Sujet Précédent Sujet Suivant

Probleme virusWin32/Ursnif

Résolu
alain8693 -  
 AnGer -
Bonjour,depuis deux trois jours j'ai un probleme je n'arrive plus a acceder a mon antivirus antivir ni a wiondows defender et pas plus a windows update.
un rapport de microsoft m'a mis ceci

Virus alert: Microsoft detected the WinNT / Bagle.gen virus on your computer

This problem was caused by WinNT / Bagle.gen, a known computer virus.

WinNT / Bagle.gen is also known by the following names:

Win32/Ursnif
Trojan-Downloader.Win32.Bagle.cu
W32.Beagle.GM
Troj/BagleDl-DB
Troj/Bagle-TH

j'ai fait des scans avec des programmes conseilles sur d'autres post du meme ordres
je vous mets les rapports si quelq'un peut m'aider ce serait tres sympatiique merci.
Fri Mar 07 14:53:31 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

Fri Mar 07 14:54:02 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\100640.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\43739937.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\46250.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\50718.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\51890.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\52828.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\53015.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\53640.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\54406.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\54796.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\54859.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\55968.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\57937.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\58062.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\58296.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\58437.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\58703.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\59215890.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\59312.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\59531.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\60140.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\61843.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\65265.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\66109.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\67859.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\69859.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\72328.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\76468.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\77000.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\78156.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\83484.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios: 11748
Nº Total de Ficheros: 89778
Nº de Ficheros Analizados: 11233
Nº de Ficheros Infectados: 31
Nº de Ficheros Limpiados: 31

Fri Mar 07 14:59:40 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 11749
Nº Total de Ficheros: 89797
Nº de Ficheros Analizados: 11202
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Mar 07 15:02:12 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad N:\
N:\emule\BILLPRO POS FOR RESTAURANT 7.0 (KEY+SERIAL).ZIP --> Eliminado Bagle.dldr

Nº Total de Directorios: 290
Nº Total de Ficheros: 8018
Nº de Ficheros Analizados: 229
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

21 réponses

  • 1
  • 2
Réponse 1 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
un nouveau poste ??

merci de continuer ici, éviter les doublons ! ;-)

@+
1
alain8693
 
suite a mon probleme je vous envoi un nouveau rapport je ne peut toujours pas acceder a differents programmes le message applicatioh win 32 n'est pas valide s'affiche si quelqun peut me conseiller merci d'avance

apllicationComboFix 08-03-03.15 - philipponneau 2008-03-09 14:09:54.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1412 [GMT 1:00]
Endroit: C:\Users\philipponneau\Desktop\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 23:13 --------- d-----w C:\Program Files\Everest Poker
2008-03-08 22:25 --------- d-----w C:\Program Files\Google
2008-03-08 22:25 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-03-07 16:24 --------- d---a-w C:\ProgramData\TEMP
2008-03-07 16:16 --------- d-----w C:\Users\philipponneau\AppData\Roaming\Simply Super Software
2008-03-07 16:16 --------- d-----w C:\ProgramData\Simply Super Software
2008-03-07 16:16 --------- d-----w C:\Program Files\Trojan Remover
2008-03-07 14:24 --------- d-----w C:\Program Files\Trend Micro
2008-03-07 14:04 0 ----a-w C:\ntuser.dat
2008-03-05 23:25 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-03-05 23:23 --------- d-----w C:\Program Files\Alwil Software
2008-03-05 23:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 23:18 --------- d-----w C:\ProgramData\Ulead Systems
2008-03-05 23:00 --------- d-----w C:\Users\philipponneau\AppData\Roaming\Ulead Systems
2008-03-05 22:59 --------- d-----w C:\ProgramData\SmartSound Software Inc
2008-03-05 22:59 --------- d-----w C:\Program Files\Intel
2008-03-05 22:58 --------- d-----w C:\Program Files\SmartSound Software
2008-03-05 22:57 --------- d-----w C:\Program Files\Windows Media Components
2008-03-05 22:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-05 00:18 --------- d-----w C:\Program Files\Macrogaming
2008-02-29 16:13 --------- d-----w C:\ProgramData\Kiwee Toolbar2
2008-02-29 16:11 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-02-29 14:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 14:40 --------- d-----w C:\Program Files\Windows Live
2008-02-29 14:34 --------- d-----w C:\ProgramData\WLInstaller
2008-02-27 22:53 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
2008-02-24 10:22 --------- d-----w C:\ProgramData\Pinnacle
2008-02-21 17:11 --------- d-----w C:\Program Files\Mio DigiWalker
2008-02-20 15:22 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-02-20 15:22 253,952 ------w C:\Windows\Setup1.exe
2008-02-15 13:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 13:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 13:00 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 13:00 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 13:00 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 13:00 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 13:00 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 13:00 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 13:00 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 13:00 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 13:00 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys
2008-02-15 13:00 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 13:00 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 13:00 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 12:59 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 12:59 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 12:59 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 12:59 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 12:59 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 12:59 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 12:56 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 12:56 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 12:56 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 12:56 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-07 14:34 --------- d-----w C:\Users\philipponneau\AppData\Roaming\ZoomBrowser EX
2008-02-07 14:27 --------- d-----w C:\ProgramData\ZoomBrowser
2008-02-07 14:19 --------- d-----w C:\Program Files\Canon
2008-02-07 14:16 --------- d-----w C:\Program Files\Common Files\Canon
2008-02-07 14:13 --------- d-----w C:\Users\philipponneau\AppData\Roaming\Canon
2008-01-17 14:51 --------- d-----w C:\Users\philipponneau\AppData\Roaming\Bioshock
2008-01-10 15:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 15:00 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 14:55 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 14:55 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 14:55 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 22:57 --------- d-----w C:\Users\philipponneau\AppData\Roaming\InstallShield Installation Information
2008-01-09 22:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-09 22:35 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-22 22:07 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-12-22 14:05 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2007-12-22 14:05 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2007-12-22 14:05 22,328 ----a-w C:\Users\philipponneau\AppData\Roaming\PnkBstrK.sys
2007-12-22 14:05 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2007-12-12 22:59 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 22:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 22:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-08-31 12:10 174 --sha-w C:\Program Files\desktop.ini
2006-07-23 17:10 484,522 --sha-r C:\Program Files\serial.tde
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-02-18 14:01 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D3E23B4B-F153-4687-82C2-816319DD3C5A}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll [2008-02-18 14:01 248976]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 15:55 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-03 15:30 171448]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 11:22 219008]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-28 12:58 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 12:37 4186112 C:\Windows\RtHDVCpl.exe]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-08 23:53 249896]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 101136 C:\Windows\KHALMNPR.Exe]
"NeroCheck"="C:\Windows\system32\\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"KiweeHook"="C:\Program Files\Kiwee Toolbar2\1.3.118\kwtbaim.exe" [2008-02-18 14:01 48264]
"devenv"="C:\Windows\system\smvss.exe" [2008-03-03 23:42 34304]
"RegistryMechanic"="" []
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-08 23:53 1816208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-28 21:03:50 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2916708062-3166946556-1105536220-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{805198C9-8EF6-4D64-A7AB-2110C29C57C5}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{8CBFF5A0-BC38-4058-B764-91E70FAADC8A}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"{6DE27ACA-BF9B-4F8E-B92B-31FD272D2F89}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{E62C89B4-44B4-47E3-A3A0-1CB36627C714}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{57113E69-098F-4B66-862B-2F5A71E49AD6}C:\program files\activision\call of duty 2\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s|Desc=CoD2MP_s
"UDP Query User{A1AEB8E3-C43D-41C9-A06E-66D27165AA75}C:\program files\activision\call of duty 2\cod2mp_s.exe"= TCP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s|Desc=CoD2MP_s
"{3D70DB90-A318-4116-AC88-A801D6C52EA8}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{96E374CA-B67A-4805-9E4A-B5978C81C119}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{4CA92578-8968-437E-9D8E-6D5623FF0FE2}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{156F3F27-181C-4693-85DE-7B221E97E2D7}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{C4554F2E-C896-42BD-857D-4647F4F7C60C}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{2EDFF14C-7DB0-4F4D-BB14-397CCA7BF524}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"{F4B5C900-2503-4410-9E5A-90FA97BCDC6E}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{88EA7DD2-D0A6-406A-BD80-64569F3322E3}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{9CAD50AD-711C-4221-8643-B21C7AE2E3CF}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{135701F1-6B13-40C9-9EAD-6987080820AE}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{F068B452-528F-41D3-8554-19F196B87E9E}"= UDP:N:\Nouveau dossier\Bin32\Crysis.exe:Crysis_32
"{4D33774A-B1AF-49F2-8D85-B79BBBCA99C8}"= TCP:N:\Nouveau dossier\Bin32\Crysis.exe:Crysis_32
"{8412CD16-33B3-41FE-A817-4DE04FF6489E}"= UDP:N:\Nouveau dossier\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B8D3E2D5-8042-4681-B693-F57E0168B5F1}"= TCP:N:\Nouveau dossier\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{22415CAF-5E18-41A9-91CC-EBCD7985C3B8}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{F8FEEC67-927F-4035-8E69-C6E48E9871A0}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A2FED326-BC3F-4BCA-A2B3-5DC91CA63D95}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{A36DB4B9-55EE-4553-8A8F-B150375ACFA9}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{2B73F565-D707-462D-B477-69D68CB89A89}"= UDP:N:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D07939C4-6775-4DDD-B2E0-B9F888B85734}"= TCP:N:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{7EB1F5A5-FABE-4DA2-B2B4-228C82AE69C3}"= UDP:N:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{327E932F-9F31-4EB5-85C7-629D31C7EA1A}"= TCP:N:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{CC5F3BC0-3958-4AD2-A339-DF498833E5F1}"= UDP:N:\conflit\wic.exe:World in Conflict
"{3DEBDA30-F23F-40DF-991D-51F0CD60CDF8}"= TCP:N:\conflit\wic.exe:World in Conflict
"{90D3D478-6007-4F86-8361-4F95BE896BE8}"= UDP:N:\conflit\wic_online.exe:World in Conflict - En ligne uniquement
"{A836A8D0-C488-4F79-815F-8C985E3CC769}"= TCP:N:\conflit\wic_online.exe:World in Conflict - En ligne uniquement
"{30A3C118-32DE-452F-B365-2B0EF7AAA3B6}"= UDP:N:\conflit\wic_ds.exe:World in Conflict - Serveur dédié
"{7456A23D-73D6-4CEE-9159-628404E45C73}"= TCP:N:\conflit\wic_ds.exe:World in Conflict - Serveur dédié
"{570F81AD-7DB0-4A70-BBB1-A0D4CBA7F0A0}"= UDP:N:\ut3\Binaries\UT3.exe:Unreal Tournament 3
"{88BC3ED7-203B-4E9D-9E98-ABA9F0B977CC}"= TCP:N:\ut3\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{8D454791-78DB-4C5B-8331-2DEA27203681}C:\program files\speedcams_serveur\speedcams_serveur.exe"= UDP:C:\program files\speedcams_serveur\speedcams_serveur.exe:SpeedCams_Serveur|Desc=SpeedCams_Serveur
"UDP Query User{EC5B6E01-E2C5-4C8A-B9A4-9FED491E640B}C:\program files\speedcams_serveur\speedcams_serveur.exe"= TCP:C:\program files\speedcams_serveur\speedcams_serveur.exe:SpeedCams_Serveur|Desc=SpeedCams_Serveur

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 20:53]
R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);C:\Windows\system32\drivers\pe3ajbeb.sys [2007-08-22 17:31]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 20:52]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);C:\Windows\system32\drivers\ps7ajbeb.sys [2007-08-22 17:30]
R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);C:\Windows\system32\pr2ajbeb.exe svc []
S3 W8100PCI;D-Link AirPlus G Wireless Driver;C:\Windows\system32\DRIVERS\mrv8k51.sys [2004-01-08 19:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19030640-6ecd-11dc-8d43-001966236e64}]
\shell\AutoRun\command - E:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4cd90cb-562f-11dc-8c09-001966236e64}]
\shell\AutoRun\command - H:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4cd90cd-562f-11dc-8c09-001966236e64}]
\shell\AutoRun\command - J:\TheMark.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4cd90ce-562f-11dc-8c09-001966236e64}]
\shell\AutoRun\command - K:\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-29 16:28:48 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-08 22:30:30 C:\Windows\Tasks\User_Feed_Synchronization-{64AE2160-D476-4FC7-AEB3-367CBBD7AA92}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 14:12:30
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-09 14:14:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 13:14:06
ComboFix2.txt 2008-03-08 22:57:56
ComboFix3.txt 2008-03-07 14:36:12
ComboFix4.txt 2008-03-06 23:33:56
.
2008-02-22 18:52:39 --- E O F ---
0
Réponse 2 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

télécharge combo-fix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe

et enregistre le sur le bureau (pas besoin de le renommer, c'est fait)

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combo-fix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

++
0
alain8693
 
voici le rapport que faire maintenant merci

Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1211 [GMT 1:00]
Endroit: C:\Users\philipponneau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FN9EO9M2\Combo-Fix[1].exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 14:24 --------- d-----w C:\Program Files\Trend Micro
2008-03-07 14:04 0 ----a-w C:\ntuser.dat
2008-03-06 23:06 --------- d-----w C:\Program Files\Everest Poker
2008-03-06 14:28 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-03-05 23:25 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-03-05 23:23 --------- d-----w C:\Program Files\Alwil Software
2008-03-05 23:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 23:18 --------- d-----w C:\PROGRA~2\Ulead Systems
2008-03-05 23:00 --------- d-----w C:\Users\philipponneau\AppData\Roaming\Ulead Systems
2008-03-05 23:00 --------- d-----w C:\Users\PHILIP~1\AppData\Roaming\Ulead Systems
2008-03-05 22:59 --------- d-----w C:\Program Files\Intel
2008-03-05 22:59 --------- d-----w C:\PROGRA~2\SmartSound Software Inc
2008-03-05 22:58 --------- d-----w C:\Program Files\SmartSound Software
2008-03-05 22:57 --------- d-----w C:\Program Files\Windows Media Components
2008-03-05 22:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-05 00:18 --------- d-----w C:\Program Files\Macrogaming
2008-02-29 16:13 --------- d-----w C:\PROGRA~2\Kiwee Toolbar2
2008-02-29 16:11 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-02-29 14:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 14:40 --------- d-----w C:\Program Files\Windows Live
2008-02-29 14:34 --------- d-----w C:\PROGRA~2\WLInstaller
2008-02-27 22:53 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
2008-02-24 10:22 --------- d-----w C:\PROGRA~2\Pinnacle
2008-02-21 17:11 --------- d-----w C:\Program Files\Mio DigiWalker
2008-02-20 15:22 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-02-20 15:22 253,952 ------w C:\Windows\Setup1.exe
2008-02-15 13:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 13:02 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-15 13:02 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-15 13:02 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-15 13:02 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-15 13:02 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-15 13:02 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-15 13:00 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 13:00 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 13:00 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 13:00 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 13:00 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys
2008-02-15 13:00 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 13:00 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 12:59 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 12:59 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 12:59 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 12:59 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 12:56 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-07 14:34 --------- d-----w C:\Users\philipponneau\AppData\Roaming\ZoomBrowser EX
2008-02-07 14:34 --------- d-----w C:\Users\PHILIP~1\AppData\Roaming\ZoomBrowser EX
2008-02-07 14:27 --------- d-----w C:\PROGRA~2\ZoomBrowser
2008-02-07 14:19 --------- d-----w C:\Program Files\Canon
2008-02-07 14:16 --------- d-----w C:\Program Files\Common Files\Canon
2008-02-07 14:13 --------- d-----w C:\Users\philipponneau\AppData\Roaming\Canon
2008-02-07 14:13 --------- d-----w C:\Users\PHILIP~1\AppData\Roaming\Canon
2008-01-17 14:51 --------- d-----w C:\Users\philipponneau\AppData\Roaming\Bioshock
2008-01-17 14:51 --------- d-----w C:\Users\PHILIP~1\AppData\Roaming\Bioshock
2008-01-10 15:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 15:00 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 14:55 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 14:55 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 22:57 --------- d-----w C:\Users\philipponneau\AppData\Roaming\InstallShield Installation Information
2008-01-09 22:57 --------- d-----w C:\Users\PHILIP~1\AppData\Roaming\InstallShield Installation Information
2008-01-09 22:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-09 22:35 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-22 14:05 22,328 ----a-w C:\Users\philipponneau\AppData\Roaming\PnkBstrK.sys
2007-12-22 14:05 22,328 ----a-w C:\Users\PHILIP~1\AppData\Roaming\PnkBstrK.sys
2007-08-31 12:10 174 --sha-w C:\Program Files\desktop.ini
2006-07-23 17:10 484,522 --sha-r C:\Program Files\serial.tde
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-02-18 14:01 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D3E23B4B-F153-4687-82C2-816319DD3C5A}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll [2008-02-18 14:01 248976]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 15:55 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-03 15:30 171448]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 11:22 219008]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-28 12:58 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 12:37 4186112 C:\Windows\RtHDVCpl.exe]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-07 00:29 249896]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 101136 C:\Windows\KHALMNPR.Exe]
"NeroCheck"="C:\Windows\system32\\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"KiweeHook"="C:\Program Files\Kiwee Toolbar2\1.3.118\kwtbaim.exe" [2008-02-18 14:01 48264]
"devenv"="C:\Windows\system\smvss.exe" [2008-03-03 23:42 34304]
"RegistryMechanic"="" []
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-07 00:29 1816208]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-28 21:03:50 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2916708062-3166946556-1105536220-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{805198C9-8EF6-4D64-A7AB-2110C29C57C5}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{8CBFF5A0-BC38-4058-B764-91E70FAADC8A}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"{6DE27ACA-BF9B-4F8E-B92B-31FD272D2F89}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{E62C89B4-44B4-47E3-A3A0-1CB36627C714}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{57113E69-098F-4B66-862B-2F5A71E49AD6}C:\program files\activision\call of duty 2\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s|Desc=CoD2MP_s
"UDP Query User{A1AEB8E3-C43D-41C9-A06E-66D27165AA75}C:\program files\activision\call of duty 2\cod2mp_s.exe"= TCP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s|Desc=CoD2MP_s
"{3D70DB90-A318-4116-AC88-A801D6C52EA8}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{96E374CA-B67A-4805-9E4A-B5978C81C119}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{4CA92578-8968-437E-9D8E-6D5623FF0FE2}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{156F3F27-181C-4693-85DE-7B221E97E2D7}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{C4554F2E-C896-42BD-857D-4647F4F7C60C}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{2EDFF14C-7DB0-4F4D-BB14-397CCA7BF524}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"{F4B5C900-2503-4410-9E5A-90FA97BCDC6E}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{88EA7DD2-D0A6-406A-BD80-64569F3322E3}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{9CAD50AD-711C-4221-8643-B21C7AE2E3CF}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{135701F1-6B13-40C9-9EAD-6987080820AE}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{F068B452-528F-41D3-8554-19F196B87E9E}"= UDP:N:\Nouveau dossier\Bin32\Crysis.exe:Crysis_32
"{4D33774A-B1AF-49F2-8D85-B79BBBCA99C8}"= TCP:N:\Nouveau dossier\Bin32\Crysis.exe:Crysis_32
"{8412CD16-33B3-41FE-A817-4DE04FF6489E}"= UDP:N:\Nouveau dossier\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B8D3E2D5-8042-4681-B693-F57E0168B5F1}"= TCP:N:\Nouveau dossier\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{22415CAF-5E18-41A9-91CC-EBCD7985C3B8}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{F8FEEC67-927F-4035-8E69-C6E48E9871A0}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A2FED326-BC3F-4BCA-A2B3-5DC91CA63D95}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{A36DB4B9-55EE-4553-8A8F-B150375ACFA9}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{2B73F565-D707-462D-B477-69D68CB89A89}"= UDP:N:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D07939C4-6775-4DDD-B2E0-B9F888B85734}"= TCP:N:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{7EB1F5A5-FABE-4DA2-B2B4-228C82AE69C3}"= UDP:N:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{327E932F-9F31-4EB5-85C7-629D31C7EA1A}"= TCP:N:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{CC5F3BC0-3958-4AD2-A339-DF498833E5F1}"= UDP:N:\conflit\wic.exe:World in Conflict
"{3DEBDA30-F23F-40DF-991D-51F0CD60CDF8}"= TCP:N:\conflit\wic.exe:World in Conflict
"{90D3D478-6007-4F86-8361-4F95BE896BE8}"= UDP:N:\conflit\wic_online.exe:World in Conflict - En ligne uniquement
"{A836A8D0-C488-4F79-815F-8C985E3CC769}"= TCP:N:\conflit\wic_online.exe:World in Conflict - En ligne uniquement
"{30A3C118-32DE-452F-B365-2B0EF7AAA3B6}"= UDP:N:\conflit\wic_ds.exe:World in Conflict - Serveur dédié
"{7456A23D-73D6-4CEE-9159-628404E45C73}"= TCP:N:\conflit\wic_ds.exe:World in Conflict - Serveur dédié
"{570F81AD-7DB0-4A70-BBB1-A0D4CBA7F0A0}"= UDP:N:\ut3\Binaries\UT3.exe:Unreal Tournament 3
"{88BC3ED7-203B-4E9D-9E98-ABA9F0B977CC}"= TCP:N:\ut3\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{8D454791-78DB-4C5B-8331-2DEA27203681}C:\program files\speedcams_serveur\speedcams_serveur.exe"= UDP:C:\program files\speedcams_serveur\speedcams_serveur.exe:SpeedCams_Serveur|Desc=SpeedCams_Serveur
"UDP Query User{EC5B6E01-E2C5-4C8A-B9A4-9FED491E640B}C:\program files\speedcams_serveur\speedcams_serveur.exe"= TCP:C:\program files\speedcams_serveur\speedcams_serveur.exe:SpeedCams_Serveur|Desc=SpeedCams_Serveur

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 20:53]
R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);C:\Windows\system32\drivers\pe3ajbeb.sys [2007-08-22 17:31]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 20:52]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);C:\Windows\system32\drivers\ps7ajbeb.sys [2007-08-22 17:30]
R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);C:\Windows\system32\pr2ajbeb.exe svc []
S3 W8100PCI;D-Link AirPlus G Wireless Driver;C:\Windows\system32\DRIVERS\mrv8k51.sys [2004-01-08 19:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19030640-6ecd-11dc-8d43-001966236e64}]
\shell\AutoRun\command - E:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4cd90cb-562f-11dc-8c09-001966236e64}]
\shell\AutoRun\command - H:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4cd90cd-562f-11dc-8c09-001966236e64}]
\shell\AutoRun\command - J:\TheMark.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4cd90ce-562f-11dc-8c09-001966236e64}]
\shell\AutoRun\command - K:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 15:34:07
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-07 15:36:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-07 14:36:07
ComboFix2.txt 2008-03-06 23:33:56
.
2008-02-22 18:52:39 --- E O F ---
0
Réponse 3 / 21
cristiano ronaldo
 
Elimine ce fichier de emule : N:\emule\BILLPRO POS FOR RESTAURANT 7.0 (KEY+SERIAL).ZIP et ton probleme deviendra une soltion ;)
0
alain8693
 
j'essaie tout de suite
0
alain8693
 
j'ai elimine ce fichier mais c'est toujours pareil. je viens de faire un scan avec hijackthis voici le rapport
Scan saved at 15:26:52, on 07/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Kiwee Toolbar2\1.3.118\kwtbaim.exe
C:\Windows\system\smvss.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll
R3 - URLSearchHook: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - blank (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - blank (file missing)
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.3.118\kwtbaim.exe"
O4 - HKLM\..\Run: [devenv] C:\Windows\system\smvss.exe /w
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
0
Réponse 4 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum stp

++
0
alain8693
 
j'essaie tout de suite merci
0
alain8693
 
j'ai essaye ce que tu m'a dis mais quand je redemarre en mode sans echec quand j'essaie de double cliquer sur run this la fenetre s'ouvre et se referme ausitot donc je ne peut pas continuer
quand j'ai installe le programme un message m' a indique qiue le programme ne s'etait peut etre pas installe correctement cela vient il de ca
j'ai essaye' 3fois sans succes
merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
c'est normal, tu es sous vista ! :)

* Désactiver le contrôle des comptes utilisateurs (le réactiver à la fin de la désinfection) :
* Aller dans démarrer puis panneau de configuration
* Double Cliquer sur l'icône Comptes d'utilisateurs
* Cliquer ensuite sur désactiver et valider.

++
0
Réponse 6 / 21
alain8693
 
dans mon compte utilisateur il n'y a pas de cases desactiver il y a uniquement une case utiliser le controle des comptesd'utilisateurs pour vous aidera gerer votre ordinateur
0
Réponse 7 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
décoche cette case !

++
0
alain8693
 
c'est fait mais je peut toujours pas lancer sd fix
0
Réponse 8 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
essaye en faisant un clic droit dessus => utiliser en tant qu'administrateur

++
0
alain8693
 
non ca ne marche pas non plus la fenetre se referme aussitot
0
Réponse 9 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
mince ! :/

poste un nouveau rapport EliBagle stp

++
0
alain8693
 
merci a toi green day mais je doit m'en aller je reessairai demain avec un nouveau post
vous etes vraiment cool
0
Réponse 10 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

poste un nouveau rapport EliBagle stp

++
0
alain8693
 
quand je fais un scan avec elibagle je ne trouve plus de rapport a la fin j'ai pourtant cherche partout
par contre j'ai reussi a faire un rapport avec sd fix mais uniquement en mode normal pas en mode sans echec je le ets peut etre cela pourra servir merci

[b]System Report[/b]
*************

Run on 09/03/2008 at 20:15

Microsoft Windows [version 6.0.6000]

Current user is not an administrator

[b]Running Processes[/b]:

C:\Windows\system32\taskeng.exe [1780]
C:\Windows\system32\Dwm.exe [1848]
C:\Windows\Explorer.EXE [1872]
C:\Windows\RtHDVCpl.exe [376]
C:\Windows\System32\rundll32.exe [468]
C:\Windows\WindowsMobile\wmdSync.exe [552]
C:\Program Files\Kiwee Toolbar2\1.3.118\kwtbaim.exe [608]
C:\Windows\system\smvss.exe [668]
C:\Windows\System32\rundll32.exe [1076]
C:\Program Files\Windows Sidebar\sidebar.exe [1420]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [1456]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [1484]
C:\Program Files\Windows Media Player\wmpnscfg.exe [1636]
C:\Program Files\eMule\emule.exe [1728]
C:\Program Files\Logitech\SetPoint\SetPoint.exe [1792]
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE [564]
C:\Windows\system32\conime.exe [2268]
C:\Program Files\Internet Explorer\iexplore.exe [4084]
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe [2220]


[b]Drivers - Running[/b]:

ACPI
AFD
atapi
avgio
avipbb
Beep
bowser
cdrom
CLFS
crcdisk
DfsC
disk
Ecache
FileInfo
FltMgr
HTTP
i8042prt
irda
kbdclass
KSecDD
lltdio
luafv
mouclass
MountMgr
MRxDAV
mrxsmb
mrxsmb10
mrxsmb20
Msfs
msisadrv
Mup
NativeWifiP
NDIS
NetBIOS
netbt
Npfs
nsiproxy
Null
Parport
partmgr
Parvdm
pci
PCLEPCI
pe3ah4nc
pe3ajbeb
PEAUTH
PptpMiniport
ps6ah4nc
ps7ajbeb
PSched
RasAcd
rdbss
RDPCDD
RDPENCDD
rspndr
secdrv
Serial
Smb
spldr
sptd
srv
srv2
srvnet
ssmdrv
Tcpip
tcpipreg
tdx
TermDD
uagp35
VgaSave
viaide
volmgr
volmgrx
volsnap
Wanarpv6
Wdf01000


[b]Drivers - Stopped[/b]:

adp94xx
adpahci
adpu160m
adpu320
aic78xx
aliide
amdagp
amdide
AmdK7
AmdK8
arc
arcsas
AsyncMac
avgntflt
blbdrive
BrFiltLo
BrFiltUp
Brserid
BrSerWdm
BrUsbMdm
BrUsbSer
BTHMODEM
catchme
cdfs
circlass
cmdide
Compbatt
Crusoe
drmkaud
DXGKrnl
E1G60
elxstor
fastfat
fdc
FETNDIS
Filetrace
flpydisk
gagp30kx
HdAudAddService
HidBth
HidIr
HidUsb
HpCISSs
i2omp
iaStorV
iirsp
IntcAzAudAddService
intelide
intelppm
IpFilterDriver
IpInIp
IPMIDRV
IPNAT
IRENUM
irsir
isapnp
iScsiPrt
iteatapi
iteraid
kbdhid
L8042Kbd
L8042mou
LMouKE
LSI_FC
LSI_SAS
LSI_SCSI
megasas
Modem
monitor
mouhid
mpio
mpsdrv
Mraid35x
msahci
msdsm
MSKSSRV
MSPCLOCK
MSPQM
MsRPC
MSTEE
NdisTapi
Ndisuio
NdisWan
NDProxy
nfrd960
Ntfs
ntrigdigi
nvlddmkm
nvraid
nvstor
nv_agp
NwlnkFlt
NwlnkFwd
ohci1394
pciide
pcmcia
Processor
ql2300
ql40xx
QWAVEdrv
Rasl2tp
RasPppoe
rdpdr
RDPWD
RT61
sbp2port
Serenum
sermouse
sffdisk
sffp_mmc
sffp_sd
sfloppy
SiSRaid2
SiSRaid4
swenum
Symc8xx
Sym_hi
Sym_u3
Tcpip6
TDPIPE
TDTCP
tssecsrv
tunmp
tunnel
udfs
uliagpkx
uliahci
UlSata
ulsata2
umbus
usbccgp
usbcir
usbehci
usbhub
usbohci
usbprint
usbscan
USBSTOR
usbuhci
vga
viaagp
ViaC7
vsmraid
W8100PCI
WacomPen
Wanarp
Wd
winusb
WmiAcpi
ws2ifsl
WUDFRd


[b]Services - Running[/b]:

AeLookupSvc
AudioEndpointBuilder
Audiosrv
BFE
Browser
CryptSvc
DcomLaunch
Dhcp
Dnscache
DPS
EapHost
EMDMgmt
Eventlog
EventSystem
FDResPub
gpsvc
IKEEXT
iphlpsvc
Irmon
KeyIso
LanmanServer
LanmanWorkstation
lmhosts
MMCSS
Netman
netprofm
NlaSvc
nsi
PcaSvc
PlugPlay
PnkBstrA
PolicyAgent
ProfSvc
RapiMgr
RasMan
RpcSs
SamSs
Schedule
seclogon
SENS
ShellHWDetection
slsvc
Spooler
SSDPSRV
StarWindServiceAE
stisvc
SysMain
TabletInputService
TapiSrv
TermService
Themes
TrkWks
upnphost
usnjsvc
UxSms
UxTuneUp
W32Time
WcesComm
WdiSystemHost
WebClient
WerSvc
WinHttpAutoProxySvc
Winmgmt
WMPNetworkSvc
WPDBusEnum
WSearch
wudfsvc


[b]Services - Stopped[/b]:

ALG
AntiVirScheduler
AntiVirService
Appinfo
BITS
CertPropSvc
clr_optimization_v2.0.50727_32
COMSysApp
DFSR
dot3svc
fdPHost
FontCache3.0.0.0
gusvc
hidserv
hkmsvc
idsvc
IPBusEnum
KtmRm
lltdsvc
MpsSvc
MSDTC
MSiSCSI
msiserver
napagent
Netlogon
NetTcpPortSharing
p2pimsvc
p2psvc
pla
PNRPAutoReg
PNRPsvc
pr2ah4nc
pr2ajbeb
ProtectedStorage
QWAVE
RasAuto
RemoteAccess
RemoteRegistry
RpcLocator
SCardSvr
SCPolicySvc
SDRSVC
SessionEnv
SharedAccess
SLUINotify
SNMPTRAP
swprv
TBS
THREADORDER
TrustedInstaller
UI0Detect
vds
VSS
wcncsvc
WcsPlugInService
WdiServiceHost
Wecsvc
wercplsupport
WinDefend
WinRM
Wlansvc
WLSetupSvc
wmiApSrv
WPCSvc
wscsvc
wuauserv


[b]Files Created/Modified - 60 Days[/b]:


C:\

9 Mar 2008 14:14:14 18 724 A.... "C:\ComboFix.txt"
7 Mar 2008 15:04:02 0 A.... "C:\ntuser.dat"
7 Mar 2008 15:04:02 0 A..H. "C:\ntuser.dat.LOG1"
7 Mar 2008 15:04:02 0 A..H. "C:\ntuser.dat.LOG2"
9 Mar 2008 20:13:04 1 610 612 736 A.SH. "C:\pagefile.sys"


C:\Windows\

9 Mar 2008 20:13:10 67 584 A.S.. "C:\Windows\bootstat.dat"
9 Mar 2008 20:11:54 291 582 A.... "C:\Windows\ntbtlog.txt"
7 Feb 2008 15:07:10 0 A.... "C:\Windows\OpPrintServer.INI"
9 Mar 2008 14:11:56 664 A.... "C:\Windows\PFRO.log"
5 Mar 2008 23:58:14 1 409 A.... "C:\Windows\QTFont.for"
5 Mar 2008 23:58:14 54 156 A..H. "C:\Windows\QTFont.qfn"
20 Feb 2008 16:22:16 253 952 ..... "C:\Windows\Setup1.exe"
20 Feb 2008 16:22:16 74 752 A.... "C:\Windows\ST6UNST.EXE"
9 Mar 2008 14:12:26 215 A.... "C:\Windows\system.ini"
21 Feb 2008 18:17:46 90 A.... "C:\Windows\TLCAPPS.INI"
6 Mar 2008 0:18:36 12 A.... "C:\Windows\Ulead32.ini"
9 Mar 2008 20:09:42 1 434 886 A.... "C:\Windows\WindowsUpdate.log"
15 Feb 2008 13:59:44 2 144 256 A.... "C:\Windows\AppPatch\AcGenral.dll"
15 Feb 2008 13:59:44 537 600 A.... "C:\Windows\AppPatch\AcLayers.dll"
15 Feb 2008 13:59:44 2 560 A.... "C:\Windows\AppPatch\AcRes.dll"
15 Feb 2008 13:59:44 449 536 A.... "C:\Windows\AppPatch\AcSpecfc.dll"
15 Feb 2008 13:59:44 173 056 A.... "C:\Windows\AppPatch\AcXtrnal.dll"
15 Feb 2008 13:59:44 82 194 A.... "C:\Windows\AppPatch\drvmain.sdb"
15 Feb 2008 13:56:56 52 736 A.... "C:\Windows\AppPatch\iebrshim.dll"
15 Feb 2008 13:59:44 1 534 322 A.... "C:\Windows\AppPatch\msimain.sdb"
15 Feb 2008 13:59:44 22 618 A.... "C:\Windows\AppPatch\pcamain.sdb"
15 Feb 2008 13:59:44 3 217 016 A.... "C:\Windows\AppPatch\sysmain.sdb"
15 Feb 2008 13:59:44 2 144 256 A.... "C:\Windows\AppPatch\AcGenral.dll"
15 Feb 2008 13:59:44 537 600 A.... "C:\Windows\AppPatch\AcLayers.dll"
15 Feb 2008 13:59:44 2 560 A.... "C:\Windows\AppPatch\AcRes.dll"
15 Feb 2008 13:59:44 449 536 A.... "C:\Windows\AppPatch\AcSpecfc.dll"
15 Feb 2008 13:59:44 173 056 A.... "C:\Windows\AppPatch\AcXtrnal.dll"
15 Feb 2008 13:59:44 82 194 A.... "C:\Windows\AppPatch\drvmain.sdb"
15 Feb 2008 13:56:56 52 736 A.... "C:\Windows\AppPatch\iebrshim.dll"
15 Feb 2008 13:59:44 1 534 322 A.... "C:\Windows\AppPatch\msimain.sdb"
15 Feb 2008 13:59:44 22 618 A.... "C:\Windows\AppPatch\pcamain.sdb"
15 Feb 2008 13:59:44 3 217 016 A.... "C:\Windows\AppPatch\sysmain.sdb"
9 Mar 2008 20:13:10 0 A.... "C:\Windows\Debug\PASSWD.LOG"
18 Jan 2008 12:17:22 507 A.... "C:\Windows\Downloaded Program Files\OSDED4D.OSD"
8 Mar 2008 23:54:10 110 A.... "C:\Windows\erdnt\CFrecovery.bat"
15 Feb 2008 14:54:54 665 600 A.... "C:\Windows\inf\drvindex.dat"
29 Feb 2008 15:41:14 1 682 944 A.... "C:\Windows\inf\INFCACHE.1"
29 Feb 2008 15:41:14 51 200 A.... "C:\Windows\inf\infpub.dat"
29 Feb 2008 15:41:14 86 016 A.... "C:\Windows\inf\infstor.dat"
29 Feb 2008 15:41:14 86 016 A.... "C:\Windows\inf\infstrng.dat"
15 Feb 2008 14:54:54 65 966 A.... "C:\Windows\inf\keyboard.inf"
15 Feb 2008 14:54:56 96 528 A.... "C:\Windows\inf\keyboard.PNF"
15 Feb 2008 14:54:32 47 458 A.... "C:\Windows\inf\mshdc.inf"
15 Feb 2008 14:54:34 82 344 A.... "C:\Windows\inf\mshdc.PNF"
15 Feb 2008 14:54:54 56 342 A.... "C:\Windows\inf\msmouse.inf"
15 Feb 2008 14:54:58 99 376 A.... "C:\Windows\inf\msmouse.PNF"
9 Jan 2008 23:35:18 1 718 A.... "C:\Windows\inf\oem14.inf"
9 Jan 2008 23:35:20 8 428 A.... "C:\Windows\inf\oem14.PNF"
7 Feb 2008 14:58:30 11 568 A.... "C:\Windows\inf\oem15.PNF"
7 Feb 2008 15:09:28 3 030 A.... "C:\Windows\inf\oem16.inf"
7 Feb 2008 15:09:28 11 568 A.... "C:\Windows\inf\oem16.PNF"
29 Feb 2008 15:41:14 35 940 A.... "C:\Windows\inf\oem17.inf"
29 Feb 2008 15:41:14 25 216 A.... "C:\Windows\inf\oem17.PNF"
18 Feb 2008 22:12:18 13 408 A.... "C:\Windows\inf\setupapi.ev1"
18 Feb 2008 22:12:18 24 984 A.... "C:\Windows\inf\setupapi.ev2"
18 Feb 2008 22:12:18 239 616 A.... "C:\Windows\inf\setupapi.ev3"
9 Mar 2008 20:13:26 1 437 452 A.... "C:\Windows\inf\setupapi.app.log"
29 Feb 2008 15:41:14 8 506 647 A.... "C:\Windows\inf\setupapi.dev.log"
7 Feb 2008 14:58:02 34 156 A.... "C:\Windows\inf\sti.PNF"
15 Feb 2008 14:59:40 98 088 A.... "C:\Windows\inf\usbport.PNF"
10 Jan 2008 16:00:04 2 062 A.... "C:\Windows\inf\volume.inf"
10 Jan 2008 16:00:04 6 260 A.... "C:\Windows\inf\volume.PNF"
18 Feb 2008 21:18:34 236 404 A.... "C:\Windows\inf\wceusbsh.PNF"
18 Feb 2008 21:18:34 50 636 A.... "C:\Windows\inf\winmobil.PNF"
15 Feb 2008 14:57:44 682 072 A.... "C:\Windows\rescache\ResCache.mni"
15 Feb 2008 14:02:28 18 432 A.... "C:\Windows\servicing\CbsMsg.dll"
3 Mar 2008 23:42:42 34 304 A.... "C:\Windows\system\smvss.exe"
9 Mar 2008 20:13:16 3 952 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0"
9 Mar 2008 20:13:16 3 952 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0"
9 Mar 2008 20:13:16 3 952 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0"
15 Feb 2008 13:57:00 124 928 A.... "C:\Windows\System32\advpack.dll"
15 Feb 2008 14:02:26 12 800 A.... "C:\Windows\System32\batt.dll"
15 Feb 2008 14:02:28 19 456 A.... "C:\Windows\System32\cfgmgr32.dll"
15 Feb 2008 14:02:28 224 824 A.... "C:\Windows\System32\clfs.sys"
6 Mar 2008 0:23:52 2 577 A.... "C:\Windows\System32\config.nt"
15 Feb 2008 14:02:26 35 328 A.... "C:\Windows\System32\dispci.dll"
15 Feb 2008 14:02:28 260 096 A.... "C:\Windows\System32\dpx.dll"
15 Feb 2008 14:02:28 101 888 A.... "C:\Windows\System32\drvinst.exe"
15 Feb 2008 13:56:56 347 136 A.... "C:\Windows\System32\dxtmsft.dll"
15 Feb 2008 13:56:56 214 528 A.... "C:\Windows\System32\dxtrans.dll"
15 Feb 2008 14:02:26 7 168 A.... "C:\Windows\System32\f3ahvoas.dll"
6 Mar 2008 0:08:48 252 680 A.... "C:\Windows\System32\FNTCACHE.DAT"
15 Feb 2008 13:59:44 1 686 528 A.... "C:\Windows\System32\gameux.dll"
15 Feb 2008 13:56:54 63 488 A.... "C:\Windows\System32\icardie.dll"
15 Feb 2008 13:56:52 70 656 A.... "C:\Windows\System32\ie4uinit.exe"
15 Feb 2008 13:57:00 383 488 A.... "C:\Windows\System32\ieapfltr.dll"
15 Feb 2008 13:57:10 6 066 176 A.... "C:\Windows\System32\ieframe.dll"
15 Feb 2008 13:56:52 44 544 A.... "C:\Windows\System32\iernonce.dll"
15 Feb 2008 13:56:52 56 320 A.... "C:\Windows\System32\iesetup.dll"
15 Feb 2008 13:57:10 180 736 A.... "C:\Windows\System32\ieui.dll"
15 Feb 2008 13:56:52 26 624 A.... "C:\Windows\System32\ieUnatt.exe"
15 Feb 2008 13:56:54 1 831 424 A.... "C:\Windows\System32\inetcpl.cpl"
15 Feb 2008 13:57:00 27 648 A.... "C:\Windows\System32\jsproxy.dll"
15 Feb 2008 14:02:28 6 656 A.... "C:\Windows\System32\kbd106n.dll"
15 Feb 2008 14:02:26 115 200 A.... "C:\Windows\System32\loadperf.dll"
15 Feb 2008 14:02:26 39 424 A.... "C:\Windows\System32\lodctr.exe"
5 Feb 2008 0:09:46 18 214 008 A.... "C:\Windows\System32\mrt.exe"
15 Feb 2008 13:57:04 3 592 192 A.... "C:\Windows\System32\mshtml.dll"
15 Feb 2008 13:57:02 1 383 424 A.... "C:\Windows\System32\mshtml.tlb"
15 Feb 2008 13:57:08 478 208 A.... "C:\Windows\System32\mshtmled.dll"
15 Feb 2008 13:56:54 671 232 A.... "C:\Windows\System32\mstime.dll"
15 Feb 2008 14:00:10 24 064 A.... "C:\Windows\System32\netcfg.exe"
15 Feb 2008 14:00:10 22 016 A.... "C:\Windows\System32\netiougc.exe"
15 Feb 2008 14:02:26 23 552 A.... "C:\Windows\System32\nshhttp.dll"
15 Feb 2008 14:00:30 3 504 696 A.... "C:\Windows\System32\ntkrnlpa.exe"
15 Feb 2008 14:00:30 3 470 392 A.... "C:\Windows\System32\ntoskrnl.exe"
15 Feb 2008 14:02:28 558 080 A.... "C:\Windows\System32\oleaut32.dll"
28 Feb 2008 22:31:04 107 416 A.... "C:\Windows\System32\perfc009.dat"
28 Feb 2008 22:31:04 121 814 A.... "C:\Windows\System32\perfc00C.dat"
28 Feb 2008 22:31:04 618 272 A.... "C:\Windows\System32\perfh009.dat"
28 Feb 2008 22:31:04 699 984 A.... "C:\Windows\System32\perfh00C.dat"
28 Feb 2008 22:31:04 1 538 854 A.... "C:\Windows\System32\PerfStringBackup.INI"
15 Feb 2008 13:57:00 44 544 A.... "C:\Windows\System32\pngfilt.dll"
15 Feb 2008 14:02:26 17 408 A.... "C:\Windows\System32\prflbmsg.dll"
15 Feb 2008 14:02:24 595 456 A.... "C:\Windows\System32\schedsvc.dll"
15 Feb 2008 14:02:28 1 585 664 A.... "C:\Windows\System32\setupapi.dll"
15 Feb 2008 14:00:10 167 424 A.... "C:\Windows\System32\tcpipcfg.dll"
15 Feb 2008 14:02:28 221 696 A.... "C:\Windows\System32\umpnpmgr.dll"
15 Feb 2008 14:02:26 32 256 A.... "C:\Windows\System32\unlodctr.exe"
15 Feb 2008 13:57:00 1 159 680 A.... "C:\Windows\System32\urlmon.dll"
15 Feb 2008 14:03:42 194 560 A.... "C:\Windows\System32\WebClnt.dll"
15 Feb 2008 13:57:00 824 832 A.... "C:\Windows\System32\wininet.dll"
15 Feb 2008 14:02:26 943 800 A.... "C:\Windows\System32\winload.exe"
15 Feb 2008 14:02:28 613 888 A.... "C:\Windows\System32\wpd_ci.dll"
29 Feb 2008 17:28:50 424 A.... "C:\Windows\Tasks\Maintenance en 1 clic.job"
9 Mar 2008 20:13:14 6 A..H. "C:\Windows\Tasks\SA.DAT"
9 Mar 2008 20:09:42 32 594 A.... "C:\Windows\Tasks\SCHEDLGU.TXT"
8 Mar 2008 23:30:32 434 A..H. "C:\Windows\Tasks\User_Feed_Synchronization-{64AE2160-D476-4FC7-AEB3-367CBBD7AA92}.job"
9 Mar 2008 18:41:40 11 514 A.... "C:\Windows\TEMP\lpksetup-20080309-184129-0.log"
9 Mar 2008 18:41:40 622 A.... "C:\Windows\TEMP\lpksetup-20080309-184138-0.log"
9 Mar 2008 19:18:52 11 514 A.... "C:\Windows\TEMP\lpksetup-20080309-191842-0.log"
9 Mar 2008 19:18:52 622 A.... "C:\Windows\TEMP\lpksetup-20080309-191851-0.log"
15 Feb 2008 14:55:06 2 556 A.... "C:\Windows\winsxs\cleanup.xml"
19 Feb 2008 12:14:54 82 A.... "C:\Windows\winsxs\poqexec.log"
9 Mar 2008 19:03:42 0 A.... "C:\Windows\Debug\UserMode\ChkAcc.bak"
9 Mar 2008 20:13:12 0 A.... "C:\Windows\Debug\UserMode\ChkAcc.log"
7 Feb 2008 15:33:56 5 033 A.... "C:\Windows\Debug\WIA\wiatrace.log"
9 Mar 2008 18:29:50 290 816 A.... "C:\Windows\erdnt\dss\default"
9 Mar 2008 18:29:26 220 A.... "C:\Windows\erdnt\dss\README.txt"
9 Mar 2008 18:29:26 57 344 A.... "C:\Windows\erdnt\dss\sam"
9 Mar 2008 18:29:42 20 455 424 A.... "C:\Windows\erdnt\dss\software"
9 Mar 2008 18:29:48 10 735 616 A.... "C:\Windows\erdnt\dss\system"
8 Mar 2008 23:50:46 10 235 904 A.... "C:\Windows\erdnt\Hiv-backup\COMPON~2"
8 Mar 2008 23:50:44 118 784 A.... "C:\Windows\erdnt\Hiv-backup\DEFAULT"
8 Mar 2008 23:50:46 814 A.... "C:\Windows\erdnt\Hiv-backup\ERDNT.CON"
8 Mar 2008 23:50:46 1 055 A.... "C:\Windows\erdnt\Hiv-backup\ERDNT.INF"
8 Mar 2008 23:50:44 57 344 A.... "C:\Windows\erdnt\Hiv-backup\SAM"
8 Mar 2008 23:50:42 24 576 A.... "C:\Windows\erdnt\Hiv-backup\SECURITY"
8 Mar 2008 23:50:44 20 684 800 A.... "C:\Windows\erdnt\Hiv-backup\SOFTWARE"
8 Mar 2008 23:50:44 15 876 096 A.... "C:\Windows\erdnt\Hiv-backup\SYSTEM"
8 Mar 2008 23:54:16 10 235 904 A.... "C:\Windows\erdnt\subs\COMPON~2"
8 Mar 2008 23:54:14 122 880 A.... "C:\Windows\erdnt\subs\DEFAULT"
8 Mar 2008 23:54:16 814 A.... "C:\Windows\erdnt\subs\ERDNT.CON"
8 Mar 2008 23:54:16 546 A.... "C:\Windows\erdnt\subs\ERDNT.INF"
8 Mar 2008 23:54:14 57 344 A.... "C:\Windows\erdnt\subs\SAM"
8 Mar 2008 23:54:12 24 576 A.... "C:\Windows\erdnt\subs\SECURITY"
8 Mar 2008 23:54:14 20 684 800 A.... "C:\Windows\erdnt\subs\SOFTWARE"
8 Mar 2008 23:54:22 65 536 A.SH. "C:\Windows\erdnt\subs\SOFTWARE{313f5a53-ed5c-11dc-b44e-001966236e64}.TM.blf"
8 Mar 2008 23:54:22 262 144 A..H. "C:\Windows\erdnt\subs\software.LOG1"
8 Mar 2008 23:54:22 524 288 A.SH. "C:\Windows\erdnt\subs\SOFTWARE{313f5a53-ed5c-11dc-b44e-001966236e64}.TMContainer00000000000000000001.regtrans-ms"
8 Mar 2008 23:54:20 0 A..H. "C:\Windows\erdnt\subs\software.LOG2"
8 Mar 2008 23:54:22 524 288 A.SH. "C:\Windows\erdnt\subs\SOFTWARE{313f5a53-ed5c-11dc-b44e-001966236e64}.TMContainer00000000000000000002.regtrans-ms"
8 Mar 2008 23:54:14 15 876 096 A.... "C:\Windows\erdnt\subs\SYSTEM"
8 Mar 2008 23:54:22 65 536 A.SH. "C:\Windows\erdnt\subs\SYSTEM{313f5a4f-ed5c-11dc-b44e-001966236e64}.TM.blf"
8 Mar 2008 23:54:22 262 144 A..H. "C:\Windows\erdnt\subs\system.LOG1"
8 Mar 2008 23:54:22 524 288 A.SH. "C:\Windows\erdnt\subs\SYSTEM{313f5a4f-ed5c-11dc-b44e-001966236e64}.TMContainer00000000000000000001.regtrans-ms"
8 Mar 2008 23:54:20 0 A..H. "C:\Windows\erdnt\subs\system.LOG2"
8 Mar 2008 23:54:22 524 288 A.SH. "C:\Windows\erdnt\subs\SYSTEM{313f5a4f-ed5c-11dc-b44e-001966236e64}.TMContainer00000000000000000002.regtrans-ms"
28 Feb 2008 22:29:26 3 766 A.... "C:\Windows\inf\WmiApRpl\WmiApRpl.h"
9 Mar 2008 20:09:42 19 393 445 A.... "C:\Windows\Logs\CBS\CBS.log"
15 Feb 2008 14:55:08 55 107 321 A.... "C:\Windows\Logs\CBS\CBS.persist.log"
18 Feb 2008 21:20:44 12 610 A.... "C:\Windows\Logs\DPX\setupact.log"
18 Feb 2008 21:20:44 12 610 A.... "C:\Windows\Logs\DPX\setuperr.log"
27 Feb 2008 15:42:04 23 994 A.... "C:\Windows\Performance\WinSAT\winsat.log"
15 Feb 2008 14:57:44 775 496 A.... "C:\Windows\rescache\rc0003\Segment0.cmf"
15 Feb 2008 14:57:44 48 064 A.... "C:\Windows\rescache\rc0003\Segment0.toc"
15 Feb 2008 14:57:46 845 032 A.... "C:\Windows\rescache\rc0003\Segment1.cmf"
15 Feb 2008 14:57:46 48 064 A.... "C:\Windows\rescache\rc0003\Segment1.toc"
15 Feb 2008 14:57:46 1 300 551 A.... "C:\Windows\rescache\rc0003\Segment2.cmf"
15 Feb 2008 14:57:46 48 064 A.... "C:\Windows\rescache\rc0003\Segment2.toc"
15 Feb 2008 14:57:46 916 769 A.... "C:\Windows\rescache\rc0003\Segment3.cmf"
15 Feb 2008 14:57:46 48 064 A.... "C:\Windows\rescache\rc0003\Segment3.toc"
15 Feb 2008 14:57:46 1 142 717 A.... "C:\Windows\rescache\rc0003\Segment4.cmf"
15 Feb 2008 14:57:46 48 064 A.... "C:\Windows\rescache\rc0003\Segment4.toc"
15 Feb 2008 14:57:46 376 632 A.... "C:\Windows\rescache\rc0003\Segment5.cmf"
15 Feb 2008 14:57:46 48 064 A.... "C:\Windows\rescache\rc0003\Segment5.toc"
19 Jan 2008 3:36:58 10 964 A.... "C:\Windows\servicing\Packages\Package_for_KB937287_client~31bf3856ad364e35~x86~~6.0.1.18000.cat"
15 Jan 2008 2:48:30 4 745 A.... "C:\Windows\servicing\Packages\Package_1_for_KB946456~31bf3856ad364e35~x86~~6.0.1.4.mum"
19 Jan 2008 3:36:58 10 964 A.... "C:\Windows\servicing\Packages\Package_for_KB937287_client_0~31bf3856ad364e35~x86~~6.0.1.18000.cat"
14 Jan 2008 2:05:46 3 504 A.... "C:\Windows\servicing\Packages\Package_1_for_KB946026~31bf3856ad364e35~x86~~6.0.1.3.mum"
15 Jan 2008 2:45:06 17 696 A.... "C:\Windows\servicing\Packages\Package_1_for_KB946456~31bf3856ad364e35~x86~~6.0.1.4.cat"
19 Jan 2008 3:36:38 1 889 A.... "C:\Windows\servicing\Packages\Package_1_for_KB937287~31bf3856ad364e35~x86~~6.0.1.18000.mum"
30 Jan 2008 19:20:20 2 408 A.... "C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.16.0.mum"
19 Jan 2008 21:04:14 7 815 A.... "C:\Windows\servicing\Packages\Package_2_for_KB943899~31bf3856ad364e35~x86~~6.0.2.1.mum"
14 Jan 2008 2:01:46 14 740 A.... "C:\Windows\servicing\Packages\Package_1_for_KB946026~31bf3856ad364e35~x86~~6.0.1.3.cat"
30 Jan 2008 19:39:38 1 897 A.... "C:\Windows\servicing\Packages\Package_for_KB943302~31bf3856ad364e35~x86~~6.0.2.1.mum"
19 Jan 2008 3:36:58 24 195 A.... "C:\Windows\servicing\Packages\Package_1_for_KB937287~31bf3856ad364e35~x86~~6.0.1.18000.cat"
19 Jan 2008 21:00:20 33 241 A.... "C:\Windows\servicing\Packages\Package_2_for_KB943899~31bf3856ad364e35~x86~~6.0.2.1.cat"
19 Jan 2008 21:04:14 2 400 A.... "C:\Windows\servicing\Packages\Package_1_for_KB943899~31bf3856ad364e35~x86~~6.0.2.1.mum"
30 Jan 2008 19:40:42 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB943302~31bf3856ad364e35~x86~~6.0.2.1.cat"
19 Jan 2008 21:00:14 12 686 A.... "C:\Windows\servicing\Packages\Package_1_for_KB943899~31bf3856ad364e35~x86~~6.0.2.1.cat"
19 Jan 2008 21:04:14 2 108 A.... "C:\Windows\servicing\Packages\Package_for_KB943899~31bf3856ad364e35~x86~~6.0.2.1.mum"
19 Jan 2008 3:36:38 1 565 A.... "C:\Windows\servicing\Packages\Package_for_KB937287~31bf3856ad364e35~x86~~6.0.1.18000.mum"
19 Jan 2008 21:00:08 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB943899~31bf3856ad364e35~x86~~6.0.2.1.cat"
30 Jan 2008 19:16:16 12 686 A.... "C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.16.0.cat"
19 Jan 2008 3:36:38 1 556 A.... "C:\Windows\servicing\Packages\Package_for_KB937287_client~31bf3856ad364e35~x86~~6.0.1.18000.mum"
19 Jan 2008 3:36:38 1 551 A.... "C:\Windows\servicing\Packages\Package_for_KB937287_client_0~31bf3856ad364e35~x86~~6.0.1.18000.mum"
30 Jan 2008 19:39:38 7 768 A.... "C:\Windows\servicing\Packages\Package_2_for_KB943302~31bf3856ad364e35~x86~~6.0.2.1.mum"
19 Jan 2008 3:36:58 10 964 A.... "C:\Windows\servicing\Packages\Package_for_KB937287~31bf3856ad364e35~x86~~6.0.1.18000.cat"
30 Jan 2008 19:39:38 3 764 A.... "C:\Windows\servicing\Packages\Package_1_for_KB943302~31bf3856ad364e35~x86~~6.0.2.1.mum"
30 Jan 2008 19:40:56 21 450 A.... "C:\Windows\servicing\Packages\Package_2_for_KB943302~31bf3856ad364e35~x86~~6.0.2.1.cat"
30 Jan 2008 19:40:50 16 182 A.... "C:\Windows\servicing\Packages\Package_1_for_KB943302~31bf3856ad364e35~x86~~6.0.2.1.cat"
19 Feb 2008 11:37:20 9 153 253 A.... "C:\Windows\System32\CodeIntegrity\bootcat.cache"
15 Feb 2008 14:00:30 21 560 A.... "C:\Windows\System32\drivers\atapi.sys"
15 Feb 2008 14:00:30 109 624 A.... "C:\Windows\System32\drivers\ataport.sys"
15 Feb 2008 14:02:26 54 784 A.... "C:\Windows\System32\drivers\i8042prt.sys"
15 Feb 2008 14:02:26 35 384 A.... "C:\Windows\System32\drivers\kbdclass.sys"
15 Feb 2008 14:02:26 34 360 A.... "C:\Windows\System32\drivers\mouclass.sys"
15 Feb 2008 14:03:42 110 080 A.... "C:\Windows\System32\drivers\mrxdav.sys"
15 Feb 2008 14:00:10 216 632 A.... "C:\Windows\System32\drivers\netio.sys"
10 Jan 2008 15:55:34 1 060 920 A.... "C:\Windows\System32\drivers\ntfs.sys"
15 Feb 2008 14:00:28 154 624 A.... "C:\Windows\System32\drivers\nwifi.sys"
15 Feb 2008 14:00:30 45 112 A.... "C:\Windows\System32\drivers\pciidex.sys"
15 Feb 2008 14:02:26 19 968 A.... "C:\Windows\System32\drivers\sermouse.sys"
15 Feb 2008 14:00:10 803 328 A.... "C:\Windows\System32\drivers\tcpip.sys"
15 Feb 2008 14:00:30 20 024 A.... "C:\Windows\System32\drivers\viaide.sys"
10 Jan 2008 15:55:34 211 000 A.... "C:\Windows\System32\drivers\volsnap.sys"
15 Feb 2008 14:02:26 495 160 A.... "C:\Windows\System32\drivers\Wdf01000.sys"
15 Feb 2008 14:02:28 35 384 A.... "C:\Windows\System32\drivers\WdfLdr.sys"
15 Feb 2008 14:00:10 49 152 A.... "C:\Windows\System32\migration\netiomig.dll"
8 Mar 2008 23:23:06 458 752 A.... "C:\Windows\System32\NDF\eventlog.etl"
9 Mar 2008 19:05:52 5 479 A.... "C:\Windows\System32\spool\spooler.xml"
9 Mar 2008 20:13:22 4 096 ..... "C:\Windows\System32\spool\SpoolerETW.etl"
15 Feb 2008 14:03:06 101 888 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_drvinst.exe_6593e92a"
15 Feb 2008 14:03:06 3 692 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_umpnpmgr.mof_112f9e6c"
15 Feb 2008 14:03:06 39 424 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_lodctr.exe_b02cefba"
15 Feb 2008 13:58:36 195 203 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlactivexcompat_31bf3856ad364e35_6.0.6000.16609_none_1592313b129ab58c.manifest"
15 Feb 2008 14:03:06 3 726 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198.manifest"
15 Feb 2008 14:03:06 53 248 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_0b0664296d2c92b1_setupapi.dll.mui_bcc172a4"
15 Feb 2008 14:03:06 88 936 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16609_none_bb22ee81fe4b8646.manifest"
15 Feb 2008 14:00:12 22 016 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a_netiougc.exe_94123cfe"
15 Feb 2008 14:03:06 30 674 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_perfd.dat_f1e3dfd2"
15 Feb 2008 14:00:34 3 470 392 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934_ntoskrnl.exe_0fb0ab79"
15 Feb 2008 14:00:12 167 424 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a_tcpipcfg.dll_e3a99e8a"
15 Feb 2008 14:03:06 3 472 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913_clfs.mof_04dfde60"
15 Feb 2008 13:58:40 3 592 192 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16609_none_1165d69024face3a_mshtml.dll_fab8f891"
15 Feb 2008 14:00:36 3 504 696 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934_ntkrnlpa.exe_165c312a"
15 Feb 2008 14:03:06 287 440 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_perfi.dat_e3a35ecf"
15 Feb 2008 14:00:12 216 632 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16627_none_54a6905db830dfb1_netio.sys_a06e75d0"
15 Feb 2008 13:58:42 64 512 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504_wininetplugin.dll_f2ff35f9"
15 Feb 2008 13:58:38 6 066 176 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16609_none_62c53093b0f05c67_ieframe.dll_c6cbe33f"
15 Feb 2008 13:58:42 824 832 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504_wininet.dll_790e2e3a"
10 Jan 2008 15:55:36 15 275 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d.manifest"
15 Feb 2008 14:03:06 17 524 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23.manifest"
15 Feb 2008 14:03:06 8 279 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913.manifest"
15 Feb 2008 14:03:06 3 685 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_drvinst.mof_6593cf80"
15 Feb 2008 13:58:38 829 928 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16609_none_62c53093b0f05c67.manifest"
15 Feb 2008 14:03:06 3 689 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.16609_none_33181da4c90f2d73_setupapi.mof_8d9de59f"
15 Feb 2008 13:58:42 347 136 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16609_none_95e9130384756585_dxtmsft.dll_4b67eac6"
15 Feb 2008 14:03:06 120 320 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_cntrtextmig.dll_08675f2d"
15 Feb 2008 13:58:38 1 383 424 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16609_none_1165d69024face3a_mshtml.tlb_fab8f577"
15 Feb 2008 14:03:06 287 440 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_perfh.dat_e67d1236"
15 Feb 2008 13:59:02 124 928 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16609_none_a9ee296df5a1e10e_advpack.dll_8c6ea088"
15 Feb 2008 13:58:44 283 492 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16609_none_b305dbcfd99b3e71.manifest"
10 Jan 2008 15:55:36 1 060 920 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d_ntfs.sys_e80dca04"
15 Feb 2008 14:00:12 28 871 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a.manifest"
15 Feb 2008 13:58:42 463 701 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16609_none_95e9130384756585.manifest"
15 Feb 2008 14:03:06 17 408 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_prflbmsg.dll_2e46e937"
15 Feb 2008 14:03:06 558 080 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16609_none_bb22ee81fe4b8646_oleaut32.dll_730e3d41"
15 Feb 2008 13:59:02 7 571 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16609_none_a9ee296df5a1e10e.manifest"
15 Feb 2008 14:03:06 17 408 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198_winresume.exe.mui_ff8b5358"
15 Feb 2008 14:00:34 18 778 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934.manifest"
15 Feb 2008 14:03:06 19 532 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.16609_none_33181da4c90f2d73.manifest"
15 Feb 2008 13:58:36 42 229 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_6.0.6000.16609_none_3ad26ff6d96b5938.manifest"
15 Feb 2008 14:00:12 3 908 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16627_none_54a6905db830dfb1.manifest"
15 Feb 2008 13:58:38 180 736 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16609_none_62c53093b0f05c67_ieui.dll_f0fcf806"
15 Feb 2008 14:03:06 32 256 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_unlodctr.exe_69df45bb"
15 Feb 2008 14:03:06 943 800 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16609_none_59497e266f783366_winload.exe_75835076"
15 Feb 2008 14:03:06 115 200 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_loadperf.dll_3a569bab"
15 Feb 2008 14:03:06 28 672 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198_winload.exe.mui_3bc5b827"
15 Feb 2008 14:03:06 123 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913_clfsuninstall.mof_d0605990"
15 Feb 2008 14:03:06 224 824 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913_clfs.sys_04dfdff9"
15 Feb 2008 13:58:38 928 494 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16609_none_1165d69024face3a.manifest"
15 Feb 2008 13:58:42 27 648 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504_jsproxy.dll_3cc8d651"
15 Feb 2008 14:00:12 803 328 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a_tcpip.sys_3339bd51"
15 Feb 2008 14:03:06 1 585 664 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.16609_none_33181da4c90f2d73_setupapi.dll_8d9de2e7"
15 Feb 2008 14:03:06 20 589 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f.manifest"
15 Feb 2008 13:58:44 1 159 680 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16609_none_b305dbcfd99b3e71_urlmon.dll_95c89473"
15 Feb 2008 13:58:42 56 602 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504.manifest"
15 Feb 2008 14:03:06 30 674 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_perfc.dat_f4bd9339"
15 Feb 2008 14:03:06 19 456 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_cfgmgr32.dll_7bc7e545"
15 Feb 2008 14:00:12 49 152 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a_netiomig.dll_917b9a36"
15 Feb 2008 14:03:06 221 696 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_umpnpmgr.dll_112f9bb4"
15 Feb 2008 13:58:42 214 528 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16609_none_95e9130384756585_dxtrans.dll_814d2aee"
15 Feb 2008 14:03:06 3 034 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_0b0664296d2c92b1.manifest"
15 Feb 2008 14:03:06 5 227 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16609_none_59497e266f783366.manifest"
15 Feb 2008 14:03:08 905 400 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16609_none_59497e266f783366_winresume.exe_85cd1215"
13 Feb 2008 15:45:40 23 834 A.... "C:\Windows\winsxs\Catalogs\050b2a0163102501b05d9e43ac4c53e538cd93c9907b91c69907b04c365369b4.cat"
13 Feb 2008 15:45:16 26 186 A.... "C:\Windows\winsxs\Catalogs\0ad6f09f2b2b39e5e7cfc19103cb31b78ead81597edba64691c6a502ae1f996d.cat"
13 Feb 2008 22:57:06 24 195 A.... "C:\Windows\winsxs\Catalogs\10338debac71ca966896e544f26291a99bf38cc4b87e69c1798037b49a292a3d.cat"
13 Feb 2008 15:42:18 43 345 A.... "C:\Windows\winsxs\Catalogs\1418952aacdf47d43eff052dd144e84b0acf1e45aa1af266830a59fcd6a881da.cat"
9 Jan 2008 7:42:44 17 696 A.... "C:\Windows\winsxs\Catalogs\144add7cd07655ed578cb47f1cc1af21a113f3d9e2042b41c53a5b11600f4b46.cat"
13 Feb 2008 15:44:44 23 834 A.... "C:\Windows\winsxs\Catalogs\19c7a4321d55036bd0f9aa87035a15ad62ec65e1d2d9c17978a81ef9ad0ea40f.cat"
13 Feb 2008 15:47:50 14 740 A.... "C:\Windows\winsxs\Catalogs\1a3194f88073e6c03595db376a21306107a54b38fed11cf525c81d285871cd2f.cat"
13 Feb 2008 15:44:56 23 834 A.... "C:\Windows\winsxs\Catalogs\1d6ebd3202f0931663348dc7328a614a25f513295a47a6ad3a50c4d64d4bab0f.cat"
29 Feb 2008 15:41:18 8 335 A.... "C:\Windows\winsxs\Catalogs\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f352ebc681e9d.cat"
13 Feb 2008 15:44:46 14 442 A.... "C:\Windows\winsxs\Catalogs\37ae5936ba24fa473a5cbf11576ea349e1104dd54e48677cd2f844436c5633c1.cat"
13 Feb 2008 15:45:04 23 834 A.... "C:\Windows\winsxs\Catalogs\3c6df958a8804ac9c1ad4af40edf97584f03fd8c1e911630f2ccbd82efea2704.cat"
13 Feb 2008 15:45:10 23 834 A.... "C:\Windows\winsxs\Catalogs\417ad390502bf43875823bf5f549ab2031ac7531b518a2c50999f9e6b7735ce7.cat"
13 Feb 2008 15:44:28 14 442 A.... "C:\Windows\winsxs\Catalogs\42820e7ec5f40412f525313282e3275550b72cda5621575a2fa437ad0849bbde.cat"
13 Feb 2008 15:45:02 23 834 A.... "C:\Windows\winsxs\Catalogs\4548a2d79a4c9b0b9c97427ef50d1dec446548527929bf413532f9b5b0f70b39.cat"
13 Feb 2008 15:45:54 14 442 A.... "C:\Windows\winsxs\Catalogs\45693e0f2c4ab93267df6ea67e58f33aaee6d12f796be1d26e196d7ba2f419fd.cat"
13 Feb 2008 15:45:58 14 442 A.... "C:\Windows\winsxs\Catalogs\4600288784bed7de0849a49ca0c3e2569b02a27c1e54f448a61f3ea736f3c442.cat"
13 Feb 2008 15:45:44 23 834 A.... "C:\Windows\winsxs\Catalogs\5658d911f1157c47dc0eec0603e9cff03918bdbcde0f5d6cee0a501a1c7d60d2.cat"
13 Feb 2008 15:44:50 26 186 A.... "C:\Windows\winsxs\Catalogs\5a7b34dcbe7ba738719fa5c490ed3c0f863becc4844a8be011b0732be3678c34.cat"
13 Feb 2008 15:45:20 26 186 A.... "C:\Windows\winsxs\Catalogs\64b20eb1d2e76ffad87d8824e80145679bfc0ef3a93bfcc5c70a688fad06aef0.cat"
13 Feb 2008 15:42:14 37 850 A.... "C:\Windows\winsxs\Catalogs\6d88c5f3d266b8fa19190a8adae6f1729d1b8d51b9e698e9d358c4551bbce86e.cat"
13 Feb 2008 15:46:14 23 834 A.... "C:\Windows\winsxs\Catalogs\6eb7ed514cde77a2b0b27813ebb2e1db09baa5c81e84869d5a16681d77cfe733.cat"
13 Feb 2008 15:44:24 23 834 A.... "C:\Windows\winsxs\Catalogs\6ef00608b280e84f38da471beccf79ecd2613cbcc5b10d869ef11b83445afcfe.cat"
29 Feb 2008 15:41:22 8 355 A.... "C:\Windows\winsxs\Catalogs\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e765c42418f7.cat"
9 Jan 2008 7:44:08 12 686 A.... "C:\Windows\winsxs\Catalogs\721b79404ce8eb73db117e5cbed562cb30a2d670af42bb601de55e6c5de56807.cat"
13 Feb 2008 15:44:40 26 186 A.... "C:\Windows\winsxs\Catalogs\7329a042cd17487bca411bd79b935eff81009162f092c3775e1c4a995eb24837.cat"
13 Feb 2008 15:45:48 23 834 A.... "C:\Windows\winsxs\Catalogs\74c0aef9ec661126070eb1e01c25a94f7477f36dd92f4fde5f53fa4fbf8087c6.cat"
13 Feb 2008 15:43:52 12 686 A.... "C:\Windows\winsxs\Catalogs\78ecd2524726f1a0c1e523bc98da9f8a18869029da0d1358c503666105e376ca.cat"
9 Jan 2008 8:57:08 13 282 A.... "C:\Windows\winsxs\Catalogs\7b1489f0e63de7c78cf25db1961cc7ac18ba2145b4859f7b9c9f827689a57021.cat"
13 Feb 2008 15:46:02 23 834 A.... "C:\Windows\winsxs\Catalogs\7c34856c5ef792d12929068d0871b07a0451fbe6d33b6dbca3d9e90b71c37db9.cat"
13 Feb 2008 15:43:38 12 686 A.... "C:\Windows\winsxs\Catalogs\8272c03d107e462deb7a0bed70335833781b7e27bc6bbd24470701f9e4facde2.cat"
13 Feb 2008 15:43:42 33 241 A.... "C:\Windows\winsxs\Catalogs\8370ceeeb1349c4051a13b0a8753199ed1063b831be02bc998a7b5f966a35489.cat"
13 Feb 2008 15:44:18 72 898 A.... "C:\Windows\winsxs\Catalogs\8c45ae5136ba70d66ebd5d754502ba5aad0011368f20c209d5c4b7a661be76f6.cat"
13 Feb 2008 15:45:36 26 186 A.... "C:\Windows\winsxs\Catalogs\9af3bcd7926ed3769be7ca1c9c967f346042206de363e8cec87759471fc2e059.cat"
13 Feb 2008 15:42:22 135 621 A.... "C:\Windows\winsxs\Catalogs\9d67ac47c38b8b86cf4684bbbeefd4c02a2becb4bf536c9d5567eab3c4e45ee0.cat"
13 Feb 2008 15:44:32 23 834 A.... "C:\Windows\winsxs\Catalogs\a22903d5ce47e64f53d64ca264f0fe9bdc3d309bc27878173df6509a55d87729.cat"
13 Feb 2008 15:43:08 19 793 A.... "C:\Windows\winsxs\Catalogs\a3ddc45e866caf08b16911853771af9f2be815846bc1188b56bfe7d8800a6f46.cat"
13 Feb 2008 15:43:32 17 696 A.... "C:\Windows\winsxs\Catalogs\a67bee86f4ddd7b5d823b4e3bdc802cc51e9ac59d1a9702c462926470bd9affe.cat"
13 Feb 2008 15:44:20 13 282 A.... "C:\Windows\winsxs\Catalogs\aa7aebb6803806c5595bd9dfe773adbcb09a7478108e82c6364cce00c671fa85.cat"
13 Feb 2008 15:44:18 13 282 A.... "C:\Windows\winsxs\Catalogs\aa98d2ed5f12ce319929af0c609bdd90da0afadb196555adeaf3b5ccd90e7a16.cat"
13 Feb 2008 15:45:30 23 834 A.... "C:\Windows\winsxs\Catalogs\af48385c27977533539131f64eebfac116ddf3837fd1af1799c0bb1c77416716.cat"
13 Feb 2008 15:45:50 14 442 A.... "C:\Windows\winsxs\Catalogs\b049af84ba1425fc9b9ef81afa8f496db0b39af2cd3784fe4d9175eb872a3bd2.cat"
13 Feb 2008 15:44:26 20 322 A.... "C:\Windows\winsxs\Catalogs\b6f4dc620eb230c19e41e48651d27e52ce429a0cb349a5f5cad42c8918e2f783.cat"
13 Feb 2008 15:45:54 23 834 A.... "C:\Windows\winsxs\Catalogs\b7e9df7d9dc37f7ce4badbb1a6f553e03dac91ba167cd6e71ddbbb4214e25ec1.cat"
13 Feb 2008 15:43:14 16 182 A.... "C:\Windows\winsxs\Catalogs\b9512f562dea4141303c7b5a6839b26be7af70cee01f22eccf3b3bc96075e5a9.cat"
13 Feb 2008 15:44:06 23 834 A.... "C:\Windows\winsxs\Catalogs\bb9dda7c7260df71c58f5fec039df5ff56ca2f8ba4e8528bdcd933fd6908c8f7.cat"
9 Jan 2008 8:57:10 14 458 A.... "C:\Windows\winsxs\Catalogs\be4dc3a2321d774ec966b8e917ee8a4a95088fce80b9c9bc7e017de5dce37905.cat"
13 Feb 2008 15:46:18 23 834 A.... "C:\Windows\winsxs\Catalogs\be62bbebe6895b3b4a10caa29a66b4ac1f2ff18b34578a0735de6107bfe57bef.cat"
13 Feb 2008 15:45:56 14 442 A.... "C:\Windows\winsxs\Catalogs\beeec77608220868bda528bf899948046b3b922ffded14465988afcd1c3db193.cat"
9 Jan 2008 7:31:58 24 378 A.... "C:\Windows\winsxs\Catalogs\bf34311b425c99bd6e567b7c5a8324409809ceca64a6a1d9bb68ffb696267248.cat"
13 Feb 2008 15:44:36 23 834 A.... "C:\Windows\winsxs\Catalogs\cd1c81d8d2b9a09313dec1f96bad03f3c0446b80bc3cefe68b80b9ff92b4a6c1.cat"
13 Feb 2008 15:44:52 14 442 A.... "C:\Windows\winsxs\Catalogs\d137bdccc0a688379a7fadf76fd5f8945454e1b2ec7cd5efe20b5f2cc2538d65.cat"
13 Feb 2008 15:43:18 21 450 A.... "C:\Windows\winsxs\Catalogs\d2826c9bef8a60d97fbc60ec225f6a331abcc9015baa15c33dbc463d7b932585.cat"
9 Jan 2008 8:57:08 12 090 A.... "C:\Windows\winsxs\Catalogs\db322104f6c64f6a821eaf7110abbbb5743736121ec99f17f0de297433a31e57.cat"
13 Feb 2008 15:46:08 23 834 A.... "C:\Windows\winsxs\Catalogs\dc9f831dbef1aa69e0d852ff6968383bc9f93a79a37f78f5b51d7180fe80a255.cat"
13 Feb 2008 15:45:26 14 442 A.... "C:\Windows\winsxs\Catalogs\e322773900b5ffb47a594c2d040319ad91ed21f9a2e99155d5a3e8f0288d525f.cat"
13 Feb 2008 15:45:24 14 442 A.... "C:\Windows\winsxs\Catalogs\ec2e1f4cf320b916e9c2f8fd0a93e216815f9a8f1160d9f2e2ff48f7d1a51bd1.cat"
18 Feb 2008 21:20:36 14 581 A.... "C:\Windows\winsxs\Catalogs\eca6a1dc64d59c8392cda9277c57fbe9b8fea5d3064fdbf421084752cddfe61c.cat"
13 Feb 2008 15:46:10 14 442 A.... "C:\Windows\winsxs\Catalogs\f235f9917f5f5e390695388f3fe6eaefd57ff66be6d15f9dbded5420abffada5.cat"
13 Feb 2008 15:45:24 23 834 A.... "C:\Windows\winsxs\Catalogs\f2703bd4476843033e9c5e86d1a16bc0490a60ac6d8c4cd775cea1a2f7658a02.cat"
13 Feb 2008 15:45:06 14 442 A.... "C:\Windows\winsxs\Catalogs\ff85065990d8f9f0c6e7c21f66cf710d21290f0d872754c1c805fae5ab687be7.cat"
13 Feb 2008 15:46:04 14 442 A.... "C:\Windows\winsxs\Catalogs\ffd3b8c1b322e41065c4049efd21125369dad80be8d6c03e707f02f1f5bd8f8a.cat"
18 Feb 2008 20:25:22 692 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_version_6.0.6001.18000_ace7738cfc7e50ca.cdf-ms"
18 Feb 2008 20:25:22 1 344 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms"
15 Feb 2008 14:03:08 1 040 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_fr-fr_626f794e6d096759.cdf-ms"
19 Feb 2008 11:31:54 856 A.... "C:\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms"
10 Jan 2008 15:55:24 1 048 A.... "C:\Windows\winsxs\FileMaps\program_files_windows_sidebar_fr-fr_467f8d09f4362fe5.cdf-ms"
15 Feb 2008 13:59:04 2 280 A.... "C:\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms"
15 Feb 2008 13:59:50 3 080 A.... "C:\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms"
15 Feb 2008 13:59:04 680 A.... "C:\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
15 Feb 2008 14:03:08 6 072 A.... "C:\Windows\winsxs\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms"
19 Feb 2008 11:31:54 3 564 A.... "C:\Windows\winsxs\FileMaps\$$.cdf-ms"
15 Feb 2008 14:03:46 23 520 A.... "C:\Windows\winsxs\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms"
15 Feb 2008 14:03:08 14 984 A.... "C:\Windows\winsxs\FileMaps\$$_system32_drivers_fr-fr_4d9f89205bdfbc76.cdf-ms"
19 Feb 2008 11:31:54 385 968 A.... "C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
15 Feb 2008 14:03:08 67 356 A.... "C:\Windows\winsxs\FileMaps\$$_system32_driverstore_fr-fr_f89b2012d73af418.cdf-ms"
10 Jan 2008 15:56:48 2 264 A.... "C:\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms"
10 Jan 2008 15:55:24 1 236 A.... "C:\Windows\winsxs\FileMaps\program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms"
15 Feb 2008 14:03:08 217 608 A.... "C:\Windows\winsxs\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms"
10 Jan 2008 15:55:24 700 A.... "C:\Windows\winsxs\FileMaps\program_files_windows_sidebar_shared_gadgets_5e8909726fa64128.cdf-ms"
13 Feb 2008 15:44:30 714 A.... "C:\Windows\winsxs\Manifests\x86_eb4ae9c87b1ad98dd78232703b1286b6_31bf3856ad364e35_6.0.6000.20734_none_35edac12437778fd.manifest"
13 Feb 2008 15:45:48 2 674 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_6.0.6000.16609_pt-pt_62e65870024822b4.manifest"
13 Feb 2008 15:46:06 6 228 A.... "C:\Windows\winsxs\Manifests\x86_msmouse.inf.resources_31bf3856ad364e35_6.0.6000.20734_tr-tr_5e1ff0dce90d8663.manifest"
13 Feb 2008 15:44:12 19 532 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.20734_none_337c4939e249a25d.manifest"
13 Feb 2008 15:44:28 6 228 A.... "C:\Windows\winsxs\Manifests\x86_msmouse.inf.resources_31bf3856ad364e35_6.0.6000.20734_cs-cz_8ca05910cb292212.manifest"
13 Feb 2008 15:44:46 2 093 A.... "C:\Windows\winsxs\Manifests\x86_usbport.inf.resources_31bf3856ad364e35_6.0.6000.20734_es-es_ec5f1016c309b7eb.manifest"
13 Feb 2008 15:45:24 5 214 A.... "C:\Windows\winsxs\Manifests\x86_keyboard.inf.resources_31bf3856ad364e35_6.0.6000.16609_ko-kr_ff05ba691ee64e3c.manifest"
13 Feb 2008 15:45:54 5 214 A.... "C:\Windows\winsxs\Manifests\x86_keyboard.inf.resources_31bf3856ad364e35_6.0.6000.20734_ru-ru_7650d8c6d96ef857.manifest"
13 Feb 2008 22:57:06 45 290 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64.manifest"
13 Feb 2008 15:46:08 5 214 A.... "C:\Windows\winsxs\Manifests\x86_keyboard.inf.resources_31bf3856ad364e35_6.0.6000.16609_tr-tr_baf4e1eda6198fb9.manifest"
9 Jan 2008 7:31:58 15 275 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b.manifest"
9 Jan 2008 7:44:08 704 A.... "C:\Windows\winsxs\Manifests\x86_81ff4cce838295fdc2c6e0709ba7424d_31bf3856ad364e35_6.0.6000.16618_none_7c532a1d75fff021.manifest"
13 Feb 2008 15:44:52 3 034 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_et-ee_620eb9ba7e6058de.manifest"
13 Feb 2008 15:44:14 3 636 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20734_none_db8e59fc2fa737ae.manifest"
13 Feb 2008 15:45:20 650 A.... "C:\Windows\winsxs\Manifests\x86_3813705a22550aab3e2721edbdc81963_31bf3856ad364e35_6.0.6000.16609_none_4c1a85b7425221ce.manifest"
29 Feb 2008 15:41:18 1 869 ..... "C:\Windows\winsxs\Manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.manifest"
13 Feb 2008 15:46:08 714 A.... "C:\Windows\winsxs\Manifests\x86_1b624da69682b16adf01703ab211a886_31bf3856ad364e35_6.0.6000.20734_none_205519f5f7bc54af.manifest"
13 Feb 2008 15:46:06 2 093 A.... "C:\Windows\winsxs\Manifests\x86_usbport.inf.resources_31bf3856ad364e35_6.0.6000.16609_tr-tr_7a58d40de092594f.manifest"
13 Feb 2008 15:44:48 3 034 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.20734_es-es_68b319bf9394f139.manifest"
13 Feb 2008 15:45:02 2 093 A.... "C:\Windows\winsxs\Manifests\x86_usbport.inf.resources_31bf3856ad364e35_6.0.6000.20734_he-il_d3362db79c4acf3b.manifest"
13 Feb 2008 15:45:34 3 726 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_nl-nl_2dc76f586fdd2598.manifest"
13 Feb 2008 15:45:52 2 674 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_6.0.6000.20734_ru-ru_a9ed95c9006425ca.manifest"
13 Feb 2008 15:42:10 195 203 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-htmlactivexcompat_31bf3856ad364e35_6.0.6000.20734_none_15f65cd02bd52a76.manifest"
13 Feb 2008 15:44:46 2 674 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_6.0.6000.16609_en-us_6068527f9624b539.manifest"
13 Feb 2008 15:42:06 10 829 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16609_none_e6be9d129473b09f.manifest"
13 Feb 2008 15:44:30 3 034 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_cs-cz_252d45ea93392e4c.manifest"
13 Feb 2008 15:46:08 650 A.... "C:\Windows\winsxs\Manifests\x86_5d2852a42436cbe65843df801ed75193_31bf3856ad364e35_6.0.6000.20734_none_71ca92fae3a198a0.manifest"
13 Feb 2008 15:45:04 2 674 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_6.0.6000.16609_he-il_470acd046f8cbe2e.manifest"
13 Feb 2008 15:46:02 650 A.... "C:\Windows\winsxs\Manifests\x86_bdddb21009ff67bc814a07297e6eea73_31bf3856ad364e35_6.0.6000.16609_none_f7c063b3737d6542.manifest"
13 Feb 2008 15:42:10 195 203 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-htmlactivexcompat_31bf3856ad364e35_6.0.6000.16609_none_1592313b129ab58c.manifest"
13 Feb 2008 15:44:20 3 726 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198.manifest"
13 Feb 2008 15:45:26 3 034 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_lv-lv_df5650b71b905dad.manifest"
13 Feb 2008 15:46:02 2 674 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_6.0.6000.20734_sv-se_45e8803df78d3025.manifest"
13 Feb 2008 15:46:18 2 674 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_6.0.6000.16609_zh-tw_c3eafa437ab76bbb.manifest"
13 Feb 2008 15:46:08 2 674 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_6.0.6000.16609_tr-tr_ee919eefcd0ebd2c.manifest"
13 Feb 2008 15:46:12 3 034 A.... "C:\Windows\winsxs\Manifests\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.20734_zh-cn_c86e27497a8fd9a6.manifest"
13 Feb 2008 15:45:10 704 A.... "C:\Windows\winsxs\Manifests\x86_baa9e14d372fa449bee22e15716ac6eb_31bf3856ad364e35_6.0.6000.16609_none_8ee0ce1a902874b8.manifest"
13 Feb 2008 15:45:44 2 093 A.... "C:\Windows\winsxs\Manifests\x86_usbport.inf.resources_31bf3856ad364e35_6.0.6000.16609_pt-pt_eead8d8e15cbbed7.manifest"
13 Feb 2008 15:45:30 5 214 A.... "C:\Windows\winsxs\Manifests\x86_keyboard.inf.resources_31bf3856ad364e35_6.0.6000.16609_nb-no_e7983b9df70b79f8.manifest"
13 Feb 2008 15:45:32 2 093 A.... "C:\Windows\winsxs\Manifests\x86_usbport.inf.
0
Réponse 11 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

le rapport se situe ici : C:\infoSat.txt

++
0
alain8693
 
je suis vraiment desole je viens de recherche; de refaire un scan je ne trouve rien sur mon disque dur alors quela premiere fois que j'avais fait le scan le dossier y etait
quand je lance ekplorer sur elibagla tout de suite un message aceso denegado a la carpeta c:\srecycle. bin s'affiche ilme semble que ca ne le faisait pas a mon premier scan j'ai supprimer le programme et l'ai retelecharger mais c'est toujours pareil
0
Réponse 12 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ça c'est vraiment curieux ?!

est-ce qu'il trouve quelque chose pendant le scan ??

++
0
alain8693
 
oui 31 fichiers infectes dugenre 67859 exe.vir bagle
0
Réponse 13 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
est-ce qu'ils ont été supprimé ??

peux tu me faire une copie d'écran stp !

++
0
alain8693
 
comment fait on une copie d'ecran
0
Réponse 14 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
comme ceci ;-)

==> http://www.commentcamarche.net/faq/sujet 398 capture d ecran copie d ecran

++
0
alain8693
 
http://img507.imageshack.us/img507/7599/sanstitregi4.jpg
j'espere que ca a marche
0
alain8693
 
http://img527.imageshack.us/img527/4563/79958704dd7.jpg
celle la est mieu mille excuse
0
Réponse 15 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

pas d'soucis ! ils semblent avoir été supprimés !

Télécharge Gmer sur ce lien : http://www2.gmer.net/gmer.zip

Déconnecte toi d'internet si possible et ferme tous les programmes.
Décompresse le fichier zip et double-clic sur gmer.exe
IMPORTANT Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit"
A droite, coche "Files" et "Services"
Clic sur Scan
Lorsque le scan est terminé, clique sur "copy"

Ouvre le bloc-note et clique sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et poste le rapport dans ta prochaine réponse

@+
0
alain8693
 
voila le rapport

Rootkit scan 2008-03-10 15:22:16
Windows 6.0.6000


---- Services - GMER 1.0.14 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\Windows\system32\drivers\acpi.sys [BOOT] ACPI
Service C:\Windows\system32\drivers\adp94xx.sys [DISABLED] adp94xx
Service C:\Windows\system32\drivers\adpahci.sys [DISABLED] adpahci
Service C:\Windows\system32\drivers\adpu160m.sys [DISABLED] adpu160m
Service C:\Windows\system32\drivers\adpu320.sys [DISABLED] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe [AUTO] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys [SYSTEM] AFD
Service C:\Windows\system32\drivers\djsvs.sys [DISABLED] aic78xx
Service C:\Windows\System32\alg.exe [MANUAL] ALG
Service C:\Windows\system32\drivers\aliide.sys [DISABLED] aliide
Service C:\Windows\system32\drivers\amdagp.sys [MANUAL] amdagp
Service C:\Windows\system32\drivers\amdide.sys [DISABLED] amdide
Service C:\Windows\system32\drivers\amdk7.sys [DISABLED] AmdK7
Service C:\Windows\system32\drivers\amdk8.sys [DISABLED] AmdK8
Service C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [AUTO] AntiVirScheduler
Service C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [AUTO] AntiVirService
Service C:\Windows\system32\svchost.exe [MANUAL] Appinfo
Service C:\Windows\system32\svchost.exe AppMgmt
Service C:\Windows\system32\drivers\arc.sys [DISABLED] arc
Service C:\Windows\system32\drivers\arcsas.sys [DISABLED] arcsas
Service ASP.NET_1.1.4322
Service C:\Windows\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys [BOOT] atapi
Service C:\Windows\System32\svchost.exe [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe [AUTO] Audiosrv
Service C:\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys [SYSTEM] avgio
Service C:\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys [MANUAL] avgntflt
Service C:\Windows\system32\DRIVERS\avipbb.sys [SYSTEM] avipbb
Service BattC
Service [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe [AUTO] BFE
Service C:\Windows\System32\svchost.exe [AUTO] BITS
Service system32\drivers\blbdrive.sys [DISABLED] blbdrive
Service C:\Windows\system32\DRIVERS\bowser.sys [MANUAL] bowser
Service C:\Windows\system32\drivers\brfiltlo.sys [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys [MANUAL] BrFiltUp
Service C:\Windows\system32\svchost.exe [AUTO] Browser
Service C:\Windows\system32\drivers\brserid.sys [DISABLED] Brserid
Service C:\Windows\system32\drivers\brserwdm.sys [DISABLED] BrSerWdm
Service C:\Windows\system32\drivers\brusbmdm.sys [DISABLED] BrUsbMdm
Service C:\Windows\system32\drivers\brusbser.sys [MANUAL] BrUsbSer
Service C:\Windows\system32\drivers\bthmodem.sys [DISABLED] BTHMODEM
Service C:\Users\PHILIP~1\AppData\Local\Temp\catchme.sys [MANUAL] catchme
Service C:\Windows\system32\DRIVERS\cdfs.sys [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe [MANUAL] CertPropSvc
Service C:\Windows\system32\drivers\circlass.sys [DISABLED] circlass
Service C:\Windows\System32\CLFS.sys [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32
Service C:\Windows\system32\drivers\cmdide.sys [DISABLED] cmdide
Service C:\Windows\system32\drivers\compbatt.sys [DISABLED] Compbatt
Service C:\Windows\system32\dllhost.exe [MANUAL] COMSysApp
Service C:\Windows\system32\drivers\crcdisk.sys [BOOT] crcdisk
Service C:\Windows\system32\drivers\crusoe.sys [DISABLED] Crusoe
Service crypt32
Service C:\Windows\system32\svchost.exe [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\svchost.exe [AUTO] DcomLaunch
Service C:\Windows\System32\Drivers\dfsc.sys [SYSTEM] DfsC
Service C:\Windows\system32\DFSR.exe [MANUAL] DFSR
Service C:\Windows\system32\svchost.exe [AUTO] Dhcp
Service C:\Windows\system32\drivers\disk.sys [BOOT] disk
Service C:\Windows\system32\svchost.exe [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe [MANUAL] dot3svc
Service C:\Windows\System32\svchost.exe [AUTO] DPS
Service C:\Windows\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\Windows\System32\drivers\dxgkrnl.sys [MANUAL] DXGKrnl
Service C:\Windows\system32\DRIVERS\E1G60I32.sys [MANUAL] E1G60
Service C:\Windows\System32\svchost.exe [MANUAL] EapHost
Service C:\Windows\System32\drivers\ecache.sys [BOOT] Ecache
Service C:\Windows\system32\drivers\elxstor.sys [DISABLED] elxstor
Service EmdCache
Service C:\Windows\system32\svchost.exe [AUTO] EMDMgmt
Service ESENT
Service C:\Windows\System32\svchost.exe [AUTO] Eventlog
Service C:\Windows\system32\svchost.exe [AUTO] EventSystem
Service [MANUAL] fastfat
Service C:\Windows\system32\DRIVERS\fdc.sys [MANUAL] fdc
Service C:\Windows\system32\svchost.exe [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe [AUTO] FDResPub
Service C:\Windows\system32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS
Service C:\Windows\system32\drivers\fileinfo.sys [BOOT] FileInfo
Service C:\Windows\system32\drivers\filetrace.sys [MANUAL] Filetrace
Service C:\Windows\system32\DRIVERS\flpydisk.sys [DISABLED] flpydisk
Service C:\Windows\system32\drivers\fltmgr.sys [BOOT] FltMgr
Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [MANUAL] FontCache3.0.0.0
Service [SYSTEM] Fs_Rec
Service C:\Windows\system32\drivers\gagp30kx.sys [MANUAL] gagp30kx
Service C:\Windows\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service C:\Windows\system32\svchost.exe [AUTO] gpsvc
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [MANUAL] gusvc
Service C:\Windows\system32\drivers\HdAudio.sys [MANUAL] HdAudAddService
Service C:\Windows\system32\DRIVERS\HDAudBus.sys [MANUAL] HDAudBus
Service C:\Windows\system32\drivers\hidbth.sys [DISABLED] HidBth
Service C:\Windows\system32\drivers\hidir.sys [DISABLED] HidIr
Service C:\Windows\system32\svchost.exe [MANUAL] hidserv
Service C:\Windows\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe [MANUAL] hkmsvc
Service C:\Windows\system32\drivers\hpcisss.sys [DISABLED] HpCISSs
Service C:\Windows\system32\drivers\HTTP.sys [MANUAL] HTTP
Service C:\Windows\system32\drivers\i2omp.sys [DISABLED] i2omp
Service C:\Windows\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\Windows\system32\drivers\iastorv.sys [DISABLED] iaStorV
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [MANUAL] idsvc
Service C:\Windows\system32\drivers\iirsp.sys [DISABLED] iirsp
Service C:\Windows\system32\svchost.exe [AUTO] IKEEXT
Service inetaccs
Service C:\Windows\system32\drivers\RTKVHDA.sys [MANUAL] IntcAzAudAddService
Service C:\Windows\system32\drivers\intelide.sys [DISABLED] intelide
Service C:\Windows\system32\DRIVERS\intelppm.sys [MANUAL] intelppm
Service C:\Windows\system32\svchost.exe [MANUAL] IPBusEnum
Service C:\Windows\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe [AUTO] iphlpsvc
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\Windows\system32\drivers\ipmidrv.sys [DISABLED] IPMIDRV
Service C:\Windows\system32\DRIVERS\ipnat.sys [MANUAL] IPNAT
Service C:\Windows\system32\DRIVERS\irda.sys [AUTO] irda
Service C:\Windows\system32\drivers\irenum.sys [MANUAL] IRENUM
Service C:\Windows\system32\svchost.exe [AUTO] Irmon
Service C:\Windows\system32\DRIVERS\irsir.sys [MANUAL] irsir
Service C:\Windows\system32\drivers\isapnp.sys [DISABLED] isapnp
Service C:\Windows\system32\DRIVERS\msiscsi.sys [MANUAL] iScsiPrt
Service C:\Windows\system32\drivers\iteatapi.sys [DISABLED] iteatapi
Service C:\Windows\system32\drivers\iteraid.sys [DISABLED] iteraid
Service C:\Windows\system32\DRIVERS\kbdclass.sys [SYSTEM] kbdclass
Service C:\Windows\system32\drivers\kbdhid.sys [DISABLED] kbdhid
Service C:\Windows\system32\lsass.exe [MANUAL] KeyIso
Service C:\Windows\System32\Drivers\ksecdd.sys [BOOT] KSecDD
Service C:\Windows\System32\svchost.exe [AUTO] KtmRm
Service C:\Windows\system32\DRIVERS\L8042Kbd.sys [MANUAL] L8042Kbd
Service C:\Windows\system32\DRIVERS\L8042mou.Sys [MANUAL] L8042mou
Service C:\Windows\system32\svchost.exe [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe [AUTO] LanmanWorkstation
Service ldap
Service LHidKe
Service C:\Windows\system32\DRIVERS\lltdio.sys [AUTO] lltdio
Service C:\Windows\System32\svchost.exe [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe [AUTO] lmhosts
Service C:\Windows\system32\DRIVERS\LMouKE.Sys [MANUAL] LMouKE
Service Lsa
Service C:\Windows\system32\drivers\lsi_fc.sys [DISABLED] LSI_FC
Service C:\Windows\system32\drivers\lsi_sas.sys [DISABLED] LSI_SAS
Service C:\Windows\system32\drivers\lsi_scsi.sys [DISABLED] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys [AUTO] luafv
Service C:\Windows\system32\drivers\megasas.sys [DISABLED] megasas
Service C:\Windows\system32\svchost.exe [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys [MANUAL] monitor
Service C:\Windows\system32\DRIVERS\mouclass.sys [SYSTEM] mouclass
Service C:\Windows\system32\drivers\mouhid.sys [DISABLED] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys [BOOT] MountMgr
Service C:\Windows\system32\drivers\mpio.sys [DISABLED] mpio
Service C:\Windows\System32\drivers\mpsdrv.sys [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe [DISABLED] MpsSvc
Service C:\Windows\system32\drivers\mraid35x.sys [DISABLED] Mraid35x
Service C:\Windows\system32\drivers\mrxdav.sys [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys [DISABLED] msahci
Service C:\Windows\system32\drivers\msdsm.sys [DISABLED] msdsm
Service C:\Windows\System32\msdtc.exe [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service [SYSTEM] Msfs
Service C:\Windows\system32\drivers\msisadrv.sys [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\Windows\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service [MANUAL] MsRPC
Service MSSCNTRS
Service C:\Windows\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service C:\Windows\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service C:\Windows\System32\Drivers\mup.sys [BOOT] Mup
Service C:\Windows\System32\svchost.exe [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys [MANUAL] NativeWifiP
Service C:\Windows\system32\drivers\ndis.sys [BOOT] NDIS
Service C:\Windows\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\Windows\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys [SYSTEM] netbt
Service C:\Windows\system32\lsass.exe [MANUAL] Netlogon
Service C:\Windows\System32\svchost.exe [MANUAL] Netman
Service C:\Windows\System32\svchost.exe [AUTO] netprofm
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [DISABLED] NetTcpPortSharing
Service C:\Windows\system32\drivers\nfrd960.sys [DISABLED] nfrd960
Service C:\Windows\System32\svchost.exe [AUTO] NlaSvc
Service [SYSTEM] Npfs
Service C:\Windows\system32\svchost.exe [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys [SYSTEM] nsiproxy
Service NTDS
Service [MANUAL] Ntfs
Service C:\Windows\system32\drivers\ntrigdigi.sys [DISABLED] ntrigdigi
Service [SYSTEM] Null
Service C:\Windows\system32\DRIVERS\nvlddmkm.sys [MANUAL] nvlddmkm
Service C:\Windows\system32\drivers\nvraid.sys [DISABLED] nvraid
Service C:\Windows\system32\drivers\nvstor.sys [DISABLED] nvstor
Service C:\Windows\system32\drivers\nv_agp.sys [MANUAL] nv_agp
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Windows\system32\drivers\ohci1394.sys [DISABLED] ohci1394
Service C:\Windows\System32\svchost.exe [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe [MANUAL] p2psvc
Service C:\Windows\system32\DRIVERS\parport.sys [MANUAL] Parport
Service C:\Windows\System32\drivers\partmgr.sys [BOOT] partmgr
Service C:\Windows\system32\DRIVERS\parvdm.sys [AUTO] Parvdm
Service C:\Windows\system32\svchost.exe [AUTO] PcaSvc
Service C:\Windows\system32\drivers\pci.sys [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys [DISABLED] pciide
Service C:\??\C:\Windows\system32\drivers\pclepci.sys [SYSTEM] PCLEPCI
Service C:\Windows\system32\drivers\pcmcia.sys [DISABLED] pcmcia
Service C:\Windows\system32\drivers\pe3ah4nc.sys [BOOT] pe3ah4nc
Service C:\Windows\system32\drivers\pe3ajbeb.sys [BOOT] pe3ajbeb
Service C:\Windows\system32\drivers\peauth.sys [AUTO] PEAUTH
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\System32\svchost.exe [MANUAL] pla
Service C:\Windows\system32\svchost.exe [AUTO] PlugPlay
Service C:\Windows\system32\PnkBstrA.exe [AUTO] PnkBstrA
Service C:\Windows\System32\svchost.exe [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe [AUTO] PolicyAgent
Service PortProxy
Service C:\Windows\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\Windows\system32\pr2ah4nc.exe [AUTO] pr2ah4nc
Service C:\Windows\system32\pr2ajbeb.exe [AUTO] pr2ajbeb
Service C:\Windows\system32\drivers\processr.sys [DISABLED] Processor
Service C:\Windows\system32\svchost.exe [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe [MANUAL] ProtectedStorage
Service C:\Windows\system32\drivers\ps6ah4nc.sys [BOOT] ps6ah4nc
Service C:\Windows\system32\drivers\ps7ajbeb.sys [BOOT] ps7ajbeb
Service C:\Windows\system32\DRIVERS\pacer.sys [SYSTEM] PSched
Service C:\Windows\system32\drivers\ql2300.sys [DISABLED] ql2300
Service C:\Windows\system32\drivers\ql40xx.sys [DISABLED] ql40xx
Service C:\Windows\system32\svchost.exe [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys [MANUAL] QWAVEdrv
Service C:\Windows\system32\svchost.exe [AUTO] RapiMgr
Service C:\Windows\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\Windows\system32\svchost.exe [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\Windows\system32\svchost.exe [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rdbss.sys [SYSTEM] rdbss
Service C:\Windows\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service C:\Windows\system32\drivers\rdpdr.sys [DISABLED] rdpdr
Service C:\Windows\system32\drivers\rdpencdd.sys [SYSTEM] RDPENCDD
Service RDPNP
Service [MANUAL] RDPWD
Service C:\Windows\system32\svchost.exe [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe [MANUAL] RemoteRegistry
Service C:\Windows\system32\locator.exe [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys [AUTO] rspndr
Service C:\Windows\system32\DRIVERS\RT61.sys [MANUAL] RT61
Service C:\Windows\system32\lsass.exe [AUTO] SamSs
Service C:\Windows\system32\drivers\sbp2port.sys [DISABLED] sbp2port
Service C:\Windows\system32\svchost.exe [MANUAL] SCardSvr
Service C:\Windows\System32\svchost.exe [AUTO] Schedule
Service C:\Windows\system32\svchost.exe [MANUAL] SCPolicySvc
Service C:\Windows\system32\svchost.exe [MANUAL] SDRSVC
Service [AUTO] secdrv
Service C:\Windows\system32\svchost.exe [AUTO] seclogon
Service C:\Windows\system32\svchost.exe [AUTO] SENS
Service C:\Windows\system32\DRIVERS\serenum.sys [MANUAL] Serenum
Service C:\Windows\system32\DRIVERS\serial.sys [SYSTEM] Serial
Service C:\Windows\system32\drivers\sermouse.sys [DISABLED] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys [DISABLED] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys [MANUAL] sffp_sd
Service C:\Windows\system32\drivers\sfloppy.sys [DISABLED] sfloppy
Service C:\Windows\System32\svchost.exe [AUTO] SharedAccess
Service C:\Windows\System32\svchost.exe [AUTO] ShellHWDetection
Service C:\Windows\system32\drivers\sisraid2.sys [DISABLED] SiSRaid2
Service C:\Windows\system32\drivers\sisraid4.sys [DISABLED] SiSRaid4
Service C:\Windows\system32\SLsvc.exe [AUTO] slsvc
Service C:\Windows\system32\svchost.exe [MANUAL] SLUINotify
Service C:\Windows\system32\DRIVERS\smb.sys [SYSTEM] Smb
Service SMSvcHost 3.0.0.0
Service C:\Windows\System32\snmptrap.exe [MANUAL] SNMPTRAP
Service [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe [AUTO] Spooler
Service C:\Windows\System32\Drivers\sptd.sys [BOOT] sptd
Service C:\Windows\System32\DRIVERS\srv.sys [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys [MANUAL] srvnet
Service C:\Windows\system32\svchost.exe [MANUAL] SSDPSRV
Service C:\Windows\system32\DRIVERS\ssmdrv.sys [SYSTEM] ssmdrv
Service C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [AUTO] StarWindServiceAE
Service C:\Windows\system32\svchost.exe [AUTO] stisvc
Service C:\Windows\system32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\Windows\System32\svchost.exe [MANUAL] swprv
Service C:\Windows\system32\drivers\symc8xx.sys [DISABLED] Symc8xx
Service C:\Windows\system32\drivers\sym_hi.sys [DISABLED] Sym_hi
Service C:\Windows\system32\drivers\sym_u3.sys [DISABLED] Sym_u3
Service C:\Windows\system32\svchost.exe [AUTO] SysMain
Service C:\Windows\System32\svchost.exe [AUTO] TabletInputService
Service C:\Windows\System32\svchost.exe [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe [MANUAL] TBS
Service C:\Windows\System32\drivers\tcpip.sys [SYSTEM] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys [MANUAL] Tcpip6
Service C:\Windows\System32\drivers\tcpipreg.sys [AUTO] tcpipreg
Service C:\Windows\system32\drivers\tdpipe.sys [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys [SYSTEM] tdx
Service C:\Windows\system32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe [AUTO] TermService
Service C:\Windows\System32\svchost.exe [AUTO] Themes
Service C:\Windows\system32\svchost.exe [MANUAL] THREADORDER
Service C:\Windows\System32\svchost.exe [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys [MANUAL] tssecsrv
Service C:\Windows\system32\DRIVERS\tunmp.sys [MANUAL] tunmp
Service C:\Windows\system32\DRIVERS\tunnel.sys [MANUAL] tunnel
Service C:\Windows\system32\DRIVERS\uagp35.sys [BOOT] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\uliahci.sys [DISABLED] uliahci
Service C:\Windows\system32\drivers\ulsata.sys [DISABLED] UlSata
Service C:\Windows\system32\drivers\ulsata2.sys [DISABLED] ulsata2
Service C:\Windows\system32\DRIVERS\umbus.sys [MANUAL] umbus
Service C:\Windows\system32\svchost.exe [AUTO] upnphost
Service usb
Service C:\Windows\system32\drivers\usbccgp.sys [DISABLED] usbccgp
Service C:\Windows\system32\drivers\usbcir.sys [DISABLED] usbcir
Service C:\Windows\system32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service C:\Windows\system32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\Windows\system32\drivers\usbohci.sys [DISABLED] usbohci
Service C:\Windows\system32\drivers\usbprint.sys [DISABLED] usbprint
Service C:\Windows\system32\DRIVERS\usbscan.sys [MANUAL] usbscan
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\Windows\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci
Service C:\Program Files\Windows Live\Messenger\usnsvc.exe [MANUAL] usnjsvc
Service C:\Windows\System32\svchost.exe [AUTO] UxSms
Service C:\Windows\System32\svchost.exe [AUTO] UxTuneUp
Service C:\Windows\System32\vds.exe [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\viaagp.sys [MANUAL] viaagp
Service C:\Windows\system32\drivers\viac7.sys [DISABLED] ViaC7
Service C:\Windows\system32\drivers\viaide.sys [BOOT] viaide
Service C:\Windows\system32\drivers\volmgr.sys [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys [BOOT] volmgrx
Service C:\Windows\system32\drivers\volsnap.sys [BOOT] volsnap
Service C:\Windows\system32\drivers\vsmraid.sys [DISABLED] vsmraid
Service C:\Windows\system32\vssvc.exe [MANUAL] VSS
Service C:\Windows\system32\svchost.exe [AUTO] W32Time
Service W3SVC
Service C:\Windows\system32\DRIVERS\mrv8k51.sys [MANUAL] W8100PCI
Service C:\Windows\system32\drivers\wacompen.sys [DISABLED] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service C:\Windows\system32\DRIVERS\wanarp.sys [SYSTEM] Wanarpv6
Service C:\Windows\system32\svchost.exe [AUTO] WcesComm
Service C:\Windows\System32\svchost.exe [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe [MANUAL] WcsPlugInService
Service C:\Windows\system32\drivers\wd.sys [DISABLED] Wd
Service C:\Windows\system32\drivers\Wdf01000.sys [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe [AUTO] WebClient
Service C:\Windows\system32\svchost.exe [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe [AUTO] WerSvc
Service C:\Windows\System32\svchost.exe [DISABLED] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\svchost.exe [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\DRIVERS\winusb.sys [MANUAL] winusb
Service C:\Windows\system32\svchost.exe [AUTO] Wlansvc
Service C:\Program Files\Windows Live\installer\WLSetupSvc.exe [MANUAL] WLSetupSvc
Service C:\Windows\system32\drivers\wmiacpi.sys [DISABLED] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe [MANUAL] wmiApSrv
Service C:\Program Files\Windows Media Player\wmpnetwk.exe [AUTO] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe [AUTO] WPDBusEnum
Service C:\Windows\system32\drivers\ws2ifsl.sys [DISABLED] ws2ifsl
Service C:\Windows\System32\svchost.exe [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe [AUTO] wuauserv
Service C:\Windows\system32\DRIVERS\WUDFRd.sys [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe [AUTO] wudfsvc
Service xmlprov
Service {0C618F2D-76DC-4D48-B303-D93176297F05}
Service {40331713-1488-4861-B72B-6417C33F902A}

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit detected !!! <-- ROOTKIT !!!

---- EOF - GMER 1.0.14 ----
0
Réponse 16 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, il détecte une bébétte ...

scan ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :

www.bitdefender.com/scan8/ie.html

Utilisation :

* Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
* Ensuite, cliquer sur "Cliquez ici pour scanner".
* Patienter jusqu'à la fin du scan qui peut durer assez longtemps...

Copier/coller le rapport entier sur le forum stp

@+
0
alain8693
 
bon alors nouveau probleme j'ai acceptzer l'active x bloque mais le scan n'a pas voulu demarre j'ai donc ete dans les parametres de csecurite des options internets pour autoriser tous les controles acyives x mais ca n'a rien fait.
en azllant sur le site de bit defender en francais apparzment il y aurait une incompatibiliute avec vista sp1 .
du coup j'ai telecharge un version d'essai de bit defender total secutity 2008 il a scanne mes documents et m'a donne un rapport le voici

Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 23:01:59 10/03/2008
Log path : C:\Users\philipponneau\AppData\Roaming\BitDefender\Desktop\Profiles\Logs\my_documents\1205186519_1_02.xml

Scan Paths:Path0000: C:\Users\philipponneau\Documents
Path0001: C:\Users\philipponneau\Desktop
Path0002: C:\Users\philipponneau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup


Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : No


Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : No
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 986544
Archive plugins : 41
Email plugins : 6
Scan plugins : 12
Archive plugins : 41
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 8009
Infected items : 3
Suspicious items : 0
Resolved items : 0
Individual viruses found : 2
Scanned directories : 219
Scanned boot sectors : 0
Scanned archives : 143
Input-output errors : 0
Scan time : 00:00:06:43
Files per second : 18


Scanned processes summaryScanned : 57
Infected : 0


Scanned registry keys summaryScanned : 376
Infected : 0


Scanned cookies summaryScanned : 1
Infected : 0


Remaining issues:Object Name Threat Name Final Status
C:\Users\philipponneau\Desktop\[PC GAME] Medal of Honor European Assault EA Games\GameSpy\ArcadeInstallMOHPA14d.EXE=]wise0012 Adware.Gamespyarcade.F Delete Failed (file was in an archive)
[System]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\devenv=]C:\WINDOWS\SYSTEM\SMVSS.EXE BehavesLike:Win32.ExplorerHijack Infected
[System] BehavesLike:Win32.ExplorerHijack Disinfect Failed


Resolved issues:Object Name Threat Name Final Status


Objects that were not scanned:Object Name Reason Final Status
0
Réponse 17 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, est-ce que microsoft te détecte toujours quelque chose ??

@+
0
alain8693
 
au demarrage toujours application win 32 non valide pour windows defender et mon antivirus
0
Réponse 18 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, sinon, est-ce qu'il détecte toujours bagle ??

++
0
alain8693
 
non mais comment faire pour refaire marcher windows update et defender dois je reinstaller a partir du cd
0
Réponse 19 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, très bien, commence par ceci : http://www.commentcamarche.net/faq/sujet 3713 fichier corrompu ou manquant

@+

0
alain8693
 
merci green day grace a toi j'ai remis mon ordinateur en ordre de ma
0
alain8693
 
mon ordinateur est e ordre de mlarche meci our tout continuez comme ca
0
Réponse 20 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

pas d'quoi !

juste un derneir détail :

télécharge OTMoveIt (de Old_Timer) sur ton Bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WIND­OWS\SYSTEM\SMVSS.EXE

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

@+
0