\SET63C.tmp
2009-03-09 21:36:23 ----A---- C:\WINDOWS\system32\SET63B.tmp
2009-03-09 21:36:22 ----A---- C:\WINDOWS\system32\SET630.tmp
2009-03-09 21:36:22 ----A---- C:\WINDOWS\system32\SET62D.tmp
2009-03-09 21:36:22 ----A---- C:\WINDOWS\system32\SET626.tmp
2009-03-09 21:36:21 ----A---- C:\WINDOWS\system32\SET625.tmp
2009-03-09 21:36:21 ----A---- C:\WINDOWS\system32\SET616.tmp
2009-03-09 21:36:20 ----A---- C:\WINDOWS\system32\SET615.tmp
2009-03-09 21:36:20 ----A---- C:\WINDOWS\system32\SET611.tmp
2009-03-09 21:36:20 ----A---- C:\WINDOWS\system32\SET60B.tmp
2009-03-09 21:36:20 ----A---- C:\WINDOWS\system32\SET609.tmp
2009-03-09 21:36:20 ----A---- C:\WINDOWS\system32\SET603.tmp
2009-03-09 21:36:19 ----A---- C:\WINDOWS\system32\SET5FE.tmp
2009-03-09 21:36:19 ----A---- C:\WINDOWS\system32\SET5FB.tmp
2009-03-09 21:36:19 ----A---- C:\WINDOWS\system32\SET5F2.tmp
2009-03-09 21:36:18 ----A---- C:\WINDOWS\system32\SET5F0.tmp
2009-03-09 21:36:18 ----A---- C:\WINDOWS\system32\SET5E9.tmp
2009-03-09 21:36:18 ----A---- C:\WINDOWS\system32\SET5DD.tmp
2009-03-09 21:36:17 ----A---- C:\WINDOWS\system32\SET5CC.tmp
2009-03-09 21:36:16 ----A---- C:\WINDOWS\system32\SET5C8.tmp
2009-03-09 21:36:16 ----A---- C:\WINDOWS\system32\SET5C7.tmp
2009-03-09 21:36:16 ----A---- C:\WINDOWS\system32\SET5C2.tmp
2009-03-09 21:36:16 ----A---- C:\WINDOWS\system32\SET5BF.tmp
2009-03-09 21:36:16 ----A---- C:\WINDOWS\system32\SET5BC.tmp
2009-03-09 21:36:15 ----A---- C:\WINDOWS\system32\SET597.tmp
2009-03-09 21:36:14 ----A---- C:\WINDOWS\system32\SET58C.tmp
2009-03-09 21:36:13 ----A---- C:\WINDOWS\system32\SET580.tmp
2009-03-09 21:36:13 ----A---- C:\WINDOWS\system32\SET57D.tmp
2009-03-09 21:36:13 ----A---- C:\WINDOWS\system32\SET578.tmp
2009-03-09 21:36:12 ----A---- C:\WINDOWS\system32\SET55B.tmp
2009-03-09 21:36:11 ----A---- C:\WINDOWS\system32\SET55A.tmp
2009-03-09 21:36:10 ----A---- C:\WINDOWS\system32\SET557.tmp
2009-03-09 21:36:10 ----A---- C:\WINDOWS\system32\SET544.tmp
2009-03-09 21:36:10 ----A---- C:\WINDOWS\system32\SET542.tmp
2009-03-09 21:36:09 ----A---- C:\WINDOWS\system32\SET540.tmp
2009-03-09 21:36:09 ----A---- C:\WINDOWS\system32\SET525.tmp
2009-03-09 21:36:08 ----A---- C:\WINDOWS\system32\SET524.tmp
2009-03-09 21:36:08 ----A---- C:\WINDOWS\system32\SET517.tmp
2009-03-09 21:36:08 ----A---- C:\WINDOWS\system32\SET516.tmp
2009-03-09 21:36:07 ----A---- C:\WINDOWS\system32\SET50E.tmp
2009-03-09 21:36:07 ----A---- C:\WINDOWS\system32\SET50D.tmp
2009-03-09 21:36:07 ----A---- C:\WINDOWS\system32\SET50B.tmp
2009-03-09 21:36:07 ----A---- C:\WINDOWS\system32\SET50A.tmp
2009-03-09 21:36:05 ----A---- C:\WINDOWS\system32\SET4F9.tmp
2009-03-09 21:36:05 ----A---- C:\WINDOWS\system32\SET4EC.tmp
2009-03-09 21:36:05 ----A---- C:\WINDOWS\system32\SET4E5.tmp
2009-03-09 21:36:04 ----A---- C:\WINDOWS\system32\SET4D0.tmp
2009-03-09 21:36:03 ----A---- C:\WINDOWS\system32\SET497.tmp
2009-03-09 21:36:02 ----A---- C:\WINDOWS\system32\SET492.tmp
2009-03-09 21:36:02 ----A---- C:\WINDOWS\system32\SET48E.tmp
2009-03-09 21:36:02 ----A---- C:\WINDOWS\system32\SET481.tmp
2009-03-09 21:36:02 ----A---- C:\WINDOWS\system32\SET47B.tmp
2009-03-09 21:36:01 ----A---- C:\WINDOWS\system32\SET47A.tmp
2009-03-09 21:36:01 ----A---- C:\WINDOWS\system32\SET479.tmp
2009-03-09 21:36:01 ----A---- C:\WINDOWS\system32\SET46E.tmp
2009-03-09 21:36:00 ----A---- C:\WINDOWS\system32\SET468.tmp
2009-03-09 21:36:00 ----A---- C:\WINDOWS\system32\SET45F.tmp
2009-03-09 21:35:59 ----A---- C:\WINDOWS\system32\SET3F9.tmp
2009-03-09 21:35:59 ----A---- C:\WINDOWS\system32\SET3E4.tmp
2009-03-09 21:35:59 ----A---- C:\WINDOWS\system32\SET3D9.tmp
2009-03-09 21:35:58 ----A---- C:\WINDOWS\system32\SET39C.tmp
2009-03-09 21:35:58 ----A---- C:\WINDOWS\system32\SET399.tmp
2009-03-09 21:35:58 ----A---- C:\WINDOWS\system32\SET381.tmp
2009-03-09 21:35:57 ----A---- C:\WINDOWS\system32\SET36A.tmp
2009-03-09 21:35:57 ----A---- C:\WINDOWS\system32\SET368.tmp
2009-03-09 21:35:57 ----A---- C:\WINDOWS\system32\SET351.tmp
2009-03-09 21:35:56 ----A---- C:\WINDOWS\system32\SET33C.tmp
2009-03-09 21:35:56 ----A---- C:\WINDOWS\system32\SET326.tmp
2009-03-09 21:35:56 ----A---- C:\WINDOWS\system32\SET323.tmp
2009-03-09 21:35:55 ----A---- C:\WINDOWS\system32\SET302.tmp
2009-03-09 21:35:55 ----A---- C:\WINDOWS\system32\SET2FD.tmp
2009-03-09 21:35:55 ----A---- C:\WINDOWS\system32\SET2F8.tmp
2009-03-09 21:35:55 ----A---- C:\WINDOWS\system32\SET2F7.tmp
2009-03-09 21:35:55 ----A---- C:\WINDOWS\system32\SET2F3.tmp
2009-03-09 21:35:54 ----A---- C:\WINDOWS\system32\SET2F2.tmp
2009-03-09 21:35:53 ----A---- C:\WINDOWS\system32\SET2E9.tmp
2009-03-09 21:35:53 ----A---- C:\WINDOWS\system32\SET2E0.tmp
2009-03-09 21:35:52 ----A---- C:\WINDOWS\system32\SET2D3.tmp
2009-03-09 21:35:52 ----A---- C:\WINDOWS\system32\SET2C0.tmp
2009-03-09 21:35:52 ----A---- C:\WINDOWS\system32\SET2B8.tmp
2009-03-09 21:35:51 ----A---- C:\WINDOWS\system32\SET281.tmp
2009-03-09 21:35:51 ----A---- C:\WINDOWS\system32\SET27F.tmp
2009-03-09 21:35:51 ----A---- C:\WINDOWS\system32\SET275.tmp
2009-03-09 21:35:51 ----A---- C:\WINDOWS\system32\SET25F.tmp
2009-03-09 21:35:50 ----A---- C:\WINDOWS\system32\SET25C.tmp
2009-03-09 21:35:50 ----A---- C:\WINDOWS\system32\SET25B.tmp
2009-03-09 21:35:50 ----A---- C:\WINDOWS\system32\SET254.tmp
2009-03-09 21:35:49 ----A---- C:\WINDOWS\system32\SET1F6.tmp
2009-03-09 21:35:49 ----A---- C:\WINDOWS\system32\SET1ED.tmp
2009-03-09 21:35:49 ----A---- C:\WINDOWS\system32\SET1DF.tmp
2009-03-09 21:35:48 ----A---- C:\WINDOWS\system32\SET1DD.tmp
2009-03-09 21:35:48 ----A---- C:\WINDOWS\system32\SET1D8.tmp
2009-03-09 21:35:48 ----A---- C:\WINDOWS\system32\SET19A.tmp
2009-03-09 21:35:47 ----A---- C:\WINDOWS\system32\SET195.tmp
2009-03-09 21:35:47 ----A---- C:\WINDOWS\system32\SET191.tmp
2009-03-09 21:35:47 ----A---- C:\WINDOWS\system32\SET190.tmp
2009-03-09 21:35:47 ----A---- C:\WINDOWS\system32\SET18D.tmp
2009-03-09 21:35:47 ----A---- C:\WINDOWS\system32\SET186.tmp
2009-03-09 21:35:46 ----A---- C:\WINDOWS\system32\SET17E.tmp
2009-03-09 21:35:46 ----A---- C:\WINDOWS\system32\SET151.tmp
2009-03-09 21:35:44 ----A---- C:\WINDOWS\system32\SET13F.tmp
2009-03-09 21:35:42 ----A---- C:\WINDOWS\system32\SET134.tmp
2009-03-09 21:35:41 ----A---- C:\WINDOWS\system32\SET132.tmp
2009-03-09 21:35:41 ----A---- C:\WINDOWS\system32\SET127.tmp
2009-03-09 21:35:41 ----A---- C:\WINDOWS\system32\SET125.tmp
2009-03-09 21:35:40 ----A---- C:\WINDOWS\system32\SET11F.tmp
2009-03-09 21:35:40 ----A---- C:\WINDOWS\system32\SET11D.tmp
2009-03-09 21:35:39 ----A---- C:\WINDOWS\system32\SET11B.tmp
2009-03-09 21:35:37 ----A---- C:\WINDOWS\system32\SET119.tmp
2009-03-09 21:35:36 ----A---- C:\WINDOWS\system32\SET118.tmp
2009-03-09 21:35:35 ----A---- C:\WINDOWS\system32\SET117.tmp
2009-03-09 21:35:30 ----A---- C:\WINDOWS\system32\SET114.tmp
2009-03-09 21:33:55 ----A---- C:\WINDOWS\003225_.tmp
2009-03-09 21:30:55 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\printui.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\locator.exe
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\localspl.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\ftp.exe
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\format.com
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\cmd.exe
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\cacls.exe
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\autochk.exe
2009-03-09 21:30:32 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\userinit.exe
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\untfs.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\ulib.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\smss.exe
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\services.exe
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\schannel.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\savedump.exe
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\samlib.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-03-09 21:30:31 ----A---- C:\WINDOWS\system32\rasman.dll
2009-03-09 21:30:30 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-03-09 21:30:30 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-03-09 21:30:30 ----A---- C:\WINDOWS\system32\HAL.DLL
2009-03-09 17:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-03-09 17:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-03-09 17:31:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958215_0$
2009-03-09 17:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2009-03-09 17:30:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-03-09 17:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-03-09 17:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-03-09 17:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-03-09 17:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-03-09 17:19:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2009-03-09 17:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960714_0$
2009-03-09 17:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB953155_0$
2009-03-09 17:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-03-09 17:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-03-09 17:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-03-09 17:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-03-09 17:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-03-09 17:15:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-03-09 17:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-03-09 17:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2009-03-09 17:14:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-03-09 17:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-03-09 17:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-03-09 17:13:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-03-09 17:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-03-09 17:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926247$
2009-03-09 15:19:31 ----A---- C:\WINDOWS\system32\SET1353.tmp
2009-03-09 15:19:31 ----A---- C:\WINDOWS\system32\SET1245.tmp
2009-03-09 15:19:29 ----A---- C:\WINDOWS\system32\SET1E4.tmp
2009-03-09 15:19:29 ----A---- C:\WINDOWS\system32\SET1B4.tmp
2009-03-09 15:19:29 ----A---- C:\WINDOWS\system32\SET1AD.tmp
2009-03-09 15:19:29 ----A---- C:\WINDOWS\system32\SET16D.tmp
2009-03-09 15:19:28 ----A---- C:\WINDOWS\system32\SET22F.tmp
2009-03-09 15:19:28 ----A---- C:\WINDOWS\system32\SET20C.tmp
2009-03-09 15:19:28 ----A---- C:\WINDOWS\system32\SET1CC.tmp
2009-03-09 15:19:28 ----A---- C:\WINDOWS\system32\SET19F.tmp
2009-03-09 15:19:23 ----A---- C:\WINDOWS\system32\SET4E9.tmp
2009-03-09 15:19:21 ----A---- C:\WINDOWS\system32\SET5F7.tmp
2009-03-09 15:19:21 ----A---- C:\WINDOWS\system32\SET5F6.tmp
2009-03-09 15:19:21 ----A---- C:\WINDOWS\system32\SET4D7.tmp
2009-03-09 15:19:21 ----A---- C:\WINDOWS\system32\SET4D6.tmp
2009-03-09 15:19:21 ----A---- C:\WINDOWS\system32\SET414.tmp
2009-03-09 15:19:21 ----A---- C:\WINDOWS\system32\SET413.tmp
2009-03-09 15:19:21 ----A---- C:\WINDOWS\system32\SET31D.tmp
2009-03-09 15:19:21 ----A---- C:\WINDOWS\system32\SET31C.tmp
2009-03-09 15:19:19 ----A---- C:\WINDOWS\system32\SET6B8.tmp
2009-03-09 15:19:19 ----A---- C:\WINDOWS\system32\SET6AE.tmp
2009-03-09 15:19:19 ----A---- C:\WINDOWS\system32\SET59A.tmp
2009-03-09 15:19:19 ----A---- C:\WINDOWS\system32\SET4D2.tmp
2009-03-09 15:19:19 ----A---- C:\WINDOWS\system32\SET4C8.tmp
2009-03-09 15:19:19 ----A---- C:\WINDOWS\system32\SET49B.tmp
2009-03-09 15:19:19 ----A---- C:\WINDOWS\system32\SET3AF.tmp
2009-03-09 15:19:19 ----A---- C:\WINDOWS\system32\SET3A5.tmp
2009-03-09 15:19:19 ----A---- C:\WINDOWS\system32\SET37C.tmp
2009-03-09 15:19:17 ----A---- C:\WINDOWS\system32\SET6EF.tmp
2009-03-09 15:19:17 ----A---- C:\WINDOWS\system32\SET6EE.tmp
2009-03-09 15:19:17 ----A---- C:\WINDOWS\system32\SET5E3.tmp
2009-03-09 15:19:17 ----A---- C:\WINDOWS\system32\SET5E2.tmp
2009-03-09 15:19:17 ----A---- C:\WINDOWS\system32\SET509.tmp
2009-03-09 15:19:17 ----A---- C:\WINDOWS\system32\SET508.tmp
2009-03-09 15:19:17 ----A---- C:\WINDOWS\system32\SET3E6.tmp
2009-03-09 15:19:17 ----A---- C:\WINDOWS\system32\SET3E5.tmp
2009-03-09 00:41:22 ----D---- C:\WINDOWS\system32\NtmsData
2009-03-09 00:13:53 ----A---- C:\WINDOWS\system32\simptcp.dll
2009-03-09 00:13:51 ----A---- C:\WINDOWS\system32\snmptrap.exe
2009-03-09 00:13:51 ----A---- C:\WINDOWS\system32\iprip.dll
2009-03-09 00:13:50 ----A---- C:\WINDOWS\system32\snmpmib.dll
2009-03-09 00:13:50 ----A---- C:\WINDOWS\system32\snmp.exe
2009-03-09 00:13:50 ----A---- C:\WINDOWS\system32\hostmib.dll
2009-03-09 00:13:50 ----A---- C:\WINDOWS\system32\evntwin.exe
2009-03-09 00:13:50 ----A---- C:\WINDOWS\system32\evntcmd.exe
2009-03-09 00:13:50 ----A---- C:\WINDOWS\system32\evntagnt.dll
2009-03-09 00:13:48 ----A---- C:\WINDOWS\system32\lmmib2.dll
2009-03-08 23:50:22 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-03-08 23:48:38 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-03-08 23:44:03 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-03-08 23:44:03 ----A---- C:\WINDOWS\system32\irmon.dll
2009-03-08 23:44:03 ----A---- C:\WINDOWS\system32\irftp.exe
2009-03-08 23:28:37 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-03-08 23:28:37 ----A---- C:\WINDOWS\system32\irclass.dll
2009-03-08 23:28:14 ----RA---- C:\WINDOWS\SET82.tmp
2009-03-08 23:28:07 ----RA---- C:\WINDOWS\SET76.tmp
2009-03-08 23:28:05 ----RA---- C:\WINDOWS\SET73.tmp
2009-03-08 19:50:31 ----D---- C:\WINDOWS\ERUNT
2009-03-08 19:50:30 ----D---- C:\Backups
2009-03-07 16:31:37 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2009-03-07 11:51:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-07 11:51:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 11:43:10 ----A---- C:\WINDOWS\unvise32.exe
2009-03-07 11:42:54 ----D---- C:\Program Files\Active Ports
2009-03-07 00:59:52 ----D---- C:\Program Files\jv16 PowerTools
2009-03-07 00:36:00 ----D---- C:\Documents and Settings\Dany\Application Data\TuneUp Software
2009-03-07 00:35:28 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-03-07 00:35:27 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-03-07 00:35:05 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-07 00:11:55 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-03-06 23:43:21 ----D---- C:\Program Files\Software Informer
2009-03-06 23:43:18 ----D---- C:\Documents and Settings\Dany\Application Data\Free Download Manager
2009-03-06 23:43:12 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2009-03-06 23:43:11 ----D---- C:\Program Files\Free Download Manager
2009-03-03 16:26:34 ----HD---- C:\WINDOWS\PIF
2009-03-02 16:34:12 ----D---- C:\WINDOWS\system32\Adobe

======List of files/folders modified in the last 1 months======

2009-03-28 08:26:41 ----RD---- C:\Program Files
2009-03-27 21:06:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-27 21:05:16 ----D---- C:\WINDOWS\system32
2009-03-27 21:05:13 ----D---- C:\WINDOWS
2009-03-27 21:03:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-27 20:38:30 ----SHD---- C:\WINDOWS\Installer
2009-03-27 20:37:55 ----D---- C:\Program Files\Fichiers communs
2009-03-27 20:30:42 ----D---- C:\WINDOWS\system32\config
2009-03-27 20:28:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-27 20:28:13 ----RSD---- C:\WINDOWS\Fonts
2009-03-27 20:28:13 ----RD---- C:\WINDOWS\Offline Web Pages
2009-03-27 20:28:13 ----RD---- C:\Program Files\Skype
2009-03-27 20:28:13 ----D---- C:\Program Files\Bible
2009-03-27 20:28:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-27 20:12:57 ----D---- C:\Program Files\Mozilla Firefox
2009-03-27 20:08:29 ----D---- C:\WINDOWS\system32\drivers
2009-03-27 19:46:59 ----D---- C:\WINDOWS\security
2009-03-27 19:44:57 ----HD---- C:\WINDOWS\inf
2009-03-27 19:14:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-27 19:14:19 ----D---- C:\WINDOWS\system32\fr-fr
2009-03-27 19:14:17 ----D---- C:\WINDOWS\Media
2009-03-27 19:14:17 ----D---- C:\WINDOWS\Help
2009-03-27 19:14:16 ----D---- C:\Program Files\Internet Explorer
2009-03-26 20:10:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-25 21:44:59 ----D---- C:\WINDOWS\network diagnostic
2009-03-25 13:17:51 ----D---- C:\WINDOWS\Debug
2009-03-25 13:11:45 ----D---- C:\Program Files\Norton Internet Security
2009-03-25 13:11:44 ----SHD---- C:\System Volume Information
2009-03-25 13:10:21 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-03-25 13:10:04 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-03-25 11:55:12 ----D---- C:\Documents and Settings
2009-03-25 09:08:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-25 08:59:59 ----A---- C:\WINDOWS\win.ini
2009-03-25 00:07:39 ----SD---- C:\WINDOWS\Tasks
2009-03-24 23:30:28 ----D---- C:\Documents and Settings\Dany\Application Data\Skype
2009-03-24 20:17:06 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-03-24 13:09:20 ----D---- C:\Documents and Settings\Dany\Application Data\XnView
2009-03-23 18:10:13 ----A---- C:\WINDOWS\system.ini
2009-03-23 18:07:18 ----D---- C:\WINDOWS\AppPatch
2009-03-23 12:50:11 ----RASH---- C:\boot.ini
2009-03-21 13:02:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-18 10:09:11 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-18 10:05:36 ----D---- C:\WINDOWS\system32\wbem
2009-03-18 10:05:35 ----D---- C:\WINDOWS\Registration
2009-03-17 07:31:15 ----D---- C:\Program Files\DreamMail4
2009-03-16 21:37:47 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-16 18:15:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-14 13:40:48 ----D---- C:\Documents and Settings\Dany\Application Data\Adobe
2009-03-14 11:42:09 ----D---- C:\Program Files\Fichiers communs\Nuance
2009-03-14 09:55:43 ----D---- C:\Program Files\Winamp
2009-03-12 20:06:01 ----D---- C:\Program Files\Microsoft
2009-03-12 20:05:53 ----D---- C:\WINDOWS\WinSxS
2009-03-11 17:23:56 ----D---- C:\Program Files\Creative
2009-03-11 14:03:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-03-10 18:48:34 ----D---- C:\Program Files\Windows Media Player
2009-03-10 13:16:20 ----D---- C:\WINDOWS\system32\Macromed
2009-03-10 12:11:51 ----HDC---- C:\WINDOWS\ie7
2009-03-10 09:07:20 ----D---- C:\WINDOWS\system32\Setup
2009-03-10 09:07:19 ----D---- C:\Program Files\Outlook Express
2009-03-10 09:07:19 ----D---- C:\Program Files\Fichiers communs\System
2009-03-09 22:57:10 ----D---- C:\Program Files\Messenger
2009-03-09 22:51:27 ----D---- C:\WINDOWS\ime
2009-03-09 22:51:08 ----D---- C:\WINDOWS\PeerNet
2009-03-09 22:51:08 ----D---- C:\Program Files\Movie Maker
2009-03-09 22:47:07 ----D---- C:\WINDOWS\system32\Restore
2009-03-09 22:47:07 ----D---- C:\WINDOWS\system32\npp
2009-03-09 22:47:05 ----D---- C:\WINDOWS\msagent
2009-03-09 22:47:01 ----D---- C:\WINDOWS\srchasst
2009-03-09 22:47:00 ----D---- C:\Program Files\NetMeeting
2009-03-09 22:46:58 ----D---- C:\WINDOWS\system32\Com
2009-03-09 22:46:52 ----D---- C:\Program Files\Windows NT
2009-03-09 22:45:53 ----D---- C:\WINDOWS\system32\oobe
2009-03-09 22:45:49 ----D---- C:\WINDOWS\system32\usmt
2009-03-09 22:45:44 ----D---- C:\WINDOWS\system
2009-03-09 22:33:02 ----D---- C:\WINDOWS\EHome
2009-03-09 17:38:04 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-03-09 17:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-03-09 16:06:12 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-09 00:51:22 ----D---- C:\WINDOWS\pss
2009-03-09 00:21:01 ----D---- C:\WINDOWS\system32\1036
2009-03-09 00:20:46 ----D---- C:\WINDOWS\twain_32
2009-03-09 00:19:56 ----D---- C:\WINDOWS\system32\icsxml
2009-03-09 00:19:27 ----D---- C:\WINDOWS\system32\1033
2009-03-09 00:18:35 ----D---- C:\WINDOWS\Driver Cache
2009-03-08 23:57:32 ----D---- C:\WINDOWS\nview
2009-03-08 23:55:47 ----D---- C:\WINDOWS\repair
2009-03-08 23:49:58 ----A---- C:\WINDOWS\ODBCINST.INI
2009-03-08 23:49:25 ----D---- C:\WINDOWS\system32\ias
2009-03-08 23:48:43 ----RD---- C:\WINDOWS\Web
2009-03-08 23:48:27 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-03-07 00:11:55 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-03-06 19:08:33 ----D---- C:\Program Files\Messenger Plus! Live
2009-03-05 10:00:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-02 16:36:54 ----D---- C:\Documents and Settings\Dany\Application Data\Macromedia

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 is-PF3R0drv;is-PF3R0drv; C:\WINDOWS\system32\DRIVERS\47556996.sys [2008-07-08 148496]
R1 is-RQN1Kdrv;is-RQN1Kdrv; C:\WINDOWS\system32\DRIVERS\13439012.sys [2008-07-08 148496]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-17 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-05 19456]
R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pgasvc;Authentification de groupe réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
0
Réponse 93 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
28 mars 2009 à 16:29
Je n'ose pas trop y croire, mais pour l'instant ma connexion est correcte et stable ...
0
Réponse 94 / 114
Utilisateur anonyme
28 mars 2009 à 16:30
ok relances Combofix en mode sans echec sans prise en charge réseau stp
0
Réponse 95 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
28 mars 2009 à 17:04
Voici le rapport de comboFix :

ComboFix 09-03-27.02 - Administrateur 2009-03-28 16:50:25.5 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1803 [GMT 1:00]
Lancé depuis: C:\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCIDump


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-28 ))))))))))))))))))))))))))))))))))))
.

2009-03-28 16:36 . 2009-03-28 16:36 2,936,496 -ra------ C:\ComboFix.exe
2009-03-28 08:26 . 2009-03-28 08:26 <REP> d-------- C:\rsit
2009-03-28 08:26 . 2009-03-28 08:26 <REP> d-------- c:\program files\trend micro
2009-03-27 21:08 . 2009-03-27 21:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-03-27 20:37 . 2009-03-27 20:37 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-26 22:41 . 2009-03-26 22:41 <REP> d-------- c:\documents and settings\Dany\Application Data\Cimaware
2009-03-26 22:35 . 2009-03-26 22:42 <REP> d-------- c:\program files\Cimaware
2009-03-25 15:04 . 2009-03-25 15:04 <REP> d--hs---- c:\documents and settings\Administrateur\IETldCache
2009-03-25 12:10 . 2009-03-25 12:10 <REP> d-------- c:\program files\Avira
2009-03-25 12:10 . 2009-03-25 12:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-25 11:55 . 2009-03-25 11:55 <REP> d-------- c:\program files\TCPView
2009-03-25 11:55 . 2009-03-25 11:55 <REP> d-------- c:\documents and settings\TCPView
2009-03-25 00:08 . 2009-03-25 00:08 <REP> d--hs---- c:\documents and settings\Dany\IECompatCache
2009-03-25 00:05 . 2009-03-25 00:05 <REP> d--hs---- c:\documents and settings\Dany\PrivacIE
2009-03-25 00:04 . 2009-03-25 00:04 <REP> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-25 00:03 . 2009-03-25 00:03 <REP> d--hs---- c:\documents and settings\Dany\IETldCache
2009-03-25 00:01 . 2009-03-27 19:13 <REP> d-------- c:\windows\ie8updates
2009-03-24 23:58 . 2008-04-13 19:33 81,920 --a------ c:\windows\system32\ieencode.dll
2009-03-24 23:58 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-03-24 23:55 . 2009-02-28 05:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-24 20:40 . 2009-01-01 10:45 3,549,552 --a------ c:\program files\procexp.exe
2009-03-24 20:20 . 2009-03-24 20:20 <REP> d-------- c:\documents and settings\LocalService\Bureau
2009-03-24 12:57 . 2009-03-24 12:57 <REP> d-------- C:\_OTMoveIt
2009-03-24 12:44 . 2009-03-28 16:58 39,366,688 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-24 12:44 . 2009-03-28 16:42 462,608 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-24 12:04 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\47556996.sys
2009-03-23 18:41 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\13439012.sys
2009-03-22 22:03 . 2009-03-22 22:13 <REP> d-------- c:\documents and settings\Dany\DoctorWeb
2009-03-22 21:49 . 2009-03-22 21:50 103,431,554 --a------ C:\Sauv.reg
2009-03-21 19:53 . 2009-03-21 19:53 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 19:52 . 2009-03-27 20:38 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-21 19:52 . 2009-03-27 20:38 <REP> d-------- c:\documents and settings\Dany\Application Data\SUPERAntiSpyware.com
2009-03-21 13:01 . 2009-03-21 13:01 <REP> d-------- c:\program files\Marvell
2009-03-19 21:56 . 2009-03-19 21:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-19 21:49 . 2009-03-19 21:49 <REP> d-------- c:\documents and settings\Dany\Application Data\Malwarebytes
2009-03-19 21:49 . 2009-03-19 21:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 23:15 . 2009-03-18 23:15 <REP> d-------- c:\documents and settings\Dany\Application Data\Grisoft
2009-03-18 23:05 . 2009-03-18 23:05 1,909 --a------ c:\documents and settings\Dany\clean.reg
2009-03-18 22:57 . 2008-04-13 19:33 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-18 22:24 . 2008-12-31 23:30 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-18 22:24 . 2008-12-31 23:30 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-18 22:24 . 2009-03-08 23:28 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-18 22:24 . 2009-03-24 13:08 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-03-18 22:24 . 2008-12-31 23:30 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-18 22:24 . 2008-12-31 23:30 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-03-18 22:24 . 2009-03-28 08:22 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-18 22:24 . 2009-03-25 15:04 <REP> d-------- c:\documents and settings\Administrateur
2009-03-18 11:10 . 2009-03-18 11:10 <REP> d-------- c:\program files\DiagInternet
2009-03-18 08:48 . 2009-03-18 08:48 <REP> d-------- c:\windows\system32\drivers\Avg(2)
2009-03-18 08:47 . 2009-03-18 08:47 <REP> d-------- c:\program files\AVG
2009-03-17 23:46 . 2009-03-21 11:12 <REP> d-------- c:\program files\a-squared Free
2009-03-16 21:37 . 2009-03-16 21:37 <REP> d-------- c:\program files\Logitech
2009-03-12 20:06 . 2009-03-14 09:36 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-11 18:26 . 2009-03-11 18:26 <REP> d-------- c:\windows\system32\Lang
2009-03-11 18:26 . 2009-03-11 18:26 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-03-11 18:26 . 2009-03-11 18:26 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-03-11 18:14 . 2009-03-11 18:14 <REP> d-------- c:\program files\Realtek AC97
2009-03-11 18:14 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl
2009-03-11 18:14 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
2009-03-11 18:14 . 2008-09-24 10:40 4,122,368 -ra------ c:\windows\system32\drivers\alcxwdm.sys
2009-03-11 18:14 . 2007-04-16 15:28 577,536 --a------ c:\windows\soundman.exe
2009-03-11 18:14 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
2009-03-11 18:14 . 2006-07-31 11:27 217,088 --a------ c:\windows\Alcrmv.exe
2009-03-11 18:14 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll
2009-03-11 18:14 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2009-03-11 18:14 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2009-03-11 17:51 . 1999-12-13 01:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-03-11 17:51 . 1999-11-18 01:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-03-11 17:36 . 2009-03-11 17:36 <REP> d-------- c:\documents and settings\Dany\Application Data\Creative
2009-03-11 17:23 . 2009-03-11 17:23 <REP> d-------- c:\program files\Fichiers communs\Creative
2009-03-11 17:23 . 2009-03-11 17:53 <REP> d--h----- c:\program files\Creative Installation Information
2009-03-11 17:22 . 2000-12-13 03:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2
2009-03-10 12:12 . 2008-12-20 23:46 6,066,688 --a--c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-10 12:12 . 2007-04-17 10:32 2,455,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-10 12:12 . 2007-03-08 06:10 1,048,576 --a--c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-10 12:12 . 2008-12-20 23:46 459,264 --a--c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-10 12:12 . 2008-12-20 23:46 383,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-10 12:12 . 2008-12-20 23:46 267,776 --a--c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-10 12:12 . 2008-12-20 23:46 63,488 --a--c--- c:\windows\system32\dllcache\icardie.dll
2009-03-10 12:12 . 2008-12-20 23:46 52,224 --a--c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-10 12:12 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-09 22:47 . 2009-03-09 22:51 <REP> d-------- c:\windows\ServicePackFiles
2009-03-09 22:46 . 2008-04-13 19:34 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2009-03-09 22:37 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u03233_.tmp
2009-03-09 21:36 . 2008-04-13 19:33 3,066,880 --a------ c:\windows\system32\SET701.tmp
2009-03-09 21:35 . 2008-04-13 19:33 716,800 --a------ c:\windows\system32\SET3D9.tmp
2009-03-09 21:33 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u03225_.tmp
2009-03-09 16:27 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-09 16:26 . 2009-01-16 21:15 3,594,752 --a--c--- c:\windows\system32\dllcache\mshtml.dll
2009-03-09 16:26 . 2008-10-16 02:01 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-03-09 16:26 . 2008-12-20 23:47 1,160,192 --a--c--- c:\windows\system32\dllcache\urlmon.dll
2009-03-09 16:26 . 2008-12-20 23:47 826,368 --a--c--- c:\windows\system32\dllcache\wininet.dll
2009-03-09 16:24 . 2009-02-09 15:05 1,846,912 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-03-09 16:23 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-09 16:23 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-09 16:23 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-09 16:23 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-09 16:17 . 2008-09-04 18:16 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2009-03-09 16:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-09 16:17 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-09 16:17 . 2008-05-01 15:36 331,776 --a--c--- c:\windows\system32\dllcache\msadce.dll
2009-03-09 16:17 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-09 16:17 . 2004-08-05 13:00 71,040 --a------ c:\windows\system32\drivers\_004663_.tmp.dll
2009-03-09 16:16 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-09 16:15 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-09 15:26 . 2004-08-05 13:00 71,040 --a------ c:\windows\system32\drivers\_004625_.tmp.dll
2009-03-09 00:41 . 2009-03-28 16:56 <REP> d-------- c:\windows\system32\NtmsData
2009-03-08 23:54 . 2008-04-13 19:33 571,392 --a--c--- c:\windows\system32\dllcache\tintlgnt.ime
2009-03-08 23:53 . 2004-08-05 13:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-03-08 23:52 . 2008-04-13 19:31 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-03-08 23:51 . 2004-08-05 13:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2009-03-08 23:50 . 2008-04-13 19:33 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-08 23:50 . 2003-04-14 20:29 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll
2009-03-08 23:50 . 2003-04-14 20:29 16,384 --a--c--- c:\windows\system32\dllcache\tcptsat.dll
2009-03-08 23:48 . 2009-03-08 23:48 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-08 23:48 . 2009-03-08 23:48 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-08 23:48 . 2009-03-08 23:48 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-08 23:48 . 2009-03-08 23:48 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-08 23:48 . 2009-03-08 23:48 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-08 23:47 . 2004-08-05 13:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-03-08 23:44 . 2008-04-13 19:34 153,088 --a------ c:\windows\system32\irftp.exe
2009-03-08 23:44 . 2008-04-13 19:33 29,184 --a------ c:\windows\system32\irmon.dll
2009-03-08 23:44 . 2008-04-13 19:33 8,192 --a------ c:\windows\system32\wshirda.dll
2009-03-08 23:31 . 2001-08-17 21:51 19,584 --a------ c:\windows\system32\drivers\rasirda.sys
2009-03-08 23:27 . 2009-03-11 14:16 1,029,515 --a------ c:\windows\setupapi.log.0.old

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 12:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-28 10:14 1,554 ----a-w c:\documents and settings\Dany\Application Data\SAS7_000.DAT
2009-03-27 19:28 --------- d-----w c:\program files\Bible
2009-03-27 19:28 --------- d-----r c:\program files\Skype
2009-03-25 12:11 --------- d-----w c:\program files\Norton Internet Security
2009-03-25 12:10 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-03-25 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-03-25 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-24 22:30 --------- d-----w c:\documents and settings\Dany\Application Data\Skype
2009-03-24 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-24 12:09 --------- d-----w c:\documents and settings\Dany\Application Data\XnView
2009-03-17 06:31 --------- d-----w c:\program files\DreamMail4
2009-03-16 20:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 10:42 --------- d-----w c:\program files\Fichiers communs\Nuance
2009-03-14 08:55 --------- d-----w c:\program files\Winamp
2009-03-12 19:06 --------- d-----w c:\program files\Microsoft
2009-03-11 16:23 --------- d-----w c:\program files\Creative
2009-03-06 23:11 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-06 18:08 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-25 08:24 --------- d-----w c:\documents and settings\All Users\Application Data\Musicnotes
2009-02-18 18:01 --------- d-----w c:\documents and settings\Dany\Application Data\skypePM
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 22:32 --------- d-----w c:\program files\Fichiers communs\Skype
2009-02-03 22:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-01-31 19:24 --------- d-----w c:\program files\MSECACHE
2009-01-31 17:59 --------- d-----w c:\program files\Fichiers communs\ScanSoft Shared
2009-01-31 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2009-01-31 16:17 25,992 ----a-w c:\windows\system32\pgdfgsvc.exe
2009-01-31 16:17 --------- d-----w c:\program files\Defrag
2009-01-31 09:00 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-31 09:00 --------- d-----w c:\documents and settings\Dany\Application Data\SystemRequirementsLab
2009-01-31 08:58 --------- d-----w c:\program files\Lavalys
2009-01-30 12:00 --------- d-----w c:\program files\Google
2009-01-17 19:45 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-07 17:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 17:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 17:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 17:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 17:20 23,552 ----a-w c:\windows\system32\normaliz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-23_12.43.42,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-08 12:09:19 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
+ 2009-03-25 08:01:26 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
- 2009-01-31 19:24:38 35,088 ----a-r c:\windows\Installer\{90120000-00B0-040C-0000-0000000FF1CE}\expdfic.exe
+ 2009-03-25 07:57:27 35,088 ----a-r c:\windows\Installer\{90120000-00B0-040C-0000-0000000FF1CE}\expdfic.exe
- 2009-03-13 22:43:54 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-25 08:08:18 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-03-13 22:43:54 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-25 08:08:19 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-13 22:43:54 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-25 08:08:19 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-13 22:43:54 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-25 08:08:19 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-13 22:43:55 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-25 08:08:20 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-13 22:43:54 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-25 08:08:18 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-03-13 22:43:54 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-25 08:08:19 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-13 22:43:54 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-25 08:08:19 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-03-13 22:43:54 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-25 08:08:19 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-03-13 22:43:54 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-25 08:08:18 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-17 10:48:16 29,316 ----a-r c:\windows\Installer\{95120000-0120-040C-0000-0000000FF1CE}\olc_setup.exe
+ 2009-03-25 08:09:58 29,316 ----a-r c:\windows\Installer\{95120000-0120-040C-0000-0000000FF1CE}\olc_setup.exe
- 2009-03-21 21:28:33 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-03-27 19:38:29 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2009-03-21 21:28:33 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-03-27 19:38:29 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2009-03-11 17:04:35 278,944 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-27 20:05:16 278,944 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2009-03-08 03:32:52 36,864 ----a-w c:\windows\system32\ieudinit.exe
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2009-01-07 17:21:08 17,952 ------w c:\windows\system32\spmsg.dll
- 2008-04-13 18:33:54 121,856 ----a-w c:\windows\system32\xmllite.dll
+ 2009-01-07 17:21:04 121,856 ----a-w c:\windows\system32\xmllite.dll
+ 2009-03-28 15:56:24 16,384 ----atw c:\windows\temp\Perflib_Perfdata_190.dat
+ 2009-03-28 15:56:22 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4ec.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.DLL]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-05 44544]

c:\documents and settings\Dany\Menu D‚marrer\Programmes\D‚marrage\
GoogleCalendarSync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-02 546288]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 is-PF3R0drv;is-PF3R0drv;c:\windows\system32\drivers\47556996.sys [2009-03-24 148496]
R1 is-RQN1Kdrv;is-RQN1Kdrv;c:\windows\system32\drivers\13439012.sys [2009-03-23 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-01-03 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-01-03 3072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2009-03-28 c:\windows\Tasks\User_Feed_Synchronization-{AAB5F4A0-34AB-4FBD-8CC5-089F5A9AB70A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {E10365F2-E62D-4203-AE0A-F8D12AEE2659} = 80.10.246.2,80.10.246.129
FF - ProfilePath - c:\documents and settings\Dany\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 16:57:27
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\searchindexer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-03-28 17:02:29 - La machine a redémarré [Dany]
ComboFix-quarantined-files.txt 2009-03-28 16:02:23
ComboFix2.txt 2009-03-23 17:12:40
ComboFix3.txt 2009-03-23 12:03:12
ComboFix4.txt 2009-03-23 11:44:53

Avant-CF: 293,524,336,640 octets libres
Après-CF: 291,368,747,008 octets libres

352
0
Réponse 96 / 114
Utilisateur anonyme
29 mars 2009 à 07:24
salut tu me vois aussi sidéré que ta connection soit nickel quand tu vas voir la liste de tes infections lol

j'ai pensé qu'il serait interssant(si ca t'interesse evidemment) de te souligner les composants qui font que l'infection se régénère et se démultiplie dans ton pc

Avec en prime une >>>>>>>>jolie photo<<<<<<<<

une fois ces composant supprimés je pense qu'on va pouvoir finir :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
C:\Sauv.reg
c:\documents and settings\Dany\clean.reg
c:\windows\system32\drivers\Avg(2)
C:\windows\system32\CT8MGM.SF2
c:\program files\Norton Internet Security
c:\program files\Fichiers communs\Symantec Shared
c:\documents and settings\All Users\Application Data\Norton

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=-
"nwiz"=-
"SoundMan"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Eabled:@xpsp2res.dll,-22019"


:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite :


_______________________________________________________________________________________________
|======>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=========|
|======>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
-----------------------------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
C:\PureRa.txt
C:\Program Files\procexp.exe
C:\log.txt
C:\Qoobox
C:\TCleaner.txt
C:\lopR2.txt
C:\cleannavi2.txt
C:\rapport2.txt
C:\rapport.txt
C:\ComboFix2.txt
C:\WINDOWS\003233_.tmp
C:\WINDOWS\SET8D8.tmp
C:\WINDOWS\system32\SET8B8.tmp
C:\WINDOWS\system32\SET8B4.tmp
C:\WINDOWS\system32\SET8B2.tmp
C:\WINDOWS\system32\SET8AF.tmp
C:\WINDOWS\system32\SET8AC.tmp
C:\WINDOWS\system32\SET8AA.tmp
C:\WINDOWS\system32\SET8A7.tmp
C:\WINDOWS\system32\SET8A1.tmp
C:\WINDOWS\system32\SET89C.tmp
C:\WINDOWS\system32\SET89B.tmp
C:\WINDOWS\system32\SET897.tmp
C:\WINDOWS\system32\SET896.tmp
C:\WINDOWS\system32\SET892.tmp
C:\WINDOWS\system32\SET891.tmp
C:\WINDOWS\system32\SET890.tmp
C:\WINDOWS\system32\SET88A.tmp
C:\WINDOWS\system32\SET888.tmp
C:\WINDOWS\system32\SET885.tmp
C:\WINDOWS\system32\SET881.tmp
C:\WINDOWS\system32\SET87C.tmp
C:\WINDOWS\system32\SET876.tmp
C:\WINDOWS\system32\SET86E.tmp
C:\WINDOWS\system32\SET86D.tmp
C:\WINDOWS\system32\SET868.tmp
C:\WINDOWS\system32\SET866.tmp
C:\WINDOWS\system32\SET863.tmp
C:\WINDOWS\system32\SET861.tmp
C:\WINDOWS\system32\SET860.tmp
C:\WINDOWS\system32\SET85E.tmp
C:\WINDOWS\system32\SET85C.tmp
C:\WINDOWS\system32\SET85B.tmp
C:\WINDOWS\system32\SET85A.tmp
C:\WINDOWS\system32\SET859.tmp
C:\WINDOWS\system32\SET857.tmp
C:\WINDOWS\system32\SET856.tmp
C:\WINDOWS\system32\SET855.tmp
C:\WINDOWS\system32\SET84E.tmp
C:\WINDOWS\system32\SET836.tmp
C:\WINDOWS\system32\SET822.tmp
C:\WINDOWS\system32\SET821.tmp
C:\WINDOWS\system32\SET819.tmp
C:\WINDOWS\system32\SET80E.tmp
C:\WINDOWS\system32\SET808.tmp
C:\WINDOWS\system32\SET803.tmp
C:\WINDOWS\system32\SET7FF.tmp
C:\WINDOWS\system32\SET7F5.tmp
C:\WINDOWS\system32\SET7F4.tmp
C:\WINDOWS\system32\SET7F3.tmp
C:\WINDOWS\system32\SET7F1.tmp
C:\WINDOWS\system32\SET7F0.tmp
C:\WINDOWS\system32\SET7ED.tmp
C:\WINDOWS\system32\SET7E9.tmp
C:\WINDOWS\system32\SET7E0.tmp
C:\WINDOWS\system32\SET7DC.tmp
C:\WINDOWS\system32\SET7D6.tmp
C:\WINDOWS\system32\SET7D5.tmp
C:\WINDOWS\system32\SET7D3.tmp
C:\WINDOWS\system32\SET7D1.tmp
C:\WINDOWS\system32\SET7CC.tmp
C:\WINDOWS\system32\SET7BC.tmp
C:\WINDOWS\system32\SET7B6.tmp
C:\WINDOWS\system32\SET7B4.tmp
C:\WINDOWS\system32\SET7B2.tmp
C:\WINDOWS\system32\SET7B1.tmp
C:\WINDOWS\system32\SET7AE.tmp
C:\WINDOWS\system32\SET7A6.tmp
C:\WINDOWS\system32\SET7A3.tmp
C:\WINDOWS\system32\SET7A0.tmp
C:\WINDOWS\system32\SET79D.tmp
C:\WINDOWS\system32\SET79A.tmp
C:\WINDOWS\system32\SET791.tmp
C:\WINDOWS\system32\SET78D.tmp
C:\WINDOWS\system32\SET777.tmp
C:\WINDOWS\system32\SET775.tmp
C:\WINDOWS\system32\SET768.tmp
C:\WINDOWS\system32\SET767.tmp
C:\WINDOWS\system32\SET763.tmp
C:\WINDOWS\system32\SET756.tmp
C:\WINDOWS\system32\SET74B.tmp
C:\WINDOWS\system32\SET746.tmp
C:\WINDOWS\system32\SET741.tmp
C:\WINDOWS\system32\SET740.tmp
C:\WINDOWS\system32\SET73F.tmp
C:\WINDOWS\system32\SET73D.tmp
C:\WINDOWS\system32\SET738.tmp
C:\WINDOWS\system32\SET72C.tmp
C:\WINDOWS\system32\SET725.tmp
C:\WINDOWS\system32\SET724.tmp
C:\WINDOWS\system32\SET722.tmp
C:\WINDOWS\system32\SET71E.tmp
C:\WINDOWS\system32\SET71D.tmp
C:\WINDOWS\system32\SET71B.tmp
C:\WINDOWS\system32\SET717.tmp
C:\WINDOWS\system32\SET716.tmp
C:\WINDOWS\system32\SET715.tmp
C:\WINDOWS\system32\SET713.tmp
C:\WINDOWS\system32\SET70D.tmp
C:\WINDOWS\system32\SET70B.tmp
C:\WINDOWS\system32\SET706.tmp
C:\WINDOWS\system32\SET701.tmp
C:\WINDOWS\system32\SET6FC.tmp
C:\WINDOWS\system32\SET6FB.tmp
C:\WINDOWS\system32\SET6F9.tmp
C:\WINDOWS\system32\SET6F7.tmp
C:\WINDOWS\system32\SET6F6.tmp
C:\WINDOWS\system32\SET6F5.tmp
C:\WINDOWS\system32\SET6F4.tmp
C:\WINDOWS\system32\SET6F3.tmp
C:\WINDOWS\system32\SET6F1.tmp
C:\WINDOWS\system32\SET6F0.tmp
C:\WINDOWS\system32\SET6ED.tmp
C:\WINDOWS\system32\SET6E9.tmp
C:\WINDOWS\system32\SET6E6.tmp
C:\WINDOWS\system32\SET6E5.tmp
C:\WINDOWS\system32\SET6DF.tmp
C:\WINDOWS\system32\SET6DE.tmp
C:\WINDOWS\system32\SET6DD.tmp
C:\WINDOWS\system32\SET6DC.tmp
C:\WINDOWS\system32\SET6DA.tmp
C:\WINDOWS\system32\SET6D6.tmp
C:\WINDOWS\system32\SET6C4.tmp
C:\WINDOWS\system32\SET6C2.tmp
C:\WINDOWS\system32\SET6BF.tmp
C:\WINDOWS\system32\SET6BE.tmp
C:\WINDOWS\system32\SET6BD.tmp
C:\WINDOWS\system32\SET6B5.tmp
C:\WINDOWS\system32\SET6B4.tmp
C:\WINDOWS\system32\SET6AC.tmp
C:\WINDOWS\system32\SET6A5.tmp
C:\WINDOWS\system32\SET6A2.tmp
C:\WINDOWS\system32\SET6A1.tmp
C:\WINDOWS\system32\SET698.tmp
C:\WINDOWS\system32\SET690.tmp
C:\WINDOWS\system32\SET68F.tmp
C:\WINDOWS\system32\SET68B.tmp
C:\WINDOWS\system32\SET689.tmp
C:\WINDOWS\system32\SET684.tmp
C:\WINDOWS\system32\SET67F.tmp
C:\WINDOWS\system32\SET67A.tmp
C:\WINDOWS\system32\SET678.tmp
C:\WINDOWS\system32\SET677.tmp
C:\WINDOWS\system32\SET66B.tmp
C:\WINDOWS\system32\SET66A.tmp
C:\WINDOWS\system32\SET669.tmp
C:\WINDOWS\system32\SET663.tmp
C:\WINDOWS\system32\SET65D.tmp
C:\WINDOWS\system32\SET657.tmp
C:\WINDOWS\system32\SET656.tmp
C:\WINDOWS\system32\SET655.tmp
C:\WINDOWS\system32\SET652.tmp
C:\WINDOWS\system32\SET64F.tmp
C:\WINDOWS\system32\SET64D.tmp
C:\WINDOWS\system32\SET643.tmp
C:\WINDOWS\system32\SET63F.tmp
C:\WINDOWS\system32\SET63E.tmp
C:\WINDOWS\system32\SET63C.tmp
C:\WINDOWS\system32\SET63B.tmp
C:\WINDOWS\system32\SET630.tmp
C:\WINDOWS\system32\SET62D.tmp
C:\WINDOWS\system32\SET626.tmp
C:\WINDOWS\system32\SET625.tmp
C:\WINDOWS\system32\SET616.tmp
C:\WINDOWS\system32\SET615.tmp
C:\WINDOWS\system32\SET611.tmp
C:\WINDOWS\system32\SET60B.tmp
C:\WINDOWS\system32\SET609.tmp
C:\WINDOWS\system32\SET603.tmp
C:\WINDOWS\system32\SET5FE.tmp
C:\WINDOWS\system32\SET5FB.tmp
C:\WINDOWS\system32\SET5F2.tmp
C:\WINDOWS\system32\SET5F0.tmp
C:\WINDOWS\system32\SET5E9.tmp
C:\WINDOWS\system32\SET5DD.tmp
C:\WINDOWS\system32\SET5CC.tmp
C:\WINDOWS\system32\SET5C8.tmp
C:\WINDOWS\system32\SET5C7.tmp
C:\WINDOWS\system32\SET5C2.tmp
C:\WINDOWS\system32\SET5BF.tmp
C:\WINDOWS\system32\SET5BC.tmp
C:\WINDOWS\system32\SET597.tmp
C:\WINDOWS\system32\SET58C.tmp
C:\WINDOWS\system32\SET580.tmp
C:\WINDOWS\system32\SET57D.tmp
C:\WINDOWS\system32\SET578.tmp
C:\WINDOWS\system32\SET55B.tmp
C:\WINDOWS\system32\SET55A.tmp
C:\WINDOWS\system32\SET557.tmp
C:\WINDOWS\system32\SET544.tmp
C:\WINDOWS\system32\SET542.tmp
C:\WINDOWS\system32\SET540.tmp
C:\WINDOWS\system32\SET525.tmp
C:\WINDOWS\system32\SET524.tmp
C:\WINDOWS\system32\SET517.tmp
C:\WINDOWS\system32\SET516.tmp
C:\WINDOWS\system32\SET50E.tmp
C:\WINDOWS\system32\SET50D.tmp
C:\WINDOWS\system32\SET50B.tmp
C:\WINDOWS\system32\SET50A.tmp
C:\WINDOWS\system32\SET4F9.tmp
C:\WINDOWS\system32\SET4EC.tmp
C:\WINDOWS\system32\SET4E5.tmp
C:\WINDOWS\system32\SET4D0.tmp
C:\WINDOWS\system32\SET497.tmp
C:\WINDOWS\system32\SET492.tmp
C:\WINDOWS\system32\SET48E.tmp
C:\WINDOWS\system32\SET481.tmp
C:\WINDOWS\system32\SET47B.tmp
C:\WINDOWS\system32\SET47A.tmp
C:\WINDOWS\system32\SET479.tmp
C:\WINDOWS\system32\SET46E.tmp
C:\WINDOWS\system32\SET468.tmp
C:\WINDOWS\system32\SET45F.tmp
C:\WINDOWS\system32\SET3F9.tmp
C:\WINDOWS\system32\SET3E4.tmp
C:\WINDOWS\system32\SET3D9.tmp
C:\WINDOWS\system32\SET39C.tmp
C:\WINDOWS\system32\SET399.tmp
C:\WINDOWS\system32\SET381.tmp
C:\WINDOWS\system32\SET36A.tmp
C:\WINDOWS\system32\SET368.tmp
C:\WINDOWS\system32\SET351.tmp
C:\WINDOWS\system32\SET33C.tmp
C:\WINDOWS\system32\SET326.tmp
C:\WINDOWS\system32\SET323.tmp
C:\WINDOWS\system32\SET302.tmp
C:\WINDOWS\system32\SET2FD.tmp
C:\WINDOWS\system32\SET2F8.tmp
C:\WINDOWS\system32\SET2F7.tmp
C:\WINDOWS\system32\SET2F3.tmp
C:\WINDOWS\system32\SET2F2.tmp
C:\WINDOWS\system32\SET2E9.tmp
C:\WINDOWS\system32\SET2E0.tmp
C:\WINDOWS\system32\SET2D3.tmp
C:\WINDOWS\system32\SET2C0.tmp
C:\WINDOWS\system32\SET2B8.tmp
C:\WINDOWS\system32\SET281.tmp
C:\WINDOWS\system32\SET27F.tmp
C:\WINDOWS\system32\SET275.tmp
C:\WINDOWS\system32\SET25F.tmp
C:\WINDOWS\system32\SET25C.tmp
C:\WINDOWS\system32\SET25B.tmp
C:\WINDOWS\system32\SET254.tmp
C:\WINDOWS\system32\SET1F6.tmp
C:\WINDOWS\system32\SET1ED.tmp
C:\WINDOWS\system32\SET1DF.tmp
C:\WINDOWS\system32\SET1DD.tmp
C:\WINDOWS\system32\SET1D8.tmp
C:\WINDOWS\system32\SET19A.tmp
C:\WINDOWS\system32\SET195.tmp
C:\WINDOWS\system32\SET191.tmp
C:\WINDOWS\system32\SET190.tmp
C:\WINDOWS\system32\SET18D.tmp
C:\WINDOWS\system32\SET186.tmp
C:\WINDOWS\system32\SET17E.tmp
C:\WINDOWS\system32\SET151.tmp
C:\WINDOWS\system32\SET13F.tmp
C:\WINDOWS\system32\SET134.tmp
C:\WINDOWS\system32\SET132.tmp
C:\WINDOWS\system32\SET127.tmp
C:\WINDOWS\system32\SET125.tmp
C:\WINDOWS\system32\SET11F.tmp
C:\WINDOWS\system32\SET11D.tmp
C:\WINDOWS\system32\SET11B.tmp
C:\WINDOWS\system32\SET119.tmp
C:\WINDOWS\system32\SET118.tmp
C:\WINDOWS\system32\SET117.tmp
C:\WINDOWS\system32\SET114.tmp
C:\WINDOWS\003225_.tmp
C:\WINDOWS\system32\SET1353.tmp
C:\WINDOWS\system32\SET1245.tmp
C:\WINDOWS\system32\SET1E4.tmp
C:\WINDOWS\system32\SET1B4.tmp
C:\WINDOWS\system32\SET1AD.tmp
C:\WINDOWS\system32\SET16D.tmp
C:\WINDOWS\system32\SET22F.tmp
C:\WINDOWS\system32\SET20C.tmp
C:\WINDOWS\system32\SET1CC.tmp
C:\WINDOWS\system32\SET19F.tmp
C:\WINDOWS\system32\SET4E9.tmp
C:\WINDOWS\system32\SET5F7.tmp
C:\WINDOWS\system32\SET5F6.tmp
C:\WINDOWS\system32\SET4D7.tmp
C:\WINDOWS\system32\SET4D6.tmp
C:\WINDOWS\system32\SET414.tmp
C:\WINDOWS\system32\SET413.tmp
C:\WINDOWS\system32\SET31D.tmp
C:\WINDOWS\system32\SET31C.tmp
C:\WINDOWS\system32\SET6B8.tmp
C:\WINDOWS\system32\SET6AE.tmp
C:\WINDOWS\system32\SET59A.tmp
C:\WINDOWS\system32\SET4D2.tmp
C:\WINDOWS\system32\SET4C8.tmp
C:\WINDOWS\system32\SET49B.tmp
C:\WINDOWS\system32\SET3AF.tmp
C:\WINDOWS\system32\SET3A5.tmp
C:\WINDOWS\system32\SET37C.tmp
C:\WINDOWS\system32\SET6EF.tmp
C:\WINDOWS\system32\SET6EE.tmp
C:\WINDOWS\system32\SET5E3.tmp
C:\WINDOWS\system32\SET5E2.tmp
C:\WINDOWS\system32\SET509.tmp
C:\WINDOWS\system32\SET508.tmp
C:\WINDOWS\system32\SET3E6.tmp
C:\WINDOWS\system32\SET3E5.tmp
C:\WINDOWS\SET82.tmp
C:\WINDOWS\SET76.tmp
C:\WINDOWS\SET73.tmp
C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
C:\WINDOWS\system32\tmp.txt
C:\Documents and Settings\All Users\Application Data\NortonInstaller
c:\windows\[u]0/u03233_.tmp
c:\windows\system32\SET701.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\[u]0/u03225_.tmp
c:\windows\u03225_.tmp
c:\windows\u03233_.tmp
c:\windows\system32\drivers\_004663_.tmp.dll
c:\windows\system32\drivers\_004625_.tmp.dll
c:\windows\setupapi.log.0.old
------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
0
Réponse 97 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
29 mars 2009 à 14:37
Voici le rapport de OTMoveIt3 :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Sauv.reg moved successfully.
c:\documents and settings\Dany\clean.reg moved successfully.
c:\windows\system32\drivers\Avg(2) moved successfully.
C:\windows\system32\CT8MGM.SF2 moved successfully.
c:\program files\Norton Internet Security moved successfully.
c:\program files\Fichiers communs\Symantec Shared\Support Controls moved successfully.
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC moved successfully.
c:\program files\Fichiers communs\Symantec Shared moved successfully.
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fb\000002bf moved successfully.
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fb\000002bd moved successfully.
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fb moved successfully.
c:\documents and settings\All Users\Application Data\Norton\00000082 moved successfully.
c:\documents and settings\All Users\Application Data\Norton moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LVCOMSX deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SoundMan deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\sessmgr.exe"|"C:\WINDOWS\system32\sessmgr.exe:*:Eabled:@xpsp2res.dll,-22019" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Dany\LOCALS~1\Temp\etilqs_4atxioJqrrlod4jiB4Pm scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Dany\LOCALS~1\Temp\etilqs_4atxioJqrrlod4jiB4Pm-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Dany\LOCALS~1\Temp\etilqs_mmNZhBYF7DGWGOwMbmSp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1a0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_280.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 03292009_141330

Files moved on Reboot...
File C:\DOCUME~1\Dany\LOCALS~1\Temp\etilqs_4atxioJqrrlod4jiB4Pm not found!
File C:\DOCUME~1\Dany\LOCALS~1\Temp\etilqs_4atxioJqrrlod4jiB4Pm-journal not found!
File C:\DOCUME~1\Dany\LOCALS~1\Temp\etilqs_mmNZhBYF7DGWGOwMbmSp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_1a0.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_280.dat moved successfully.
C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Dany\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\urlclassifier3.sqlite moved successfully.
0
Réponse 98 / 114
Utilisateur anonyme
29 mars 2009 à 14:42
ok j attends le rapport Combo
0
Réponse 99 / 114
d-jacky Messages postés 1312 Date d'inscription mercredi 1 novembre 2006 Statut Membre Dernière intervention 5 octobre 2012 194
29 mars 2009 à 15:04
Voici le rapport de Combofix :

ComboFix 09-03-28.06 - Dany 2009-03-29 14:52:03.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1629 [GMT 2:00]
Lancé depuis: c:\documents and settings\Dany\Bureau\C-Fix.exe
Commutateurs utilisés :: c:\documents and settings\Dany\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
C:\cleannavi2.txt
C:\ComboFix2.txt
c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
c:\documents and settings\All Users\Application Data\NortonInstaller
C:\log.txt
C:\lopR2.txt
c:\program files\procexp.exe
C:\PureRa.txt
C:\rapport.txt
C:\rapport2.txt
C:\TCleaner.txt
c:\windows\[u]0/u03225_.tmp
c:\windows\[u]0/u03233_.tmp
c:\windows\[u]0/u03225_.tmp
c:\windows\[u]0/u03233_.tmp
c:\windows\SET73.tmp
c:\windows\SET76.tmp
c:\windows\SET82.tmp
c:\windows\SET8D8.tmp
c:\windows\setupapi.log.0.old
c:\windows\system32\drivers\_004625_.tmp.dll
c:\windows\system32\drivers\_004663_.tmp.dll
c:\windows\system32\SET114.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET1245.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET127.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET1353.tmp
c:\windows\system32\SET13F.tmp
c:\windows\system32\SET151.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET27F.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2F8.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET33C.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET368.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET381.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET413.tmp
c:\windows\system32\SET414.tmp
c:\windows\system32\SET45F.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET46E.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47A.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET48E.tmp
c:\windows\system32\SET492.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET49B.tmp
c:\windows\system32\SET4C8.tmp
c:\windows\system32\SET4D0.tmp
c:\windows\system32\SET4D2.tmp
c:\windows\system32\SET4D6.tmp
c:\windows\system32\SET4D7.tmp
c:\windows\system32\SET4E5.tmp
c:\windows\system32\SET4E9.tmp
c:\windows\system32\SET4EC.tmp
c:\windows\system32\SET4F9.tmp
c:\windows\system32\SET508.tmp
c:\windows\system32\SET509.tmp
c:\windows\system32\SET50A.tmp
c:\windows\system32\SET50B.tmp
c:\windows\system32\SET50D.tmp
c:\windows\system32\SET50E.tmp
c:\windows\system32\SET516.tmp
c:\windows\system32\SET517.tmp
c:\windows\system32\SET524.tmp
c:\windows\system32\SET525.tmp
c:\windows\system32\SET540.tmp
c:\windows\system32\SET542.tmp
c:\windows\system32\SET544.tmp
c:\windows\system32\SET557.tmp
c:\windows\system32\SET55A.tmp
c:\windows\system32\SET55B.tmp
c:\windows\system32\SET578.tmp
c:\windows\system32\SET57D.tmp
c:\windows\system32\SET580.tmp
c:\windows\system32\SET58C.tmp
c:\windows\system32\SET597.tmp
c:\windows\system32\SET59A.tmp
c:\windows\system32\SET5BC.tmp
c:\windows\system32\SET5BF.tmp
c:\windows\system32\SET5C2.tmp
c:\windows\system32\SET5C7.tmp
c:\windows\system32\SET5C8.tmp
c:\windows\system32\SET5CC.tmp
c:\windows\system32\SET5DD.tmp
c:\windows\system32\SET5E2.tmp
c:\windows\system32\SET5E3.tmp
c:\windows\system32\SET5E9.tmp
c:\windows\system32\SET5F0.tmp
c:\windows\system32\SET5F2.tmp
c:\windows\system32\SET5F6.tmp
c:\windows\system32\SET5F7.tmp
c:\windows\system32\SET5FB.tmp
c:\windows\system32\SET5FE.tmp
c:\windows\system32\SET603.tmp
c:\windows\system32\SET609.tmp
c:\windows\system32\SET60B.tmp
c:\windows\system32\SET611.tmp
c:\windows\system32\SET615.tmp
c:\windows\system32\SET616.tmp
c:\windows\system32\SET625.tmp
c:\windows\system32\SET626.tmp
c:\windows\system32\SET62D.tmp
c:\windows\system32\SET630.tmp
c:\windows\system32\SET63B.tmp
c:\windows\system32\SET63C.tmp
c:\windows\system32\SET63E.tmp
c:\windows\system32\SET63F.tmp
c:\windows\system32\SET643.tmp
c:\windows\system32\SET64D.tmp
c:\windows\system32\SET64F.tmp
c:\windows\system32\SET652.tmp
c:\windows\system32\SET655.tmp
c:\windows\system32\SET656.tmp
c:\windows\system32\SET657.tmp
c:\windows\system32\SET65D.tmp
c:\windows\system32\SET663.tmp
c:\windows\system32\SET669.tmp
c:\windows\system32\SET66A.tmp
c:\windows\system32\SET66B.tmp
c:\windows\system32\SET677.tmp
c:\windows\system32\SET678.tmp
c:\windows\system32\SET67A.tmp
c:\windows\system32\SET67F.tmp
c:\windows\system32\SET684.tmp
c:\windows\system32\SET689.tmp
c:\windows\system32\SET68B.tmp
c:\windows\system32\SET68F.tmp
c:\windows\system32\SET690.tmp
c:\windows\system32\SET698.tmp
c:\windows\system32\SET6A1.tmp
c:\windows\system32\SET6A2.tmp
c:\windows\system32\SET6A5.tmp
c:\windows\system32\SET6AC.tmp
c:\windows\system32\SET6AE.tmp
c:\windows\system32\SET6B4.tmp
c:\windows\system32\SET6B5.tmp
c:\windows\system32\SET6B8.tmp
c:\windows\system32\SET6BD.tmp
c:\windows\system32\SET6BE.tmp
c:\windows\system32\SET6BF.tmp
c:\windows\system32\SET6C2.tmp
c:\windows\system32\SET6C4.tmp
c:\windows\system32\SET6D6.tmp
c:\windows\system32\SET6DA.tmp
c:\windows\system32\SET6DC.tmp
c:\windows\system32\SET6DD.tmp
c:\windows\system32\SET6DE.tmp
c:\windows\system32\SET6DF.tmp
c:\windows\system32\SET6E5.tmp
c:\windows\system32\SET6E6.tmp
c:\windows\system32\SET6E9.tmp
c:\windows\system32\SET6ED.tmp
c:\windows\system32\SET6EE.tmp
c:\windows\system32\SET6EF.tmp
c:\windows\system32\SET6F0.tmp
c:\windows\system32\SET6F1.tmp
c:\windows\system32\SET6F3.tmp
c:\windows\system32\SET6F4.tmp
c:\windows\system32\SET6F5.tmp
c:\windows\system32\SET6F6.tmp
c:\windows\system32\SET6F7.tmp
c:\windows\system32\SET6F9.tmp
c:\windows\system32\SET6FB.tmp
c:\windows\system32\SET6FC.tmp
c:\windows\system32\SET701.tmp
c:\windows\system32\SET706.tmp
c:\windows\system32\SET70B.tmp
c:\windows\system32\SET70D.tmp
c:\windows\system32\SET713.tmp
c:\windows\system32\SET715.tmp
c:\windows\system32\SET716.tmp
c:\windows\system32\SET717.tmp
c:\windows\system32\SET71B.tmp
c:\windows\system32\SET71D.tmp
c:\windows\system32\SET71E.tmp
c:\windows\system32\SET722.tmp
c:\windows\system32\SET724.tmp
c:\windows\system32\SET725.tmp
c:\windows\system32\SET72C.tmp
c:\windows\system32\SET738.tmp
c:\windows\system32\SET73D.tmp
c:\windows\system32\SET73F.tmp
c:\windows\system32\SET740.tmp
c:\windows\system32\SET741.tmp
c:\windows\system32\SET746.tmp
c:\windows\system32\SET74B.tmp
c:\windows\system32\SET756.tmp
c:\windows\system32\SET763.tmp
c:\windows\system32\SET767.tmp
c:\windows\system32\SET768.tmp
c:\windows\system32\SET775.tmp
c:\windows\system32\SET777.tmp
c:\windows\system32\SET78D.tmp
c:\windows\system32\SET791.tmp
c:\windows\system32\SET79A.tmp
c:\windows\system32\SET79D.tmp
c:\windows\system32\SET7A0.tmp
c:\windows\system32\SET7A3.tmp
c:\windows\system32\SET7A6.tmp
c:\windows\system32\SET7AE.tmp
c:\windows\system32\SET7B1.tmp
c:\windows\system32\SET7B2.tmp
c:\windows\system32\SET7B4.tmp
c:\windows\system32\SET7B6.tmp
c:\windows\system32\SET7BC.tmp
c:\windows\system32\SET7CC.tmp
c:\windows\system32\SET7D1.tmp
c:\windows\system32\SET7D3.tmp
c:\windows\system32\SET7D5.tmp
c:\windows\system32\SET7D6.tmp
c:\windows\system32\SET7DC.tmp
c:\windows\system32\SET7E0.tmp
c:\windows\system32\SET7E9.tmp
c:\windows\system32\SET7ED.tmp
c:\windows\system32\SET7F0.tmp
c:\windows\system32\SET7F1.tmp
c:\windows\system32\SET7F3.tmp
c:\windows\system32\SET7F4.tmp
c:\windows\system32\SET7F5.tmp
c:\windows\system32\SET7FF.tmp
c:\windows\system32\SET803.tmp
c:\windows\system32\SET808.tmp
c:\windows\system32\SET80E.tmp
c:\windows\system32\SET819.tmp
c:\windows\system32\SET821.tmp
c:\windows\system32\SET822.tmp
c:\windows\system32\SET836.tmp
c:\windows\system32\SET84E.tmp
c:\windows\system32\SET855.tmp
c:\windows\system32\SET856.tmp
c:\windows\system32\SET857.tmp
c:\windows\system32\SET859.tmp
c:\windows\system32\SET85A.tmp
c:\windows\system32\SET85B.tmp
c:\windows\system32\SET85C.tmp
c:\windows\system32\SET85E.tmp
c:\windows\system32\SET860.tmp
c:\windows\system32\SET861.tmp
c:\windows\system32\SET863.tmp
c:\windows\system32\SET866.tmp
c:\windows\system32\SET868.tmp
c:\windows\system32\SET86D.tmp
c:\windows\system32\SET86E.tmp
c:\windows\system32\SET876.tmp
c:\windows\system32\SET87C.tmp
c:\windows\system32\SET881.tmp
c:\windows\system32\SET885.tmp
c:\windows\system32\SET888.tmp
c:\windows\system32\SET88A.tmp
c:\windows\system32\SET890.tmp
c:\windows\system32\SET891.tmp
c:\windows\system32\SET892.tmp
c:\windows\system32\SET896.tmp
c:\windows\system32\SET897.tmp
c:\windows\system32\SET89B.tmp
c:\windows\system32\SET89C.tmp
c:\windows\system32\SET8A1.tmp
c:\windows\system32\SET8A7.tmp
c:\windows\system32\SET8AA.tmp
c:\windows\system32\SET8AC.tmp
c:\windows\system32\SET8AF.tmp
c:\windows\system32\SET8B2.tmp
c:\windows\system32\SET8B4.tmp
c:\windows\system32\SET8B8.tmp
c:\windows\system32\tmp.txt
c:\windows\u03225_.tmp
c:\windows\u03233_.tmp
C:\Qoobox :#:
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleannavi2.txt
C:\ComboFix2.txt
C:\log.txt
C:\lopR2.txt
c:\program files\procexp.exe
C:\PureRa.txt
C:\rapport.txt
C:\rapport2.txt
C:\TCleaner.txt
c:\windows\[u]0/u03225_.tmp
c:\windows\[u]0/u03233_.tmp
c:\windows\SET73.tmp
c:\windows\SET76.tmp
c:\windows\SET82.tmp
c:\windows\SET8D8.tmp
c:\windows\setupapi.log.0.old
c:\windows\system32\SET114.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET1245.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET127.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET1353.tmp
c:\windows\system32\SET13F.tmp
c:\windows\system32\SET151.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET27F.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2F8.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET33C.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET368.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET381.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET413.tmp
c:\windows\system32\SET414.tmp
c:\windows\system32\SET45F.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET46E.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47A.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET48E.tmp
c:\windows\system32\SET492.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET49B.tmp
c:\windows\system32\SET4C8.tmp
c:\windows\system32\SET4D0.tmp
c:\windows\system32\SET4D2.tmp
c:\windows\system32\SET4D6.tmp
c:\windows\system32\SET4D7.tmp
c:\windows\system32\SET4E5.tmp
c:\windows\system32\SET4E9.tmp
c:\windows\system32\SET4EC.tmp
c:\windows\system32\SET4F9.tmp
c:\windows\system32\SET508.tmp
c:\windows\system32\SET509.tmp
c:\windows\system32\SET50A.tmp
c:\windows\system32\SET50B.tmp
c:\windows\system32\SET50D.tmp
c:\windows\system32\SET50E.tmp
c:\windows\system32\SET516.tmp
c:\windows\system32\SET517.tmp
c:\windows\system32\SET524.tmp
c:\windows\system32\SET525.tmp
c:\windows\system32\SET540.tmp
c:\windows\system32\SET542.tmp
c:\windows\system32\SET544.tmp
c:\windows\system32\SET557.tmp
c:\windows\system32\SET55A.tmp
c:\windows\system32\SET55B.tmp
c:\windows\system32\SET578.tmp
c:\windows\system32\SET57D.tmp
c:\windows\system32\SET580.tmp
c:\windows\system32\SET58C.tmp
c:\windows\system32\SET597.tmp
c:\windows\system32\SET59A.tmp
c:\windows\system32\SET5BC.tmp
c:\windows\system32\SET5BF.tmp
c:\windows\system32\SET5C2.tmp
c:\windows\system32\SET5C7.tmp
c:\windows\system32\SET5C8.tmp
c:\windows\system32\SET5CC.tmp
c:\windows\system32\SET5DD.tmp
c:\windows\system32\SET5E2.tmp
c:\windows\system32\SET5E3.tmp
c:\windows\system32\SET5E9.tmp
c:\windows\system32\SET5F0.tmp
c:\windows\system32\SET5F2.tmp
c:\windows\system32\SET5F6.tmp
c:\windows\system32\SET5F7.tmp
c:\windows\system32\SET5FB.tmp
c:\windows\system32\SET5FE.tmp
c:\windows\system32\SET603.tmp
c:\windows\system32\SET609.tmp
c:\windows\system32\SET60B.tmp
c:\windows\system32\SET611.tmp
c:\windows\system32\SET615.tmp
c:\windows\system32\SET616.tmp
c:\windows\system32\SET625.tmp
c:\windows\system32\SET626.tmp
c:\windows\system32\SET62D.tmp
c:\windows\system32\SET630.tmp
c:\windows\system32\SET63B.tmp
c:\windows\system32\SET63C.tmp
c:\windows\system32\SET63E.tmp
c:\windows\system32\SET63F.tmp
c:\windows\system32\SET643.tmp
c:\windows\system32\SET64D.tmp
c:\windows\system32\SET64F.tmp
c:\windows\system32\SET652.tmp
c:\windows\system32\SET655.tmp
c:\windows\system32\SET656.tmp
c:\windows\system32\SET657.tmp
c:\windows\system32\SET65D.tmp
c:\windows\system32\SET663.tmp
c:\windows\system32\SET669.tmp
c:\windows\system32\SET66A.tmp
c:\windows\system32\SET66B.tmp
c:\windows\system32\SET677.tmp
c:\windows\system32\SET678.tmp
c:\windows\system32\SET67A.tmp
c:\windows\system32\SET67F.tmp
c:\windows\system32\SET684.tmp
c:\windows\system32\SET689.tmp
c:\windows\system32\SET68B.tmp
c:\windows\system32\SET68F.tmp
c:\windows\system32\SET690.tmp
c:\windows\system32\SET698.tmp
c:\windows\system32\SET6A1.tmp
c:\windows\system32\SET6A2.tmp
c:\windows\system32\SET6A5.tmp
c:\windows\system32\SET6AC.tmp
c:\windows\system32\SET6AE.tmp
c:\windows\system32\SET6B4.tmp
c:\windows\system32\SET6B5.tmp
c:\windows\system32\SET6B8.tmp
c:\windows\system32\SET6BD.tmp
c:\windows\system32\SET6BE.tmp
c:\windows\system32\SET6BF.tmp
c:\windows\system32\SET6C2.tmp
c:\windows\system32\SET6C4.tmp
c:\windows\system32\SET6D6.tmp
c:\windows\system32\SET6DA.tmp
c:\windows\system32\SET6DC.tmp
c:\windows\system32\SET6DD.tmp
c:\windows\system32\SET6DE.tmp
c:\windows\system32\SET6DF.tmp
c:\windows\system32\SET6E5.tmp
c:\windows\system32\SET6E6.tmp
c:\windows\system32\SET6E9.tmp
c:\windows\system32\SET6ED.tmp
c:\windows\system32\SET6EE.tmp
c:\windows\system32\SET6EF.tmp
c:\windows\system32\SET6F0.tmp
c:\windows\system32\SET6F1.tmp
c:\windows\system32\SET6F3.tmp
c:\windows\system32\SET6F4.tmp
c:\windows\system32\SET6F5.tmp
c:\windows\system32\SET6F6.tmp
c:\windows\system32\SET6F7.tmp
c:\windows\system32\SET6F9.tmp
c:\windows\system32\SET6FB.tmp
c:\windows\system32\SET6FC.tmp
c:\windows\system32\SET701.tmp
c:\windows\system32\SET706.tmp
c:\windows\system32\SET70B.tmp
c:\windows\system32\SET70D.tmp
c:\windows\system32\SET713.tmp
c:\windows\system32\SET715.tmp
c:\windows\system32\SET716.tmp
c:\windows\system32\SET717.tmp
c:\windows\system32\SET71B.tmp
c:\windows\system32\SET71D.tmp
c:\windows\system32\SET71E.tmp
c:\windows\system32\SET722.tmp
c:\windows\system32\SET724.tmp
c:\windows\system32\SET725.tmp
c:\windows\system32\SET72C.tmp
c:\windows\system32\SET738.tmp
c:\windows\system32\SET73D.tmp
c:\windows\system32\SET73F.tmp
c:\windows\system32\SET740.tmp
c:\windows\system32\SET741.tmp
c:\windows\system32\SET746.tmp
c:\windows\system32\SET74B.tmp
c:\windows\system32\SET756.tmp
c:\windows\system32\SET763.tmp
c:\windows\system32\SET767.tmp
c:\windows\system32\SET768.tmp
c:\windows\system32\SET775.tmp
c:\windows\system32\SET777.tmp
c:\windows\system32\SET78D.tmp
c:\windows\system32\SET791.tmp
c:\windows\system32\SET79A.tmp
c:\windows\system32\SET79D.tmp
c:\windows\system32\SET7A0.tmp
c:\windows\system32\SET7A3.tmp
c:\windows\system32\SET7A6.tmp
c:\windows\system32\SET7AE.tmp
c:\windows\system32\SET7B1.tmp
c:\windows\system32\SET7B2.tmp
c:\windows\system32\SET7B4.tmp
c:\windows\system32\SET7B6.tmp
c:\windows\system32\SET7BC.tmp
c:\windows\system32\SET7CC.tmp
c:\windows\system32\SET7D1.tmp
c:\windows\system32\SET7D3.tmp
c:\windows\system32\SET7D5.tmp
c:\windows\system32\SET7D6.tmp
c:\windows\system32\SET7DC.tmp
c:\windows\system32\SET7E0.tmp
c:\windows\system32\SET7E9.tmp
c:\windows\system32\SET7ED.tmp
c:\windows\system32\SET7F0.tmp
c:\windows\system32\SET7F1.tmp
c:\windows\system32\SET7F3.tmp
c:\windows\system32\SET7F4.tmp
c:\windows\system32\SET7F5.tmp
c:\windows\system32\SET7FF.tmp
c:\windows\system32\SET803.tmp
c:\windows\system32\SET808.tmp
c:\windows\system32\SET80E.tmp
c:\windows\system32\SET819.tmp
c:\windows\system32\SET821.tmp
c:\windows\system32\SET822.tmp
c:\windows\system32\SET836.tmp
c:\windows\system32\SET84E.tmp
c:\windows\system32\SET855.tmp
c:\windows\system32\SET856.tmp
c:\windows\system32\SET857.tmp
c:\windows\system32\SET859.tmp
c:\windows\system32\SET85A.tmp
c:\windows\system32\SET85B.tmp
c:\windows\system32\SET85C.tmp
c:\windows\system32\SET85E.tmp
c:\windows\system32\SET860.tmp
c:\windows\system32\SET861.tmp
c:\windows\system32\SET863.tmp
c:\windows\system32\SET866.tmp
c:\windows\system32\SET868.tmp
c:\windows\system32\SET86D.tmp
c:\windows\system32\SET86E.tmp
c:\windows\system32\SET876.tmp
c:\windows\system32\SET87C.tmp
c:\windows\system32\SET881.tmp
c:\windows\system32\SET885.tmp
c:\windows\system32\SET888.tmp
c:\windows\system32\SET88A.tmp
c:\windows\system32\SET890.tmp
c:\windows\system32\SET891.tmp
c:\windows\system32\SET892.tmp
c:\windows\system32\SET896.tmp
c:\windows\system32\SET897.tmp
c:\windows\system32\SET89B.tmp
c:\windows\system32\SET89C.tmp
c:\windows\system32\SET8A1.tmp
c:\windows\system32\SET8A7.tmp
c:\windows\system32\SET8AA.tmp
c:\windows\system32\SET8AC.tmp
c:\windows\system32\SET8AF.tmp
c:\windows\system32\SET8B2.tmp
c:\windows\system32\SET8B4.tmp
c:\windows\system32\SET8B8.tmp
c:\windows\system32\tmp.txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-29 ))))))))))))))))))))))))))))))))))))
.

2009-03-29 08:51 . 2009-03-29 08:51 2,342 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-03-28 23:05 . 2009-03-28 23:05 <REP> d-------- c:\program files\IntelliAdmin
2009-03-28 21:21 . 2009-03-28 21:21 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-03-28 21:21 . 2009-03-28 21:21 <REP> d-------- c:\program files\Adobe Media Player
2009-03-28 17:36 . 2009-03-28 17:36 2,936,496 -ra------ C:\ComboFix.exe
2009-03-28 09:26 . 2009-03-28 09:26 <REP> d-------- C:\rsit
2009-03-28 09:26 . 2009-03-28 09:26 <REP> d-------- c:\program files\trend micro
2009-03-27 22:08 . 2009-03-27 22:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-03-27 21:37 . 2009-03-27 21:37 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-26 23:41 . 2009-03-26 23:41 <REP> d-------- c:\documents and settings\Dany\Application Data\Cimaware
2009-03-26 23:35 . 2009-03-26 23:42 <REP> d-------- c:\program files\Cimaware
2009-03-25 16:04 . 2009-03-25 16:04 <REP> d--hs---- c:\documents and settings\Administrateur\IETldCache
2009-03-25 13:10 . 2009-03-25 13:10 <REP> d-------- c:\program files\Avira
2009-03-25 13:10 . 2009-03-25 13:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-25 12:55 . 2009-03-25 12:55 <REP> d-------- c:\program files\TCPView
2009-03-25 12:55 . 2009-03-25 12:55 <REP> d-------- c:\documents and settings\TCPView
2009-03-25 01:08 . 2009-03-25 01:08 <REP> d--hs---- c:\documents and settings\Dany\IECompatCache
2009-03-25 01:05 . 2009-03-25 01:05 <REP> d--hs---- c:\documents and settings\Dany\PrivacIE
2009-03-25 01:04 . 2009-03-25 01:04 <REP> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-25 01:03 . 2009-03-25 01:03 <REP> d--hs---- c:\documents and settings\Dany\IETldCache
2009-03-25 01:01 . 2009-03-27 20:13 <REP> d-------- c:\windows\ie8updates
2009-03-25 00:58 . 2008-04-13 20:33 81,920 --a------ c:\windows\system32\ieencode.dll
2009-03-25 00:58 . 2007-08-13 19:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-03-25 00:55 . 2009-02-28 06:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-24 21:20 . 2009-03-24 21:20 <REP> d-------- c:\documents and settings\LocalService\Bureau
2009-03-24 13:57 . 2009-03-24 13:57 <REP> d-------- C:\_OTMoveIt
2009-03-24 13:44 . 2009-03-29 14:58 44,589,088 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-24 13:44 . 2009-03-29 14:55 523,832 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-24 13:04 . 2008-07-08 14:54 148,496 --a------ c:\windows\system32\drivers\47556996.sys
2009-03-23 19:41 . 2008-07-08 14:54 148,496 --a------ c:\windows\system32\drivers\13439012.sys
2009-03-22 23:03 . 2009-03-22 23:13 <REP> d-------- c:\documents and settings\Dany\DoctorWeb
2009-03-21 20:53 . 2009-03-21 20:53 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 20:52 . 2009-03-27 21:38 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-21 20:52 . 2009-03-27 21:38 <REP> d-------- c:\documents and settings\Dany\Application Data\SUPERAntiSpyware.com
2009-03-21 14:01 . 2009-03-21 14:01 <REP> d-------- c:\program files\Marvell
2009-03-19 22:56 . 2009-03-19 22:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-19 22:49 . 2009-03-19 22:49 <REP> d-------- c:\documents and settings\Dany\Application Data\Malwarebytes
2009-03-19 22:49 . 2009-03-19 22:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-19 00:15 . 2009-03-19 00:15 <REP> d-------- c:\documents and settings\Dany\Application Data\Grisoft
2009-03-18 23:57 . 2008-04-13 20:33 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-18 23:24 . 2009-01-01 00:30 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-18 23:24 . 2009-01-01 00:30 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-18 23:24 . 2009-03-09 00:28 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-18 23:24 . 2009-03-24 14:08 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-03-18 23:24 . 2009-01-01 00:30 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-18 23:24 . 2009-01-01 00:30 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-03-18 23:24 . 2009-03-28 09:22 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-18 23:24 . 2009-03-25 16:04 <REP> d-------- c:\documents and settings\Administrateur
2009-03-18 12:10 . 2009-03-18 12:10 <REP> d-------- c:\program files\DiagInternet
2009-03-18 09:47 . 2009-03-18 09:47 <REP> d-------- c:\program files\AVG
2009-03-18 00:46 . 2009-03-21 12:12 <REP> d-------- c:\program files\a-squared Free
2009-03-16 22:37 . 2009-03-16 22:37 <REP> d-------- c:\program files\Logitech
2009-03-12 21:06 . 2009-03-14 10:36 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-11 19:26 . 2009-03-11 19:26 <REP> d-------- c:\windows\system32\Lang
2009-03-11 19:26 . 2009-03-11 19:26 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-03-11 19:26 . 2009-03-11 19:26 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-03-11 19:14 . 2009-03-11 19:14 <REP> d-------- c:\program files\Realtek AC97
2009-03-11 19:14 . 2006-11-17 06:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl
2009-03-11 19:14 . 2006-12-08 16:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
2009-03-11 19:14 . 2008-09-24 11:40 4,122,368 -ra------ c:\windows\system32\drivers\alcxwdm.sys
2009-03-11 19:14 . 2007-04-16 16:28 577,536 --a------ c:\windows\soundman.exe
2009-03-11 19:14 . 2006-07-31 12:19 315,392 --a------ c:\windows\alcupd.exe
2009-03-11 19:14 . 2006-07-31 12:27 217,088 --a------ c:\windows\Alcrmv.exe
2009-03-11 19:14 . 2006-10-18 03:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll
2009-03-11 19:14 . 2002-02-05 14:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2009-03-11 19:14 . 2006-08-01 16:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2009-03-11 18:51 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-03-11 18:51 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-03-11 18:36 . 2009-03-11 18:36 <REP> d-------- c:\documents and settings\Dany\Application Data\Creative
2009-03-11 18:23 . 2009-03-11 18:23 <REP> d-------- c:\program files\Fichiers communs\Creative
2009-03-11 18:23 . 2009-03-11 18:53 <REP> d--h----- c:\program files\Creative Installation Information
2009-03-10 13:12 . 2008-12-21 00:46 6,066,688 --a--c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-10 13:12 . 2007-04-17 11:32 2,455,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-10 13:12 . 2007-03-08 07:10 1,048,576 --a--c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-10 13:12 . 2008-12-21 00:46 459,264 --a--c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-10 13:12 . 2008-12-21 00:46 383,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-10 13:12 . 2008-12-21 00:46 267,776 --a--c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-10 13:12 . 2008-12-21 00:46 63,488 --a--c--- c:\windows\system32\dllcache\icardie.dll
2009-03-10 13:12 . 2008-12-21 00:46 52,224 --a--c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-10 13:12 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-09 23:47 . 2009-03-09 23:51 <REP> d-------- c:\windows\ServicePackFiles
2009-03-09 23:46 . 2008-04-13 20:34 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2009-03-09 17:27 . 2008-06-14 19:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-09 17:26 . 2009-01-16 22:15 3,594,752 --a--c--- c:\windows\system32\dllcache\mshtml.dll
2009-03-09 17:26 . 2008-10-16 03:01 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-03-09 17:26 . 2008-12-21 00:47 1,160,192 --a--c--- c:\windows\system32\dllcache\urlmon.dll
2009-03-09 17:26 . 2008-12-21 00:47 826,368 --a--c--- c:\windows\system32\dllcache\wininet.dll
2009-03-09 17:24 . 2009-02-09 16:05 1,846,912 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-03-09 17:23 . 2008-08-14 15:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-09 17:23 . 2008-08-14 15:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-09 17:23 . 2008-08-14 15:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-09 17:23 . 2008-08-14 15:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-09 17:17 . 2008-09-04 19:16 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2009-03-09 17:17 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-09 17:17 . 2008-12-11 12:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-09 17:17 . 2008-05-01 16:36 331,776 --a--c--- c:\windows\system32\dllcache\msadce.dll
2009-03-09 17:17 . 2008-05-08 16:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-09 17:16 . 2008-04-11 21:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-09 17:15 . 2008-10-15 18:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-09 01:41 . 2009-03-29 14:56 <REP> d-------- c:\windows\system32\NtmsData
2009-03-09 00:54 . 2008-04-13 20:33 571,392 --a--c--- c:\windows\system32\dllcache\tintlgnt.ime
2009-03-09 00:53 . 2004-08-05 14:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-03-09 00:52 . 2008-04-13 20:31 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-03-09 00:51 . 2004-08-05 14:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2009-03-09 00:50 . 2008-04-13 20:33 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-09 00:50 . 2003-04-14 21:29 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll
2009-03-09 00:50 . 2003-04-14 21:29 16,384 --a--c--- c:\windows\system32\dllcache\tcptsat.dll
2009-03-09 00:48 . 2009-03-09 00:48 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-09 00:48 . 2009-03-09 00:48 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-09 00:48 . 2009-03-09 00:48 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-09 00:48 . 2009-03-09 00:48 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-09 00:48 . 2009-03-09 00:48 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-09 00:47 . 2004-08-05 14:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-03-09 00:44 . 2008-04-13 20:34 153,088 --a------ c:\windows\system32\irftp.exe
2009-03-09 00:44 . 2008-04-13 20:33 29,184 --a------ c:\windows\system32\irmon.dll
2009-03-09 00:44 . 2008-04-13 20:33 8,192 --a------ c:\windows\system32\wshirda.dll
2009-03-09 00:31 . 2001-08-17 22:51 19,584 --a------ c:\windows\system32\drivers\rasirda.sys
2009-03-09 00:28 . 2004-08-05 14:00 809,394 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-09 00:28 . 2004-08-05 14:00 399,670 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2009-03-09 00:28 . 2004-08-05 14:00 37,509 --a--c--- c:\windows\system32\dllcache\MW770.CAT
2009-03-09 00:28 . 2004-08-05 14:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-03-09 00:28 . 2004-08-05 14:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2009-03-09 00:28 . 2004-08-05 14:00 13,497 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT
2009-03-09 00:28 . 2004-08-05 14:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-03-09 00:28 . 2004-08-05 14:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 07:20 --------- d-----w c:\program files\Bible
2009-03-28 21:37 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-28 17:28 --------- d-----w c:\program files\Java
2009-03-28 17:25 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-28 16:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-28 10:14 1,554 ----a-w c:\documents and settings\Dany\Application Data\SAS7_000.DAT
2009-03-27 19:28 --------- d-----r c:\program files\Skype
2009-03-25 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-24 22:30 --------- d-----w c:\documents and settings\Dany\Application Data\Skype
2009-03-24 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-24 12:09 --------- d-----w c:\documents and settings\Dany\Application Data\XnView
2009-03-17 06:31 --------- d-----w c:\program files\DreamMail4
2009-03-16 20:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 10:42 --------- d-----w c:\program files\Fichiers communs\Nuance
2009-03-14 08:55 --------- d-----w c:\program files\Winamp
2009-03-12 19:06 --------- d-----w c:\program files\Microsoft
2009-03-11 16:23 --------- d-----w c:\program files\Creative
2009-03-06 23:11 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-25 08:24 --------- d-----w c:\documents and settings\All Users\Application Data\Musicnotes
2009-02-18 18:01 --------- d-----w c:\documents and settings\Dany\Application Data\skypePM
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 22:32 --------- d-----w c:\program files\Fichiers communs\Skype
2009-02-03 22:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-01-31 19:24 --------- d-----w c:\program files\MSECACHE
2009-01-31 17:59 --------- d-----w c:\program files\Fichiers communs\ScanSoft Shared
2009-01-31 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2009-01-31 16:17 25,992 ----a-w c:\windows\system32\pgdfgsvc.exe
2009-01-31 16:17 --------- d-----w c:\program files\Defrag
2009-01-31 09:00 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-31 09:00 --------- d-----w c:\documents and settings\Dany\Application Data\SystemRequirementsLab
2009-01-31 08:58 --------- d-----w c:\program files\Lavalys
2009-01-30 12:00 --------- d-----w c:\program files\Google
2009-01-07 17:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 17:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 17:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 17:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 17:20 23,552 ----a-w c:\windows\system32\normaliz.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-03-28_16.59.33,48 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2009-01-17 19:45:56 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-03-28 17:25:51 144,792 ----a-w c:\windows\system32\java.exe
- 2009-01-17 19:45:57 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-28 17:25:51 144,792 ----a-w c:\windows\system32\javaw.exe
- 2009-01-17 19:45:57 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-28 17:25:51 148,888 ----a-w c:\windows\system32\javaws.exe
- 2009-03-13 20:25:58 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-28 19:24:06 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-03-16 17:15:48 40,836 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-29 06:51:57 40,952 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-16 17:15:48 58,376 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-03-29 06:51:57 58,524 ----a-w c:\windows\system32\perfc00C.dat
- 2009-03-16 17:15:48 314,508 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-29 06:51:57 314,816 ----a-w c:\windows\system32\perfh009.dat
- 2009-03-16 17:15:48 392,918 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-03-29 06:51:57 393,296 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-03-29 12:56:46 16,384 ----atw c:\windows\temp\Perflib_Perfdata_458.dat
+ 2009-03-29 12:56:46 16,384 ----atw c:\windows\temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-05 44544]

c:\documents and settings\Dany\Menu D‚marrer\Programmes\D‚marrage\
GoogleCalendarSync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-02 546288]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 13:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 is-PF3R0drv;is-PF3R0drv;c:\windows\system32\drivers\47556996.sys [2009-03-24 148496]
R1 is-RQN1Kdrv;is-RQN1Kdrv;c:\windows\system32\drivers\13439012.sys [2009-03-23 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-01-03 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-01-03 3072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2009-03-29 c:\windows\Tasks\User_Feed_Synchronization-{AAB5F4A0-34AB-4FBD-8CC5-089F5A9AB70A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:36]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {E10365F2-E62D-4203-AE0A-F8D12AEE2659} = 80.10.246.2,80.10.246.129
FF - ProfilePath - c:\documents and settings\Dany\Application Data\Mozilla\Firefox\Profiles\1ldfqq0f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 14:57:11
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\searchindexer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-03-29 15:00:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-29 13:00:52
ComboFix2.txt 2009-03-28 16:02:32
ComboFix3.txt 2009-03-23 17:12:40
ComboFix4.txt 2009-03-23 12:03:12
ComboFix5.txt 2009-03-29 12:51:07

Avant-CF: 291,130,130,432 octets libres
Après-CF: 291,117,559,808 octets libres

978
0
Réponse 100 / 114
Utilisateur anonyme
29 mars 2009 à 17:33
ok redemarre ton pc et renvoie un nouveau rsit stp
0

Discussions similaires

Connexion impossible sur coco.fr
Folya -
Xileh -

6 réponses
je peux plus me connecter sur coco.fr
Domi -
pasc -

3 réponses
[SUJET GROUPÉ] Problèmes rencontrés sur le site COCO.
Pisceneo -
Radinoz -

17 réponses
Formaté mais pas de connexion Internet ?
VissErale -
VissErale -

4 réponses
Snapchat locked : mon compte snapchat est bloqué
amelie-2 -
Beratilhan -

51 réponses