Rapport Hijackthis
Résolu
nathan69
Messages postés
32
Statut
Membre
-
nathan69 Messages postés 32 Statut Membre -
nathan69 Messages postés 32 Statut Membre -
Bonjour,
j'ai depuis 2 jours nombres d'infections, j'aurais voulu votre avis sur ce rapport hijackthis.
Merci d'avance pour votre réponse.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:08, on 10/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\nathan\Desktop\hijackthis-2.0.2.exe
C:\Users\nathan\AppData\Local\Temp\hijackthis-2.0.2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {912c54ac-bf85-4ed3-971d-9c6949e0d0d2} - hunupave.dll
O2 - BHO: (no name) - {ec40f728-c51b-4bc0-97be-aa94f6a74bdc} - hunupave.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [luguvajoho] Rundll32.exe "dagetowa.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B71C8511-1CFE-4D45-9B97-EF62BDEE479B}: NameServer = 89.2.0.1,89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{B71C8511-1CFE-4D45-9B97-EF62BDEE479B}: NameServer = 89.2.0.1,89.2.0.2
O20 - AppInit_DLLs: dagetowa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
j'ai depuis 2 jours nombres d'infections, j'aurais voulu votre avis sur ce rapport hijackthis.
Merci d'avance pour votre réponse.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:08, on 10/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\nathan\Desktop\hijackthis-2.0.2.exe
C:\Users\nathan\AppData\Local\Temp\hijackthis-2.0.2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {912c54ac-bf85-4ed3-971d-9c6949e0d0d2} - hunupave.dll
O2 - BHO: (no name) - {ec40f728-c51b-4bc0-97be-aa94f6a74bdc} - hunupave.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [luguvajoho] Rundll32.exe "dagetowa.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B71C8511-1CFE-4D45-9B97-EF62BDEE479B}: NameServer = 89.2.0.1,89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{B71C8511-1CFE-4D45-9B97-EF62BDEE479B}: NameServer = 89.2.0.1,89.2.0.2
O20 - AppInit_DLLs: dagetowa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
A voir également:
- Rapport Hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport erreur windows - Guide
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant ✓ - Forum Excel
- Excel 2010 - TCD - message d'erreur - Forum Excel
54 réponses
L'outil n'est plus en téléchargement acuellemnt.
Il faut que j'analyse les différents rapports.
réponse à venir.
A+
Il faut que j'analyse les différents rapports.
réponse à venir.
A+
j'ai reussi à le trouver sur megaupload voici le rapport:
ComboFix 09-08-10.06 - nathan 10/11/2009 23:11.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1829 [GMT 1:00]
Running from: c:\users\nathan\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
The following files were disabled during the run:
c:\windows\system32\dagetowa.dll
((((((((((((((((((((((((( Files Created from 2009-10-10 to 2009-11-10 )))))))))))))))))))))))))))))))
.
2009-11-10 21:43 . 2009-11-10 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 20:54 . 2009-11-10 20:54 -------- d-----w- C:\rsit
2009-11-10 20:22 . 2009-11-10 20:38 -------- d-----w- c:\program files\Ad-Remover
2009-11-10 19:55 . 2009-11-10 20:06 -------- d-----w- C:\ToolBar SD
2009-11-10 19:36 . 2009-11-10 19:36 680 ----a-w- c:\users\nathan\AppData\Local\d3d9caps.dat
2009-11-10 19:06 . 2009-11-10 19:06 -------- d-----w- c:\program files\CCleaner
2009-11-10 18:45 . 2009-11-10 18:45 -------- d-----w- c:\program files\SIW
2009-11-10 15:10 . 2009-11-10 21:01 52224 ----a-w- c:\windows\system32\eu.exe
2009-11-10 14:43 . 2009-11-10 14:43 -------- d-----w- c:\users\nathan\AppData\Roaming\Media Player Classic
2009-11-09 21:35 . 2009-11-09 21:35 -------- d-----w- c:\windows\system32\PPLive
2009-11-09 20:58 . 2009-11-10 16:46 -------- d-----w- c:\users\nathan\AppData\Roaming\vlc
2009-11-09 20:52 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-09 20:52 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-09 20:52 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-09 20:52 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-11-09 20:52 . 2009-10-27 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-09 20:52 . 2009-11-09 20:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-09 15:23 . 2009-11-09 15:47 -------- d-----w- c:\program files\VirtualDub
2009-11-08 23:25 . 2009-11-10 20:54 -------- d-----w- c:\program files\Trend Micro
2009-11-08 22:47 . 2009-11-10 19:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-08 22:47 . 2009-11-09 06:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 22:44 . 2009-11-10 15:21 -------- d-----w- c:\users\nathan\.housecall6.6
2009-11-08 13:05 . 2009-11-08 13:05 -------- d-----w- c:\users\nathan\AppData\Roaming\Malwarebytes
2009-11-08 13:05 . 2009-11-08 13:05 -------- d-----w- c:\programdata\Malwarebytes
2009-11-08 11:45 . 2009-11-08 11:45 -------- d-----w- c:\windows\Sun
2009-11-07 18:45 . 2009-11-08 12:31 -------- d-----w- c:\users\nathan\AppData\Roaming\SPORE
2009-11-07 18:23 . 2009-11-07 18:23 -------- d--h--r- c:\users\nathan\AppData\Roaming\SecuROM
2009-11-07 18:23 . 2009-11-07 18:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-07 18:00 . 2009-11-07 18:35 -------- d-----w- c:\program files\Electronic Arts
2009-11-07 18:00 . 2009-11-07 18:29 -------- d-----w- c:\programdata\Electronic Arts
2009-11-06 10:27 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-06 10:27 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-06 10:27 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-06 10:27 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-06 10:27 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-06 10:27 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-06 10:27 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-06 10:26 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-06 10:26 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-05 16:07 . 2009-11-05 16:07 10628032 ----a-w- c:\users\nathan\AppData\Roaming\Azureus\tmp\AZU31073.tmp\Vuze_4.2.0.8b_win32.exe
2009-11-05 14:20 . 2009-11-05 14:20 -------- d-----w- c:\programdata\Azureus
2009-11-05 14:20 . 2009-11-10 19:06 -------- d-----w- c:\users\nathan\AppData\Roaming\Azureus
2009-11-05 14:19 . 2009-11-05 16:02 -------- d-----w- c:\program files\Vuze
2009-11-05 08:45 . 2009-11-10 18:07 -------- d-----w- c:\users\nathan\AppData\Local\The Witcher
2009-11-05 08:26 . 2009-11-05 08:26 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-05 08:25 . 2009-11-05 08:25 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-05 08:10 . 2009-11-10 07:05 -------- d-----w- c:\program files\The Witcher Enhanced Edition
2009-11-04 20:19 . 2009-11-04 20:19 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-04 20:07 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-04 20:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-04 20:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-04 20:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-04 20:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-04 20:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-04 20:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-04 19:44 . 2009-11-02 19:42 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-11-04 19:41 . 2009-11-04 20:36 -------- d-----w- c:\users\nathan\AppData\Local\Adobe
2009-11-04 19:41 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-04 19:39 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-04 19:38 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-04 19:36 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-04 19:36 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\ca-ES
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\eu-ES
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\vi-VN
2009-11-04 19:24 . 2009-11-04 19:24 -------- d-----w- c:\windows\system32\SPReview
2009-11-04 19:18 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-11-04 19:18 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-11-04 19:16 . 2009-04-10 22:28 41984 ----a-w- c:\windows\system32\mimefilt.dll
2009-11-04 19:14 . 2009-11-04 19:14 -------- d-----w- c:\windows\system32\EventProviders
2009-11-04 18:51 . 2009-11-04 18:51 -------- d-----w- c:\program files\Eidos
2009-11-04 18:43 . 2009-11-04 18:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-04 18:42 . 2009-11-04 18:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-04 18:42 . 2009-11-04 18:42 -------- d-----w- c:\users\nathan\AppData\Roaming\HP TCS
2009-11-04 18:42 . 2009-11-04 18:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 18:51 -------- d-----w- c:\users\nathan\AppData\Roaming\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 18:42 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 20:05 -------- d-----w- c:\program files\Microsoft Works
2009-11-04 18:36 . 2009-11-09 19:49 -------- d-----w- c:\users\nathan\AppData\Roaming\dvdcss
2009-11-04 18:30 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-04 18:30 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-04 18:30 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-04 18:30 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-04 18:30 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-04 18:30 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-04 18:30 . 2009-09-15 11:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-04 18:30 . 2009-11-04 18:30 -------- d-----w- c:\program files\Alwil Software
2009-11-04 18:28 . 2009-11-04 18:28 -------- d-----w- c:\program files\VideoLAN
2009-11-04 18:26 . 2009-11-04 18:26 -------- d-----w- c:\users\nathan\AppData\Local\Mozilla
2009-11-04 18:26 . 2009-11-10 21:22 -------- d-----w- c:\users\nathan\Tracing
2009-11-04 18:25 . 2009-11-04 18:25 -------- d-----w- c:\program files\Microsoft
2009-11-04 18:24 . 2009-11-04 18:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-04 18:24 . 2009-11-04 18:25 -------- d-----w- c:\program files\Windows Live
2009-11-04 18:22 . 2009-11-04 18:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-04 18:21 . 2009-11-04 18:21 -------- d-----w- c:\users\Public\CyberLink
2009-11-04 18:21 . 2009-11-04 18:21 -------- d-----w- c:\users\nathan\AppData\Roaming\CyberLink
2009-11-04 18:18 . 2009-11-04 18:18 -------- d-----w- c:\windows\PCHEALTH
2009-11-04 18:18 . 2009-11-04 18:18 -------- d-----w- c:\program files\Microsoft.NET
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-04 18:16 . 2009-11-04 18:18 -------- d-----w- c:\windows\SHELLNEW
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----w- c:\users\nathan\AppData\Local\Microsoft Help
2009-11-04 18:16 . 2009-11-05 13:50 -------- d-----w- c:\programdata\Microsoft Help
2009-11-04 18:16 . 2009-11-04 18:16 -------- d--h--r- C:\MSOCache
2009-11-04 18:13 . 2009-11-10 14:44 -------- d-----w- c:\users\nathan\AppData\Local\Apple Computer
2009-11-04 18:11 . 2009-11-04 18:11 -------- d-----w- c:\programdata\Apple
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Local\Hewlett-Packard
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Roaming\PowerCinema
2009-11-04 17:52 . 2009-11-10 13:45 110976 ----a-w- c:\users\nathan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Roaming\hewlett-packard
2009-10-30 11:10 . 2009-10-30 11:10 1183176 ----a-w- c:\users\nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zm739yl5.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 22:06 . 2008-11-22 07:52 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-10 22:06 . 2008-11-22 07:52 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-10 21:20 . 2009-11-10 21:20 693760 ----a-w- c:\windows\isRS-000.tmp
2009-11-07 18:34 . 2008-11-21 23:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-07 18:30 . 2008-11-22 00:01 -------- d-----w- c:\program files\HP Games
2009-11-07 18:29 . 2008-11-22 00:01 -------- d-----w- c:\programdata\WildTangent
2009-11-07 17:59 . 2009-11-07 17:59 1302 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-07 17:59 . 2008-11-21 23:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-07 07:55 . 2008-11-21 23:44 -------- d-----w- c:\program files\Cyberlink
2009-11-07 07:47 . 2008-11-21 23:48 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-11-07 07:47 . 2008-11-21 23:45 -------- d-----w- c:\programdata\CyberLink
2009-11-07 07:45 . 2008-11-21 23:44 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-11-07 07:41 . 2008-11-21 23:47 53319 ----a-w- c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2009-11-07 07:38 . 2008-11-21 23:53 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-11-07 07:37 . 2008-11-21 23:44 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-04 20:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-04 20:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-04 20:18 . 2009-11-04 20:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-04 20:03 . 2009-11-04 20:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 19:54 . 2008-11-22 00:08 -------- d-----w- c:\program files\SMINST
2009-11-04 19:39 . 2009-11-04 19:39 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-04 19:31 . 2008-11-21 23:42 -------- d-----w- c:\programdata\NVIDIA
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-11-04 19:23 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-11-04 18:57 . 2009-11-04 18:57 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-04 18:57 . 2009-11-04 18:57 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-04 18:57 . 2009-11-04 18:57 -------- d-----w- c:\program files\OpenAL
2009-11-04 18:41 . 2009-11-04 18:41 1878 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_NB980AA-ABF SR5705FR_YC_0Pres_QCNX849_E91WEv3PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.03_T081105_WUH1_L40C_M2815_J320_7AMD_8Athlon Dual Core 4450e_92.3_#090302_N10DE0760_Z_G10DE0847.MRK
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Modèles
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Menu Démarrer
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Favoris
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Documents
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Bureau
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\program files\Fichiers communs
2009-11-04 18:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\users\nathan\AppData\Roaming\Apple Computer
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\program files\iTunes
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\program files\iPod
2009-11-04 18:13 . 2009-11-04 18:11 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 18:13 . 2009-11-04 18:12 -------- d-----w- c:\programdata\Apple Computer
2009-11-04 18:12 . 2009-11-04 18:12 -------- d-----w- c:\program files\Bonjour
2009-11-04 18:12 . 2009-11-04 18:12 -------- d-----w- c:\program files\QuickTime
2009-11-04 18:12 . 2008-11-22 00:07 -------- d-----w- c:\programdata\Norton
2009-11-04 18:12 . 2009-11-04 18:12 -------- d-----w- c:\program files\Apple Software Update
2009-11-04 18:05 . 2008-11-21 23:45 36864 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-10-01 01:02 . 2009-11-04 20:03 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-04 20:03 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-04 20:03 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-04 20:03 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-04 20:03 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-04 20:03 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-04 20:03 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-04 20:03 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-04 20:03 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-04 20:03 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-04 20:03 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-04 20:03 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-11-04 20:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-04 20:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-04 20:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-04 20:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-04 20:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-04 20:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-04 20:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-04 20:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-04 20:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-04 20:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-04 20:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-04 20:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-04 20:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-04 20:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-04 20:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-04 20:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-04 20:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-04 20:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-04 20:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-04 20:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-04 20:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-04 20:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-04 20:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-04 20:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-04 20:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-04 20:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-04 20:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-19 10:51 . 2008-11-21 23:59 -------- d-----w- c:\programdata\Hewlett-Packard
2009-09-10 14:59 . 2009-11-04 19:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-11-04 19:39 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41 . 2009-11-04 19:39 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-11-04 19:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-11-04 19:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 13:29 . 2009-11-04 19:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-11-04 19:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-11-04 19:40 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-11-04 19:40 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-10 18:15 . 2009-08-10 18:15 92672 --sha-w- c:\windows\System32\dadirova.dll
2009-08-10 15:10 . 2009-08-10 15:10 52224 --sha-w- c:\windows\System32\hunupave.dll
2009-08-10 15:16 . 2009-08-10 15:16 91648 --sha-w- c:\windows\System32\jufiwapo.dll
2009-08-10 15:10 . 2009-08-10 15:10 52224 --sha-w- c:\windows\System32\labejafi.dll
2009-08-10 16:16 . 2009-08-10 16:16 39424 --sha-w- c:\windows\System32\limepidi.dll
2009-08-10 19:16 . 2009-08-10 19:16 39424 --sha-w- c:\windows\System32\rujamika.dll
2009-08-10 18:15 . 2009-08-10 18:15 39424 --sha-w- c:\windows\System32\simejufa.dll
2009-08-10 15:16 . 2009-08-10 15:16 39424 --sha-w- c:\windows\System32\takitopi.dll
2009-08-10 19:16 . 2009-08-10 19:16 92672 --sha-w- c:\windows\System32\wolijuke.dll
2008-11-22 08:16 . 2008-11-22 08:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{912c54ac-bf85-4ed3-971d-9c6949e0d0d2}]
2009-08-10 15:10 52224 --sha-w- c:\windows\System32\hunupave.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ec40f728-c51b-4bc0-97be-aa94f6a74bdc}]
2009-08-10 15:10 52224 --sha-w- c:\windows\System32\hunupave.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 203296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli hunupave.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bc,8c,c8,63,85,5d,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{03898407-05B3-483E-AE93-F7C2790AEF09}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C3C998A9-6EEE-4117-8CBC-76B50C0C4BB9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E69A518E-DF23-46B8-9955-2257785FCBC6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{46A7F906-CF27-4361-9497-645ABFFBD4F9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6F70DEF2-4CDB-4742-9951-F90478ABA5A7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{903C0357-9656-4814-8270-8604DF46C3BF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{3FD3AE03-9FC6-48DB-9AD9-8D044614F52E}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{9C81F193-2B0D-47FB-BE2A-85E30EA5723A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{9096676A-CFD3-4B90-83F4-D2EDDC10E1AE}"= UDP:c:\program files\PPLive\PPLive.exe:PPLive
"{25593103-AFF1-4AC5-943A-48A88ED54DB3}"= TCP:c:\program files\PPLive\PPLive.exe:PPLive
"{CA39E65F-C50C-4A4B-9B8F-EF51DFBF6BEC}"= UDP:c:\windows\explorer.exe:Explorer
"{70E6AE96-F74D-4BF4-ADEA-849B9F1EDE14}"= UDP:c:\windows\explorer.exe:Explorer
"{7DC4E018-55D5-4503-86A6-263760B06E71}"= TCP:c:\windows\explorer.exe:Explorer
"{1D7B85F4-FA80-485C-9BA2-9644269CD4E3}"= TCP:c:\windows\explorer.exe:Explorer
"{CDA8E47A-EE44-4E56-8E7C-6EDB5B784369}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:msnmsgr
"{6B0A8F5B-EB7A-4B60-8468-79BE92C49F82}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:msnmsgr
"{CA8676E4-75F7-4875-B372-800A401103BA}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:msnmsgr
"{C01F2D2C-C454-4590-8BDE-ADED9ED7C71D}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:msnmsgr
"{1270D8FC-9EFF-4D07-9E82-C10EDCBD743A}"= UDP:c:\windows\System32\dllhost.exe:DllHost
"{CAE00384-781C-4A34-9577-89690B74EB1A}"= TCP:c:\windows\System32\dllhost.exe:DllHost
"{6038E2DC-A025-428B-86BF-B8316D1629FC}"= UDP:c:\program files\Alwil Software\Avast4\ashDisp.exe:ashDisp
"{01321573-E07E-430F-BDB9-CEC2A1708108}"= TCP:c:\program files\Alwil Software\Avast4\ashDisp.exe:ashDisp
"{FCF8C57B-8E03-46A7-992B-6EBFD0DDF852}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{ECD962E0-583D-4AC8-9BDA-A12723C9B81D}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{E6D9B45B-9242-4D09-8438-53B70EB8617E}"= UDP:c:\windows\System32\wininit.exe:wininit
"{56EB3A49-BA3F-4211-B6F9-6327D0FB6C09}"= TCP:c:\windows\System32\wininit.exe:wininit
"{3B1335B8-7CB5-4F3A-A476-78536DB83787}"= UDP:c:\program files\Alwil Software\Avast4\ashServ.exe:ashServ
"{3419659E-95C4-405C-B7AA-7778FB7CA1C5}"= TCP:c:\program files\Alwil Software\Avast4\ashServ.exe:ashServ
"{462B81C4-FC00-4419-A4A6-7C55711725FA}"= UDP:c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{1750297E-18A2-4F75-8669-45D42F0903AA}"= TCP:c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{DDAAC65C-B1DE-49BE-9B1A-C1222BE5E74E}"= UDP:c:\windows\System32\lsass.exe:lsass
"{34BC8BEF-F4FD-4318-A578-15A9B83095C5}"= TCP:c:\windows\System32\lsass.exe:lsass
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [04/11/2009 19:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [04/11/2009 19:30 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [04/11/2009 19:30 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:33 21504]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [10/09/2008 01:58 20640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d1b77bf-c972-11de-a42e-0023548ba2dd}]
\shell\AutoRun\command - K:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{870bd2d0-caa9-11de-a15a-0023548ba2dd}]
\shell\AutoRun\command - L:\tmp.folder/restore.exe
\shell\ExploRE\CoMmaNd - L:\tmp.folder/restore.exe
\shell\OPeN\commAnd - L:\tmp.folder/restore.exe
.
Contents of the 'Scheduled Tasks' folder
2009-11-04 c:\windows\Tasks\HPCeeScheduleFornathan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-21 10:12]
2009-11-04 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-luguvajoho - dagetowa.dll
HKU-Default-Run-ter8m - c:\windows\TEMP\msxm192z.dll
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B71C8511-1CFE-4D45-9B97-EF62BDEE479B} = 89.2.0.1,89.2.0.2
FF - ProfilePath - c:\users\nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zm739yl5.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 23:17
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1004002815-3268627923-1697244522-1000\Software\SecuROM\License information*]
"datasecu"=hex:30,31,a2,ff,99,56,ff,07,0e,2d,3d,9a,e4,a3,ec,16,29,b5,9a,6d,ad,
97,1f,15,a2,8d,68,56,2d,5e,13,c0,4e,fd,b1,27,2f,9c,6e,c5,e2,6e,a6,83,ad,9d,\
"rkeysecu"=hex:0a,be,45,b5,87,1c,ee,bd,b2,1c,b3,5d,40,69,25,39
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\dagetowa.dll
- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\dagetowa.dll
c:\windows\system32\hunupave.dll
- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\hunupave.dll
.
Completion time: 2009-11-10 23:20
ComboFix-quarantined-files.txt 2009-11-10 22:20
Pre-Run: 214 198 603 776 octets libres
Post-Run: 214 174 384 128 octets libres
430 --- E O F --- 2009-11-10 07:41
Merci
A+
ComboFix 09-08-10.06 - nathan 10/11/2009 23:11.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1829 [GMT 1:00]
Running from: c:\users\nathan\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
The following files were disabled during the run:
c:\windows\system32\dagetowa.dll
((((((((((((((((((((((((( Files Created from 2009-10-10 to 2009-11-10 )))))))))))))))))))))))))))))))
.
2009-11-10 21:43 . 2009-11-10 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 20:54 . 2009-11-10 20:54 -------- d-----w- C:\rsit
2009-11-10 20:22 . 2009-11-10 20:38 -------- d-----w- c:\program files\Ad-Remover
2009-11-10 19:55 . 2009-11-10 20:06 -------- d-----w- C:\ToolBar SD
2009-11-10 19:36 . 2009-11-10 19:36 680 ----a-w- c:\users\nathan\AppData\Local\d3d9caps.dat
2009-11-10 19:06 . 2009-11-10 19:06 -------- d-----w- c:\program files\CCleaner
2009-11-10 18:45 . 2009-11-10 18:45 -------- d-----w- c:\program files\SIW
2009-11-10 15:10 . 2009-11-10 21:01 52224 ----a-w- c:\windows\system32\eu.exe
2009-11-10 14:43 . 2009-11-10 14:43 -------- d-----w- c:\users\nathan\AppData\Roaming\Media Player Classic
2009-11-09 21:35 . 2009-11-09 21:35 -------- d-----w- c:\windows\system32\PPLive
2009-11-09 20:58 . 2009-11-10 16:46 -------- d-----w- c:\users\nathan\AppData\Roaming\vlc
2009-11-09 20:52 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-09 20:52 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-09 20:52 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-09 20:52 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-11-09 20:52 . 2009-10-27 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-09 20:52 . 2009-11-09 20:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-09 15:23 . 2009-11-09 15:47 -------- d-----w- c:\program files\VirtualDub
2009-11-08 23:25 . 2009-11-10 20:54 -------- d-----w- c:\program files\Trend Micro
2009-11-08 22:47 . 2009-11-10 19:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-08 22:47 . 2009-11-09 06:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 22:44 . 2009-11-10 15:21 -------- d-----w- c:\users\nathan\.housecall6.6
2009-11-08 13:05 . 2009-11-08 13:05 -------- d-----w- c:\users\nathan\AppData\Roaming\Malwarebytes
2009-11-08 13:05 . 2009-11-08 13:05 -------- d-----w- c:\programdata\Malwarebytes
2009-11-08 11:45 . 2009-11-08 11:45 -------- d-----w- c:\windows\Sun
2009-11-07 18:45 . 2009-11-08 12:31 -------- d-----w- c:\users\nathan\AppData\Roaming\SPORE
2009-11-07 18:23 . 2009-11-07 18:23 -------- d--h--r- c:\users\nathan\AppData\Roaming\SecuROM
2009-11-07 18:23 . 2009-11-07 18:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-07 18:00 . 2009-11-07 18:35 -------- d-----w- c:\program files\Electronic Arts
2009-11-07 18:00 . 2009-11-07 18:29 -------- d-----w- c:\programdata\Electronic Arts
2009-11-06 10:27 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-06 10:27 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-06 10:27 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-06 10:27 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-06 10:27 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-06 10:27 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-06 10:27 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-06 10:26 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-06 10:26 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-05 16:07 . 2009-11-05 16:07 10628032 ----a-w- c:\users\nathan\AppData\Roaming\Azureus\tmp\AZU31073.tmp\Vuze_4.2.0.8b_win32.exe
2009-11-05 14:20 . 2009-11-05 14:20 -------- d-----w- c:\programdata\Azureus
2009-11-05 14:20 . 2009-11-10 19:06 -------- d-----w- c:\users\nathan\AppData\Roaming\Azureus
2009-11-05 14:19 . 2009-11-05 16:02 -------- d-----w- c:\program files\Vuze
2009-11-05 08:45 . 2009-11-10 18:07 -------- d-----w- c:\users\nathan\AppData\Local\The Witcher
2009-11-05 08:26 . 2009-11-05 08:26 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-05 08:25 . 2009-11-05 08:25 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-05 08:10 . 2009-11-10 07:05 -------- d-----w- c:\program files\The Witcher Enhanced Edition
2009-11-04 20:19 . 2009-11-04 20:19 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-04 20:07 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-04 20:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-04 20:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-04 20:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-04 20:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-04 20:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-04 20:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-04 19:44 . 2009-11-02 19:42 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-11-04 19:41 . 2009-11-04 20:36 -------- d-----w- c:\users\nathan\AppData\Local\Adobe
2009-11-04 19:41 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-04 19:39 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-04 19:38 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-04 19:36 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-04 19:36 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\ca-ES
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\eu-ES
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\vi-VN
2009-11-04 19:24 . 2009-11-04 19:24 -------- d-----w- c:\windows\system32\SPReview
2009-11-04 19:18 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-11-04 19:18 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-11-04 19:16 . 2009-04-10 22:28 41984 ----a-w- c:\windows\system32\mimefilt.dll
2009-11-04 19:14 . 2009-11-04 19:14 -------- d-----w- c:\windows\system32\EventProviders
2009-11-04 18:51 . 2009-11-04 18:51 -------- d-----w- c:\program files\Eidos
2009-11-04 18:43 . 2009-11-04 18:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-04 18:42 . 2009-11-04 18:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-04 18:42 . 2009-11-04 18:42 -------- d-----w- c:\users\nathan\AppData\Roaming\HP TCS
2009-11-04 18:42 . 2009-11-04 18:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 18:51 -------- d-----w- c:\users\nathan\AppData\Roaming\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 18:42 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 20:05 -------- d-----w- c:\program files\Microsoft Works
2009-11-04 18:36 . 2009-11-09 19:49 -------- d-----w- c:\users\nathan\AppData\Roaming\dvdcss
2009-11-04 18:30 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-04 18:30 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-04 18:30 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-04 18:30 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-04 18:30 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-04 18:30 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-04 18:30 . 2009-09-15 11:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-04 18:30 . 2009-11-04 18:30 -------- d-----w- c:\program files\Alwil Software
2009-11-04 18:28 . 2009-11-04 18:28 -------- d-----w- c:\program files\VideoLAN
2009-11-04 18:26 . 2009-11-04 18:26 -------- d-----w- c:\users\nathan\AppData\Local\Mozilla
2009-11-04 18:26 . 2009-11-10 21:22 -------- d-----w- c:\users\nathan\Tracing
2009-11-04 18:25 . 2009-11-04 18:25 -------- d-----w- c:\program files\Microsoft
2009-11-04 18:24 . 2009-11-04 18:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-04 18:24 . 2009-11-04 18:25 -------- d-----w- c:\program files\Windows Live
2009-11-04 18:22 . 2009-11-04 18:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-04 18:21 . 2009-11-04 18:21 -------- d-----w- c:\users\Public\CyberLink
2009-11-04 18:21 . 2009-11-04 18:21 -------- d-----w- c:\users\nathan\AppData\Roaming\CyberLink
2009-11-04 18:18 . 2009-11-04 18:18 -------- d-----w- c:\windows\PCHEALTH
2009-11-04 18:18 . 2009-11-04 18:18 -------- d-----w- c:\program files\Microsoft.NET
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-04 18:16 . 2009-11-04 18:18 -------- d-----w- c:\windows\SHELLNEW
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----w- c:\users\nathan\AppData\Local\Microsoft Help
2009-11-04 18:16 . 2009-11-05 13:50 -------- d-----w- c:\programdata\Microsoft Help
2009-11-04 18:16 . 2009-11-04 18:16 -------- d--h--r- C:\MSOCache
2009-11-04 18:13 . 2009-11-10 14:44 -------- d-----w- c:\users\nathan\AppData\Local\Apple Computer
2009-11-04 18:11 . 2009-11-04 18:11 -------- d-----w- c:\programdata\Apple
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Local\Hewlett-Packard
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Roaming\PowerCinema
2009-11-04 17:52 . 2009-11-10 13:45 110976 ----a-w- c:\users\nathan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Roaming\hewlett-packard
2009-10-30 11:10 . 2009-10-30 11:10 1183176 ----a-w- c:\users\nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zm739yl5.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 22:06 . 2008-11-22 07:52 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-10 22:06 . 2008-11-22 07:52 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-10 21:20 . 2009-11-10 21:20 693760 ----a-w- c:\windows\isRS-000.tmp
2009-11-07 18:34 . 2008-11-21 23:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-07 18:30 . 2008-11-22 00:01 -------- d-----w- c:\program files\HP Games
2009-11-07 18:29 . 2008-11-22 00:01 -------- d-----w- c:\programdata\WildTangent
2009-11-07 17:59 . 2009-11-07 17:59 1302 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-07 17:59 . 2008-11-21 23:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-07 07:55 . 2008-11-21 23:44 -------- d-----w- c:\program files\Cyberlink
2009-11-07 07:47 . 2008-11-21 23:48 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-11-07 07:47 . 2008-11-21 23:45 -------- d-----w- c:\programdata\CyberLink
2009-11-07 07:45 . 2008-11-21 23:44 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-11-07 07:41 . 2008-11-21 23:47 53319 ----a-w- c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2009-11-07 07:38 . 2008-11-21 23:53 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-11-07 07:37 . 2008-11-21 23:44 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-04 20:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-04 20:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-04 20:18 . 2009-11-04 20:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-04 20:03 . 2009-11-04 20:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 19:54 . 2008-11-22 00:08 -------- d-----w- c:\program files\SMINST
2009-11-04 19:39 . 2009-11-04 19:39 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-04 19:31 . 2008-11-21 23:42 -------- d-----w- c:\programdata\NVIDIA
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-11-04 19:23 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-11-04 18:57 . 2009-11-04 18:57 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-04 18:57 . 2009-11-04 18:57 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-04 18:57 . 2009-11-04 18:57 -------- d-----w- c:\program files\OpenAL
2009-11-04 18:41 . 2009-11-04 18:41 1878 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_NB980AA-ABF SR5705FR_YC_0Pres_QCNX849_E91WEv3PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.03_T081105_WUH1_L40C_M2815_J320_7AMD_8Athlon Dual Core 4450e_92.3_#090302_N10DE0760_Z_G10DE0847.MRK
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Modèles
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Menu Démarrer
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Favoris
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Documents
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Bureau
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\program files\Fichiers communs
2009-11-04 18:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\users\nathan\AppData\Roaming\Apple Computer
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\program files\iTunes
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\program files\iPod
2009-11-04 18:13 . 2009-11-04 18:11 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 18:13 . 2009-11-04 18:12 -------- d-----w- c:\programdata\Apple Computer
2009-11-04 18:12 . 2009-11-04 18:12 -------- d-----w- c:\program files\Bonjour
2009-11-04 18:12 . 2009-11-04 18:12 -------- d-----w- c:\program files\QuickTime
2009-11-04 18:12 . 2008-11-22 00:07 -------- d-----w- c:\programdata\Norton
2009-11-04 18:12 . 2009-11-04 18:12 -------- d-----w- c:\program files\Apple Software Update
2009-11-04 18:05 . 2008-11-21 23:45 36864 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-10-01 01:02 . 2009-11-04 20:03 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-04 20:03 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-04 20:03 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-04 20:03 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-04 20:03 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-04 20:03 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-04 20:03 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-04 20:03 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-04 20:03 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-04 20:03 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-04 20:03 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-04 20:03 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-11-04 20:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-04 20:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-04 20:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-04 20:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-04 20:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-04 20:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-04 20:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-04 20:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-04 20:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-04 20:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-04 20:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-04 20:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-04 20:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-04 20:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-04 20:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-04 20:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-04 20:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-04 20:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-04 20:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-04 20:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-04 20:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-04 20:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-04 20:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-04 20:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-04 20:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-04 20:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-04 20:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-19 10:51 . 2008-11-21 23:59 -------- d-----w- c:\programdata\Hewlett-Packard
2009-09-10 14:59 . 2009-11-04 19:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-11-04 19:39 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41 . 2009-11-04 19:39 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-11-04 19:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-11-04 19:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 13:29 . 2009-11-04 19:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-11-04 19:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-11-04 19:40 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-11-04 19:40 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-10 18:15 . 2009-08-10 18:15 92672 --sha-w- c:\windows\System32\dadirova.dll
2009-08-10 15:10 . 2009-08-10 15:10 52224 --sha-w- c:\windows\System32\hunupave.dll
2009-08-10 15:16 . 2009-08-10 15:16 91648 --sha-w- c:\windows\System32\jufiwapo.dll
2009-08-10 15:10 . 2009-08-10 15:10 52224 --sha-w- c:\windows\System32\labejafi.dll
2009-08-10 16:16 . 2009-08-10 16:16 39424 --sha-w- c:\windows\System32\limepidi.dll
2009-08-10 19:16 . 2009-08-10 19:16 39424 --sha-w- c:\windows\System32\rujamika.dll
2009-08-10 18:15 . 2009-08-10 18:15 39424 --sha-w- c:\windows\System32\simejufa.dll
2009-08-10 15:16 . 2009-08-10 15:16 39424 --sha-w- c:\windows\System32\takitopi.dll
2009-08-10 19:16 . 2009-08-10 19:16 92672 --sha-w- c:\windows\System32\wolijuke.dll
2008-11-22 08:16 . 2008-11-22 08:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{912c54ac-bf85-4ed3-971d-9c6949e0d0d2}]
2009-08-10 15:10 52224 --sha-w- c:\windows\System32\hunupave.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ec40f728-c51b-4bc0-97be-aa94f6a74bdc}]
2009-08-10 15:10 52224 --sha-w- c:\windows\System32\hunupave.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 203296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli hunupave.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bc,8c,c8,63,85,5d,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{03898407-05B3-483E-AE93-F7C2790AEF09}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C3C998A9-6EEE-4117-8CBC-76B50C0C4BB9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E69A518E-DF23-46B8-9955-2257785FCBC6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{46A7F906-CF27-4361-9497-645ABFFBD4F9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6F70DEF2-4CDB-4742-9951-F90478ABA5A7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{903C0357-9656-4814-8270-8604DF46C3BF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{3FD3AE03-9FC6-48DB-9AD9-8D044614F52E}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{9C81F193-2B0D-47FB-BE2A-85E30EA5723A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{9096676A-CFD3-4B90-83F4-D2EDDC10E1AE}"= UDP:c:\program files\PPLive\PPLive.exe:PPLive
"{25593103-AFF1-4AC5-943A-48A88ED54DB3}"= TCP:c:\program files\PPLive\PPLive.exe:PPLive
"{CA39E65F-C50C-4A4B-9B8F-EF51DFBF6BEC}"= UDP:c:\windows\explorer.exe:Explorer
"{70E6AE96-F74D-4BF4-ADEA-849B9F1EDE14}"= UDP:c:\windows\explorer.exe:Explorer
"{7DC4E018-55D5-4503-86A6-263760B06E71}"= TCP:c:\windows\explorer.exe:Explorer
"{1D7B85F4-FA80-485C-9BA2-9644269CD4E3}"= TCP:c:\windows\explorer.exe:Explorer
"{CDA8E47A-EE44-4E56-8E7C-6EDB5B784369}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:msnmsgr
"{6B0A8F5B-EB7A-4B60-8468-79BE92C49F82}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:msnmsgr
"{CA8676E4-75F7-4875-B372-800A401103BA}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:msnmsgr
"{C01F2D2C-C454-4590-8BDE-ADED9ED7C71D}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:msnmsgr
"{1270D8FC-9EFF-4D07-9E82-C10EDCBD743A}"= UDP:c:\windows\System32\dllhost.exe:DllHost
"{CAE00384-781C-4A34-9577-89690B74EB1A}"= TCP:c:\windows\System32\dllhost.exe:DllHost
"{6038E2DC-A025-428B-86BF-B8316D1629FC}"= UDP:c:\program files\Alwil Software\Avast4\ashDisp.exe:ashDisp
"{01321573-E07E-430F-BDB9-CEC2A1708108}"= TCP:c:\program files\Alwil Software\Avast4\ashDisp.exe:ashDisp
"{FCF8C57B-8E03-46A7-992B-6EBFD0DDF852}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{ECD962E0-583D-4AC8-9BDA-A12723C9B81D}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{E6D9B45B-9242-4D09-8438-53B70EB8617E}"= UDP:c:\windows\System32\wininit.exe:wininit
"{56EB3A49-BA3F-4211-B6F9-6327D0FB6C09}"= TCP:c:\windows\System32\wininit.exe:wininit
"{3B1335B8-7CB5-4F3A-A476-78536DB83787}"= UDP:c:\program files\Alwil Software\Avast4\ashServ.exe:ashServ
"{3419659E-95C4-405C-B7AA-7778FB7CA1C5}"= TCP:c:\program files\Alwil Software\Avast4\ashServ.exe:ashServ
"{462B81C4-FC00-4419-A4A6-7C55711725FA}"= UDP:c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{1750297E-18A2-4F75-8669-45D42F0903AA}"= TCP:c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{DDAAC65C-B1DE-49BE-9B1A-C1222BE5E74E}"= UDP:c:\windows\System32\lsass.exe:lsass
"{34BC8BEF-F4FD-4318-A578-15A9B83095C5}"= TCP:c:\windows\System32\lsass.exe:lsass
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [04/11/2009 19:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [04/11/2009 19:30 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [04/11/2009 19:30 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:33 21504]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [10/09/2008 01:58 20640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d1b77bf-c972-11de-a42e-0023548ba2dd}]
\shell\AutoRun\command - K:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{870bd2d0-caa9-11de-a15a-0023548ba2dd}]
\shell\AutoRun\command - L:\tmp.folder/restore.exe
\shell\ExploRE\CoMmaNd - L:\tmp.folder/restore.exe
\shell\OPeN\commAnd - L:\tmp.folder/restore.exe
.
Contents of the 'Scheduled Tasks' folder
2009-11-04 c:\windows\Tasks\HPCeeScheduleFornathan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-21 10:12]
2009-11-04 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-luguvajoho - dagetowa.dll
HKU-Default-Run-ter8m - c:\windows\TEMP\msxm192z.dll
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B71C8511-1CFE-4D45-9B97-EF62BDEE479B} = 89.2.0.1,89.2.0.2
FF - ProfilePath - c:\users\nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zm739yl5.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 23:17
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1004002815-3268627923-1697244522-1000\Software\SecuROM\License information*]
"datasecu"=hex:30,31,a2,ff,99,56,ff,07,0e,2d,3d,9a,e4,a3,ec,16,29,b5,9a,6d,ad,
97,1f,15,a2,8d,68,56,2d,5e,13,c0,4e,fd,b1,27,2f,9c,6e,c5,e2,6e,a6,83,ad,9d,\
"rkeysecu"=hex:0a,be,45,b5,87,1c,ee,bd,b2,1c,b3,5d,40,69,25,39
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\dagetowa.dll
- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\dagetowa.dll
c:\windows\system32\hunupave.dll
- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\hunupave.dll
.
Completion time: 2009-11-10 23:20
ComboFix-quarantined-files.txt 2009-11-10 22:20
Pre-Run: 214 198 603 776 octets libres
Post-Run: 214 174 384 128 octets libres
430 --- E O F --- 2009-11-10 07:41
Merci
A+
Télécharge OTM (de Old_Timer) sur ton Bureau.
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
# Double-clique sur OTMoveIt.exe pour le lancer.
# Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912c54ac-bf85-4ed3-971d-9c6949e0d0d2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec40f728-c51b-4bc0-97be-aa94f6a74bdc}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"luguvajoho"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
:files
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\system32\hunupave.dll
C:\Windows\system32\eu.exe
:Commands
[emptytemp]
[Reboot]
# Clique sur MoveIt! pour lancer la suppression. Le résultat apparaitra dans le cadre "Results".
# Le PC va redémarrer pour supprimer les fichiers.
# après le redémarrage, un rapport va s'ouvrir.
# Copie/Colle le contenu du rapport dans ton prochain message.
Note : Si tu ne trouves plus le rapport,c'est un fichier .log qui se trouve en C:\_OTMoveIt\MovedFiles.
@+
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
# Double-clique sur OTMoveIt.exe pour le lancer.
# Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912c54ac-bf85-4ed3-971d-9c6949e0d0d2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec40f728-c51b-4bc0-97be-aa94f6a74bdc}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"luguvajoho"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
:files
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\system32\hunupave.dll
C:\Windows\system32\eu.exe
:Commands
[emptytemp]
[Reboot]
# Clique sur MoveIt! pour lancer la suppression. Le résultat apparaitra dans le cadre "Results".
# Le PC va redémarrer pour supprimer les fichiers.
# après le redémarrage, un rapport va s'ouvrir.
# Copie/Colle le contenu du rapport dans ton prochain message.
Note : Si tu ne trouves plus le rapport,c'est un fichier .log qui se trouve en C:\_OTMoveIt\MovedFiles.
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912c54ac-bf85-4ed3-971d-9c6949e0d0d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{912c54ac-bf85-4ed3-971d-9c6949e0d0d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec40f728-c51b-4bc0-97be-aa94f6a74bdc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec40f728-c51b-4bc0-97be-aa94f6a74bdc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"notification packages"|scecli /E : value set successfully!
========== FILES ==========
File/Folder C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
DllUnregisterServer procedure not found in C:\Windows\system32\hunupave.dll
C:\Windows\system32\hunupave.dll moved successfully.
C:\Windows\system32\eu.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: nathan
->Temp folder emptied: 0 bytes
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbarsCommon\AudioState deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\saved\_save deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\IE\data.dat deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\IE\d_manual.ico deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\IE\geoip.xml deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\_frmxml4f59382ddb6550af5b00621e88e525d2_1257888859 deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\_RSS_f36b6bf9f0619efb79e969875f0587ec9_1257888858 deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\_RSS_f4e61db8a6fc405eac801ab7e9653f32a_1257888859 deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\_Run deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAUST5D4\config[1].xml deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAUST5D4\desktop.ini deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 238573 bytes
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\138ce686-70d59b37.hst deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\65dad791-329e841f.hst deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\6c6983f-1a863ee7.hst deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\6c6983f-4276f3fb.hst deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4e9f9bbd-508c54c6 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4e9f9bbd-508c54c6.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\41580779-3c4a167a deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\41580779-3c4a167a.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\379be038-35edb847 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\379be038-35edb847.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-6f78759b deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-6f78759b.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7bee282b-45b7d1fa deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7bee282b-45b7d1fa.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\532e282a-298e347d deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\532e282a-298e347d.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\697257e9-437c3171 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\697257e9-437c3171.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\8554fa8-48730996 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\8554fa8-48730996.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\63f8365-7ba672a5 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\63f8365-7ba672a5.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3c4f68e0-7149d3eb deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3c4f68e0-7149d3eb.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4332d3e0-6242783d deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4332d3e0-6242783d.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7d32ed9f-4374c568 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7d32ed9f-4374c568.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\7e354cdc-68b22212 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\7e354cdc-68b22212.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\100bd9b-3d114ca4 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\100bd9b-3d114ca4.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\53d711d7-5e4ac74d deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\53d711d7-5e4ac74d.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7f09dfd5-2998d7a9 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7f09dfd5-2998d7a9.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\646ba993-3b071878 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\646ba993-3b071878.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\31eb5491-7345d44a deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\31eb5491-7345d44a.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\454e114e-1ad67c3a deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\454e114e-1ad67c3a.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\38b5ad4a-5511e76a deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\38b5ad4a-5511e76a.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\66afa8ca-65b06d58 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\66afa8ca-65b06d58.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed deleted successfully.
->Java cache emptied: 42683183 bytes
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\OfflineCache\index.sqlite deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\01647E87d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\01E37A94d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\01FD4A1Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\04773996d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\057EDA11d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0590F817d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0A16ACE2d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0A70694Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0DBC7F7Ed01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0E4AF1ECd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\10482648d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\10789095d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\11BBD0A7d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\11C1FE41d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\12542F46d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1407305Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\171DE705d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189609DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189709DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189809DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189909DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189A09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189B09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189C09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189D09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189E09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\19C786F1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1A5A423Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1A8D83EDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA0F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA1F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA2F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA3F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA4F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA5F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BAEF486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1C967CE0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1D2140B3d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1D2E40B3d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1D781610d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1EDCE40Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\23579C60d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\244C088Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\25193172d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2615A29Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\270265E9d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2C96413Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2CAF0185d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2E1B95A2d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2EFDC0E1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\30299671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\30399671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\30F99671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3475AF82d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\358A4C79d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3A291904d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3B092676d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3BECFA99d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3C5FDE01d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3EE98916d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F099671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F199671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F299671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F2EFC59d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F699671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F8C7134d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\46748D41d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\467B8D41d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4707E35Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4776E35Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2A2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2B2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2C2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2D2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2E2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B5D44F1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B6F4163d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4F01AE46d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4FF785A1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\50C66390d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\516626C4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\52234005d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5748CF3Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\575680E6d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5759FE57d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\589BB119d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\58BC60A0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5D8B5ECAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5D90A1C8d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5E5F1164d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5EC3175Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5FD6F053d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\60AF2404d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\62C10D85d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\64723969d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6540033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6542033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6543033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6544033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6547033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6548033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6549033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\67C628E0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\67C633E0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\69698F46d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6A191D22d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6BFC4D75d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6DBD0B37d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6E45118Ed01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\71B0ABFCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\71F4AAB0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\737A9A3Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\74B33DB7d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\74DB6901d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\750DE9D6d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\75107996d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\76A63052d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\76C573EAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\77755709d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7776CB03d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7777CB03d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\78C41A36d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7971E1DDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7973E1DDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\79B4A0A3d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\79C631ACd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7A1F1E0Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7A411EFDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7BCAA781d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7CDB50C1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7EB09CA6d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\80A58D74d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8221C712d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\82985234d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\82CF070Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\830107D1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\85055A63d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\85C91F8Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\863C771Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\86993E7Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\88EFF9AEd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8940FB0Ed01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89C86346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89C96346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89CA6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89CB6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89CE6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89CF6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89D62245d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89F26346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89F36346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89F86346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89F96346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FA6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FB6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FC6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FD6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FF6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8BAA2E12d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8E2B492Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8F30778Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91102DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91112DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91122DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91132DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91162DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91172DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\923C0019d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\97A6233Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\97A7233Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\97F427F4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9AA7DFDDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9B67127Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9BBBE924d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9D7ADAAFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9D7BDAAFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9D7CDAAFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9D7DDAAFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A1D788BBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A232EA52d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A44A14F8d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A7986425d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A7E2DA1Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A8B045FBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A91A8E6Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\ABE306BFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\AC105EB5d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\B242B4F9d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\B5EAEA22d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\B963FDCEd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\B97BEDDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA267CF5d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA329E83d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA60B696d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA64B696d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA66B696d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA67B696d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BB8579BAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BD4B9762d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BD64F512d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BE84EFC4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C24D245Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C29DB119d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C782775Ed01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C88F5F2Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C9377849d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\CAA2B31Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\CD894F07d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\CF11FC37d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D096DB41d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D3AE6093d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D55CCCA1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D5ACACA1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D5AE82FEd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D5C51ACDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D650AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D651AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D652AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D653AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D656AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D657AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D65CAFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D65DAFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D7492BEAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D7754E8Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D82125C6d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\DDBE9FD4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E40EFDEAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E4B6E037d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E4D24B77d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E542E56Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E7B8F49Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E8B49808d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E93B19C4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\EBE6A471d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\ED13D7BAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\EE5E8A7Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\EFC49084d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F1023D8Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F1033D8Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F1063D8Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F1073D8Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F225CEC5d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F3705AD1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F695D0BBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F698E5BBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F8DA764Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\FA8036B3d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\FDB0D35Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\_CACHE_001_ deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\_CACHE_002_ deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\_CACHE_003_ deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\_CACHE_MAP_ deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\urlclassifier3.sqlite deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\XPC.mfl deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\XUL.mfl deleted successfully.
->FireFox cache emptied: 60430754 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\Windows\isRS-000.tmp deleted successfully.
%systemroot% .tmp files removed: 693760 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 99,23 mb
OTM by OldTimer - Version 3.1.0.1 log created on 11102009_234233
Files moved on Reboot...
File C:\Windows\temp\_avast4_\Webshlock.txt not found!
Registry entries deleted on Reboot...
Voila le rapport
Merci
A+
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912c54ac-bf85-4ed3-971d-9c6949e0d0d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{912c54ac-bf85-4ed3-971d-9c6949e0d0d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec40f728-c51b-4bc0-97be-aa94f6a74bdc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec40f728-c51b-4bc0-97be-aa94f6a74bdc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"notification packages"|scecli /E : value set successfully!
========== FILES ==========
File/Folder C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
DllUnregisterServer procedure not found in C:\Windows\system32\hunupave.dll
C:\Windows\system32\hunupave.dll moved successfully.
C:\Windows\system32\eu.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: nathan
->Temp folder emptied: 0 bytes
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbarsCommon\AudioState deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\saved\_save deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\IE\data.dat deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\IE\d_manual.ico deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\IE\geoip.xml deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\_frmxml4f59382ddb6550af5b00621e88e525d2_1257888859 deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\_RSS_f36b6bf9f0619efb79e969875f0587ec9_1257888858 deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\_RSS_f4e61db8a6fc405eac801ab7e9653f32a_1257888859 deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\DTToolbar\_Run deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAUST5D4\config[1].xml deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAUST5D4\desktop.ini deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat deleted successfully.
C:\Users\nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 238573 bytes
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\138ce686-70d59b37.hst deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\65dad791-329e841f.hst deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\6c6983f-1a863ee7.hst deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\6c6983f-4276f3fb.hst deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4e9f9bbd-508c54c6 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4e9f9bbd-508c54c6.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\41580779-3c4a167a deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\41580779-3c4a167a.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\379be038-35edb847 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\379be038-35edb847.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-6f78759b deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-6f78759b.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7bee282b-45b7d1fa deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7bee282b-45b7d1fa.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\532e282a-298e347d deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\532e282a-298e347d.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\697257e9-437c3171 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\697257e9-437c3171.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\8554fa8-48730996 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\8554fa8-48730996.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\63f8365-7ba672a5 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\63f8365-7ba672a5.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3c4f68e0-7149d3eb deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3c4f68e0-7149d3eb.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4332d3e0-6242783d deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4332d3e0-6242783d.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7d32ed9f-4374c568 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7d32ed9f-4374c568.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\7e354cdc-68b22212 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\7e354cdc-68b22212.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\100bd9b-3d114ca4 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\100bd9b-3d114ca4.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\53d711d7-5e4ac74d deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\53d711d7-5e4ac74d.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7f09dfd5-2998d7a9 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7f09dfd5-2998d7a9.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\646ba993-3b071878 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\646ba993-3b071878.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\31eb5491-7345d44a deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\31eb5491-7345d44a.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\454e114e-1ad67c3a deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\454e114e-1ad67c3a.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\38b5ad4a-5511e76a deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\38b5ad4a-5511e76a.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\66afa8ca-65b06d58 deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\66afa8ca-65b06d58.idx deleted successfully.
C:\Users\nathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed deleted successfully.
->Java cache emptied: 42683183 bytes
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\OfflineCache\index.sqlite deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\01647E87d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\01E37A94d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\01FD4A1Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\04773996d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\057EDA11d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0590F817d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0A16ACE2d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0A70694Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0DBC7F7Ed01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\0E4AF1ECd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\10482648d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\10789095d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\11BBD0A7d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\11C1FE41d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\12542F46d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1407305Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\171DE705d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189609DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189709DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189809DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189909DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189A09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189B09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189C09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189D09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\189E09DBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\19C786F1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1A5A423Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1A8D83EDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA0F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA1F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA2F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA3F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA4F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BA5F486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1BAEF486d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1C967CE0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1D2140B3d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1D2E40B3d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1D781610d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\1EDCE40Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\23579C60d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\244C088Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\25193172d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2615A29Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\270265E9d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2C96413Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2CAF0185d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2E1B95A2d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\2EFDC0E1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\30299671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\30399671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\30F99671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3475AF82d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\358A4C79d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3A291904d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3B092676d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3BECFA99d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3C5FDE01d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3EE98916d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F099671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F199671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F299671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F2EFC59d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F699671d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\3F8C7134d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\46748D41d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\467B8D41d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4707E35Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4776E35Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2A2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2B2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2C2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2D2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B2E2580d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B5D44F1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4B6F4163d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4F01AE46d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\4FF785A1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\50C66390d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\516626C4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\52234005d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5748CF3Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\575680E6d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5759FE57d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\589BB119d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\58BC60A0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5D8B5ECAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5D90A1C8d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5E5F1164d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5EC3175Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\5FD6F053d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\60AF2404d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\62C10D85d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\64723969d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6540033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6542033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6543033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6544033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6547033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6548033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6549033Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\67C628E0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\67C633E0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\69698F46d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6A191D22d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6BFC4D75d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6DBD0B37d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\6E45118Ed01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\71B0ABFCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\71F4AAB0d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\737A9A3Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\74B33DB7d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\74DB6901d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\750DE9D6d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\75107996d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\76A63052d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\76C573EAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\77755709d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7776CB03d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7777CB03d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\78C41A36d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7971E1DDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7973E1DDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\79B4A0A3d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\79C631ACd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7A1F1E0Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7A411EFDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7BCAA781d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7CDB50C1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\7EB09CA6d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\80A58D74d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8221C712d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\82985234d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\82CF070Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\830107D1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\85055A63d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\85C91F8Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\863C771Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\86993E7Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\88EFF9AEd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8940FB0Ed01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89C86346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89C96346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89CA6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89CB6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89CE6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89CF6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89D62245d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89F26346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89F36346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89F86346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89F96346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FA6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FB6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FC6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FD6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\89FF6346d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8BAA2E12d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8E2B492Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\8F30778Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91102DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91112DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91122DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91132DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91162DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\91172DABd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\923C0019d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\97A6233Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\97A7233Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\97F427F4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9AA7DFDDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9B67127Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9BBBE924d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9D7ADAAFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9D7BDAAFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9D7CDAAFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\9D7DDAAFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A1D788BBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A232EA52d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A44A14F8d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A7986425d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A7E2DA1Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A8B045FBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\A91A8E6Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\ABE306BFd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\AC105EB5d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\B242B4F9d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\B5EAEA22d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\B963FDCEd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\B97BEDDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA267CF5d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA329E83d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA60B696d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA64B696d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA66B696d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BA67B696d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BB8579BAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BD4B9762d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BD64F512d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\BE84EFC4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C24D245Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C29DB119d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C782775Ed01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C88F5F2Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\C9377849d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\CAA2B31Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\CD894F07d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\CF11FC37d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D096DB41d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D3AE6093d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D55CCCA1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D5ACACA1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D5AE82FEd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D5C51ACDd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D650AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D651AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D652AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D653AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D656AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D657AFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D65CAFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D65DAFDCd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D7492BEAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D7754E8Ad01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\D82125C6d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\DDBE9FD4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E40EFDEAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E4B6E037d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E4D24B77d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E542E56Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E7B8F49Fd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E8B49808d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\E93B19C4d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\EBE6A471d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\ED13D7BAd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\EE5E8A7Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\EFC49084d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F1023D8Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F1033D8Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F1063D8Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F1073D8Bd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F225CEC5d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F3705AD1d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F695D0BBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F698E5BBd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\F8DA764Dd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\FA8036B3d01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\FDB0D35Cd01 deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\_CACHE_001_ deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\_CACHE_002_ deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\_CACHE_003_ deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\Cache\_CACHE_MAP_ deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\urlclassifier3.sqlite deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\XPC.mfl deleted successfully.
C:\Users\nathan\AppData\Local\Mozilla\Firefox\Profiles\zm739yl5.default\XUL.mfl deleted successfully.
->FireFox cache emptied: 60430754 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\Windows\isRS-000.tmp deleted successfully.
%systemroot% .tmp files removed: 693760 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 99,23 mb
OTM by OldTimer - Version 3.1.0.1 log created on 11102009_234233
Files moved on Reboot...
File C:\Windows\temp\_avast4_\Webshlock.txt not found!
Registry entries deleted on Reboot...
Voila le rapport
Merci
A+
il est préférable de na pas utiliser combofix actuellement.
C'est pour cela que l'auteur a suspendu son outil.
je regarderais le rapport d'otm demain.
A+
C'est pour cela que l'auteur a suspendu son outil.
je regarderais le rapport d'otm demain.
A+
1/ Réutilise OTM et cette fois-ci copie/colle le texte suivant sous Paste Instructions for Items to be Moved.
:Processes
explorer.exe
:files
c:\windows\system32\dagetowa.dll
:Commands
[start explorer]
# clique sur MoveIt! pour lancer la suppression.
# Le résultat apparaitra dans le cadre "Results".
# Copie/colle le résultat dans ton prochain message.
Note : le rapport ( un fichier .log ) est également situé dans C:\_OTMoveIt\MovedFiles.
2/ Relance RSIT et poste le rapport obtenu.
A+
:Processes
explorer.exe
:files
c:\windows\system32\dagetowa.dll
:Commands
[start explorer]
# clique sur MoveIt! pour lancer la suppression.
# Le résultat apparaitra dans le cadre "Results".
# Copie/colle le résultat dans ton prochain message.
Note : le rapport ( un fichier .log ) est également situé dans C:\_OTMoveIt\MovedFiles.
2/ Relance RSIT et poste le rapport obtenu.
A+
Je vais faire tout de suite la manip, j'ai fait une recherche spybot ce matin et j'ai un trojan virtumonde.dns
Merci
A+
Merci
A+
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\dagetowa.dll
c:\windows\system32\dagetowa.dll moved successfully.
========== COMMANDS ==========
OTM by OldTimer - Version 3.1.0.1 log created on 11112009_101827
Process explorer.exe killed successfully!
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\dagetowa.dll
c:\windows\system32\dagetowa.dll moved successfully.
========== COMMANDS ==========
OTM by OldTimer - Version 3.1.0.1 log created on 11112009_101827
Le PC s'est réinfecté. :-(
1/ Désinstalle la version de combofix que tu as sur le PC.
Pour cela :
démarrer --> exécuter --> tape Combofix /u
Vérifie que C:\Qoobox est supprimé.
2/ l'outil est de retour en téléchargement.
Suis attentivement les consignes suivantes :
Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
# Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
# Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.
# Lance Combofix.exe et suis les invites.
# Il te sera demandé d’installer la console de récupération.
Important. Fais le absolument.
Il est possible que ComBoFix redémarre l’ordinateur pour supprimer certains fichiers.
# Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Note : Si tu ne le trouves pas, il est à C:\ComboFix.txt.
Je dois m'absenter. Je serais de retour vers 12h 30.
A+
1/ Désinstalle la version de combofix que tu as sur le PC.
Pour cela :
démarrer --> exécuter --> tape Combofix /u
Vérifie que C:\Qoobox est supprimé.
2/ l'outil est de retour en téléchargement.
Suis attentivement les consignes suivantes :
Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
# Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
# Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.
# Lance Combofix.exe et suis les invites.
# Il te sera demandé d’installer la console de récupération.
Important. Fais le absolument.
Il est possible que ComBoFix redémarre l’ordinateur pour supprimer certains fichiers.
# Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Note : Si tu ne le trouves pas, il est à C:\ComboFix.txt.
Je dois m'absenter. Je serais de retour vers 12h 30.
A+
voila le rapport combofix
ComboFix 09-11-09.02 - nathan 11/11/2009 11:03.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1890 [GMT 1:00]
Lancé depuis: c:\users\nathan\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\nahotifo.dll
c:\windows\system32\keturige.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bujusufe.dll
c:\windows\system32\dadirova.dll
c:\windows\system32\gadagore.dll
c:\windows\system32\gerabuse.dll
c:\windows\system32\jufiwapo.dll
c:\windows\system32\labejafi.dll
c:\windows\system32\limepidi.dll
c:\windows\system32\mibevilo.dll
c:\windows\system32\rujamika.dll
c:\windows\system32\simejufa.dll
c:\windows\system32\takavere.dll
c:\windows\system32\takitopi.dll
c:\windows\system32\yodejetu.dll
c:\windows\system32\zehehuze.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 ))))))))))))))))))))))))))))))))))))
.
2009-11-11 10:13 . 2009-11-11 10:14 -------- d-----w- c:\users\nathan\AppData\Local\temp
2009-11-11 10:13 . 2009-11-11 10:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-11 10:13 . 2009-11-11 10:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-11 07:13 . 2009-11-11 07:13 -------- d-----w- C:\VundoFix Backups
2009-11-10 23:00 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-10 23:00 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-10 23:00 . 2009-11-10 23:00 -------- d-----w- c:\programdata\Avira
2009-11-10 23:00 . 2009-11-10 23:00 -------- d-----w- c:\program files\Avira
2009-11-10 22:42 . 2009-11-10 22:42 -------- d-----w- C:\_OTM
2009-11-10 21:43 . 2009-11-10 21:43 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 20:54 . 2009-11-10 20:54 -------- d-----w- C:\rsit
2009-11-10 20:22 . 2009-11-10 22:53 16384 d-----w- c:\program files\Ad-Remover
2009-11-10 19:55 . 2009-11-10 20:06 4096 d-----w- C:\ToolBar SD
2009-11-10 19:36 . 2009-11-10 19:36 680 ----a-w- c:\users\nathan\AppData\Local\d3d9caps.dat
2009-11-10 19:06 . 2009-11-10 19:06 -------- d-----w- c:\program files\CCleaner
2009-11-10 18:45 . 2009-11-10 18:45 4096 d-----w- c:\program files\SIW
2009-11-10 14:43 . 2009-11-10 14:43 -------- d-----w- c:\users\nathan\AppData\Roaming\Media Player Classic
2009-11-09 21:35 . 2009-11-09 21:35 -------- d-----w- c:\windows\system32\PPLive
2009-11-09 20:58 . 2009-11-10 16:46 4096 d-----w- c:\users\nathan\AppData\Roaming\vlc
2009-11-09 20:52 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-09 20:52 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-09 20:52 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-09 20:52 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-11-09 20:52 . 2009-10-27 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-09 20:52 . 2009-11-09 20:53 4096 d-----w- c:\program files\K-Lite Codec Pack
2009-11-09 15:23 . 2009-11-09 15:47 4096 d-----w- c:\program files\VirtualDub
2009-11-08 23:25 . 2009-11-11 09:36 4096 d-----w- c:\program files\Trend Micro
2009-11-08 22:47 . 2009-11-11 09:56 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 22:47 . 2009-11-11 09:55 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-08 22:44 . 2009-11-10 15:21 4096 d-----w- c:\users\nathan\.housecall6.6
2009-11-08 13:05 . 2009-11-08 13:05 -------- d-----w- c:\users\nathan\AppData\Roaming\Malwarebytes
2009-11-08 13:05 . 2009-11-08 13:05 -------- d-----w- c:\programdata\Malwarebytes
2009-11-08 11:45 . 2009-11-08 11:45 -------- d-----w- c:\windows\Sun
2009-11-07 18:45 . 2009-11-08 12:31 4096 d-----w- c:\users\nathan\AppData\Roaming\SPORE
2009-11-07 18:23 . 2009-11-07 18:23 -------- d--h--r- c:\users\nathan\AppData\Roaming\SecuROM
2009-11-07 18:23 . 2009-11-07 18:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-07 18:00 . 2009-11-07 18:35 -------- d-----w- c:\program files\Electronic Arts
2009-11-07 18:00 . 2009-11-07 18:29 -------- d-----w- c:\programdata\Electronic Arts
2009-11-06 10:27 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-06 10:27 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-06 10:27 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-06 10:27 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-06 10:27 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-06 10:27 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-06 10:27 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-06 10:26 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-06 10:26 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-05 16:07 . 2009-11-05 16:07 10628032 ----a-w- c:\users\nathan\AppData\Roaming\Azureus\tmp\AZU31073.tmp\Vuze_4.2.0.8b_win32.exe
2009-11-05 14:20 . 2009-11-05 14:20 -------- d-----w- c:\programdata\Azureus
2009-11-05 14:20 . 2009-11-10 19:06 12288 d-----w- c:\users\nathan\AppData\Roaming\Azureus
2009-11-05 14:19 . 2009-11-05 16:02 4096 d-----w- c:\program files\Vuze
2009-11-05 08:45 . 2009-11-10 18:07 -------- d-----w- c:\users\nathan\AppData\Local\The Witcher
2009-11-05 08:26 . 2009-11-05 08:26 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-05 08:25 . 2009-11-05 08:25 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-05 08:10 . 2009-11-10 07:05 4096 d-----w- c:\program files\The Witcher Enhanced Edition
2009-11-04 20:19 . 2009-11-04 20:19 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-04 20:07 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-04 20:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-04 20:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-04 20:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-04 20:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-04 20:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-04 20:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-04 19:44 . 2009-11-02 19:42 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-11-04 19:41 . 2009-11-04 20:36 -------- d-----w- c:\users\nathan\AppData\Local\Adobe
2009-11-04 19:41 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-04 19:39 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-04 19:38 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-04 19:36 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-04 19:36 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\ca-ES
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\eu-ES
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\vi-VN
2009-11-04 19:24 . 2009-11-04 19:24 4096 d-----w- c:\windows\system32\SPReview
2009-11-04 19:18 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-11-04 19:18 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-11-04 19:16 . 2009-04-10 22:28 41984 ----a-w- c:\windows\system32\mimefilt.dll
2009-11-04 19:14 . 2009-11-04 19:14 4096 d-----w- c:\windows\system32\EventProviders
2009-11-04 18:51 . 2009-11-04 18:51 -------- d-----w- c:\program files\Eidos
2009-11-04 18:43 . 2009-11-04 18:43 4096 d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-04 18:42 . 2009-11-04 18:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-04 18:42 . 2009-11-04 18:42 -------- d-----w- c:\users\nathan\AppData\Roaming\HP TCS
2009-11-04 18:42 . 2009-11-04 18:43 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 18:51 -------- d-----w- c:\users\nathan\AppData\Roaming\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 18:42 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 20:05 24576 d-----w- c:\program files\Microsoft Works
2009-11-04 18:36 . 2009-11-09 19:49 4096 d-----w- c:\users\nathan\AppData\Roaming\dvdcss
2009-11-04 18:30 . 2009-11-04 18:30 -------- d-----w- c:\program files\Alwil Software
2009-11-04 18:28 . 2009-11-04 18:28 -------- d-----w- c:\program files\VideoLAN
2009-11-04 18:26 . 2009-11-04 18:26 -------- d-----w- c:\users\nathan\AppData\Local\Mozilla
2009-11-04 18:26 . 2009-11-11 09:57 -------- d-----w- c:\users\nathan\Tracing
2009-11-04 18:25 . 2009-11-04 18:25 -------- d-----w- c:\program files\Microsoft
2009-11-04 18:24 . 2009-11-04 18:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-04 18:24 . 2009-11-04 18:25 4096 d-----w- c:\program files\Windows Live
2009-11-04 18:22 . 2009-11-04 18:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-04 18:21 . 2009-11-04 18:21 -------- d-----w- c:\users\Public\CyberLink
2009-11-04 18:21 . 2009-11-04 18:21 -------- d-----w- c:\users\nathan\AppData\Roaming\CyberLink
2009-11-04 18:18 . 2009-11-04 18:18 -------- d-----w- c:\windows\PCHEALTH
2009-11-04 18:18 . 2009-11-04 18:18 -------- d-----w- c:\program files\Microsoft.NET
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-04 18:16 . 2009-11-04 18:18 -------- d-----w- c:\windows\SHELLNEW
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----w- c:\users\nathan\AppData\Local\Microsoft Help
2009-11-04 18:16 . 2009-11-05 13:50 12288 d-----w- c:\programdata\Microsoft Help
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----r- C:\MSOCache
2009-11-04 18:13 . 2009-11-10 14:44 -------- d-----w- c:\users\nathan\AppData\Local\Apple Computer
2009-11-04 18:11 . 2009-11-04 18:11 -------- d-----w- c:\programdata\Apple
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Local\Hewlett-Packard
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Roaming\PowerCinema
2009-11-04 17:52 . 2009-11-10 13:45 110976 ----a-w- c:\users\nathan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Roaming\hewlett-packard
2009-10-30 11:10 . 2009-10-30 11:10 1183176 ----a-w- c:\users\nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zm739yl5.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 10:04 . 2008-11-22 07:52 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-11 10:04 . 2008-11-22 07:52 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-07 18:34 . 2008-11-21 23:40 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-07 18:30 . 2008-11-22 00:01 -------- d-----w- c:\program files\HP Games
2009-11-07 18:29 . 2008-11-22 00:01 16384 d-----w- c:\programdata\WildTangent
2009-11-07 17:59 . 2009-11-07 17:59 1302 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-07 17:59 . 2008-11-21 23:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-07 07:55 . 2008-11-21 23:44 4096 d-----w- c:\program files\Cyberlink
2009-11-07 07:47 . 2008-11-21 23:48 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-11-07 07:47 . 2008-11-21 23:45 4096 d-----w- c:\programdata\CyberLink
2009-11-07 07:45 . 2008-11-21 23:44 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-11-07 07:41 . 2008-11-21 23:47 53319 ----a-w- c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2009-11-07 07:38 . 2008-11-21 23:53 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-11-07 07:37 . 2008-11-21 23:44 4096 d-----w- c:\program files\Hewlett-Packard
2009-11-04 20:19 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-04 20:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-04 20:18 . 2009-11-04 20:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-04 20:03 . 2009-11-04 20:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 19:54 . 2008-11-22 00:08 40960 d-----w- c:\program files\SMINST
2009-11-04 19:39 . 2009-11-04 19:39 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-04 19:31 . 2008-11-21 23:42 -------- d-----w- c:\programdata\NVIDIA
2009-11-04 19:26 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Sidebar
2009-11-04 19:26 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Collaboration
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-04 19:26 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-04 19:26 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Defender
2009-11-04 18:57 . 2009-11-04 18:57 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-04 18:57 . 2009-11-04 18:57 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-04 18:57 . 2009-11-04 18:57 -------- d-----w- c:\program files\OpenAL
2009-11-04 18:41 . 2009-11-04 18:41 1878 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_NB980AA-ABF SR5705FR_YC_0Pres_QCNX849_E91WEv3PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.03_T081105_WUH1_L40C_M2815_J320_7AMD_8Athlon Dual Core 4450e_92.3_#090302_N10DE0760_Z_G10DE0847.MRK
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Modèles
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Menu Démarrer
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Favoris
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Documents
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Bureau
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\program files\Fichiers communs
2009-11-04 18:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\users\nathan\AppData\Roaming\Apple Computer
2009-11-04 18:13 . 2009-11-04 18:13 4096 d-----w- c:\program files\iTunes
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\program files\iPod
2009-11-04 18:13 . 2009-11-04 18:11 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 18:13 . 2009-11-04 18:12 -------- d-----w- c:\programdata\Apple Computer
2009-11-04 18:12 . 2009-11-04 18:12 -------- d-----w- c:\program files\Bonjour
2009-11-04 18:12 . 2009-11-04 18:12 4096 d-----w- c:\program files\QuickTime
2009-11-04 18:12 . 2008-11-22 00:07 -------- d-----w- c:\programdata\Norton
2009-11-04 18:12 . 2009-11-04 18:12 4096 d-----w- c:\program files\Apple Software Update
2009-11-04 18:05 . 2008-11-21 23:45 36864 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-10-01 01:02 . 2009-11-04 20:03 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-04 20:03 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-04 20:03 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-04 20:03 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-04 20:03 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-04 20:03 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-04 20:03 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-04 20:03 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-04 20:03 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-04 20:03 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-04 20:03 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-04 20:03 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-11-04 20:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-04 20:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-04 20:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-04 20:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-04 20:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-04 20:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-04 20:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-04 20:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-04 20:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-04 20:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-04 20:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-04 20:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-04 20:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-04 20:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-04 20:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-04 20:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-04 20:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-04 20:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-04 20:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-04 20:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-04 20:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-04 20:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-04 20:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-04 20:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-04 20:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-04 20:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-04 20:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-19 10:51 . 2008-11-21 23:59 4096 d-----w- c:\programdata\Hewlett-Packard
2009-09-10 14:59 . 2009-11-04 19:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-11-04 19:39 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41 . 2009-11-04 19:39 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-11-04 19:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-11-04 19:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 13:29 . 2009-11-04 19:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-11-04 19:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-11-04 19:40 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-11-04 19:40 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-11-04 19:40 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-11-04 19:40 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-11 06:37 . 2009-08-11 06:37 1213499 --sha-w- c:\windows\System32\zelorogi.exe
2008-11-22 08:16 . 2008-11-22 08:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 203296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bc,8c,c8,63,85,5d,ca,01
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/11/2009 00:00 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:33 21504]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [10/09/2008 01:58 20640]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2009-11-04 c:\windows\Tasks\HPCeeScheduleFornathan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-21 10:12]
2009-11-04 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B71C8511-1CFE-4D45-9B97-EF62BDEE479B} = 89.2.0.1,89.2.0.2
FF - ProfilePath - c:\users\nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zm739yl5.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{912c54ac-bf85-4ed3-971d-9c6949e0d0d2} - (no file)
BHO-{ec40f728-c51b-4bc0-97be-aa94f6a74bdc} - hunupave.dll
HKLM-Run-fojagayus - c:\windows\system32\keturige.dll
HKLM-Run-luguvajoho - dagetowa.dll
SharedTaskScheduler-{77de1558-f154-4acf-aad3-88a80c1e7e7f} - c:\windows\system32\keturige.dll
SharedTaskScheduler-{bb3ae5da-61f6-4587-b990-cfa02f58a85f} - c:\windows\system32\keturige.dll
SSODL-rosogowil-{77de1558-f154-4acf-aad3-88a80c1e7e7f} - c:\windows\system32\keturige.dll
SSODL-selujamub-{bb3ae5da-61f6-4587-b990-cfa02f58a85f} - c:\windows\system32\nahotifo.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 11:13
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\nathan\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x854AD50C]<<
kernel: MBR read successfully
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1004002815-3268627923-1697244522-1000\Software\SecuROM\License information*]
"datasecu"=hex:30,31,a2,ff,99,56,ff,07,0e,2d,3d,9a,e4,a3,ec,16,29,b5,9a,6d,ad,
97,1f,15,a2,8d,68,56,2d,5e,13,c0,4e,fd,b1,27,2f,9c,6e,c5,e2,6e,a6,83,ad,9d,\
"rkeysecu"=hex:0a,be,45,b5,87,1c,ee,bd,b2,1c,b3,5d,40,69,25,39
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\nahotifo.dll
c:\windows\system32\keturige.dll
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\nahotifo.dll
c:\windows\system32\keturige.dll
.
Heure de fin: 2009-11-11 11:17
ComboFix-quarantined-files.txt 2009-11-11 10:17
Avant-CF: 215 289 290 752 octets libres
Après-CF: 215 214 419 968 octets libres
- - End Of File - - 8313D665D7660F3E0D6C4C52C570306C
ComboFix 09-11-09.02 - nathan 11/11/2009 11:03.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1890 [GMT 1:00]
Lancé depuis: c:\users\nathan\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\nahotifo.dll
c:\windows\system32\keturige.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bujusufe.dll
c:\windows\system32\dadirova.dll
c:\windows\system32\gadagore.dll
c:\windows\system32\gerabuse.dll
c:\windows\system32\jufiwapo.dll
c:\windows\system32\labejafi.dll
c:\windows\system32\limepidi.dll
c:\windows\system32\mibevilo.dll
c:\windows\system32\rujamika.dll
c:\windows\system32\simejufa.dll
c:\windows\system32\takavere.dll
c:\windows\system32\takitopi.dll
c:\windows\system32\yodejetu.dll
c:\windows\system32\zehehuze.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 ))))))))))))))))))))))))))))))))))))
.
2009-11-11 10:13 . 2009-11-11 10:14 -------- d-----w- c:\users\nathan\AppData\Local\temp
2009-11-11 10:13 . 2009-11-11 10:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-11 10:13 . 2009-11-11 10:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-11 07:13 . 2009-11-11 07:13 -------- d-----w- C:\VundoFix Backups
2009-11-10 23:00 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-10 23:00 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-10 23:00 . 2009-11-10 23:00 -------- d-----w- c:\programdata\Avira
2009-11-10 23:00 . 2009-11-10 23:00 -------- d-----w- c:\program files\Avira
2009-11-10 22:42 . 2009-11-10 22:42 -------- d-----w- C:\_OTM
2009-11-10 21:43 . 2009-11-10 21:43 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 20:54 . 2009-11-10 20:54 -------- d-----w- C:\rsit
2009-11-10 20:22 . 2009-11-10 22:53 16384 d-----w- c:\program files\Ad-Remover
2009-11-10 19:55 . 2009-11-10 20:06 4096 d-----w- C:\ToolBar SD
2009-11-10 19:36 . 2009-11-10 19:36 680 ----a-w- c:\users\nathan\AppData\Local\d3d9caps.dat
2009-11-10 19:06 . 2009-11-10 19:06 -------- d-----w- c:\program files\CCleaner
2009-11-10 18:45 . 2009-11-10 18:45 4096 d-----w- c:\program files\SIW
2009-11-10 14:43 . 2009-11-10 14:43 -------- d-----w- c:\users\nathan\AppData\Roaming\Media Player Classic
2009-11-09 21:35 . 2009-11-09 21:35 -------- d-----w- c:\windows\system32\PPLive
2009-11-09 20:58 . 2009-11-10 16:46 4096 d-----w- c:\users\nathan\AppData\Roaming\vlc
2009-11-09 20:52 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-09 20:52 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-09 20:52 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-09 20:52 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-11-09 20:52 . 2009-10-27 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-09 20:52 . 2009-11-09 20:53 4096 d-----w- c:\program files\K-Lite Codec Pack
2009-11-09 15:23 . 2009-11-09 15:47 4096 d-----w- c:\program files\VirtualDub
2009-11-08 23:25 . 2009-11-11 09:36 4096 d-----w- c:\program files\Trend Micro
2009-11-08 22:47 . 2009-11-11 09:56 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 22:47 . 2009-11-11 09:55 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-08 22:44 . 2009-11-10 15:21 4096 d-----w- c:\users\nathan\.housecall6.6
2009-11-08 13:05 . 2009-11-08 13:05 -------- d-----w- c:\users\nathan\AppData\Roaming\Malwarebytes
2009-11-08 13:05 . 2009-11-08 13:05 -------- d-----w- c:\programdata\Malwarebytes
2009-11-08 11:45 . 2009-11-08 11:45 -------- d-----w- c:\windows\Sun
2009-11-07 18:45 . 2009-11-08 12:31 4096 d-----w- c:\users\nathan\AppData\Roaming\SPORE
2009-11-07 18:23 . 2009-11-07 18:23 -------- d--h--r- c:\users\nathan\AppData\Roaming\SecuROM
2009-11-07 18:23 . 2009-11-07 18:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-07 18:00 . 2009-11-07 18:35 -------- d-----w- c:\program files\Electronic Arts
2009-11-07 18:00 . 2009-11-07 18:29 -------- d-----w- c:\programdata\Electronic Arts
2009-11-06 10:27 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-06 10:27 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-06 10:27 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-06 10:27 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-06 10:27 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-06 10:27 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-06 10:27 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-06 10:26 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-06 10:26 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-05 16:07 . 2009-11-05 16:07 10628032 ----a-w- c:\users\nathan\AppData\Roaming\Azureus\tmp\AZU31073.tmp\Vuze_4.2.0.8b_win32.exe
2009-11-05 14:20 . 2009-11-05 14:20 -------- d-----w- c:\programdata\Azureus
2009-11-05 14:20 . 2009-11-10 19:06 12288 d-----w- c:\users\nathan\AppData\Roaming\Azureus
2009-11-05 14:19 . 2009-11-05 16:02 4096 d-----w- c:\program files\Vuze
2009-11-05 08:45 . 2009-11-10 18:07 -------- d-----w- c:\users\nathan\AppData\Local\The Witcher
2009-11-05 08:26 . 2009-11-05 08:26 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-05 08:25 . 2009-11-05 08:25 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-05 08:10 . 2009-11-10 07:05 4096 d-----w- c:\program files\The Witcher Enhanced Edition
2009-11-04 20:19 . 2009-11-04 20:19 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-04 20:07 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-04 20:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-04 20:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-04 20:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-04 20:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-04 20:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-04 20:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-04 19:44 . 2009-11-02 19:42 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-11-04 19:41 . 2009-11-04 20:36 -------- d-----w- c:\users\nathan\AppData\Local\Adobe
2009-11-04 19:41 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-04 19:39 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-04 19:38 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-04 19:36 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-04 19:36 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\ca-ES
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\eu-ES
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\windows\system32\vi-VN
2009-11-04 19:24 . 2009-11-04 19:24 4096 d-----w- c:\windows\system32\SPReview
2009-11-04 19:18 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-11-04 19:18 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-11-04 19:16 . 2009-04-10 22:28 41984 ----a-w- c:\windows\system32\mimefilt.dll
2009-11-04 19:14 . 2009-11-04 19:14 4096 d-----w- c:\windows\system32\EventProviders
2009-11-04 18:51 . 2009-11-04 18:51 -------- d-----w- c:\program files\Eidos
2009-11-04 18:43 . 2009-11-04 18:43 4096 d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-04 18:42 . 2009-11-04 18:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-04 18:42 . 2009-11-04 18:42 -------- d-----w- c:\users\nathan\AppData\Roaming\HP TCS
2009-11-04 18:42 . 2009-11-04 18:43 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 18:51 -------- d-----w- c:\users\nathan\AppData\Roaming\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 18:42 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-04 18:42 . 2009-11-04 20:05 24576 d-----w- c:\program files\Microsoft Works
2009-11-04 18:36 . 2009-11-09 19:49 4096 d-----w- c:\users\nathan\AppData\Roaming\dvdcss
2009-11-04 18:30 . 2009-11-04 18:30 -------- d-----w- c:\program files\Alwil Software
2009-11-04 18:28 . 2009-11-04 18:28 -------- d-----w- c:\program files\VideoLAN
2009-11-04 18:26 . 2009-11-04 18:26 -------- d-----w- c:\users\nathan\AppData\Local\Mozilla
2009-11-04 18:26 . 2009-11-11 09:57 -------- d-----w- c:\users\nathan\Tracing
2009-11-04 18:25 . 2009-11-04 18:25 -------- d-----w- c:\program files\Microsoft
2009-11-04 18:24 . 2009-11-04 18:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-04 18:24 . 2009-11-04 18:25 4096 d-----w- c:\program files\Windows Live
2009-11-04 18:22 . 2009-11-04 18:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-04 18:21 . 2009-11-04 18:21 -------- d-----w- c:\users\Public\CyberLink
2009-11-04 18:21 . 2009-11-04 18:21 -------- d-----w- c:\users\nathan\AppData\Roaming\CyberLink
2009-11-04 18:18 . 2009-11-04 18:18 -------- d-----w- c:\windows\PCHEALTH
2009-11-04 18:18 . 2009-11-04 18:18 -------- d-----w- c:\program files\Microsoft.NET
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-04 18:16 . 2009-11-04 18:18 -------- d-----w- c:\windows\SHELLNEW
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----w- c:\users\nathan\AppData\Local\Microsoft Help
2009-11-04 18:16 . 2009-11-05 13:50 12288 d-----w- c:\programdata\Microsoft Help
2009-11-04 18:16 . 2009-11-04 18:16 -------- d-----r- C:\MSOCache
2009-11-04 18:13 . 2009-11-10 14:44 -------- d-----w- c:\users\nathan\AppData\Local\Apple Computer
2009-11-04 18:11 . 2009-11-04 18:11 -------- d-----w- c:\programdata\Apple
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Local\Hewlett-Packard
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Roaming\PowerCinema
2009-11-04 17:52 . 2009-11-10 13:45 110976 ----a-w- c:\users\nathan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-04 17:52 . 2009-11-04 17:52 -------- d-----w- c:\users\nathan\AppData\Roaming\hewlett-packard
2009-10-30 11:10 . 2009-10-30 11:10 1183176 ----a-w- c:\users\nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zm739yl5.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 10:04 . 2008-11-22 07:52 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-11 10:04 . 2008-11-22 07:52 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-07 18:34 . 2008-11-21 23:40 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-07 18:30 . 2008-11-22 00:01 -------- d-----w- c:\program files\HP Games
2009-11-07 18:29 . 2008-11-22 00:01 16384 d-----w- c:\programdata\WildTangent
2009-11-07 17:59 . 2009-11-07 17:59 1302 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-07 17:59 . 2008-11-21 23:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-07 07:55 . 2008-11-21 23:44 4096 d-----w- c:\program files\Cyberlink
2009-11-07 07:47 . 2008-11-21 23:48 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-11-07 07:47 . 2008-11-21 23:45 4096 d-----w- c:\programdata\CyberLink
2009-11-07 07:45 . 2008-11-21 23:44 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-11-07 07:41 . 2008-11-21 23:47 53319 ----a-w- c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2009-11-07 07:38 . 2008-11-21 23:53 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-11-07 07:37 . 2008-11-21 23:44 4096 d-----w- c:\program files\Hewlett-Packard
2009-11-04 20:19 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-04 20:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-04 20:18 . 2009-11-04 20:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-04 20:03 . 2009-11-04 20:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 19:54 . 2008-11-22 00:08 40960 d-----w- c:\program files\SMINST
2009-11-04 19:39 . 2009-11-04 19:39 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-04 19:31 . 2008-11-21 23:42 -------- d-----w- c:\programdata\NVIDIA
2009-11-04 19:26 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Sidebar
2009-11-04 19:26 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Collaboration
2009-11-04 19:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-04 19:26 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-04 19:26 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Defender
2009-11-04 18:57 . 2009-11-04 18:57 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-04 18:57 . 2009-11-04 18:57 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-04 18:57 . 2009-11-04 18:57 -------- d-----w- c:\program files\OpenAL
2009-11-04 18:41 . 2009-11-04 18:41 1878 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_NB980AA-ABF SR5705FR_YC_0Pres_QCNX849_E91WEv3PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.03_T081105_WUH1_L40C_M2815_J320_7AMD_8Athlon Dual Core 4450e_92.3_#090302_N10DE0760_Z_G10DE0847.MRK
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Modèles
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Menu Démarrer
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Favoris
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Documents
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\programdata\Bureau
2009-11-04 18:40 . 2009-11-04 18:40 -------- d-sh--we c:\program files\Fichiers communs
2009-11-04 18:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\users\nathan\AppData\Roaming\Apple Computer
2009-11-04 18:13 . 2009-11-04 18:13 4096 d-----w- c:\program files\iTunes
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- c:\program files\iPod
2009-11-04 18:13 . 2009-11-04 18:11 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 18:13 . 2009-11-04 18:12 -------- d-----w- c:\programdata\Apple Computer
2009-11-04 18:12 . 2009-11-04 18:12 -------- d-----w- c:\program files\Bonjour
2009-11-04 18:12 . 2009-11-04 18:12 4096 d-----w- c:\program files\QuickTime
2009-11-04 18:12 . 2008-11-22 00:07 -------- d-----w- c:\programdata\Norton
2009-11-04 18:12 . 2009-11-04 18:12 4096 d-----w- c:\program files\Apple Software Update
2009-11-04 18:05 . 2008-11-21 23:45 36864 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-10-01 01:02 . 2009-11-04 20:03 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-04 20:03 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-04 20:03 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-04 20:03 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-04 20:03 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-04 20:03 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-04 20:03 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-04 20:03 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-04 20:03 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-04 20:03 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-04 20:03 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-04 20:03 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-11-04 20:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-04 20:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-04 20:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-04 20:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-04 20:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-04 20:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-04 20:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-04 20:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-04 20:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-04 20:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-04 20:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-04 20:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-04 20:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-04 20:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-04 20:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-04 20:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-04 20:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-04 20:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-04 20:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-04 20:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-04 20:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-04 20:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-04 20:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-04 20:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-04 20:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-04 20:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-04 20:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-19 10:51 . 2008-11-21 23:59 4096 d-----w- c:\programdata\Hewlett-Packard
2009-09-10 14:59 . 2009-11-04 19:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-11-04 19:39 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41 . 2009-11-04 19:39 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-11-04 19:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-11-04 19:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 13:29 . 2009-11-04 19:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-11-04 19:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-11-04 19:40 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-11-04 19:40 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-11-04 19:40 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-11-04 19:40 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-11 06:37 . 2009-08-11 06:37 1213499 --sha-w- c:\windows\System32\zelorogi.exe
2008-11-22 08:16 . 2008-11-22 08:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 203296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bc,8c,c8,63,85,5d,ca,01
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/11/2009 00:00 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:33 21504]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [10/09/2008 01:58 20640]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2009-11-04 c:\windows\Tasks\HPCeeScheduleFornathan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-21 10:12]
2009-11-04 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B71C8511-1CFE-4D45-9B97-EF62BDEE479B} = 89.2.0.1,89.2.0.2
FF - ProfilePath - c:\users\nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zm739yl5.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{912c54ac-bf85-4ed3-971d-9c6949e0d0d2} - (no file)
BHO-{ec40f728-c51b-4bc0-97be-aa94f6a74bdc} - hunupave.dll
HKLM-Run-fojagayus - c:\windows\system32\keturige.dll
HKLM-Run-luguvajoho - dagetowa.dll
SharedTaskScheduler-{77de1558-f154-4acf-aad3-88a80c1e7e7f} - c:\windows\system32\keturige.dll
SharedTaskScheduler-{bb3ae5da-61f6-4587-b990-cfa02f58a85f} - c:\windows\system32\keturige.dll
SSODL-rosogowil-{77de1558-f154-4acf-aad3-88a80c1e7e7f} - c:\windows\system32\keturige.dll
SSODL-selujamub-{bb3ae5da-61f6-4587-b990-cfa02f58a85f} - c:\windows\system32\nahotifo.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 11:13
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\nathan\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x854AD50C]<<
kernel: MBR read successfully
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1004002815-3268627923-1697244522-1000\Software\SecuROM\License information*]
"datasecu"=hex:30,31,a2,ff,99,56,ff,07,0e,2d,3d,9a,e4,a3,ec,16,29,b5,9a,6d,ad,
97,1f,15,a2,8d,68,56,2d,5e,13,c0,4e,fd,b1,27,2f,9c,6e,c5,e2,6e,a6,83,ad,9d,\
"rkeysecu"=hex:0a,be,45,b5,87,1c,ee,bd,b2,1c,b3,5d,40,69,25,39
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\nahotifo.dll
c:\windows\system32\keturige.dll
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\nahotifo.dll
c:\windows\system32\keturige.dll
.
Heure de fin: 2009-11-11 11:17
ComboFix-quarantined-files.txt 2009-11-11 10:17
Avant-CF: 215 289 290 752 octets libres
Après-CF: 215 214 419 968 octets libres
- - End Of File - - 8313D665D7660F3E0D6C4C52C570306C
1/ Ouvre le bloc-notes ( Démarrer --> tous les programmes --> accessoires --> Bloc-notes ) et sélectionne le texte en citation.
Copie/colle ce texte dans le bloc-notes.
killall::
file::
c:\windows\system32\nahotifo.dll
c:\windows\system32\keturige.dll
# Menu Fichier --> enregistrer --> une boite de dialogue va s'ouvrir
# Il y a deux lignes en bas de la fenetre :
--> la première pour le nom : tape CFScript
--> la deuxième pour le type : vérifie que l'onglet est .txt
il te reste alors à choisir l'emplacement où tu vas l'enregistrer.
Clique sur le flêche en haut jusqu'à arriver au bureau.
2) Glisse/dépose le script sur ComBoFix comme indiqué sur ce lien
http://img399.imageshack.us/img399/7183/img210914jjufmoj0.gif
Suis les invites.
# Ton bureau va disparaître à plusieurs reprises. Normal.
# L'ordinateur va redémarrer et un rapport sera crée.
# Poste le contenu dans ton prochain message.
Note : Si tu ne le trouves pas, il est en C:\Combofix.txt
A+
Copie/colle ce texte dans le bloc-notes.
killall::
file::
c:\windows\system32\nahotifo.dll
c:\windows\system32\keturige.dll
# Menu Fichier --> enregistrer --> une boite de dialogue va s'ouvrir
# Il y a deux lignes en bas de la fenetre :
--> la première pour le nom : tape CFScript
--> la deuxième pour le type : vérifie que l'onglet est .txt
il te reste alors à choisir l'emplacement où tu vas l'enregistrer.
Clique sur le flêche en haut jusqu'à arriver au bureau.
2) Glisse/dépose le script sur ComBoFix comme indiqué sur ce lien
http://img399.imageshack.us/img399/7183/img210914jjufmoj0.gif
Suis les invites.
# Ton bureau va disparaître à plusieurs reprises. Normal.
# L'ordinateur va redémarrer et un rapport sera crée.
# Poste le contenu dans ton prochain message.
Note : Si tu ne le trouves pas, il est en C:\Combofix.txt
A+
J'ai eu un bug donc restauration du systeme mon ordinateur ne voulait plus demarrer, qu'est ce que je dois faire maintenant
ben il redemarrait et n'arrivait pas a dépasser la page bienvenu et redemarrait...mais je n'ai pas pu redemarrer avec la sauvegarde de combofix alors j'ai du fair eune restauration systeme qui date du 07/11
Bon,
C'est la dernière suppression qui a posé problème.
Tu as bien fait.
On va vérifier si la restauration n'a pas réinstallé l'infection.
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
# Double-clique sur " RSIT.exe " pour le lancer .
( Si sous Vista : Click droit sur le fichier et choisir exécuter en tant qu'administrateur )
# dans la fenêtre qui va s’ouvrir choisis 1 month pour l'option "List files/folders created ...".
# clique ensuite sur " Continue " pour lancer l'analyse ...
Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.
Attends jusqu’à la fin de l’analyse. deux rapports vont être crées.
# Poste en deux messages le contenu de " log.txt ", et de " info.txt " ( dans la barre des tâches).
Note : Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.
A+
C'est la dernière suppression qui a posé problème.
Tu as bien fait.
On va vérifier si la restauration n'a pas réinstallé l'infection.
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
# Double-clique sur " RSIT.exe " pour le lancer .
( Si sous Vista : Click droit sur le fichier et choisir exécuter en tant qu'administrateur )
# dans la fenêtre qui va s’ouvrir choisis 1 month pour l'option "List files/folders created ...".
# clique ensuite sur " Continue " pour lancer l'analyse ...
Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.
Attends jusqu’à la fin de l’analyse. deux rapports vont être crées.
# Poste en deux messages le contenu de " log.txt ", et de " info.txt " ( dans la barre des tâches).
Note : Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.
A+