Worm dans system32

Résolu
nico3446 -  
 nico3446 -
Bonsoir,

depuis quelques temps ( 2 jours ) j'ai antivir qui me détecte un logiciel malveillant à l'allumage de mon PC ...

La fenetre m'expliquant la cause s'ouvre et je choisis à chaque fois "refuser l'accés"

La meme fenetre s'ouvre environ 7 ou 8 fois de suite et- je choisis à chaque fois "refuser l'accès" puis ensuite ca s'arrete.

Voici le message qui apparait à chaque fois :

"Dans le fichier 'C:\WINDOWS\system32\mstmdm.dll'
un virus ou un programme indésirable 'WORM/Autorun.J.1' [worm] a été détecté.
Action exécutée : Refuser l'accès"

Quelqu'un sait ce que je peux faire pour l'enlever ?

Merci d'avance
Configuration: Windows XP
Firefox 3.0.14

20 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    C:\WINDOWS\system32\mstmdm.dll' n´est plus présent dans ton pc...

    passe ceci :

    nettoie tes fichiers temporaires avec ceci : atf cleaner, regarde le tuto...

    http://www.infosecu.fr/atf.html

    telecharge le ici :

    http://serveur1.archive-host.com/membres/up/1366464061/ATF-Cleaner.rar

    puis pour verifier que tout est ok :

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun rapide".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    @´+
    2
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    @+
    1
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    c´est pas joli joli...
    le rapport combofix n´est pas entier mais...
    desinstalle correctement norton :
    Desinstalleur Norton:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
    puis passe ceci :
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
    post aussi ce raport :
    Télécharge random's system information tool (RSIT) : http://images.malwareremoval.com/random/RSIT.exe
    - Enregistre le programme sur ton bureau.
    - Double clique sur RSIT.exe
    - Clique sur <continue> à l'écran "Disclaimer".
    - Choisis lors de l'option <List files/folders created ...> : 3 months
    - Si HiJackThis n'est pas détecté sur ton PC, RSIT le téléchargera ; accepte alors la licence.
    - Une fois le scanne terminé tu obtiendras un rapport log.txt. Poste le sur le forum.
    NB : Il se peut que tu obtiennes un second rapport nommé info.txt. Dans ce cas poste le aussi.
    @+
    1
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    passe ceci voir :

    • Télécharge et installe http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe par Chiquitine29

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    • Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .
    • Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    • Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    • Laisse travailler l outil.

    • Ensuite poste le rapport UsbFix.txt qui apparaitra.

    • Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    @+
    1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    # Double clic sur le raccourci UsbFix présent sur ton bureau

    # choisis l'option 2 ( Suppression )

    # Ton bureau disparaitra et le pc redémarrera .

    # Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    # Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    2
    Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

    Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)

    a l´aide de hijack this coche et fix cette ligne :

    O21 - SSODL: UpdateCheck - {8D03294D-F8D5-4A5B-A75A-26E2646B9B55} - C:\WINDOWS\system32\mstmdm.dll

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
    Puis copies ce qui se trouve en citation ci-dessous,

    :Processes
    explorer.exe

    :Files
    C:\WINDOWS\system32\mstmdm.dll

    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]

    et colles le dans le cadre de gauche de OTMoveIt3 :
    Paste Instructions for items to be moved.
    (ne touche à rien d'autre !)

    -> cliques sur MoveIt! pour lancer la suppression.
    -> laisses travailler l'outil ...

    ( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

    -> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

    Ton PC va redémarrer de lui même ...

    -->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
    ( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).

    3
    post le rapport de ot move it 3 et un nouveau rapport hijack this stp

    @+
    1
  7. nico3446
     
    C'est fait

    Au lancement, j'ai désactivé Antivir et Kerio mais il m'a dit que j'avais Norton Antivirus 2005 d'activer, je n'ai pas trouvé où il se trouvait pour pouvoir le désactiver ...

    Voilà le rapport
    :

    ComboFix 09-09-30.06 - Propriétaire 01/10/2009 18:26.1.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.242 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\sinequanon.exe
    c:\documents and settings\Invité\Application Data\Microsoft\Internet Explorer\Quick Launch\sinequanon.exe
    c:\program files\baidu
    c:\program files\FlashGet Network
    c:\program files\FlashGet Network\FlashGet 3\adns.dll
    c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
    c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
    c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
    c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
    c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
    c:\program files\FlashGet Network\FlashGet 3\corestat.dll
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn1.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn2.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig1.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_00_119.jpg
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_00_46.jpg
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_00_66.jpg
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_01_9.jpg
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_107x731.jpg
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_107x732.jpg
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_20376_o.jpg
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\game1.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico01.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico02.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\line.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie1.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\pic_bg.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
    c:\program files\FlashGet Network\FlashGet 3\dat\directui\Thumbs.db
    c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
    c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
    c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
    c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
    c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
    c:\program files\FlashGet Network\FlashGet 3\id3lib.dll
    c:\program files\FlashGet Network\FlashGet 3\libem.dll
    c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
    c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
    c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
    c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
    c:\program files\FlashGet Network\FlashGet 3\unrar.dll
    c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
    c:\program files\FlashGet Network\FlashGet 3\zlib.dll
    c:\recycler\S-1-5-21-1357777219-1400045568-1139090238-1003
    c:\windows\Downloaded Program Files\bdcore.dll
    c:\windows\Downloaded Program Files\libfn.dll
    c:\windows\Fonts\acrsec.fon
    c:\windows\Fonts\acrsecB.fon
    c:\windows\Fonts\acrsecI.fon
    c:\windows\Installer\10c0c.msi
    c:\windows\Installer\145a7.msi
    c:\windows\Installer\156b213.msi
    c:\windows\Installer\205670.msi
    c:\windows\Installer\2c1366e.msi
    c:\windows\Installer\2c13674.msi
    c:\windows\Installer\2c1367a.msi
    c:\windows\Installer\2c13688.msi
    c:\windows\Installer\2c1368e.msi
    c:\windows\Installer\2c13696.msi
    c:\windows\Installer\2c1369c.msi
    c:\windows\Installer\2c136a2.msi
    c:\windows\Installer\2c136a8.msi
    c:\windows\Installer\2c136b0.msi
    c:\windows\Installer\2c136b6.msi
    c:\windows\Installer\2e71a.msi
    c:\windows\Installer\6b684.msi
    c:\windows\Installer\9e98d99.msi
    c:\windows\Installer\d885e.msi
    c:\windows\pack.epk
    c:\windows\patch.exe
    c:\windows\system32\404Fix.exe
    c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\sinequanon.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\iAlmcoin.dll
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\secustat.dat
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    c:\windows\wpd99.drv

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-01 au 2009-10-01 ))))))))))))))))))))))))))))))))))))
    .

    2009-10-01 16:41 . 2009-10-01 16:42 -------- d-----w- c:\documents and settings\TEMP.NICO.091
    2009-10-01 15:53 . 2009-10-01 15:54 -------- d-----w- C:\UsbFix
    2009-10-01 15:47 . 2009-10-01 15:50 -------- d-----w- c:\documents and settings\TEMP.NICO.090
    2009-10-01 13:42 . 2009-10-01 13:45 -------- d-----w- c:\documents and settings\TEMP.NICO.089
    2009-10-01 12:39 . 2009-10-01 12:42 -------- d-----w- c:\documents and settings\TEMP.NICO.088
    2009-09-29 14:47 . 2004-08-18 16:00 98304 ----a-w- c:\windows\system32\mstmdm.dll
    2009-09-28 19:15 . 2009-09-28 19:15 -------- d-----w- c:\program files\AXEL
    2009-09-28 13:20 . 2009-09-28 13:23 -------- d-----w- c:\documents and settings\TEMP.NICO.087
    2009-09-27 22:46 . 2009-09-27 22:49 -------- d-----w- c:\documents and settings\TEMP.NICO.086
    2009-09-27 08:28 . 2009-09-27 08:31 -------- d-----w- c:\documents and settings\TEMP.NICO.085
    2009-09-26 15:20 . 2009-09-26 15:23 -------- d-----w- c:\documents and settings\TEMP.NICO.084
    2009-09-26 12:56 . 2009-09-26 12:59 -------- d-----w- c:\documents and settings\TEMP.NICO.083
    2009-09-26 07:23 . 2009-09-26 07:26 -------- d-----w- c:\documents and settings\TEMP.NICO.082
    2009-09-25 21:33 . 2009-09-25 21:36 -------- d-----w- c:\documents and settings\TEMP.NICO.081
    2009-09-25 13:40 . 2009-09-25 13:43 -------- d-----w- c:\documents and settings\TEMP.NICO.080
    2009-09-24 14:40 . 2009-09-24 14:43 -------- d-----w- c:\documents and settings\TEMP.NICO.079
    2009-09-24 07:53 . 2009-09-24 07:56 -------- d-----w- c:\documents and settings\TEMP.NICO.078
    2009-09-23 21:26 . 2009-09-23 21:29 -------- d-----w- c:\documents and settings\TEMP.NICO.077
    2009-09-23 19:11 . 2009-09-23 19:14 -------- d-----w- c:\documents and settings\TEMP.NICO.076
    2009-09-22 14:44 . 2009-09-22 14:47 -------- d-----w- c:\documents and settings\TEMP.NICO.075
    2009-09-21 14:41 . 2009-09-21 14:44 -------- d-----w- c:\documents and settings\TEMP.NICO.074
    2009-09-21 09:02 . 2009-09-21 09:05 -------- d-----w- c:\documents and settings\TEMP.NICO.073
    2009-09-20 10:36 . 2009-09-20 10:36 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
    2009-09-20 10:35 . 2009-09-20 10:35 -------- d-----w- c:\program files\LAventure
    2009-09-20 08:01 . 2009-09-20 08:05 -------- d-----w- c:\documents and settings\TEMP.NICO.072
    2009-09-19 06:49 . 2009-09-19 06:52 -------- d-----w- c:\documents and settings\TEMP.NICO.071
    2009-09-17 14:43 . 2009-09-17 14:46 -------- d-----w- c:\documents and settings\TEMP.NICO.070
    2009-09-16 14:43 . 2009-09-16 14:45 -------- d-----w- c:\documents and settings\TEMP.NICO.069
    2009-09-16 09:23 . 2009-09-16 09:26 -------- d-----w- c:\documents and settings\TEMP.NICO.068
    2009-09-15 10:10 . 2009-09-15 10:12 -------- d-----w- c:\documents and settings\TEMP.NICO.067
    2009-09-14 19:26 . 2009-09-14 19:29 -------- d-----w- c:\documents and settings\TEMP.NICO.066
    2009-09-14 19:13 . 2009-09-14 19:16 -------- d-----w- c:\documents and settings\TEMP.NICO.065
    2009-09-14 08:45 . 2009-09-14 08:48 -------- d-----w- c:\documents and settings\TEMP.NICO.064
    2009-09-13 08:28 . 2009-09-13 08:30 -------- d-----w- c:\documents and settings\TEMP.NICO.063
    2009-09-12 08:56 . 2009-09-12 08:59 -------- d-----w- c:\documents and settings\TEMP.NICO.062
    2009-09-11 08:43 . 2009-09-11 08:45 -------- d-----w- c:\documents and settings\TEMP.NICO.061
    2009-09-10 08:15 . 2009-09-10 08:17 -------- d-----w- c:\documents and settings\TEMP.NICO.060
    2009-09-09 17:12 . 2009-09-09 17:14 -------- d-----w- c:\documents and settings\TEMP.NICO.059
    2009-09-09 08:39 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2009-09-09 08:35 . 2009-09-09 08:38 -------- d-----w- c:\documents and settings\TEMP.NICO.058
    2009-09-08 12:10 . 2009-09-08 12:12 -------- d-----w- c:\documents and settings\TEMP.NICO.057
    2009-09-07 14:45 . 2009-09-07 14:48 -------- d-----w- c:\documents and settings\TEMP.NICO.056
    2009-09-07 08:24 . 2009-09-07 08:27 -------- d-----w- c:\documents and settings\TEMP.NICO.055
    2009-09-06 09:05 . 2009-09-06 09:08 -------- d-----w- c:\documents and settings\TEMP.NICO.054
    2009-09-05 08:20 . 2009-09-05 08:23 -------- d-----w- c:\documents and settings\TEMP.NICO.053
    2009-09-04 09:00 . 2009-09-04 09:03 -------- d-----w- c:\documents and settings\TEMP.NICO.052
    2009-09-03 14:44 . 2009-09-03 14:46 -------- d-----w- c:\documents and settings\TEMP.NICO.051
    2009-09-03 12:09 . 2009-09-03 12:12 -------- d-----w- c:\documents and settings\TEMP.NICO.050
    2009-09-02 20:13 . 2009-09-02 20:15 -------- d-----w- c:\documents and settings\TEMP.NICO.049
    2009-09-02 14:43 . 2009-09-02 14:46 -------- d-----w- c:\documents and settings\TEMP.NICO.048
    2009-09-02 08:51 . 2009-09-02 08:54 -------- d-----w- c:\documents and settings\TEMP.NICO.047

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-01 15:05 . 2008-12-14 13:56 -------- d-----w- c:\program files\Full Tilt Poker
    2009-09-21 18:10 . 2008-10-21 16:18 -------- d-----w- c:\program files\Microsoft ActiveSync
    2009-09-09 17:11 . 2008-08-11 06:52 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-09-03 18:15 . 2003-01-01 21:51 -------- d-----w- c:\program files\Java
    2009-08-29 23:52 . 2009-08-29 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
    2009-08-29 19:28 . 2009-08-29 19:21 -------- d-----w- c:\program files\PPLiveVA
    2009-08-29 19:28 . 2009-08-29 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PPLiveVA
    2009-08-29 19:27 . 2009-08-29 19:18 -------- d-----w- c:\program files\Maxthon2
    2009-08-29 19:25 . 2009-08-29 19:24 -------- d-----w- c:\program files\Fichiers communs\Real
    2009-08-29 19:17 . 2009-08-29 19:17 305 ----a-w- c:\windows\system32\secushr.dat
    2009-08-21 14:36 . 2003-01-02 05:01 85396 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-21 14:36 . 2003-01-02 05:01 511874 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-21 14:24 . 2009-08-21 14:24 -------- d-----w- c:\program files\MSBuild
    2009-08-21 14:24 . 2009-08-21 14:24 -------- d-----w- c:\program files\Reference Assemblies
    2009-08-18 09:47 . 2009-05-01 07:46 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-13 08:06 . 2008-12-01 21:06 -------- d-----w- c:\program files\Holdem Indicator
    2009-08-13 08:06 . 2008-11-24 18:06 -------- d-----w- c:\program files\PokerStars
    2009-08-05 09:00 . 2002-12-12 06:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-03 16:55 . 2006-03-09 15:45 -------- d-----w- c:\program files\TrackMania Nations ESWC
    2009-07-31 16:46 . 2008-11-25 11:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-07-25 03:23 . 2008-10-28 14:44 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-17 19:03 . 2003-01-05 01:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 21:43 . 2003-01-01 21:48 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2005-09-23 18:55 . 2005-09-23 18:55 8192 -csha-w- c:\windows\o2cLicStore.bin
    2008-12-07 23:17 . 2008-12-07 23:13 24 --sh--w- c:\windows\S8E4EAE41.tmp
    2005-02-16 23:28 . 2005-02-16 23:28 32 -csha-w- c:\windows\{7874A12F-173F-4AE6-91E7-74F093A28D3B}.dat
    2005-07-20 15:28 . 2005-07-20 15:28 0 -csha-w- c:\windows\SMINST\HPCD.sys
    2005-02-23 18:31 . 2005-02-23 18:31 56 -csh--r- c:\windows\system32\B180D3EDC3.sys
    2005-02-23 18:31 . 2005-02-23 18:31 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
    [-] 2004-08-19 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

    [-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
    [-] 2006-08-25 . 47ABF878B9AEC81B23BA5F89DE597B3A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    [-] 2004-12-21 . 2528F189C51E036E0ADF687A233797B0 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1612_x-ww_7c379b08\comctl32.dll
    [-] 2004-08-20 . A80C4A6AB0C6B3B2CB7133AA1AD145A0 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll
    [-] 2004-08-19 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
    [-] 2004-08-19 . 7B5D86AF13CEF261180CC0F3BF094366 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    [-] 2003-09-24 . 4DB6E9BE9D620099256BA281654E1A73 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    [-] 2003-09-24 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
    [-] 2003-09-24 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

    [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
    [-] 2004-08-19 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
    [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

    [-] 2003-09-20 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
    [-] 2003-09-20 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

    [-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
    [-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0025\DriverFiles\i386\kbdclass.sys
    [-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
    [-] 2003-09-23 . 9BB4976AACD2C9DF788AFCC53ABB790C . 24064 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys
    [-] 2003-09-23 . 9BB4976AACD2C9DF788AFCC53ABB790C . 24064 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys
    [-] 2003-09-23 . 9BB4976AACD2C9DF788AFCC53ABB790C . 24064 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys
    [-] 2003-09-23 . 9BB4976AACD2C9DF788AFCC53ABB790C . 24064 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\kbdclass.sys
    [-] 2003-09-23 . 9BB4976AACD2C9DF788AFCC53ABB790C . 24064 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\kbdclass.sys
    [-] 2003-09-23 . 9BB4976AACD2C9DF788AFCC53ABB790C . 24064 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\kbdclass.sys

    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
    [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
    [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
    [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
    [-] 2003-09-23 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\I386\NTFS.SYS

    [-] 2003-09-20 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
    [-] 2003-09-20 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
    [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
    [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

    [-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
    [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
    [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
    [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
    [-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
    [-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
    [-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
    [-] 2005-07-26 04:39 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll

    [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
    [-] 2004-08-19 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

    [-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    [-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
    [-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
    [-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    [-] 2007-04-16 . 62E3F0E9ABFCBCEE62C51546F622C455 . 1051136 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [-] 2007-04-16 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
    [-] 2006-07-05 . FB85EF2A6713E3A58A497E093626B93C . 1050112 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    [-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
    [-] 2004-08-19 . C88F74591579DBDE273C61312B2D3886 . 1048576 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

    [-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
    [-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

    [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
    [-] 2004-08-19 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

    [-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
    [-] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

    [-] 2009-07-19 . 0E396FC8AED9D3D550DB38152F6A4FC7 . 3597824 . . [7.00.6000.16890] . . c:\windows\system32\mshtml.dll
    [-] 2009-07-19 . 0E396FC8AED9D3D550DB38152F6A4FC7 . 3597824 . . [7.00.6000.16890] . . c:\windows\system32\dllcache\mshtml.dll
    [-] 2009-07-19 . 73FFE289F14EDFBB22429E88ACF17016 . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
    [-] 2009-04-29 . 9B6478E6F9E83A04B6DA76FA61BB1FA7 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
    [-] 2009-04-29 . 246F148CD2E4F5AE164C1890D0A06420 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
    [-] 2009-02-21 . D79AEC545A98057155099FB69BB3C4D3 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
    [-] 2009-02-20 . 78068F040272D5EEF5198B3C75DD4D99 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
    [-] 2009-01-16 . 0975BFBBCF2639C8BB5C0790F020DE6C . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
    [-] 2009-01-16 . F386435C5E0A5D86E9F90B659D4F6075 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
    [-] 2008-12-13 . 0AFB982529328ABAF64EFC6C85E0F09C . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
    [-] 2008-12-13 . CB7922B3AD4BC5BBEDA130F6C9E0656A . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
    [-] 2008-10-17 . 74BF6087086364FA96BF047DA7C9EB38 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
    [-] 2008-10-16 . EB75C0C66C633D0EFD0176450F8857F8 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
    [-] 2008-08-27 . 3CCDB836BBAB800FDED3181AF7EED38F . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
    [-] 2008-08-26 . 0F345A2FE55C3DC9693AAAF2E983F4AD . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
    [-] 2008-06-24 . 03F74B51CC156B0E78D998DDF0EF31C1 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
    [-] 2008-06-23 . A01EF08ACFF24D6E4987804BFD306AA4 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
    [-] 2008-04-23 . D7A36FCE62649BD7146053C5E982EBF3 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
    [-] 2008-04-23 . EBF0440323874DDF97EF0CEC2D6DC9F4 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
    [-] 2008-04-14 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
    [-] 2008-03-01 . F745B291067B273909D87D9D84857F4D . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
    [-] 2008-03-01 . F745B291067B273909D87D9D84857F4D . 3591680 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\eaa17b1d205a9fb8b12c43359acd2d18\SP2GDR\mshtml.dll
    [-] 2008-03-01 . B22EC9AE82E19818077E286FF1B82B72 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
    [-] 2008-03-01 . B22EC9AE82E19818077E286FF1B82B72 . 3593216 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\eaa17b1d205a9fb8b12c43359acd2d18\SP2QFE\mshtml.dll
    [-] 2007-12-08 . DA88BCD1CA467FE0464E896D01110E5A . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
    [-] 2007-12-08 . DA88BCD1CA467FE0464E896D01110E5A . 3592192 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\2dce20bc43d87c5ad11562143f87f0c5\SP2GDR\mshtml.dll
    [-] 2007-12-07 . 906D0EC58033A9475BF8C7F885B7ED45 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
    [-] 2007-12-07 . 906D0EC58033A9475BF8C7F885B7ED45 . 3593216 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\2dce20bc43d87c5ad11562143f87f0c5\SP2QFE\mshtml.dll
    [-] 2007-10-30 . EB4E53C96D5FB4A9A3F1EAEB782D8862 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
    [-] 2007-10-30 . 89397AFC934A509580FF089035E71DA8 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
    [-] 2007-08-20 . D9481E937D5BE0B2D5DBCD87745E925A . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
    [-] 2007-07-18 . CD3ED432FE932AFBB9AC55A57ADFE0D0 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
    [-] 2007-05-08 . B672A6772187AE5E63762A1B4EAAF2CA . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
    [-] 2007-03-23 . 0CF276F7C5D51F2BB92CCEF4A770EA30 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
    [-] 2007-02-27 . FC38B18A1AD106289BF4FEFC2670A9B5 . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
    [-] 2006-10-23 . EE542871960ACFD459F4113B1BCC6C10 . 3082240 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
    [-] 2006-10-23 . EE542871960ACFD459F4113B1BCC6C10 . 3082240 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll
    [-] 2006-10-23 . B481993BE34E673801E10F943BCEAF14 . 3076096 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
    [-] 2006-09-14 . 3A137EEC94F4553B96501484FF33EECD . 3075584 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454_0$\mshtml.dll
    [-] 2006-09-14 . DDF783ED4C24E7126E3FF25AD07CB25A . 3079680 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
    [-] 2006-07-28 . DC9A660A7E39F90903B79E893B121FC9 . 3079168 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
    [-] 2006-07-28 . FC26DA237316BE441D3322178ED4BA67 . 3075072 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
    [-] 2006-05-19 . CB53795BF0DD464BB6B72CF124E03E03 . 3073536 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
    [-] 2006-05-19 . D8952C9B9C9A9C6B480A4DFC506313D4 . 3076096 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
    [-] 2006-03-23 . E0F2B20C0DB70BC649FA10EB7405CADB . 3074560 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll
    [-] 2006-03-23 . AC77AAD0D3F9D6490F7B5F697DDAD483 . 3076608 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
    [-] 2005-11-24 . 2976260E57E506A162D8BBA87B520961 . 3013632 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
    [-] 2004-08-19 . 7CA9E0D2C4DCA6B710FD57F40E597337 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

    [-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
    [-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
    [-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . 8A52DE10680A40ECD04FA2C0FBC34190 . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
    [-] 2008-06-20 . 4138FBDEDBC6FEAD215BB4C4B102F7DE . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
    [-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
    [-] 2004-08-19 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

    [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
    [-] 2004-08-19 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

    [-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
    [-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll

    [-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [-] 2009-02-09 . 907C6FCD8D5FB812D74C204060911EA6 . 2147328 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe
    [-] 2008-08-14 . D79210549BBF09B7638E860440504299 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    [-] 2008-08-14 . E422F0930804A5D6E697E5D7DBFD9863 . 2147328 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
    [-] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-14 . B10C36956EB7A8B1586DBE3B43875280 . 2147328 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
    [-] 2007-02-28 . 8E244108562E0E452EB68DFF64CB08A9 . 2184192 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
    [-] 2007-02-28 . C7A39C47C064AE50417A944B60F37B6A . 2138112 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    [-] 2006-12-19 . 1F3FA2065E6E043A1D82A487B5DA309C . 2184064 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
    [-] 2006-12-19 . E2316621E46A445ACAFFE3D5640167DC . 2138112 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
    [-] 2005-03-02 . E75F7AA5A33479F29C636FD0890F5762 . 2137600 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

    [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
    [-] 2004-08-19 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

    [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
    [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
    [-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

    [-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
    [-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
    [-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
    [-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
    [-] 2005-07-26 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
    [-] 2003-09-22 . D3553AA5CA7CDD9BB01D72374A7069D7 . 202752 . . [5.1.2600.1243] . . c:\windows\I386\rpcss.dll

    [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
    [-] 2004-08-19 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

    [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
    [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
    [-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
    [-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
    [-] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

    [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
    [-] 2004-08-19 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

    [-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

    [-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
    [-] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

    [-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
    [-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

    [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
    [-] 2005-03-02 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

    [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
    [-] 2004-08-19 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

    [-] 2009-06-29 . 71333B8101B10CDEC4D58D949C97D3BA . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
    [-] 2009-06-29 . 9620CC3780D7279A48D3556860813587 . 827392 . . [7.00.6000.16876] . . c:\windows\system32\wininet.dll
    [-] 2009-06-29 . 9620CC3780D7279A48D3556860813587 . 827392 . . [7.00.6000.16876] . . c:\windows\system32\dllcache\wininet.dll
    [-] 2009-04-29 . 08EFECB3F17F38F23F14148D374ACBC9 . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
    [-] 2009-04-29 . 754097815B575A721AB58B1C55476805 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
    [-] 2009-03-03 . 39F71B559A97ED722F939A0EA7235323 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
    [-] 2009-03-03 . 68A2567FDD62AE7E31D8A885C5173EF9 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
    [-] 2008-12-20 . 4E192082A5FCE9EF19198A24CDEA3442 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
    [-] 2008-12-20 . 0551C946E305CEE0A79BA744DC141BFC . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
    [-] 2008-10-16 . CFBFA47415E85018E2CDC509E5E3D011 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
    [-] 2008-10-16 . 37D1A1BFE3D9904F2C3D11592456F9C0 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
    [-] 2008-08-26 . 4B0E70D44297877A313045BD059770E1 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    [-] 2008-08-26 . E30CACD98479B36A3DBFA3267BF62DD0 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
    [-] 2008-06-23 . AC0BD61DC2C64906FBFE50E005FEFA2C . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
    [-] 2008-06-23 . 52589BAE67DD9859724287372668690B . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    [-] 2008-04-23 . 78D3D2B0BE6AD3E6D82CCB115CF74310 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    [-] 2008-04-23 . 02D6AABD5F5A32C61478B5CDFE50E4A8 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
    [-] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
    [-] 2008-03-01 . 8E027981DDFFA690D456FE18B37415A0 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
    [-] 2008-03-01 . 8E027981DDFFA690D456FE18B37415A0 . 826368 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\eaa17b1d205a9fb8b12c43359acd2d18\SP2GDR\wininet.dll
    [-] 2008-03-01 . 5A0093F59B505C008ED0CEE615563C72 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    [-] 2008-03-01 . 5A0093F59B505C008ED0CEE615563C72 . 827392 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\eaa17b1d205a9fb8b12c43359acd2d18\SP2QFE\wininet.dll
    [-] 2007-12-07 . 4FC90BECE54FAC81B0090B94E27BFB6B . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
    [-] 2007-12-07 . 4FC90BECE54FAC81B0090B94E27BFB6B . 824832 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\2dce20bc43d87c5ad11562143f87f0c5\SP2GDR\wininet.dll
    [-] 2007-12-07 . F4FD487241D3AC291046A22CEBD2CF71 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    [-] 2007-12-07 . F4FD487241D3AC291046A22CEBD2CF71 . 825344 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\2dce20bc43d87c5ad11562143f87f0c5\SP2QFE\wininet.dll
    [-] 2007-10-10 . BC5119C53BDD48DABC628D448A3BDCCB . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
    [-] 2007-10-10 . 871AE10D6AE8877E9636AE5017953D52 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    [-] 2007-08-20 . 2DD1B0F579C80562EDCB8848FF7EA9F6 . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    [-] 2007-06-27 . 7201D19B81883B57D5FFE8EBB5A83E8B . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
    [-] 2007-04-25 . 47DDAD237F60729DEA2B9E0E2382B58F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
    [-] 2007-03-23 . 375B58A68A016546535A84060092325C . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
    [-] 2007-02-27 . 75DE73E328E300CAED5965FAEA2F5D3F . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
    [-] 2006-10-23 . EFA0C2870CBA1747809A13E09F35BF82 . 668672 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
    [-] 2006-10-23 . EFA0C2870CBA1747809A13E09F35BF82 . 668672 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll
    [-] 2006-10-23 . 6091FEE2B68974683D52119A98BE3564 . 663040 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB925454$\wininet.dll
    [-] 2006-09-14 . B1E994472F3574DB141266F1AA905433 . 663040 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454_0$\wininet.dll
    [-] 2006-09-14 . B8B6F05885A6F42724E8D6BFEDE6BD3F . 668672 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
    [-] 2006-06-23 . 582953780721AC5D38F98CAB229EC7B9 . 668672 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
    [-] 2006-06-23 . 4F343F414F05E81CF61B1001634FC6B7 . 663040 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
    [-] 2006-05-10 . 44FCC339191ADB8892520DFA473C455F . 667648 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
    [-] 2006-05-10 . 343FABBF09312842816E92947AACF73A . 662528 . . [6.00.2900.2904] . . c:\windows\$NtUninstallKB918899$\wininet.dll
    [-] 2006-03-04 . 241DBC4C2714B2F39AFDED49459ED420 . 667648 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
    [-] 2006-03-04 . 19E1A21F21BC938A92EE8BE630994493 . 662528 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB916281$\wininet.dll
    [-] 2005-10-21 . E41E8FDF62CF20F2E2B16D800D96EB51 . 662528 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB912812$\wininet.dll
    [-] 2004-08-19 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll

    [-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

    [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
    [-] 2004-08-19 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

    [-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2004-08-19 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

    [-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
    [-] 2004-08-19 . 75ECEFC8AB4DD9AEC9BC082D003BD90D . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    [-] 2003-09-24 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
    [-] 2003-09-24 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2003-09-24 . 1B2C477D8847E4123DD8761D2E9008F7 . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll

    [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2004-08-19 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

    [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

    [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

    [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
    [-] 2004-08-19 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

    [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [-] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

    [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2004-08-19 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

    [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
    [-] 2004-08-19 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

    [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
    [-] 2004-08-19 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

    [-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
    [-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
    [-] 2006-12-19 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
    [-] 2004-08-19 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

    [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
    [-] 2004-08-19 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

    [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
    [-] 2004-08-19 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
    [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
    [-] 2001-08-18 . 65880045C51AA36184841CEE915A61DF . 25472 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

    [-] 2003-09-20 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
    [-] 2003-09-20 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
    [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
    [-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

    [-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
    [-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
    [-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
    [-] 2003-09-20 19:08 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

    [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
    [-] 2004-08-19 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

    [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [-] 2005-01-28 06:53 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
    [-] 2005-01-28 06:53 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2004-08-19 23:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    [-] 2004-08-19 23:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

    [-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [-] 2009-02-09 . C9E530E1258352CC8689173AEFD3A3CF . 2025984 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [-] 2008-08-14 . 755B50949D0DBC0F0136B0DB58765331 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    [-] 2008-08-14 . F2DEC52ED964AD57220B1F5AA32B5C61 . 2025984 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
    [-] 2008-04-14 . 92E82482CDB39929CF7B541A9648AFAE . 2025984 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
    [-] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2007-02-28 . 7A56A64EB50399613587E90292DD2AAB . 2061440 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
    [-] 2007-02-28 . 11C942F6519575079BAA9F14AEE35E88 . 2017792 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    [-] 2006-12-19 . 8B039EFBE4C9AA23F152FFA0E238B8FA . 2061440 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
    [-] 2006-12-19 . 2F8266048EEE98D49B8E41C4C630E42A . 2017792 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
    [-] 2005-03-02 . 50B3A210B6FA8D3089A36A32E7D8B21F . 2017280 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

    [-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
    [-] 2004-08-19 23:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

    [-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
    [-] 2007-02-05 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
    [-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
    [-] 2004-08-19 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus CX3600 Series"="c:\win
    0
  8. nico3446
     
    Re,

    Voici les 3 rapports : (Pour info, les 2 fois où j'ai du redémarrer l'ordi, le worm a toujours été détecté par antivir, seulement dans les deux cas une seule fois "refuser l'accés" aura eté nécessaire)

    "Report"

    [b]SDFix: Version 1.240 [/b]
    Run by Administrateur on 01/10/2009 at 19:58

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-01 20:10:06
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    IPC error: 2 Le fichier spécifié est introuvable.
    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000003

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:49,ea,bb,f8,34,1a,bd,20,1f,7b,8d,86,34,86,e7,02,11,7d,0c,8c,6d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000002
    "hdf12"=hex:f1,38,b1,b3,89,51,4e,b0,9f,83,b6,d8,88,9e,39,e2,cb,d6,aa,5b,bf,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,56,66,8b,45,b9,0d,70,03,0a,f7,3e,20,46,42,0f,b7,18,..
    "hdf12"=hex:88,8f,31,ea,27,6c,a9,ca,db,4f,aa,74,c3,fb,67,f6,ce,31,84,49,fd,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:8e,e3,69,f0,10,e4,82,46,ce,4d,d4,9e,ce,e1,07,05,5f,d2,76,51,e1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:10,bb,9c,f8,19,dd,9e,09,be,38,30,7e,01,97,8e,ac,a3,f7,73,10,4f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:dd,62,3f,a3,b3,3a,ac,e3,99,d5,5b,7a,ee,e3,2f,a7,b3,80,35,b1,fc,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:24,5d,73,84,7a,c9,3f,7d,5d,b5,be,d7,71,bd,b0,ad,13,9f,14,67,1d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:47,15,cc,ef,cc,58,93,50,b6,bc,c5,4b,ef,28,be,62,7d,33,35,9d,71,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:49,ea,bb,f8,34,1a,bd,20,1f,7b,8d,86,34,86,e7,02,11,7d,0c,8c,6d,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000002
    "hdf12"=hex:f1,38,b1,b3,89,51,4e,b0,9f,83,b6,d8,88,9e,39,e2,cb,d6,aa,5b,bf,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,56,66,8b,45,b9,0d,70,03,0a,f7,3e,20,46,42,0f,b7,18,..
    "hdf12"=hex:88,8f,31,ea,27,6c,a9,ca,db,4f,aa,74,c3,fb,67,f6,ce,31,84,49,fd,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:8e,e3,69,f0,10,e4,82,46,ce,4d,d4,9e,ce,e1,07,05,5f,d2,76,51,e1,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:10,bb,9c,f8,19,dd,9e,09,be,38,30,7e,01,97,8e,ac,a3,f7,73,10,4f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:dd,62,3f,a3,b3,3a,ac,e3,99,d5,5b,7a,ee,e3,2f,a7,b3,80,35,b1,fc,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:24,5d,73,84,7a,c9,3f,7d,5d,b5,be,d7,71,bd,b0,ad,13,9f,14,67,1d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:47,15,cc,ef,cc,58,93,50,b6,bc,c5,4b,ef,28,be,62,7d,33,35,9d,71,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
    "C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
    "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
    "C:\\Program Files\\Eidos\\CM 03-04\\cm0304.exe"="C:\\Program Files\\Eidos\\CM 03-04\\cm0304.exe:*:Disabled:Championship Manager 03/04"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Browser"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
    "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
    "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\PeerCast\\PeerCast.exe"="C:\\Program Files\\PeerCast\\PeerCast.exe:*:Enabled:PeerCast"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Documents and Settings\\All Users\\Application Data\\PPLiveVA\\Application\\pplap.exe"="C:\\Documents and Settings\\All Users\\Application Data\\PPLiveVA\\Application\\pplap.exe:*:Enabled:pplap"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [b]Remaining Files [/b]:

    [b]Files with Hidden Attributes [/b]:

    Mon 8 Dec 2008 24 ..SH. --- "C:\WINDOWS\S8E4EAE41.tmp"
    Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
    Wed 20 Jul 2005 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
    Wed 23 Feb 2005 56 ..SHR --- "C:\WINDOWS\system32\B180D3EDC3.sys"
    Wed 23 Feb 2005 1,682 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Fri 25 Feb 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Wed 24 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Fri 25 Feb 2005 4,348 ...H. --- "C:\Documents and Settings\Propri‚taire.NOM-0OJXQHMBKUV\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Thu 13 Jul 2006 20 A..H. --- "C:\Documents and Settings\Propri‚taire.NOM-0OJXQHMBKUV\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Fri 24 Feb 2006 488 A.SH. --- "C:\Documents and Settings\Propri‚taire.NOM-0OJXQHMBKUV\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

    [b]Finished![/b]

    ----------------

    "Log"

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Propriétaire at 2009-10-01 20:18:08
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 113 GB (74%) free of 152 GB
    Total RAM: 511 MB (36% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:18:26, on 01/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Cobian Backup 9\cbService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\RSIT.exe
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Propriétaire.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://123.sogou.com/goto?v=sogou-wsse-6d2f13dfa1c6ec17
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mxl: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mya: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://212.162.68.213/rainet02/Rawflow.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O21 - SSODL: UpdateCheck - {8D03294D-F8D5-4A5B-A75A-26E2646B9B55} - C:\WINDOWS\system32\mstmdm.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Service Google Update (gupdate1c9db0669e07818) (gupdate1c9db0669e07818) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    ...
    0
  10. nico3446
     
    Rapport UsbFix

    ############################## | UsbFix V6.037 |

    User : Propriétaire (Administrateurs) # NICO
    Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 20:48:37 | 01/10/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    Intel(R) Pentium(R) 4 CPU 2.80GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
    FW : Sunbelt Personal Firewall[ (!) Disabled ]4.6.1861 T

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 148,59 Go (109,87 Go free) [PRESARIO] # NTFS
    D:\ -> Disque fixe local # 4,06 Go (4,06 Go free) [PRESARIO_RP] # FAT32
    E:\ -> Disque CD-ROM
    F:\ -> Disque CD-ROM
    G:\ -> Disque CD-ROM
    H:\ -> Disque CD-ROM
    I:\ -> Disque amovible # 960,72 Mo (796,41 Mo free) [KINGSTON] # FAT

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Cobian Backup 9\cbService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |

    ################## | Registre # Clés Run infectieuses |

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

    ################## | Registre # Mountpoints2 |

    ################## | ! Fin du rapport # UsbFix V6.037 ! |
    0
  11. nico3446
     
    Hijackthis était déjà présent sur l'ordi ;-)

    Voilà les 3 rapports :

    UsbFix


    ############################## | UsbFix V6.037 |

    User : Propriétaire (Administrateurs) # NICO
    Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 21:12:52 | 01/10/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    Intel(R) Pentium(R) 4 CPU 2.80GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
    FW : Sunbelt Personal Firewall[ Enabled ]4.6.1861 T

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 148,59 Go (109,75 Go free) [PRESARIO] # NTFS
    D:\ -> Disque fixe local # 4,06 Go (4,06 Go free) [PRESARIO_RP] # FAT32
    E:\ -> Disque CD-ROM
    F:\ -> Disque CD-ROM
    G:\ -> Disque CD-ROM
    H:\ -> Disque CD-ROM
    I:\ -> Disque amovible # 960,72 Mo (796,41 Mo free) [KINGSTON] # FAT

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Cobian Backup 9\cbService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\rundll32.exe

    ################## | Fichiers # Dossiers infectieux |

    ################## | Registre # Clés Run infectieuses |

    Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

    ################## | Registre # Mountpoints2 |

    ################## | Listing des fichiers présent |

    [08/12/2008 01:17|-rahs----|291] C:\boot.ini
    [20/09/2003 21:08|-rahs----|4952] C:\Bootfont.bin
    [20/09/2003 19:38|-r-hs----|249136] C:\cmldr
    [01/10/2009 18:52|--a------|76145] C:\ComboFix.txt
    [01/01/2003 23:11|--a------|0] C:\CONFIG.SYS
    [25/03/2005 17:54|--a------|4996] C:\data
    [30/12/2008 19:59|--a------|117] C:\finfos.txt
    [01/01/2003 23:11|-rahs----|0] C:\IO.SYS
    [01/01/2003 23:11|-rahs----|0] C:\MSDOS.SYS
    [27/02/2005 17:32|-rahs----|47564] C:\NTDETECT.COM
    [19/08/2008 10:31|-rahs----|252240] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [09/11/2008 23:36|--a------|2432] C:\rapport.txt
    [01/02/2009 22:38|--ah-----|268] C:\sqmdata00.sqm
    [01/02/2009 22:38|--ah-----|244] C:\sqmnoopt00.sqm
    [18/04/2009 19:26|--a------|510] C:\updatedatfix.log
    [01/10/2009 21:21|--a------|3422] C:\UsbFix.txt
    [03/06/2007 15:45|--a------|39479] C:\video.pass
    [27/02/2007 13:23|--a------|23552] I:\CV 2006.doc
    [23/12/2007 21:21|--a------|10705664] I:\TU2007TrialFR.exe
    [07/04/2008 16:54|--a------|73216] I:\Divers diapositives power point.ppt
    [28/04/2009 17:06|--a------|1250] I:\Certificat Floris Nicolas.crt
    [14/12/2008 15:55|--a------|22329533] I:\FullTiltSetup.exe

    ################## | Vaccination |

    # C:\autorun.inf -> Folder created by UsbFix.
    # D:\autorun.inf -> Folder created by UsbFix.
    # I:\autorun.inf -> Folder created by UsbFix.

    ################## | ! Fin du rapport # UsbFix V6.037 ! |

    -----

    OTMoveIt

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    LoadLibrary failed for C:\WINDOWS\system32\mstmdm.dll
    C:\WINDOWS\system32\mstmdm.dll NOT unregistered.
    C:\WINDOWS\system32\mstmdm.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 23250102 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 4956109 bytes

    User: Invité
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 4956109 bytes

    User: LocalService
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 16786 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 4956109 bytes

    User: Propri'taire.NOM-0OJXQHMBKUV

    User: Propriétaire.NOM-0OJXQHMBKUV

    User: Propriétaire

    User: Propriétaire.NOM-0OJXQHMBKUV
    ->Temp folder emptied: 1316 bytes
    ->Temporary Internet Files folder emptied: 49353 bytes
    ->Java cache emptied: 38577399 bytes
    ->FireFox cache emptied: 106506180 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 444254 bytes

    User: Propri‚taire.NOM-0OJXQHMBKUV

    User: Propri�taire.NOM-0OJXQHMBKUV

    User: TEMP

    User: TEMP.NICO

    User: TEMP.NICO.000

    User: TEMP.NICO.001

    User: TEMP.NICO.002

    User: TEMP.NICO.003

    User: TEMP.NICO.004

    User: TEMP.NICO.005

    User: TEMP.NICO.006

    User: TEMP.NICO.007

    User: TEMP.NICO.008

    User: TEMP.NICO.009

    User: TEMP.NICO.010

    User: TEMP.NICO.011

    User: TEMP.NICO.012

    User: TEMP.NICO.013

    User: TEMP.NICO.014

    User: TEMP.NICO.015

    User: TEMP.NICO.016

    User: TEMP.NICO.017

    User: TEMP.NICO.018

    User: TEMP.NICO.019

    User: TEMP.NICO.020

    User: TEMP.NICO.021

    User: TEMP.NICO.022

    User: TEMP.NICO.023

    User: TEMP.NICO.024

    User: TEMP.NICO.025

    User: TEMP.NICO.026

    User: TEMP.NICO.027

    User: TEMP.NICO.028
    ->Temporary Internet Files folder emptied: 134 bytes

    User: TEMP.NICO.029

    User: TEMP.NICO.030

    User: TEMP.NICO.031

    User: TEMP.NICO.032

    User: TEMP.NICO.033

    User: TEMP.NICO.034

    User: TEMP.NICO.035

    User: TEMP.NICO.036

    User: TEMP.NICO.037

    User: TEMP.NICO.038

    User: TEMP.NICO.039

    User: TEMP.NICO.040

    User: TEMP.NICO.041

    User: TEMP.NICO.042

    User: TEMP.NICO.043

    User: TEMP.NICO.044

    User: TEMP.NICO.045

    User: TEMP.NICO.046

    User: TEMP.NICO.047

    User: TEMP.NICO.048

    User: TEMP.NICO.049

    User: TEMP.NICO.050

    User: TEMP.NICO.051

    User: TEMP.NICO.052

    User: TEMP.NICO.053

    User: TEMP.NICO.054

    User: TEMP.NICO.055

    User: TEMP.NICO.056

    User: TEMP.NICO.057

    User: TEMP.NICO.058

    User: TEMP.NICO.059

    User: TEMP.NICO.060

    User: TEMP.NICO.061

    User: TEMP.NICO.062

    User: TEMP.NICO.063

    User: TEMP.NICO.064

    User: TEMP.NICO.065

    User: TEMP.NICO.066

    User: TEMP.NICO.067

    User: TEMP.NICO.068

    User: TEMP.NICO.069

    User: TEMP.NICO.070

    User: TEMP.NICO.071

    User: TEMP.NICO.072

    User: TEMP.NICO.073

    User: TEMP.NICO.074

    User: TEMP.NICO.075

    User: TEMP.NICO.076

    User: TEMP.NICO.077

    User: TEMP.NICO.078

    User: TEMP.NICO.079

    User: TEMP.NICO.080

    User: TEMP.NICO.081

    User: TEMP.NICO.082

    User: TEMP.NICO.083

    User: TEMP.NICO.084

    User: TEMP.NICO.085

    User: TEMP.NICO.086

    User: TEMP.NICO.087

    User: TEMP.NICO.088

    User: TEMP.NICO.089

    User: TEMP.NICO.090

    User: TEMP.NICO.091

    User: TEMP.NICO.092

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 24 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 255 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 175,33 mb

    OTM by OldTimer - Version 3.0.0.6 log created on 10012009_213356

    Files moved on Reboot...

    Registry entries deleted on Reboot...

    ------

    HiJackThis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:39:00, on 01/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Cobian Backup 9\cbService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Propriétaire.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avwsc.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-21-2484342758-3169409024-2133837331-1009\..\Run: [RecordNow!] (User 'postgres')
    O4 - HKUS\S-1-5-21-2484342758-3169409024-2133837331-1009\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'postgres')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mxl: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mya: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://212.162.68.213/rainet02/Rawflow.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Service Google Update (gupdate1c9db0669e07818) (gupdate1c9db0669e07818) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    pour atf cleaner prends le ici car mon lien ne fonctionne plus :

    http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    he he le lien du tuto ne fonctionne plus non plus...

    quand tu ouvres atf cleaner il s´ouvre sur l´onglet main

    click sur "select all" et décoche la case "prefect" puis click sur "empty selected"

    puis click sur l´onglet firefox (en haut) et clcik sur "select all" et décoche la case "firefox saved passwords" et click sur "empty selected"
    ...
    0
  14. nico3446
     
    Rapport de Malware

    alwarebytes' Anti-Malware 1.41
    Version de la base de données: 2887
    Windows 5.1.2600 Service Pack 3

    01/10/2009 22:11:17
    mbam-log-2009-10-01 (22-11-17).txt

    Type de recherche: Examen rapide
    Eléments examinés: 216755
    Temps écoulé: 8 minute(s), 12 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Application Data\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Application Data\Baidu\Toolbar (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Application Data\Baidu\Toolbar\Custom Buttons (Trojan.Cinmus) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Application Data\Baidu\Toolbar\Custom Buttons\custom.xml (Trojan.Cinmus) -> Quarantined and deleted successfully.
    0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    comment ça va de ton coté ?
    0
  16. nico3446
     
    ça m'a l'air d'aller : Ce qui me tracassait à l'allumage n'est plus là donc tout va bien. Par contre je croyais que c'était le seul hic dans le PC et qu'il était plus ou moins clean. Avec tout ce que tu m'as fait faire l'ordi a du se sentir Hypocondriaque =) Mais en tout cas un grand merci
    0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    Oui ton problème initial n´est plus qu´un mauvais souvenir :) et c´est vrai comme tu dis que le pc c´est senti trituré un peu dans tout les sens mais pour son bien, je pense pas qu´il nous en veuille en tout cas :)

    tu peux fixer toutes ces entrées superflues a l´aide de hijack this :

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    un petit bonus securité :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    pour supprimer les outils utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    --> https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    voila`

    bonne continuation`

    Bye`
    0
  18. nico3446
     
    Re !

    J'ai suivi ce que tu m'as dit, voici le rapport :

    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\UsbFix.txt: trouvé !
    C:\SDFIX: trouvé !
    C:\Combofix: trouvé !
    C:\Qoobox: trouvé !
    C:\_OTM: trouvé !
    C:\UsbFix: trouvé !
    C:\Rsit: trouvé !
    C:\Backups\catchme.log: trouvé !
    C:\BFU\EGDACCESS.bfu: trouvé !
    C:\BFU\Bfu.exe: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\catchme.log: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\HijackThis.exe: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\SdFix.exe: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\fsbl.exe: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\OTM.exe: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\UsbFix.exe: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\Rsit.exe: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\SmitFraudfix: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Mes documents\SmitFraudFix.zip: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Mes documents\HijackThis.exe: trouvé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Recent\HijackThis.lnk: trouvé !
    C:\Qoobox\Quarantine\catchme.log: trouvé !
    C:\SDFix\catchme.exe: trouvé !

    ---------------------------------
    --> Suppression:

    C:\BFU\EGDACCESS.bfu: supprimé !
    C:\BFU\Bfu.exe: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\HijackThis.exe: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\SdFix.exe: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\fsbl.exe: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\OTM.exe: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Mes documents\SmitFraudFix.zip: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Mes documents\HijackThis.exe: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Recent\HijackThis.lnk: supprimé !
    C:\SDFix\catchme.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\UsbFix.txt: supprimé !
    C:\Backups\catchme.log: supprimé !
    C:\Documents and Settings\Administrateur\Bureau\catchme.log: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\UsbFix.exe: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\Rsit.exe: supprimé !
    C:\Qoobox\Quarantine\catchme.log: supprimé !
    C:\SDFIX: supprimé !
    C:\Combofix: supprimé !
    C:\Qoobox: supprimé !
    C:\_OTM: supprimé !
    C:\UsbFix: supprimé !
    C:\Rsit: supprimé !
    C:\Documents and Settings\Propriétaire.NOM-0OJXQHMBKUV\Bureau\Logiciels\Sécurité\SmitFraudfix: supprimé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !
    0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    ;-)
    0