Suppression Antivir Pro 2010

Stong -  
 Stong -
Bonjour,
Je viens vous demander de l'aide car mon père a été infecté par un logiciel qui s'appelle "Antivirus pro 2010".
J'ai lu certains sujets sur le forum, mais il semble que la désinstallation de ce log soit assez complexe et demande notamment l'utilisation de logiciels relativement complexes.
Pourriez vous m'aider s'il vous plait ?
Merci
A voir également:

29 réponses

  • 1
  • 2
Réponse 1 / 29
Stong
 
Merci, voici les deux fichiers. Entre temps, j'ai consulté les réponses d'une question du même type que la mienne et ait lancé combofix...

INFO.TXT


info.txt logfile of random's system information tool 1.06 2009-10-04 22:54:01

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.6 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Client de clichés instantanés-->MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix pour Microsoft .NET Framework 2.0 (KB926776)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {BA8E6AD7-3834-4BAD-9CC2-5171E45E3C6E} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HP Color LaserJet 2820/2830/2840 2.0-->"C:\Program Files\HP\Digital Imaging\{1030DCDC-2425-407d-BEE1-13558B837FCA}\setup\hpzscr01.exe" -datfile hppscr01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
IMAPSize 0.3.6-->"C:\Program Files\IMAPSize\unins000.exe"
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LUMIX Simple Viewer-->C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x040c -removeonly
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.5.3)-->C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\uninstall\helper.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
NvMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe -runfromtemp -l0x040cPackage -removeonly
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update pour Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Trend Micro Client/Server Security Agent-->"C:\Program Files\Trend Micro\Client Server Security Agent\ntrmv.exe"
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Winmail Reader 1.1.12-->"C:\Program Files\Winmail Reader\unins000.exe"

======Hosts File======

127.0.0.1 localhost
192.168.1.12 npi8c44a3

Securitycenter WMI appears to be broken

======System event log======

Computer Name: PC-SECRETARIAT1
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 25232
Source Name: Service Control Manager
Time Written: 20090813161014.000000+120
Event Type: Informations
User: CAVESDUCHATEAU\cdc

Computer Name: PC-SECRETARIAT1
Event Code: 35
Message: Le service de temps synchronise maintenant l'heure système avec la
source de temps time.nist.gov (ntp.m|0x1|192.168.1.12:123->192.43.244.18:123).

Record Number: 25231
Source Name: W32Time
Time Written: 20090813155640.000000+120
Event Type: Informations
User:

Computer Name: PC-SECRETARIAT1
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : arrêté.

Record Number: 25230
Source Name: Service Control Manager
Time Written: 20090813151424.000000+120
Event Type: Informations
User:

Computer Name: PC-SECRETARIAT1
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution.

Record Number: 25229
Source Name: Service Control Manager
Time Written: 20090813151352.000000+120
Event Type: Informations
User:

Computer Name: PC-SECRETARIAT1
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

Record Number: 25228
Source Name: Service Control Manager
Time Written: 20090813151352.000000+120
Event Type: Informations
User: CAVESDUCHATEAU\cdc

=====Application event log=====

Computer Name: TRYITFOR-0E0AE1
Event Code: 1904
Message:
Record Number: 7916
Source Name: HHCTRL
Time Written: 20090604144736.000000+120
Event Type: Informations
User:

Computer Name: TRYITFOR-0E0AE1
Event Code: 1904
Message:
Record Number: 7915
Source Name: HHCTRL
Time Written: 20090604144736.000000+120
Event Type: Informations
User:

Computer Name: TRYITFOR-0E0AE1
Event Code: 1904
Message:
Record Number: 7914
Source Name: HHCTRL
Time Written: 20090604144736.000000+120
Event Type: Informations
User:

Computer Name: TRYITFOR-0E0AE1
Event Code: 1904
Message:
Record Number: 7913
Source Name: HHCTRL
Time Written: 20090604144736.000000+120
Event Type: Informations
User:

Computer Name: TRYITFOR-0E0AE1
Event Code: 1904
Message:
Record Number: 7912
Source Name: HHCTRL
Time Written: 20090604144736.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SBSSERVER"=server2003

-----------------EOF-----------------


LOG.TXT

Logfile of random's system information tool 1.06 (written by random/random)
Run by cdc at 2009-10-04 22:53:22
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 70 GB (69%) free of 100 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:00, on 04/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\WINDOWS\explorer.exe
\server2003\commun\désinstaller antivirus pro 2010r\RSIT.exe
C:\Program Files\trend micro\cdc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Microsoft Online Helper! - {C2A4E1E2-9183-4F26-8D6E-43FC5424E6B2} - %SystemRoot%\system32\gqcsbmzej.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://server2003/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cavesduchateau.local
O17 - HKLM\Software\..\Telephony: DomainName = cavesduchateau.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cavesduchateau.local
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ClipSrv - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Scan en temps réel Trend Micro Client/Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Pare-feu personnel Trend Micro Client/Server Security Agent (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Service proxy Trend Micro Client/Server Security Agent (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
1
Réponse 2 / 29
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Salut, commence par faire ceci pour un diagnostic complet du PC :

-+-+-+-> RSIT <-+-+-+-


[x] Télécharge Random's System Information Tool à cette adresse : http://images.malwareremoval.com/random/RSIT.exe

[x] Double clique sur " RSIT.exe ".

[x] Clique sur " Continue ".

[x] Si hijackthis n'est pas présent il sera automatiquement téléchargé et tu devras accepter la license.

[x] Une fois l'analyse finie, deux fichiers ( info.txt & log.txt ) s'ouvriront.

[x] Copie colle le contenu des deux rapports dans ton prochain message

[o] Si jamais tu as fermé les rapports sans faire attention, ils sont sous C:\rsit
0
Réponse 3 / 29
Stong
 
Alors, il y a un problème quelque part ?
0
Réponse 4 / 29
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Fais maintenant ceci :

-+-+-+-> Malwarebyte's Anti-Malware <-+-+-+-


[x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

[x] Installe le.

[x] Met le à jour.

[x] Coche bien tout les éléments trouvés et supprime les !

[x] Un tutoriel pour son utilisation est disponible ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

[x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message

--------------

Je reviens vers 18h
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 29
Stong
 
Bonjour,

Merci de m'intéresser à mon problème.
N'ayant pas eu de réponse hier soir, j'ai passé Malwarebytes 2 fois cette nuit (j'ai vu sur un autre topic que ça pouvait être utile).
Je met les deux rapports en deux messages.

PREMIER RAPPORT

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2907
Windows 5.1.2600 Service Pack 2

05/10/2009 01:42:47
mbam-log-2009-10-05 (01-42-47).txt

Type de recherche: Examen rapide
Eléments examinés: 115884
Temps écoulé: 5 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2a4e1e2-9183-4f26-8d6e-43fc5424e6b2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2a4e1e2-9183-4f26-8d6e-43fc5424e6b2} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 6 / 29
Stong
 
SECOND RAPPORT

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2907
Windows 5.1.2600 Service Pack 2

05/10/2009 01:59:29
mbam-log-2009-10-05 (01-59-29).txt

Type de recherche: Examen rapide
Eléments examinés: 115877
Temps écoulé: 4 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 7 / 29
Stong
 
Re,

Evidemment cette nuit je n'avais pas lu le tuto pour malwarebytes.
Donc je l'ai relancé en mode sans échec et j'ai fait un examen complet.
Voici le rapport :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2907
Windows 5.1.2600 Service Pack 2 (Safe Mode)

05/10/2009 15:23:26
mbam-log-2009-10-05 (15-23-26).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 291383
Temps écoulé: 39 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Documents and Settings\cdc\Application Data\lizkavd.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\frjacnwrm.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37E2C924-BC8C-428B-95FC-F695CE13D2C1}\RP91\A0040797.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37E2C924-BC8C-428B-95FC-F695CE13D2C1}\RP91\A0040801.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37E2C924-BC8C-428B-95FC-F695CE13D2C1}\RP91\A0040802.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37E2C924-BC8C-428B-95FC-F695CE13D2C1}\RP91\A0040826.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37E2C924-BC8C-428B-95FC-F695CE13D2C1}\RP91\A0040829.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37E2C924-BC8C-428B-95FC-F695CE13D2C1}\RP91\A0040852.sys (Worm.Agent) -> Quarantined and deleted successfully.


Merci à toi Xplode
0
Réponse 8 / 29
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Ok bien,

-+-+-+-> Lop S&D <-+-+-+-


[x] Télécharge Lop S&D (par Eric_71 & Angeldark) à cette adresse : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[x] /!\ Désactive les protections résidentes : Antivirus, antispywares, controleurs d'intégrité, etc... pour que l'outil puisse s'exécuter correctement.

[x] Double clique sur " LopSD.exe " ( Vista : Clique droit -> Executer en tant qu'administrateur )

[x] Choisis l'option F pour français

[x] Ensuite, Choisis l'option 1 ( Recherche )

[x] Laisse l'outil travailler

[x] Copie/Colle le contenu du rapport qui s'ouvrira et poste le dans ton prochain message.
0
Réponse 9 / 29
Stong
 
Re, voici le rapport :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : cdc ( Not Administrator ! )
BOOT : Fail-safe with network boot
C:\ (Local Disk) - NTFS - Total:97 Go (Free:67 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:134 Go (Free:103 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 05/10/2009|18:37 )

--------------------\\ Listing des dossiers dans APPLIC~1

[22/12/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B73EC431-2F59-4E5E-9CEA-001681A75E3E}
[24/10/2008|23:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{C64B6487-9111-44B8-AC48-B2B39A99239F}
[07/11/2008|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[27/12/2007|21:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Anonymizer
[21/12/2007|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[15/09/2008|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15/09/2009|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
[22/12/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dynacom
[17/07/2009|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[10/04/2008|13:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[21/12/2007|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[05/10/2009|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/09/2009|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/09/2009|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[19/09/2009|21:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla Firefox
[01/05/2008|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[21/07/2008|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[27/04/2008|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[19/09/2009|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[04/10/2009|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[24/10/2008|23:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[17/07/2009|12:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
[19/09/2009|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

[20/07/2009|16:59] C:\DOCUME~1\cdc\APPLIC~1\Adobe
[19/09/2009|17:48] C:\DOCUME~1\cdc\APPLIC~1\Apple Computer
[15/09/2009|18:04] C:\DOCUME~1\cdc\APPLIC~1\DAEMON Tools Lite
[15/09/2009|17:52] C:\DOCUME~1\cdc\APPLIC~1\Download Manager
[02/08/2009|21:42] C:\DOCUME~1\cdc\APPLIC~1\Google
[28/07/2009|10:05] C:\DOCUME~1\cdc\APPLIC~1\Help
[17/07/2009|12:18] C:\DOCUME~1\cdc\APPLIC~1\Identities
[17/07/2009|12:20] C:\DOCUME~1\cdc\APPLIC~1\InstallShield
[17/07/2009|15:43] C:\DOCUME~1\cdc\APPLIC~1\Macromedia
[25/07/2009|09:53] C:\DOCUME~1\cdc\APPLIC~1\MailWasherFree
[05/10/2009|01:31] C:\DOCUME~1\cdc\APPLIC~1\Malwarebytes
[21/09/2009|14:15] C:\DOCUME~1\cdc\APPLIC~1\Microsoft
[17/07/2009|12:40] C:\DOCUME~1\cdc\APPLIC~1\Mozilla
[30/07/2009|15:42] C:\DOCUME~1\cdc\APPLIC~1\Panasonic
[13/08/2009|09:58] C:\DOCUME~1\cdc\APPLIC~1\Real
[26/07/2009|11:29] C:\DOCUME~1\cdc\APPLIC~1\Sun
[18/09/2009|14:49] C:\DOCUME~1\cdc\APPLIC~1\TeamViewer
[17/07/2009|13:09] C:\DOCUME~1\cdc\APPLIC~1\Thunderbird
[19/09/2009|19:44] C:\DOCUME~1\cdc\APPLIC~1\Vso
[19/09/2009|19:06] C:\DOCUME~1\cdc\APPLIC~1\Windows Desktop Search
[13/08/2009|11:23] C:\DOCUME~1\cdc\APPLIC~1\WinRAR

[19/12/2007|20:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19/12/2007|20:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[27/04/2008|09:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[27/04/2008|09:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Real

[19/12/2007|20:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


[19/12/2007|20:46] C:\DOCUME~1\WTRUST~2\APPLIC~1\Microsoft

[21/12/2007|20:27] C:\DOCUME~1\WTRUST~1\APPLIC~1\Adobe
[20/12/2007|15:58] C:\DOCUME~1\WTRUST~1\APPLIC~1\Ahead
[27/12/2007|21:40] C:\DOCUME~1\WTRUST~1\APPLIC~1\Anonymizer
[15/09/2008|23:58] C:\DOCUME~1\WTRUST~1\APPLIC~1\Apple Computer
[25/09/2008|10:20] C:\DOCUME~1\WTRUST~1\APPLIC~1\ArcSoft
[01/05/2008|20:46] C:\DOCUME~1\WTRUST~1\APPLIC~1\CopyToDvd
[22/12/2008|11:41] C:\DOCUME~1\WTRUST~1\APPLIC~1\Dynacom
[25/12/2007|11:50] C:\DOCUME~1\WTRUST~1\APPLIC~1\Google
[08/05/2008|20:50] C:\DOCUME~1\WTRUST~1\APPLIC~1\Help
[15/04/2009|12:04] C:\DOCUME~1\WTRUST~1\APPLIC~1\Icone
[19/12/2007|20:55] C:\DOCUME~1\WTRUST~1\APPLIC~1\Identities
[14/08/2008|18:57] C:\DOCUME~1\WTRUST~1\APPLIC~1\InstallShield
[01/03/2008|17:58] C:\DOCUME~1\WTRUST~1\APPLIC~1\Leadertech
[20/12/2007|12:52] C:\DOCUME~1\WTRUST~1\APPLIC~1\Macromedia
[27/03/2009|23:29] C:\DOCUME~1\WTRUST~1\APPLIC~1\Microsoft
[23/06/2008|22:37] C:\DOCUME~1\WTRUST~1\APPLIC~1\Mozilla
[01/05/2008|19:21] C:\DOCUME~1\WTRUST~1\APPLIC~1\Nero
[06/01/2009|12:45] C:\DOCUME~1\WTRUST~1\APPLIC~1\OpenOffice.org2
[14/08/2008|19:06] C:\DOCUME~1\WTRUST~1\APPLIC~1\Panasonic
[09/03/2008|13:09] C:\DOCUME~1\WTRUST~1\APPLIC~1\Real
[21/12/2007|15:28] C:\DOCUME~1\WTRUST~1\APPLIC~1\SPAMfighter
[21/12/2007|03:09] C:\DOCUME~1\WTRUST~1\APPLIC~1\Sun
[29/04/2008|10:09] C:\DOCUME~1\WTRUST~1\APPLIC~1\Thunderbird
[25/09/2008|10:32] C:\DOCUME~1\WTRUST~1\APPLIC~1\Vso
[28/12/2007|15:26] C:\DOCUME~1\WTRUST~1\APPLIC~1\WinRAR
[15/01/2008|23:11] C:\DOCUME~1\WTRUST~1\APPLIC~1\XnView

[17/07/2009|12:16] C:\DOCUME~1\__SBS_~1\APPLIC~1\Identities
[17/07/2009|12:15] C:\DOCUME~1\__SBS_~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[02/08/2009 21:39][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[19/12/2007 20:56][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[07/11/2008|10:10] C:\Program Files\Adobe
[19/09/2009|17:59] C:\Program Files\Ahead
[11/09/2009|16:19] C:\Program Files\AlerteGPS
[05/10/2009|02:40] C:\Program Files\Alex Feinman
[20/12/2007|16:05] C:\Program Files\Alwil Software
[11/04/2009|10:46] C:\Program Files\ArcSoft
[17/07/2009|10:24] C:\Program Files\a-squared Free
[15/09/2008|23:54] C:\Program Files\Bonjour
[18/01/2009|19:44] C:\Program Files\CCleaner
[19/12/2007|20:45] C:\Program Files\ComPlus Applications
[15/09/2009|21:15] C:\Program Files\DAEMON Tools Lite
[15/09/2009|18:02] C:\Program Files\DAEMON Tools Toolbar
[22/12/2008|11:45] C:\Program Files\Dynacom Technologies, Inc
[04/10/2009|19:31] C:\Program Files\Enigma Software Group
[05/10/2009|00:51] C:\Program Files\Fichiers communs
[19/09/2009|19:44] C:\Program Files\Foxit Software
[02/08/2009|21:42] C:\Program Files\Google
[05/10/2009|02:59] C:\Program Files\Hewlett-Packard
[27/04/2008|23:44] C:\Program Files\HiJackThis
[05/10/2009|02:55] C:\Program Files\HP
[17/07/2009|10:30] C:\Program Files\IMAPSize
[11/09/2009|16:20] C:\Program Files\InstallShield Installation Information
[07/04/2008|18:38] C:\Program Files\Internet Explorer
[04/11/2008|21:16] C:\Program Files\Investintech.com Inc
[26/08/2009|09:02] C:\Program Files\Java
[05/10/2009|02:02] C:\Program Files\JkDefrag
[05/10/2009|01:31] C:\Program Files\Malwarebytes' Anti-Malware
[19/09/2009|18:29] C:\Program Files\Microsoft Office
[20/12/2007|15:18] C:\Program Files\Microsoft Visual Studio
[19/09/2009|18:24] C:\Program Files\Microsoft Visual Studio 8
[17/07/2009|12:13] C:\Program Files\Microsoft Windows Small Business Server
[19/09/2009|19:00] C:\Program Files\Microsoft Works
[19/09/2009|18:27] C:\Program Files\Microsoft.NET
[05/10/2009|16:17] C:\Program Files\Mozilla Firefox
[19/09/2009|17:50] C:\Program Files\Mozilla Thunderbird
[19/09/2009|18:30] C:\Program Files\MSBuild
[22/01/2008|20:51] C:\Program Files\MSECache
[01/05/2008|20:29] C:\Program Files\Nero
[01/05/2008|19:22] C:\Program Files\NeroInstall.bak
[21/07/2008|16:35] C:\Program Files\NOS
[20/12/2007|15:22] C:\Program Files\Notepad++
[20/12/2007|14:51] C:\Program Files\NVIDIA Corporation
[19/09/2009|17:58] C:\Program Files\OpenOffice.org 2.3
[19/12/2007|20:45] C:\Program Files\Outlook Express
[19/12/2007|20:45] C:\Program Files\Paint.NET
[14/08/2008|19:00] C:\Program Files\Panasonic
[18/09/2009|12:27] C:\Program Files\PDFCreator
[21/12/2007|03:50] C:\Program Files\PowerQuest
[22/12/2008|11:29] C:\Program Files\Progitek
[15/09/2008|23:54] C:\Program Files\QuickTime
[01/03/2008|17:59] C:\Program Files\Real
[17/07/2009|16:33] C:\Program Files\RealVNC
[17/07/2009|10:22] C:\Program Files\Spybot - Search & Destroy
[20/12/2007|13:51] C:\Program Files\SystemRequirementsLab
[19/12/2007|20:55] C:\Program Files\Taskix
[05/10/2009|01:31] C:\Program Files\TeamViewer
[04/10/2009|23:40] C:\Program Files\Trend Micro
[19/09/2009|17:55] C:\Program Files\TUGZip
[19/12/2007|20:55] C:\Program Files\Uninstall Information
[20/08/2009|15:41] C:\Program Files\Universal
[20/08/2009|15:41] C:\Program Files\VersalSoft
[19/09/2009|19:44] C:\Program Files\Virtual Earth 3D
[19/09/2009|19:44] C:\Program Files\VSO
[19/09/2009|19:05] C:\Program Files\Windows Desktop Search
[19/12/2007|20:46] C:\Program Files\Windows Media Player
[19/12/2007|20:45] C:\Program Files\Windows Trust
[21/12/2007|03:05] C:\Program Files\WinRAR
[04/10/2009|23:33] C:\Program Files\xerox
[05/10/2009|02:59] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[07/11/2008|10:10] C:\Program Files\Fichiers communs\Adobe
[19/09/2009|17:59] C:\Program Files\Fichiers communs\Ahead
[10/09/2009|16:27] C:\Program Files\Fichiers communs\Apple
[11/04/2009|10:46] C:\Program Files\Fichiers communs\ArcSoft
[19/09/2009|18:29] C:\Program Files\Fichiers communs\DESIGNER
[21/12/2007|11:54] C:\Program Files\Fichiers communs\Hewlett-Packard
[05/10/2009|02:55] C:\Program Files\Fichiers communs\HP
[20/12/2007|14:51] C:\Program Files\Fichiers communs\InstallShield
[21/12/2007|03:09] C:\Program Files\Fichiers communs\Java
[19/09/2009|19:00] C:\Program Files\Fichiers communs\Microsoft Shared
[19/12/2007|20:45] C:\Program Files\Fichiers communs\MSSoap
[01/05/2008|20:29] C:\Program Files\Fichiers communs\Nero
[20/12/2007|14:51] C:\Program Files\Fichiers communs\NVIDIA Shared
[19/12/2007|21:43] C:\Program Files\Fichiers communs\ODBC
[12/04/2009|22:15] C:\Program Files\Fichiers communs\Real
[19/12/2007|20:46] C:\Program Files\Fichiers communs\Services
[21/12/2007|11:48] C:\Program Files\Fichiers communs\SWF Studio
[08/03/2009|11:57] C:\Program Files\Fichiers communs\Symantec Shared
[19/09/2009|18:23] C:\Program Files\Fichiers communs\System
[12/04/2009|22:15] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 15 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 18:38:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:190][D:5]-> C:\DOCUME~1\cdc\LOCALS~1\Temp
[F:5][D:0]-> C:\DOCUME~1\cdc\Cookies
[F:32][D:4]-> C:\DOCUME~1\cdc\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 05/10/2009|18:38 - Option : [1]

--------------------\\ Fin du rapport a 18:38:45
0
Réponse 10 / 29
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Ok parfait,

-+-+-+-+-> ComboFix <-+-+-+-


[x] Télécharge ComboFIX ( de sUBs ) à cette adresse : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[x] /!\ Fermez toutes les fenêtres de programme ouvertes /!\

[x] /!\ Désactivez toutes les protections résidentes ( Antivirus, Pare-Feu, AntiSpyware ) /!\

[x] Double clique sur " Combofix.exe "

[x] Suis les indications qui sont données à l'écran, à un moment tu auras un message te demandant d'installer la console de récupération, fais le

[x] Combofix va maintenant déconnecter ton PC d'internet

[x] Pendant le scan, ne touche à rien ( souris, clavier )

[x] A la fin du scan, le rapport s'ouvrira automatiquement, copie/colle le dans ton prochain message.

[o] Nb : Si jamais il ne s'ouvrait pas, il se trouve sous C:\Combofix.txt
0
Réponse 11 / 29
Stong
 
Dis moi, ça pose un problème si je le fais en mode sans échec ?
0
Réponse 12 / 29
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Non, pas de soucis.
0
Trying2 Messages postés 7751 Statut Contributeur sécurité 234
 
Hello,

Je me permet:

Cela aurait été bien d'avoir le rapport de Combofix qui a été précédemment exécuté (Hier soir).
0
Réponse 13 / 29
Stong
 
Voici le rapport combofix. J'ai eu deux messages d'erreur pendant la manip, mais ca n'a pas stoppé le programme.


ComboFix 09-10-04.01 - cdc 05/10/2009 18:59.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.803 [GMT 2:00]
Lancé depuis: \\server2003\commun\Vir\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-05 au 2009-10-05 ))))))))))))))))))))))))))))))))))))
.

2009-10-05 16:37 . 2009-10-05 16:38 -------- d-----w- C:\Lop SD
2009-10-05 00:59 . 2005-02-03 17:31 32768 ----a-w- c:\windows\system32\compJNI.dll
2009-10-05 00:59 . 2003-06-20 17:21 36864 ----a-w- c:\windows\system32\hpbmmjno.dll
2009-10-05 00:59 . 2004-08-20 13:02 102400 ----a-w- c:\windows\system32\PMLJNI.dll
2009-10-05 00:59 . 2004-05-10 20:11 40960 ----a-w- c:\windows\system32\d4channel.dll
2009-10-05 00:59 . 2003-06-16 21:52 74752 ----a-w- c:\windows\system32\jst.dll
2009-10-05 00:54 . 2009-10-05 00:55 -------- d-----w- c:\program files\Fichiers communs\HP
2009-10-05 00:49 . 2009-10-05 01:48 54452 ----a-w- c:\windows\hppins01.dat
2009-10-05 00:49 . 2005-04-08 16:52 2392 ------w- c:\windows\hppmdl01.dat
2009-10-05 00:40 . 2009-10-05 00:40 -------- d-----w- c:\program files\Alex Feinman
2009-10-05 00:38 . 2008-05-02 09:05 62592 ------w- c:\windows\system32\dllcache\cdrom.sys
2009-10-05 00:38 . 2008-05-02 13:31 466432 ------w- c:\windows\system32\imapi2fs.dll
2009-10-05 00:38 . 2008-05-02 13:31 466432 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2009-10-05 00:38 . 2008-05-02 13:31 320000 ------w- c:\windows\system32\imapi2.dll
2009-10-05 00:38 . 2008-05-02 13:31 320000 ------w- c:\windows\system32\dllcache\imapi2.dll
2009-10-05 00:37 . 2009-09-28 06:49 781864 ----a-w- C:\WindowsXP-KB932716-v2-x86-FRA.exe
2009-10-05 00:02 . 2008-09-02 13:49 253952 ----a-w- c:\windows\system32\JkDefragScreenSaver.exe
2009-10-05 00:02 . 2008-09-02 13:49 106496 ----a-w- c:\windows\system32\JkDefragScreenSaver.scr
2009-10-05 00:01 . 2009-10-05 00:02 -------- d-----w- c:\program files\JkDefrag
2009-10-04 23:31 . 2009-10-04 23:31 -------- d-----w- c:\documents and settings\cdc\Application Data\Malwarebytes
2009-10-04 23:31 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 23:31 . 2009-10-04 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 23:31 . 2009-10-04 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-04 23:31 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 23:00 . 2009-10-04 23:00 -------- d-----w- c:\windows\system32\NtmsData
2009-10-04 21:40 . 2009-10-04 21:40 -------- d-----w- C:\rsit
2009-10-04 21:33 . 2009-10-04 21:33 -------- d-----w- c:\windows\system32\wbem\snmp
2009-10-04 10:26 . 2009-10-04 10:26 19254 ----a-w- c:\documents and settings\cdc\Local Settings\Application Data\jebomo.dat
2009-09-21 09:01 . 2009-10-05 00:55 -------- d-----w- c:\program files\HP
2009-09-19 17:06 . 2009-09-19 17:06 -------- d-----w- c:\documents and settings\cdc\Application Data\Windows Desktop Search
2009-09-19 17:05 . 2009-09-28 13:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-09-19 17:05 . 2009-09-19 17:05 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-19 17:04 . 2009-10-05 00:51 -------- d-----w- c:\windows\system32\DllCache
2009-09-19 17:04 . 2008-03-07 16:56 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-09-19 17:04 . 2008-03-07 16:56 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-09-19 17:04 . 2008-03-07 16:56 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-09-19 17:04 . 2009-10-05 00:38 -------- d--h--w- c:\windows\$hf_mig$
2009-09-19 16:30 . 2009-09-19 17:00 -------- d-----w- c:\program files\Microsoft Works
2009-09-19 16:30 . 2009-09-19 16:30 -------- d-----w- c:\program files\MSBuild
2009-09-19 16:27 . 2009-09-19 16:27 -------- d-----w- c:\program files\Microsoft.NET
2009-09-19 16:24 . 2009-09-19 16:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-19 16:23 . 2009-09-19 16:24 -------- d-----w- c:\windows\SHELLNEW
2009-09-19 16:23 . 2009-09-19 16:23 -------- d-----w- c:\documents and settings\cdc\Local Settings\Application Data\Microsoft Help
2009-09-19 16:23 . 2009-09-30 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-19 16:22 . 2009-09-19 16:22 -------- d-----r- C:\MSOCache
2009-09-19 16:09 . 2009-09-19 17:44 -------- d-----w- c:\documents and settings\cdc\Application Data\Vso
2009-09-19 15:48 . 2009-09-19 15:48 -------- d-----w- c:\documents and settings\cdc\Application Data\Apple Computer
2009-09-18 12:49 . 2009-09-18 12:49 -------- d-----w- c:\documents and settings\cdc\Application Data\TeamViewer
2009-09-18 12:49 . 2009-10-04 23:31 -------- d-----w- c:\program files\TeamViewer
2009-09-18 12:49 . 2009-09-18 12:49 -------- d-----w- c:\documents and settings\cdc\temp
2009-09-18 10:26 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-09-18 10:26 . 2009-09-18 10:27 -------- d-----w- c:\program files\PDFCreator
2009-09-18 10:26 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-09-15 16:02 . 2009-09-15 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-15 16:02 . 2009-09-15 16:02 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-15 16:02 . 2009-09-15 19:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-15 16:00 . 2009-09-15 16:00 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-15 16:00 . 2009-09-15 16:04 -------- d-----w- c:\documents and settings\cdc\Application Data\DAEMON Tools Lite
2009-09-15 15:52 . 2009-09-15 15:52 -------- d-----w- c:\documents and settings\cdc\Application Data\Download Manager
2009-09-15 15:43 . 2009-09-15 15:43 -------- d-----w- c:\documents and settings\cdc\Local Settings\Application Data\Ahead
2009-09-15 14:50 . 2009-09-19 15:59 -------- d-----w- c:\program files\Ahead
2009-09-11 14:20 . 2003-07-16 12:27 43264 ------w- c:\windows\system32\drivers\ser2pl.sys
2009-09-11 14:19 . 2009-09-11 14:19 -------- d-----w- c:\program files\AlerteGPS
2009-09-10 14:27 . 2009-09-10 14:27 -------- d-----w- c:\documents and settings\cdc\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 14:40 . 2009-07-17 10:23 451546 ----a-w- c:\windows\system32\perfh040.dat
2009-10-05 14:40 . 2009-07-17 10:23 69480 ----a-w- c:\windows\system32\perfc040.dat
2009-10-05 00:59 . 2007-12-21 09:54 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-05 00:59 . 2007-12-21 09:57 -------- d--h--w- c:\program files\Zero G Registry
2009-10-04 21:40 . 2009-07-17 10:22 -------- d-----w- c:\program files\Trend Micro
2009-10-04 17:42 . 2007-12-21 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-04 17:31 . 2009-03-08 09:36 -------- d-----w- c:\program files\Enigma Software Group
2009-10-02 06:52 . 2002-08-30 12:00 85326 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-02 06:52 . 2002-08-30 12:00 496038 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-20 07:46 . 2009-07-18 07:53 83296 ----a-w- c:\documents and settings\cdc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 19:05 . 2009-07-22 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Mozilla Firefox
2009-09-19 17:46 . 2008-11-09 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Skyline
2009-09-19 17:46 . 2008-01-26 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-19 17:44 . 2008-05-01 18:36 -------- d-----w- c:\program files\VSO
2009-09-19 17:44 . 2009-09-19 17:44 47360 ----a-w- c:\documents and settings\cdc\Application Data\pcouffin.sys
2009-09-19 17:44 . 2008-07-28 19:40 -------- d-----w- c:\program files\Foxit Software
2009-09-19 17:44 . 2009-03-27 21:29 -------- d-----w- c:\program files\Virtual Earth 3D
2009-09-19 15:59 . 2007-12-20 13:57 -------- d-----w- c:\program files\Fichiers communs\Ahead
2009-09-19 15:58 . 2007-12-26 20:18 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-09-19 15:55 . 2007-12-19 18:55 -------- d-----w- c:\program files\TUGZip
2009-09-19 15:50 . 2008-04-29 08:09 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-11 14:20 . 2007-12-20 11:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 14:27 . 2008-09-15 21:53 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-08-26 07:02 . 2007-12-21 01:09 -------- d-----w- c:\program files\Java
2009-08-20 13:41 . 2009-08-20 13:41 -------- d-----w- c:\program files\VersalSoft
2009-08-20 13:41 . 2009-08-20 13:41 -------- d-----w- c:\program files\Universal
2009-07-25 03:23 . 2008-12-16 21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 19:28 . 2009-07-20 19:28 126 ----a-w- c:\documents and settings\cdc\Local Settings\Application Data\fusioncache.dat
2009-07-17 14:05 . 2009-07-17 13:50 77 ----a-w- C:\sauvegarde.cmd
.

((((((((((((((((((((((((((((( SnapShot@2009-10-04_20.36.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-16 21:39 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll
+ 2002-08-30 12:00 . 2009-10-05 14:40 57262 c:\windows\system32\perfc009.dat
+ 2004-08-03 20:59 . 2008-05-02 09:05 62592 c:\windows\system32\drivers\cdrom.sys
+ 2009-10-05 00:59 . 2009-10-05 00:59 84992 c:\windows\Installer\c20d7.msi
+ 2009-10-05 00:55 . 2009-10-05 00:55 45056 c:\windows\Installer\{64FC0C98-B035-4530-B15D-3D30610B6DF1}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
- 2009-09-21 09:06 . 2009-09-21 09:06 45056 c:\windows\Installer\{64FC0C98-B035-4530-B15D-3D30610B6DF1}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
+ 2009-10-05 00:57 . 2009-10-05 00:57 40960 c:\windows\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
- 2009-09-21 09:08 . 2009-09-21 09:08 40960 c:\windows\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2009-10-05 00:38 . 2008-05-02 09:05 62592 c:\windows\Driver Cache\i386\cdrom.sys
+ 2009-10-05 00:54 . 2009-10-05 00:54 90112 c:\windows\assembly\GAC\LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\LTRASTERVIEWLib.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 90112 c:\windows\assembly\GAC\LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\LTRASTERVIEWLib.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 40960 c:\windows\assembly\GAC\LTRASTERLib\1.0.0.0__a53cf5803f4c3827\LTRASTERLib.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 40960 c:\windows\assembly\GAC\LTRASTERLib\1.0.0.0__a53cf5803f4c3827\LTRASTERLib.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 73728 c:\windows\assembly\GAC\LTRASTERIOLib\1.0.0.0__a53cf5803f4c3827\LTRASTERIOLib.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 73728 c:\windows\assembly\GAC\LTRASTERIOLib\1.0.0.0__a53cf5803f4c3827\LTRASTERIOLib.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 77824 c:\windows\assembly\GAC\LEAD\13.0.0.89__9cf889f53ea9b907\LEAD.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 77824 c:\windows\assembly\GAC\LEAD\13.0.0.89__9cf889f53ea9b907\LEAD.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 40960 c:\windows\assembly\GAC\LEAD.Windows.Forms\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 40960 c:\windows\assembly\GAC\LEAD.Windows.Forms\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 69632 c:\windows\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.DrawingContainer.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 69632 c:\windows\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.DrawingContainer.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 86016 c:\windows\assembly\GAC\LEAD.Drawing\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 86016 c:\windows\assembly\GAC\LEAD.Drawing\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 90112 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.ImageProcessing.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 90112 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.ImageProcessing.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 81920 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.Codecs.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 81920 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.Codecs.dll
- 2009-09-21 09:07 . 2009-09-21 09:07 18944 c:\windows\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\Interop.MsHtmHst.dll
+ 2009-10-05 00:55 . 2009-10-05 00:55 18944 c:\windows\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\Interop.MsHtmHst.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 90112 c:\windows\assembly\GAC\Interop.LTANNLib\1.0.0.0__a53cf5803f4c3827\Interop.LTANNLib.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 90112 c:\windows\assembly\GAC\Interop.LTANNLib\1.0.0.0__a53cf5803f4c3827\Interop.LTANNLib.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 10240 c:\windows\assembly\GAC\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 10240 c:\windows\assembly\GAC\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 28672 c:\windows\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\Interop.hpqdstcp.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 28672 c:\windows\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\Interop.hpqdstcp.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 36864 c:\windows\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 36864 c:\windows\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 15872 c:\windows\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\interop.hpodxmlutil.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 15872 c:\windows\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\interop.hpodxmlutil.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 13312 c:\windows\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\interop.hpodvid.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 13312 c:\windows\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\interop.hpodvid.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 13312 c:\windows\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\interop.hpodtrk.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 13312 c:\windows\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\interop.hpodtrk.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 12800 c:\windows\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv_md.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 12800 c:\windows\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv_md.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 15360 c:\windows\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\interop.hpodmmc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 15360 c:\windows\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\interop.hpodmmc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 10240 c:\windows\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\Interop.hpodev08.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 10240 c:\windows\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\Interop.hpodev08.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 94208 c:\windows\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\Interop.hpodeb08.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 94208 c:\windows\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\Interop.hpodeb08.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 12800 c:\windows\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\interop.hpodaud.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 12800 c:\windows\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\interop.hpodaud.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 53248 c:\windows\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\interop.hpodai.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 53248 c:\windows\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\interop.hpodai.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 24576 c:\windows\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\interop.hpodae.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 24576 c:\windows\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\interop.hpodae.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 98304 c:\windows\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\Interop.hpocxi08.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 98304 c:\windows\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\Interop.hpocxi08.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 36864 c:\windows\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\Interop.hpdarc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 36864 c:\windows\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\Interop.hpdarc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 73728 c:\windows\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 73728 c:\windows\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 81920 c:\windows\assembly\GAC\hpqtray.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqtray.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 81920 c:\windows\assembly\GAC\hpqtray.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqtray.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 45056 c:\windows\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 45056 c:\windows\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 28672 c:\windows\assembly\GAC\hpqthrsc\3.0.0.0__a53cf5803f4c3827\hpqthrsc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 28672 c:\windows\assembly\GAC\hpqthrsc\3.0.0.0__a53cf5803f4c3827\hpqthrsc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 77824 c:\windows\assembly\GAC\hpqshfop\3.0.0.0__a53cf5803f4c3827\hpqshfop.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 77824 c:\windows\assembly\GAC\hpqshfop\3.0.0.0__a53cf5803f4c3827\hpqshfop.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 45056 c:\windows\assembly\GAC\hpqshfop.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqshfop.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 45056 c:\windows\assembly\GAC\hpqshfop.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqshfop.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 61440 c:\windows\assembly\GAC\hpqptint\3.0.0.0__a53cf5803f4c3827\hpqptint.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 61440 c:\windows\assembly\GAC\hpqptint\3.0.0.0__a53cf5803f4c3827\hpqptint.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 16384 c:\windows\assembly\GAC\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 16384 c:\windows\assembly\GAC\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 81920 c:\windows\assembly\GAC\hpqprutl.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqprutl.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 81920 c:\windows\assembly\GAC\hpqprutl.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqprutl.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 53248 c:\windows\assembly\GAC\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 53248 c:\windows\assembly\GAC\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 12800 c:\windows\assembly\GAC\hpqprrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqprrsc.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 12800 c:\windows\assembly\GAC\hpqprrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqprrsc.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 94208 c:\windows\assembly\GAC\hpqprjfx.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqprjfx.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 94208 c:\windows\assembly\GAC\hpqprjfx.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqprjfx.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 20480 c:\windows\assembly\GAC\hpqprif\3.0.0.0__a53cf5803f4c3827\hpqprif.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 20480 c:\windows\assembly\GAC\hpqprif\3.0.0.0__a53cf5803f4c3827\hpqprif.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 12288 c:\windows\assembly\GAC\hpqpel10.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqpel10.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 12288 c:\windows\assembly\GAC\hpqpel10.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqpel10.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 73728 c:\windows\assembly\GAC\hpqpanop.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqpanop.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 73728 c:\windows\assembly\GAC\hpqpanop.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqpanop.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 57344 c:\windows\assembly\GAC\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 57344 c:\windows\assembly\GAC\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 16384 c:\windows\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\hpqmyint.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 16384 c:\windows\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\hpqmyint.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 36864 c:\windows\assembly\GAC\hpqmpvad\3.0.0.0__a53cf5803f4c3827\hpqmpvad.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 36864 c:\windows\assembly\GAC\hpqmpvad\3.0.0.0__a53cf5803f4c3827\hpqmpvad.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 65536 c:\windows\assembly\GAC\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 65536 c:\windows\assembly\GAC\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 20480 c:\windows\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\hpqltutl.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 20480 c:\windows\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\hpqltutl.dll
+ 2009-10-05 00:55 . 2009-10-05 00:55 32768 c:\windows\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
- 2009-09-21 09:07 . 2009-09-21 09:07 32768 c:\windows\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
+ 2009-10-05 00:55 . 2009-10-05 00:55 28672 c:\windows\assembly\GAC\hpqisrtb.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqisrtb.resources.dll
- 2009-09-21 09:07 . 2009-09-21 09:07 28672 c:\windows\assembly\GAC\hpqisrtb.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqisrtb.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 49152 c:\windows\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 49152 c:\windows\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 12800 c:\windows\assembly\GAC\hpqimgrc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqimgrc.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 12800 c:\windows\assembly\GAC\hpqimgrc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqimgrc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 16384 c:\windows\assembly\GAC\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 16384 c:\windows\assembly\GAC\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 40960 c:\windows\assembly\GAC\hpqgtpin.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqgtpin.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 40960 c:\windows\assembly\GAC\hpqgtpin.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqgtpin.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 73728 c:\windows\assembly\GAC\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 73728 c:\windows\assembly\GAC\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 11264 c:\windows\assembly\GAC\hpqgprsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqgprsc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 11264 c:\windows\assembly\GAC\hpqgprsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqgprsc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 65536 c:\windows\assembly\GAC\hpqglutl\3.0.0.0__a53cf5803f4c3827\hpqglutl.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 65536 c:\windows\assembly\GAC\hpqglutl\3.0.0.0__a53cf5803f4c3827\hpqglutl.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 32768 c:\windows\assembly\GAC\hpqglutl.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqglutl.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 32768 c:\windows\assembly\GAC\hpqglutl.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqglutl.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 57344 c:\windows\assembly\GAC\hpqgldlg.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqgldlg.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 57344 c:\windows\assembly\GAC\hpqgldlg.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqgldlg.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 28672 c:\windows\assembly\GAC\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 28672 c:\windows\assembly\GAC\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 24576 c:\windows\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\hpqedppi.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 24576 c:\windows\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\hpqedppi.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 24576 c:\windows\assembly\GAC\hpqeal\3.0.0.0__a53cf5803f4c3827\hpqeal.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 24576 c:\windows\assembly\GAC\hpqeal\3.0.0.0__a53cf5803f4c3827\hpqeal.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 98304 c:\windows\assembly\GAC\hpqdocpt\3.0.0.0__a53cf5803f4c3827\hpqdocpt.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 98304 c:\windows\assembly\GAC\hpqdocpt\3.0.0.0__a53cf5803f4c3827\hpqdocpt.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 15360 c:\windows\assembly\GAC\hpqdocpt.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqdocpt.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 15360 c:\windows\assembly\GAC\hpqdocpt.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqdocpt.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 36864 c:\windows\assembly\GAC\hpqdcrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqdcrsc.resources.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 36864 c:\windows\assembly\GAC\hpqdcrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqdcrsc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 94208 c:\windows\assembly\GAC\hpqdcprf\3.0.0.0__a53cf5803f4c3827\hpqdcprf.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 94208 c:\windows\assembly\GAC\hpqdcprf\3.0.0.0__a53cf5803f4c3827\hpqdcprf.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 49152 c:\windows\assembly\GAC\hpqdcprf.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqdcprf.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 49152 c:\windows\assembly\GAC\hpqdcprf.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqdcprf.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 32768 c:\windows\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 32768 c:\windows\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 32768 c:\windows\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\hpqcpint.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 32768 c:\windows\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\hpqcpint.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 94208 c:\windows\assembly\GAC\hpqcmctl.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcmctl.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 94208 c:\windows\assembly\GAC\hpqcmctl.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcmctl.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 24576 c:\windows\assembly\GAC\hpqcalrsc\3.0.0.0__a53cf5803f4c3827\hpqcalrsc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 24576 c:\windows\assembly\GAC\hpqcalrsc\3.0.0.0__a53cf5803f4c3827\hpqcalrsc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 81920 c:\windows\assembly\GAC\hpqcalp.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcalp.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 81920 c:\windows\assembly\GAC\hpqcalp.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcalp.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 24576 c:\windows\assembly\GAC\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 24576 c:\windows\assembly\GAC\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 28672 c:\windows\assembly\GAC\hpqalb\3.0.0.0__a53cf5803f4c3827\hpqalb.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 28672 c:\windows\assembly\GAC\hpqalb\3.0.0.0__a53cf5803f4c3827\hpqalb.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 28672 c:\windows\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\HPODMmcLib.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 28672 c:\windows\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\HPODMmcLib.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 31744 c:\windows\assembly\GAC\hplMosaicNet\1.3.1.0__0d5444959b41355f\hplMosaicNet.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 31744 c:\windows\assembly\GAC\hplMosaicNet\1.3.1.0__0d5444959b41355f\hplMosaicNet.dll
+ 2009-10-05 00:55 . 2009-10-05 00:55 45056 c:\windows\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\AxInterop.SHDocVw.dll
- 2009-09-21 09:07 . 2009-09-21 09:07 45056 c:\windows\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\AxInterop.SHDocVw.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 77824 c:\windows\assembly\GAC\AxInterop.LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\AxInterop.LTRASTERVIEWLib.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 77824 c:\windows\assembly\GAC\AxInterop.LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\AxInterop.LTRASTERVIEWLib.dll
+ 2007-12-21 09:53 . 2001-08-23 15:20 6912 c:\windows\system32\DllCache\serscan.sys
- 2009-09-21 09:05 . 2009-09-21 09:05 3072 c:\windows\assembly\GAC\policy.13.0.LEAD\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 3072 c:\windows\assembly\GAC\policy.13.0.LEAD\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Wrapper.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Wrapper.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.DrawingContainer.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.DrawingContainer.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.CommonDialogs.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.CommonDialogs.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.Codecs.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.Codecs.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 4096 c:\windows\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\Interop.hprblog.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 4096 c:\windows\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\Interop.hprblog.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 7680 c:\windows\assembly\GAC\Interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\Interop.hpqvideo.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 7680 c:\windows\assembly\GAC\Interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\Interop.hpqvideo.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 5632 c:\windows\assembly\GAC\interop.hpqcldat\1.0.0.0__a53cf5803f4c3827\interop.hpqcldat.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 5632 c:\windows\assembly\GAC\interop.hpqcldat\1.0.0.0__a53cf5803f4c3827\interop.hpqcldat.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 4608 c:\windows\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\interop.hpodprint2.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 4608 c:\windows\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\interop.hpodprint2.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 7680 c:\windows\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 7680 c:\windows\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 6656 c:\windows\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\interop.hpodmp.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 6656 c:\windows\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\interop.hpodmp.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 3584 c:\windows\assembly\GAC\hpqthrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqthrsc.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 3584 c:\windows\assembly\GAC\hpqthrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqthrsc.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 7168 c:\windows\assembly\GAC\hpqptint.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqptint.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 7168 c:\windows\assembly\GAC\hpqptint.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqptint.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 9728 c:\windows\assembly\GAC\hpqmdmr.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqmdmr.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 9728 c:\windows\assembly\GAC\hpqmdmr.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqmdmr.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 7168 c:\windows\assembly\GAC\hpqfmrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqfmrsc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 7168 c:\windows\assembly\GAC\hpqfmrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqfmrsc.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 7680 c:\windows\assembly\GAC\hpqcprsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcprsc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 7680 c:\windows\assembly\GAC\hpqcprsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcprsc.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 4096 c:\windows\assembly\GAC\hpqcalrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcalrsc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 4096 c:\windows\assembly\GAC\hpqcalrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcalrsc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 8704 c:\windows\assembly\GAC\hpqactiv.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqactiv.resources.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 8704 c:\windows\assembly\GAC\hpqactiv.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqactiv.resources.dll
+ 2002-08-30 12:00 . 2009-10-05 14:40 385468 c:\windows\system32\perfh009.dat
+ 2009-10-05 00:57 . 2009-10-05 00:57 123904 c:\windows\Installer\c20d1.msi
+ 2009-10-05 00:57 . 2009-10-05 00:57 255488 c:\windows\Installer\c20ca.msi
+ 2009-10-05 00:57 . 2009-10-05 00:57 149504 c:\windows\Installer\c20c4.msi
+ 2009-10-05 00:56 . 2009-10-05 00:56 323072 c:\windows\Installer\c206d.msi
+ 2009-10-05 00:55 . 2009-10-05 00:55 514048 c:\windows\Installer\c2067.msi
+ 2009-10-05 00:55 . 2009-10-05 00:55 197120 c:\windows\Installer\c1fac.msi
+ 2009-10-05 00:55 . 2009-10-05 00:55 204288 c:\windows\Installer\c1fa5.msi
+ 2009-10-05 00:55 . 2009-10-05 00:55 568832 c:\windows\Installer\c1f9f.msi
+ 2009-10-05 00:55 . 2009-10-05 00:55 363008 c:\windows\Installer\c1f98.msi
+ 2009-10-05 00:55 . 2009-10-05 00:55 390656 c:\windows\Installer\c1f92.msi
+ 2009-10-05 00:54 . 2009-10-05 00:54 970240 c:\windows\Installer\c1f64.msi
+ 2009-10-05 00:53 . 2009-10-05 00:53 268800 c:\windows\Installer\c1e9e.msi
+ 2009-10-05 00:53 . 2009-10-05 00:53 269824 c:\windows\Installer\c1e88.msi
+ 2009-10-05 00:53 . 2009-10-05 00:53 188928 c:\windows\Installer\c1e82.msi
+ 2009-10-05 00:53 . 2009-10-05 00:53 289792 c:\windows\Installer\c1e7c.msi
+ 2009-10-05 00:53 . 2009-10-05 00:53 349184 c:\windows\Installer\c1e75.msi
+ 2009-10-05 00:53 . 2009-10-05 00:53 476672 c:\windows\Installer\c1e6f.msi
+ 2009-10-05 00:52 . 2009-10-05 00:52 337920 c:\windows\Installer\c1e69.msi
+ 2009-10-05 00:52 . 2009-10-05 00:52 364032 c:\windows\Installer\c1e63.msi
+ 2009-10-05 00:52 . 2009-10-05 00:52 293376 c:\windows\Installer\c1e5d.msi
+ 2009-10-05 00:52 . 2009-10-05 00:52 284672 c:\windows\Installer\c1e56.msi
+ 2009-10-05 00:52 . 2009-10-05 00:52 185856 c:\windows\Installer\c1e50.msi
+ 2009-10-05 00:40 . 2009-10-05 00:40 318464 c:\windows\Installer\1c236.msi
+ 2009-10-05 00:54 . 2009-10-05 00:54 430080 c:\windows\assembly\GAC\LEAD.Wrapper\13.0.0.89__9cf889f53ea9b907\LEAD.Wrapper.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 430080 c:\windows\assembly\GAC\LEAD.Wrapper\13.0.0.89__9cf889f53ea9b907\LEAD.Wrapper.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 106496 c:\windows\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.CommonDialogs.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 106496 c:\windows\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.CommonDialogs.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 102400 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.Twain.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 102400 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.Twain.dll
+ 2009-10-05 00:55 . 2009-10-05 00:55 126976 c:\windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\Interop.SHDocVw.dll
- 2009-09-21 09:07 . 2009-09-21 09:07 126976 c:\windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\Interop.SHDocVw.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 172032 c:\windows\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\Interop.hpodio08.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 172032 c:\windows\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\Interop.hpodio08.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 163840 c:\windows\assembly\GAC\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 163840 c:\windows\assembly\GAC\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 229376 c:\windows\assembly\GAC\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 229376 c:\windows\assembly\GAC\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 286720 c:\windows\assembly\GAC\hpqptfx.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqptfx.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 286720 c:\windows\assembly\GAC\hpqptfx.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqptfx.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 294912 c:\windows\assembly\GAC\hpqprutl\3.0.0.0__a53cf5803f4c3827\hpqprutl.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 294912 c:\windows\assembly\GAC\hpqprutl\3.0.0.0__a53cf5803f4c3827\hpqprutl.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 307200 c:\windows\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\hpqprjfx.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 307200 c:\windows\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\hpqprjfx.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 131072 c:\windows\assembly\GAC\hpqpel10\3.0.0.0__a53cf5803f4c3827\hpqpel10.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 131072 c:\windows\assembly\GAC\hpqpel10\3.0.0.0__a53cf5803f4c3827\hpqpel10.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 172032 c:\windows\assembly\GAC\hpqpdmdl\3.0.0.0__a53cf5803f4c3827\hpqpdmdl.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 172032 c:\windows\assembly\GAC\hpqpdmdl\3.0.0.0__a53cf5803f4c3827\hpqpdmdl.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 364544 c:\windows\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\hpqpanop.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 364544 c:\windows\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\hpqpanop.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 651264 c:\windows\assembly\GAC\hpqmydoc\3.0.0.0__a53cf5803f4c3827\hpqmydoc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 651264 c:\windows\assembly\GAC\hpqmydoc\3.0.0.0__a53cf5803f4c3827\hpqmydoc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 258048 c:\windows\assembly\GAC\hpqmydoc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqmydoc.resources.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 258048 c:\windows\assembly\GAC\hpqmydoc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqmydoc.resources.dll
- 2009-09-21 09:07 . 2009-09-21 09:07 229376 c:\windows\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\hpqistab.dll
+ 2009-10-05 00:55 . 2009-10-05 00:55 229376 c:\windows\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\hpqistab.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 167936 c:\windows\assembly\GAC\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 167936 c:\windows\assembly\GAC\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 798720 c:\windows\assembly\GAC\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 798720 c:\windows\assembly\GAC\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 225280 c:\windows\assembly\GAC\hpqietpz.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqietpz.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 225280 c:\windows\assembly\GAC\hpqietpz.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqietpz.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 151552 c:\windows\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\hpqgtpin.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 151552 c:\windows\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\hpqgtpin.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 110592 c:\windows\assembly\GAC\hpqgprsc\3.0.0.0__a53cf5803f4c3827\hpqgprsc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 110592 c:\windows\assembly\GAC\hpqgprsc\3.0.0.0__a53cf5803f4c3827\hpqgprsc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 126976 c:\windows\assembly\GAC\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 126976 c:\windows\assembly\GAC\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 278528 c:\windows\assembly\GAC\hpqdocvw\3.0.0.0__a53cf5803f4c3827\hpqdocvw.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 278528 c:\windows\assembly\GAC\hpqdocvw\3.0.0.0__a53cf5803f4c3827\hpqdocvw.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 106496 c:\windows\assembly\GAC\hpqdocvw.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqdocvw.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 106496 c:\windows\assembly\GAC\hpqdocvw.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqdocvw.resources.dll
- 2009-09-21 09:06 . 2009-09-21 09:06 147456 c:\windows\assembly\GAC\hpqdcrsc\3.0.0.0__a53cf5803f4c3827\hpqdcrsc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 147456 c:\windows\assembly\GAC\hpqdcrsc\3.0.0.0__a53cf5803f4c3827\hpqdcrsc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 475136 c:\windows\assembly\GAC\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 475136 c:\windows\assembly\GAC\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 196608 c:\windows\assembly\GAC\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 196608 c:\windows\assembly\GAC\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 184320 c:\windows\assembly\GAC\hpqccrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqccrsc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 184320 c:\windows\assembly\GAC\hpqccrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqccrsc.resources.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 237568 c:\windows\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\hpqcalp.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 237568 c:\windows\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\hpqcalp.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 131072 c:\windows\assembly\GAC\hpqactiv\3.0.0.0__a53cf5803f4c3827\hpqactiv.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 131072 c:\windows\assembly\GAC\hpqactiv\3.0.0.0__a53cf5803f4c3827\hpqactiv.dll
- 2009-09-21 09:05 . 2009-09-21 09:05 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2009-10-05 00:55 . 2009-10-05 00:55 1067520 c:\windows\Installer\c2048.msi
+ 2009-10-05 00:54 . 2009-10-05 00:54 1166848 c:\windows\Installer\c1eb2.msi
- 2009-09-21 09:05 . 2009-09-21 09:05 1044480 c:\windows\assembly\GAC\hpqptfx\3.0.0.0__a53cf5803f4c3827\hpqptfx.dll
+ 2009-10-05 00:54 . 2009-10-05 00:54 1044480 c:\windows\assembly\GAC\hpqptfx\3.0.0.0__a53cf5803f4c3827\hpqptfx.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2009-06-03 935208]
"OE"="c:\program files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe" [2009-05-20 492808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-19 138240]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"HideRunAsVerb"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AlerteGPS\\G200NEO\\G200_V1_2.exe"=
"\\\\server2003\\commun\\Logiciels, abonnements\\Imprimante HP 2840 - Driver, software (plus rapide que par le CD)\\setup\\HPZnet01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12345:TCP"= 12345:TCP:Trend Micro Client/Server Security Agent Listener

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [19/12/2007 21:42 16640]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [10/03/2009 23:05 335376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [17/07/2009 12:24 50192]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [22/05/2009 03:02 225296]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [22/05/2009 03:00 36368]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [25/01/2008 15:40 85520]
S3 TmPfw;Pare-feu personnel Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [16/07/2009 13:12 497008]
S3 TmProxy;Service proxy Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [16/07/2009 13:12 685320]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/08/2009 21:39 133104]

[COLOR=RED]NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents/COLOR
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
WmdmPmSN
wuauserv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contenu du dossier 'Tâches planifiées'

2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-02 19:39]
.
.
------- Examen supplémentaire -------
.
uStart Page = fr.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\cdc\Application Data\Mozilla\Firefox\Profiles\mq0uw7cq.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 19:02
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\nvappfilter.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\nvappfilter.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(1484)
c:\windows\system32\COMRes.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\SETUPAPI.dll
.
Heure de fin: 2009-10-05 19:04
ComboFix-quarantined-files.txt 2009-10-05 17:04
ComboFix2.txt 2009-10-04 20:37

Avant-CF: 72 610 103 296 octets libres
Après-CF: 72 612 126 720 octets libres

570
0
Réponse 14 / 29
Stong
 
Voici le rapport COmboFix d'hier soir :


ComboFix 09-10-04.01 - cdc 04/10/2009 22:30.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.576 [GMT 2:00]
Lancé depuis: \\server2003\commun\désinstaller antivirus pro 2010r\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\obol.exe
c:\documents and settings\All Users\Documents\irytyzypas._dl
c:\documents and settings\All Users\Documents\oveme.exe
c:\documents and settings\All Users\Documents\tynum.scr
c:\documents and settings\cdc\Application Data\akug.dll
c:\documents and settings\cdc\Application Data\frame8K11.cab
c:\documents and settings\cdc\Application Data\inst.exe
c:\documents and settings\cdc\Application Data\isujijaho.inf
c:\documents and settings\cdc\Application Data\lizkavd.exe
c:\documents and settings\cdc\Application Data\netusej22.cab
c:\documents and settings\cdc\Application Data\seres.exe
c:\documents and settings\cdc\Application Data\svcst.exe
c:\documents and settings\cdc\Cookies\azimufukuv._dl
c:\documents and settings\cdc\Cookies\hile.dl
c:\documents and settings\cdc\Cookies\qezowimaby.dl
c:\documents and settings\cdc\Cookies\riseweco.bin
c:\documents and settings\cdc\Cookies\uvohyjogel.exe
c:\windows\Installer\4878d.msi
c:\windows\lagylowe.dl
c:\windows\system32\frjacnwrm.dll
c:\windows\system32\sys.dat
c:\windows\system32\vuzifelu.scr
c:\windows\yhiwibyg._dl

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-04 au 2009-10-04 ))))))))))))))))))))))))))))))))))))
.

2009-10-04 10:26 . 2009-10-04 10:26 19254 ----a-w- c:\documents and settings\cdc\Local Settings\Application Data\jebomo.dat
2009-09-21 09:10 . 2005-02-03 17:31 32768 ----a-w- c:\windows\system32\compJNI.dll
2009-09-21 09:10 . 2004-08-20 13:02 102400 ----a-w- c:\windows\system32\PMLJNI.dll
2009-09-21 09:10 . 2004-05-10 20:11 40960 ----a-w- c:\windows\system32\d4channel.dll
2009-09-21 09:10 . 2003-06-20 17:21 36864 ----a-w- c:\windows\system32\hpbmmjno.dll
2009-09-21 09:10 . 2003-06-16 21:52 74752 ----a-w- c:\windows\system32\jst.dll
2009-09-21 09:05 . 2009-09-21 09:07 -------- d-----w- c:\program files\Fichiers communs\HP
2009-09-21 09:01 . 2009-09-21 09:06 -------- d-----w- c:\program files\HP
2009-09-21 09:00 . 2009-09-21 09:13 54452 ----a-w- c:\windows\hppins01.dat
2009-09-21 09:00 . 2005-04-08 16:52 2392 ------w- c:\windows\hppmdl01.dat
2009-09-19 17:06 . 2009-09-19 17:06 -------- d-----w- c:\documents and settings\cdc\Application Data\Windows Desktop Search
2009-09-19 17:05 . 2009-09-28 13:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-09-19 17:05 . 2009-09-19 17:05 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-19 17:04 . 2009-09-19 17:04 -------- d-----w- c:\windows\system32\DllCache
2009-09-19 17:04 . 2008-03-07 16:56 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-09-19 17:04 . 2008-03-07 16:56 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-09-19 17:04 . 2008-03-07 16:56 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-09-19 17:04 . 2009-09-19 17:04 -------- d--h--w- c:\windows\$hf_mig$
2009-09-19 16:30 . 2009-09-19 17:00 -------- d-----w- c:\program files\Microsoft Works
2009-09-19 16:30 . 2009-09-19 16:30 -------- d-----w- c:\program files\MSBuild
2009-09-19 16:27 . 2009-09-19 16:27 -------- d-----w- c:\program files\Microsoft.NET
2009-09-19 16:24 . 2009-09-19 16:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-19 16:23 . 2009-09-19 16:24 -------- d-----w- c:\windows\SHELLNEW
2009-09-19 16:23 . 2009-09-19 16:23 -------- d-----w- c:\documents and settings\cdc\Local Settings\Application Data\Microsoft Help
2009-09-19 16:23 . 2009-09-30 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-19 16:22 . 2009-09-19 16:22 -------- d-----r- C:\MSOCache
2009-09-19 16:09 . 2009-09-19 17:44 -------- d-----w- c:\documents and settings\cdc\Application Data\Vso
2009-09-19 15:48 . 2009-09-19 15:48 -------- d-----w- c:\documents and settings\cdc\Application Data\Apple Computer
2009-09-18 12:49 . 2009-09-18 12:49 -------- d-----w- c:\documents and settings\cdc\Application Data\TeamViewer
2009-09-18 12:49 . 2009-09-18 12:49 -------- d-----w- c:\program files\TeamViewer
2009-09-18 12:49 . 2009-09-18 12:49 -------- d-----w- c:\documents and settings\cdc\temp
2009-09-18 10:26 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-09-18 10:26 . 2009-09-18 10:27 -------- d-----w- c:\program files\PDFCreator
2009-09-18 10:26 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-09-15 16:02 . 2009-09-15 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-15 16:02 . 2009-09-15 16:02 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-15 16:02 . 2009-09-15 19:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-15 16:00 . 2009-09-15 16:00 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-15 16:00 . 2009-09-15 16:04 -------- d-----w- c:\documents and settings\cdc\Application Data\DAEMON Tools Lite
2009-09-15 15:52 . 2009-09-15 15:52 -------- d-----w- c:\documents and settings\cdc\Application Data\Download Manager
2009-09-15 15:43 . 2009-09-15 15:43 -------- d-----w- c:\documents and settings\cdc\Local Settings\Application Data\Ahead
2009-09-15 14:50 . 2009-09-19 15:59 -------- d-----w- c:\program files\Ahead
2009-09-11 14:20 . 2003-07-16 12:27 43264 ------w- c:\windows\system32\drivers\ser2pl.sys
2009-09-11 14:19 . 2009-09-11 14:19 -------- d-----w- c:\program files\AlerteGPS
2009-09-10 14:27 . 2009-09-10 14:27 -------- d-----w- c:\documents and settings\cdc\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 17:42 . 2007-12-21 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-04 17:31 . 2009-03-08 09:36 -------- d-----w- c:\program files\Enigma Software Group
2009-10-02 06:52 . 2002-08-30 12:00 85326 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-02 06:52 . 2002-08-30 12:00 496038 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-02 06:52 . 2009-07-17 10:23 69480 ----a-w- c:\windows\system32\perfc040.dat
2009-10-02 06:52 . 2009-07-17 10:23 451546 ----a-w- c:\windows\system32\perfh040.dat
2009-09-21 09:10 . 2007-12-21 09:54 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-21 09:10 . 2007-12-21 09:57 -------- d--h--w- c:\program files\Zero G Registry
2009-09-20 07:46 . 2009-07-18 07:53 83296 ----a-w- c:\documents and settings\cdc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 19:05 . 2009-07-22 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Mozilla Firefox
2009-09-19 17:46 . 2008-11-09 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Skyline
2009-09-19 17:46 . 2008-01-26 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-19 17:44 . 2008-05-01 18:36 -------- d-----w- c:\program files\VSO
2009-09-19 17:44 . 2009-09-19 17:44 47360 ----a-w- c:\documents and settings\cdc\Application Data\pcouffin.sys
2009-09-19 17:44 . 2008-07-28 19:40 -------- d-----w- c:\program files\Foxit Software
2009-09-19 17:44 . 2009-03-27 21:29 -------- d-----w- c:\program files\Virtual Earth 3D
2009-09-19 15:59 . 2007-12-20 13:57 -------- d-----w- c:\program files\Fichiers communs\Ahead
2009-09-19 15:58 . 2007-12-26 20:18 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-09-19 15:55 . 2007-12-19 18:55 -------- d-----w- c:\program files\TUGZip
2009-09-19 15:50 . 2008-04-29 08:09 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-11 14:20 . 2007-12-20 11:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 14:27 . 2008-09-15 21:53 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-08-26 07:02 . 2007-12-21 01:09 -------- d-----w- c:\program files\Java
2009-08-20 13:41 . 2009-08-20 13:41 -------- d-----w- c:\program files\VersalSoft
2009-08-20 13:41 . 2009-08-20 13:41 -------- d-----w- c:\program files\Universal
2009-07-25 03:23 . 2008-12-16 21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 19:28 . 2009-07-20 19:28 126 ----a-w- c:\documents and settings\cdc\Local Settings\Application Data\fusioncache.dat
2009-07-17 14:05 . 2009-07-17 13:50 77 ----a-w- C:\sauvegarde.cmd
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A4E1E2-9183-4F26-8D6E-43FC5424E6B2}]
2007-08-15 20:42 283648 ----a-w- c:\windows\system32\gqcsbmzej.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2009-06-03 935208]
"OE"="c:\program files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe" [2009-05-20 492808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-19 138240]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"HideRunAsVerb"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AlerteGPS\\G200NEO\\G200_V1_2.exe"=
"\\\\server2003\\commun\\Logiciels, abonnements\\Imprimante HP 2840 - Driver, software (plus rapide que par le CD)\\setup\\HPZnet01.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12345:TCP"= 12345:TCP:Trend Micro Client/Server Security Agent Listener

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [19/12/2007 21:42 16640]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [17/07/2009 12:24 50192]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [22/05/2009 03:02 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [22/05/2009 03:00 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [10/03/2009 23:05 335376]
R3 TmPfw;Pare-feu personnel Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [16/07/2009 13:12 497008]
R3 TmProxy;Service proxy Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [16/07/2009 13:12 685320]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [25/01/2008 15:40 85520]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/08/2009 21:39 133104]

[COLOR=RED]NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents/COLOR
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
WmdmPmSN
wuauserv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contenu du dossier 'Tâches planifiées'

2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-02 19:39]
.
.
------- Examen supplémentaire -------
.
uStart Page = fr.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\cdc\Application Data\Mozilla\Firefox\Profiles\mq0uw7cq.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-mserv - c:\documents and settings\cdc\Application Data\svcst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 22:36
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\nvappfilter.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\setupapi.dll
c:\windows\system32\nvappfilter.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\COMRes.dll
.
Heure de fin: 2009-10-04 22:37
ComboFix-quarantined-files.txt 2009-10-04 20:37

Avant-CF: 72 934 318 080 octets libres
Après-CF: 72 957 177 856 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /noexecute=optin

283
0
Réponse 15 / 29
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Ok, relance un scan malwarebyte's en mode rapide puis poste le rapport.

---------------

-+-+-+-> List & Kill'em <-+-+-+-


[x] Désactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

[x] Télécharge List&Kill'em à cette adresse : http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.exe

[x] Enregistre le sur ton bureau

[x] Double clique dessus (clique droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan.

[x] Choisis la langue puis choisis l'option 1 = Mode Recherche

[x] Laisse l'outil scanner.

[x] Le rapport s'affichera une fois le scan fini.

[x] Copie/Colle son contenu puis poste le dans ton prochain message.
0
Réponse 16 / 29
Stong
 
Re,
Voici le rapport malwarebytes en mode rapide :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2907
Windows 5.1.2600 Service Pack 2 (Safe Mode)

05/10/2009 20:56:20
mbam-log-2009-10-05 (20-56-20).txt

Type de recherche: Examen rapide
Eléments examinés: 116299
Temps écoulé: 2 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 17 / 29
Stong
 
Et voici le rapport List'em :

List'em by g3n-h@ckm@n 1.0.3.5

updated on 01.10.2009 ::::: 11.30

Windows_NT

Microsoft Windows XP [version 5.1.2600]


05/10/2009 20:57:02,10


Nom de l'image PIDÿ Nom de la sessio Num‚ro d Utilisation
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 16 Ko
System 4 Console 0 212 Ko
smss.exe 524 Console 0 392 Ko
csrss.exe 668 Console 0 3ÿ404 Ko
winlogon.exe 708 Console 0 2ÿ292 Ko
services.exe 840 Console 0 3ÿ244 Ko
lsass.exe 852 Console 0 2ÿ112 Ko
svchost.exe 1056 Console 0 5ÿ760 Ko
svchost.exe 1144 Console 0 3ÿ480 Ko
svchost.exe 1200 Console 0 13ÿ956 Ko
svchost.exe 1300 Console 0 3ÿ852 Ko
explorer.exe 1780 Console 0 20ÿ312 Ko
List_Killem.exe 1936 Console 0 4ÿ640 Ko
cmd.exe 1828 Console 0 1ÿ800 Ko
tasklist.exe 460 Console 0 4ÿ140 Ko
wmiprvse.exe 560 Console 0 5ÿ556 Ko

Path : C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Program Files\DAEMON Tools Toolbar"
C:\Documents and Settings\cdc\LOCAL Settings\Temp\applnch.exe

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}"

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

BATCHRUNNER.EXE-01635E31.pf
BATCHRUNNER.EXE-05203FBF.pf
BATCHRUNNER.EXE-05889CFA.pf
CMD.EXE-087B4001.pf
DEVCON.EXE-3189D4D7.pf
IE4UINIT.EXE-169A5A39.pf
IEUDINIT.EXE-054FE003.pf
LCLOCK.EXE-01097107.pf
LOGAGENT.EXE-027AF92B.pf
MSCORSVW.EXE-1BF30400.pf
MSHTA.EXE-331DF029.pf
NTOSBOOT-B00DFAAD.pf
REG.EXE-0D2A95F7.pf
REGEDIT.EXE-1B606482.pf
REGSVR32.EXE-25EEFE2F.pf
RESCHANGE.EXE-0D0B0E88.pf
RUNDLL32.EXE-163D5AA8.pf
RUNDLL32.EXE-19573350.pf
RUNDLL32.EXE-1A32BF91.pf
RUNDLL32.EXE-286A7F8C.pf
RUNDLL32.EXE-2AF77CC9.pf
RUNDLL32.EXE-49F747DB.pf
RUNDLL32.EXE-4A9161EE.pf
SETUP50.EXE-362FF7C9.pf
SHMGRATE.EXE-1BA69E68.pf
SHUTDOWN.EXE-12DAD820.pf
SLEEP.EXE-2C1008B8.pf
SVCHOST.EXE-3530F672.pf
TASKIX32.EXE-07C982B1.pf
TASKKILL.EXE-0A8306E3.pf
TRANSBAR.EXE-1D7E823D.pf
UNREGMP2.EXE-07CACB61.pf
VERCLSID.EXE-3667BD89.pf
VISUALTASKTIPS.EXE-1785BFC8.pf
VSDRV.EXE-0103E326.pf
WGACRACK.EXE-312375C5.pf
WLCLOCK.EXE-00E1B431.pf
WMIADAP.EXE-2DF425B2.pf
WMIPRVSE.EXE-28F301A9.pf
WPIUNSPYRO.EXE-04E913E4.pf
WPIUNTXT.EXE-0A2B8373.pf
WTLCLOCKPLUGIN.EXE-11E76CFB.pf
WTRANSBAR.EXE-029A26F4.pf
WTTASKIX.EXE-020CEAD1.pf
WTTASKIXPLUGIN.EXE-3058D906.pf
WTTRANSBARPLUGIN.EXE-1A148C33.pf
WTTUGPLUGIN.EXE-3803BBB5.pf
WTUG.EXE-26E437F1.pf
WTVISTADRIVESTATUSPLUGIN.EXE-3A3926C6.pf
WTVISUALTASKTIPSPLUGIN.EXE-04E69296.pf
WVISTADRIVE.EXE-29AF76C6.pf
WVISUALTASKTIPS.EXE-373AAAF8.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 18 / 29
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
-+-+-+-> List & Kill'em ( Suppression ) <-+-+-+-


[x] Redémarre en Mode Sans Echec

[x] Relance List&Kill'em mais cette fois-ci choisis l'option 2 = Mode Destruction.

[x] Laisse l'outil travailler.

[x] Après les verifications , un rapport va s'ouvrir.

[x] ferme-le.

[x] Un deuxieme rapport va s'ouvrir, copie/colle son contenu et poste le dans ton prochain message.


---------------------

-+-+-+-> RSIT <-+-+-+-


[x] Télécharge Random's System Information Tool à cette adresse : http://images.malwareremoval.com/random/RSIT.exe

[x] Double clique sur " RSIT.exe ".

[x] Clique sur " Continue ".

[x] Si hijackthis n'est pas présent il sera automatiquement téléchargé et tu devras accepter la license.

[x] Une fois l'analyse finie, deux fichiers ( info.txt & log.txt ) s'ouvriront.

[x] Copie colle le contenu des deux rapports dans ton prochain message

[o] Si jamais tu as fermé les rapports sans faire attention, ils sont sous C:\rsit
0
Réponse 19 / 29
Stong
 
Re,
Voici le rapport Kill'em :

Kill'em by g3n-h@ckm@n 1.0.3.5

updated on 01.10.2009 ::::: 11.30

Windows_NT

Microsoft Windows XP [version 5.1.2600]


05/10/2009 21:40:40,07

Fichiers analysés :
=================


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Program Files\DAEMON Tools Toolbar"
C:\Documents and Settings\cdc\LOCAL Settings\Temp\applnch.exe


¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

Quarantaine :

applnch.exe.Kill'em
DAEMON Tools Toolbar.Kill'em

¤¤¤¤¤¤¤¤¤¤ Verification :



Path : C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :


¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}"

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

NTOSBOOT-B00DFAAD.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 20 / 29
Stong
 
Lorsque je lance RSIT.exe, je n'obtiens qu'un seul fichier (log). Je ne sais pas pourquoi je n'ai pas l'autre.
Voici le log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by cdc at 2009-10-05 21:49:17
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 69 GB (69%) free of 100 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:19, on 05/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
\server2003\commun\Vir\RSIT.exe
C:\Program Files\trend micro\cdc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://server2003/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cavesduchateau.local
O17 - HKLM\Software\..\Telephony: DomainName = cavesduchateau.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cavesduchateau.local
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ClipSrv - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Scan en temps réel Trend Micro Client/Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Pare-feu personnel Trend Micro Client/Server Security Agent (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Service proxy Trend Micro Client/Server Security Agent (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
0

Discussions similaires

Mode d'utilisation de la caméra V380 en français
delacree -
Gigi -

14 réponses