A voir également:
- Virus ddl dans system 32?
- 32 bits - Guide
- Power iso 32 bit - Télécharger - Gravure
- Reboot system now - Guide
- Site ddl - Accueil - Outils
- Cette action ne peut pas être réalisée car le fichier est ouvert dans system - Guide
10 réponses
Bonjour,
ddaya.dll plutôt ?
fais ça :
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Ferme Hijackthis en cliquant sur la croix-rouge.
Télécharge ce programme puis double clic dessus (ferme ton antivirus le temps du
téléchargement s'il te détecte quoi que ce soit et réactive le après)
http://www.suspectfile.com/systemscan/
Clique sur Unselect all
Coche uniquement ces cases :
- Recent Files, 30 days
- Registry run keys
- Scheduled jobs
- Services and drivers
- Suspicious files
- Include hijackthis log
Puis clic sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et
vérifie qu'il soit bien en entier, si besoin crée deux messages.
ddaya.dll plutôt ?
fais ça :
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Ferme Hijackthis en cliquant sur la croix-rouge.
Télécharge ce programme puis double clic dessus (ferme ton antivirus le temps du
téléchargement s'il te détecte quoi que ce soit et réactive le après)
http://www.suspectfile.com/systemscan/
Clique sur Unselect all
Coche uniquement ces cases :
- Recent Files, 30 days
- Registry run keys
- Scheduled jobs
- Services and drivers
- Suspicious files
- Include hijackthis log
Puis clic sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et
vérifie qu'il soit bien en entier, si besoin crée deux messages.
Re,
vide le répertoire C:\WINDOWS\temp et recommence (il génére un rapport trop long).
vide le répertoire C:\WINDOWS\temp et recommence (il génére un rapport trop long).
voila le nouvea raport, et merci d'avance pour ton aide
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\hp\Bureau\sys78704.exe
Running in: User mode
Date: 06/04/2008
Time: 16:14:27
Output limited to:
-Recent files
-Registry Run Keys
-Scheduled jobs
-Services and Drivers (all)
-Suspicious Files
-Include HIJACKTHIS.log
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
14/03/2008 14:13:42 (DIR) 0 byte 23 days old -- MSOCache
27/03/2008 21:12:45 21 byte 10 days old -- qpmd8376.bin
04/04/2008 23:09:16 (DIR) 0 byte 2 days old -- CFusionMX
06/04/2008 01:12:53 (DIR) 0 byte 0 days old -- Config.Msi
06/04/2008 11:14:51 (DIR) 0 byte 0 days old -- VundoFix Backups
06/04/2008 11:50:43 (DIR) 0 byte 0 days old -- divertissement
06/04/2008 12:51:53 (DIR) 0 byte 0 days old -- hijackthis_199
06/04/2008 14:10:55 500 byte 0 days old -- VundoFix.txt
06/04/2008 14:59:41 1610612736 byte 0 days old -- pagefile.sys
06/04/2008 15:41:19 (DIR) 0 byte 0 days old -- Program Files
06/04/2008 15:54:13 (DIR) 0 byte 0 days old -- WINDOWS
----- recent files in C:\WINDOWS\
11/03/2008 21:56:00 (DIR) 0 byte 26 days old -- Downloaded Installations
14/03/2008 14:13:46 (DIR) 0 byte 23 days old -- system
14/03/2008 14:18:46 (DIR) 0 byte 23 days old -- Help
14/03/2008 14:22:01 (DIR) 0 byte 23 days old -- SHELLNEW
14/03/2008 14:22:19 (DIR) 0 byte 23 days old -- Fonts
14/03/2008 14:23:57 603 byte 23 days old -- win.ini
14/03/2008 14:25:09 722 byte 23 days old -- ODBC.INI
14/03/2008 14:42:36 (DIR) 0 byte 23 days old -- WinSxS
25/03/2008 19:52:40 319 byte 12 days old -- game.ini
25/03/2008 19:57:51 (DIR) 0 byte 12 days old -- ftpcache
25/03/2008 22:16:48 54156 byte 12 days old -- QTFont.qfn
28/03/2008 15:18:24 139264 byte 9 days old -- War3Unin.exe
28/03/2008 15:18:24 2829 byte 9 days old -- War3Unin.pif
28/03/2008 15:18:35 55163 byte 9 days old -- War3Unin.dat
01/04/2008 20:47:56 (DIR) 0 byte 5 days old -- Tasks
05/04/2008 10:37:38 1013 byte 1 days old -- cookies.ini
06/04/2008 01:12:54 (DIR) 0 byte 0 days old -- Installer
06/04/2008 01:27:07 (DIR) 0 byte 0 days old -- inf
06/04/2008 01:27:09 (DIR) 0 byte 0 days old -- Downloaded Program Files
06/04/2008 01:27:19 (DIR) 0 byte 0 days old -- Prefetch
06/04/2008 12:10:12 69 byte 0 days old -- NeroDigital.ini
06/04/2008 13:41:43 (DIR) 0 byte 0 days old -- Debug
06/04/2008 14:58:34 32424 byte 0 days old -- SchedLgU.Txt
06/04/2008 14:59:43 2048 byte 0 days old -- bootstat.dat
06/04/2008 14:59:55 0 byte 0 days old -- 0.log
06/04/2008 15:00:20 50 byte 0 days old -- wiaservc.log
06/04/2008 15:00:31 157 byte 0 days old -- wiadebug.log
06/04/2008 15:56:01 404 byte 0 days old -- wmsetup.log
06/04/2008 15:56:01 1816464 byte 0 days old -- WindowsUpdate.log
06/04/2008 16:05:30 (DIR) 0 byte 0 days old -- system32
06/04/2008 16:14:24 (DIR) 0 byte 0 days old -- Temp
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
10/03/2008 21:43:43 278528 byte 27 days old -- pncrt.dll
10/03/2008 21:43:46 5632 byte 27 days old -- pndx5032.dll
10/03/2008 21:43:46 6656 byte 27 days old -- pndx5016.dll
10/03/2008 21:43:57 185944 byte 27 days old -- rmoc3260.dll
14/03/2008 14:42:35 (DIR) 0 byte 23 days old -- AGEIA
14/03/2008 14:42:58 (DIR) 0 byte 23 days old -- DRVSTORE
14/03/2008 14:43:58 107888 byte 23 days old -- CmdLineExt.dll
14/03/2008 15:30:08 246312 byte 23 days old -- FNTCACHE.DAT
14/03/2008 19:09:43 36864 byte 23 days old -- byxxvvs.dll
14/03/2008 19:10:43 290816 byte 23 days old -- ddaya.dll
14/03/2008 19:10:44 63 byte 23 days old -- 748b94ed
14/03/2008 19:11:52 98368 byte 23 days old -- egfvtsju.dll
14/03/2008 19:30:57 36864 byte 23 days old -- awtrrqn.dll
14/03/2008 19:40:41 36864 byte 23 days old -- qomlmlm.dll
15/03/2008 19:12:16 1367273 byte 22 days old -- ifibvydo.ini
15/03/2008 21:47:41 36864 byte 22 days old -- hggdbyy.dll
16/03/2008 10:23:59 1367464 byte 21 days old -- ehflgrou.ini
17/03/2008 19:15:16 1360129 byte 20 days old -- oluvuvmt.ini
17/03/2008 19:18:38 93760 byte 20 days old -- frrtyohp.dll
18/03/2008 19:14:18 92736 byte 19 days old -- oqyrkygm.dll
18/03/2008 19:16:14 2105942 byte 19 days old -- bmgwjppt.ini
19/03/2008 15:31:58 1308421 byte 18 days old -- dkwbadyy.ini
19/03/2008 19:16:59 93248 byte 18 days old -- jttccucf.dll
20/03/2008 19:17:21 1524235 byte 17 days old -- eeqxloqj.ini
21/03/2008 19:16:00 94784 byte 16 days old -- sovepgcs.dll
21/03/2008 19:18:37 1261656 byte 16 days old -- jaqxnatd.ini
22/03/2008 09:48:20 1219588 byte 15 days old -- jkddmpth.ini
22/03/2008 19:20:42 93248 byte 15 days old -- ntksgjlm.dll
23/03/2008 18:54:41 1215241 byte 14 days old -- ljvvtoyr.ini
24/03/2008 19:02:12 1215401 byte 13 days old -- wkbverwu.ini
25/03/2008 19:17:39 1413302 byte 12 days old -- xsqgsvbq.ini
25/03/2008 19:17:41 94272 byte 12 days old -- ruphpaud.dll
25/03/2008 19:53:18 (DIR) 0 byte 12 days old -- DirectX
26/03/2008 19:18:21 1280878 byte 11 days old -- hewxbbbu.ini
27/03/2008 19:22:18 1295479 byte 10 days old -- dqhwhlue.ini
27/03/2008 19:35:37 781696 byte 10 days old -- PerfStringBackup.INI
27/03/2008 19:35:38 41302 byte 10 days old -- perfc009.dat
27/03/2008 19:35:38 50072 byte 10 days old -- perfc00C.dat
27/03/2008 19:35:38 372336 byte 10 days old -- perfh00C.dat
27/03/2008 19:35:38 314998 byte 10 days old -- perfh009.dat
28/03/2008 19:20:12 90688 byte 9 days old -- qghhwvbm.dll
28/03/2008 19:23:35 1189953 byte 9 days old -- kabttmxm.ini
29/03/2008 13:41:07 1180852 byte 8 days old -- fowmmveu.ini
30/03/2008 09:56:33 1180990 byte 7 days old -- ijylsjwa.ini
30/03/2008 19:21:20 1181030 byte 7 days old -- gibkborv.ini
31/03/2008 07:20:49 1176286 byte 6 days old -- lwvxgpug.ini
01/04/2008 18:23:03 143 byte 5 days old -- mcrh.tmp
01/04/2008 18:25:01 1215655 byte 5 days old -- oiihtjro.ini
01/04/2008 19:24:57 90688 byte 5 days old -- rwtkgyxe.dll
02/04/2008 19:06:39 1168017 byte 4 days old -- dgyffiah.ini
03/04/2008 08:09:21 1152813 byte 3 days old -- rbiwdthr.ini
03/04/2008 19:26:59 89152 byte 3 days old -- pqombcuh.dll
05/04/2008 19:24:51 1094668 byte 1 days old -- wwlcpgaw.ini
05/04/2008 19:26:04 85056 byte 1 days old -- rtreooht.dll
06/04/2008 01:05:24 3072 byte 0 days old -- CONFIG.NT
06/04/2008 07:24:29 (DIR) 0 byte 0 days old -- Macromed
06/04/2008 13:07:56 (DIR) 0 byte 0 days old -- CatRoot2
06/04/2008 14:54:33 (DIR) 0 byte 0 days old -- drivers
06/04/2008 14:55:17 198722 byte 0 days old -- ayadd.ini2
06/04/2008 14:55:32 198722 byte 0 days old -- ayadd.ini
06/04/2008 15:00:00 2206 byte 0 days old -- wpa.dbl
06/04/2008 15:00:13 23946 byte 0 days old -- nvapps.xml
06/04/2008 16:05:30 1094188 byte 0 days old -- thooertr.ini
----- recent files in C:\WINDOWS\system32\drivers\
13/03/2008 16:43:42 40456 byte 24 days old -- eamon.sys
13/03/2008 16:44:36 29704 byte 24 days old -- easdrv.sys
13/03/2008 16:52:18 33800 byte 24 days old -- epfwtdir.sys
----- recent files in C:\WINDOWS\temp\
27/03/2008 17:17:02 (DIR) 0 byte 10 days old -- History
27/03/2008 17:17:02 (DIR) 0 byte 10 days old -- Fichiers Internet temporaires
27/03/2008 17:17:02 (DIR) 0 byte 10 days old -- Cookies
06/04/2008 16:13:55 0 byte 0 days old -- NOD2882.tmp
06/04/2008 16:13:57 0 byte 0 days old -- NOD2883.tmp
06/04/2008 16:13:59 0 byte 0 days old -- NOD2884.tmp
06/04/2008 16:14:01 0 byte 0 days old -- NOD2885.tmp
06/04/2008 16:14:03 0 byte 0 days old -- NOD2886.tmp
06/04/2008 16:14:04 0 byte 0 days old -- NOD2887.tmp
06/04/2008 16:14:06 0 byte 0 days old -- NOD2888.tmp
06/04/2008 16:14:07 0 byte 0 days old -- NOD2889.tmp
06/04/2008 16:14:10 0 byte 0 days old -- NOD288A.tmp
06/04/2008 16:14:12 0 byte 0 days old -- NOD288B.tmp
06/04/2008 16:14:14 0 byte 0 days old -- NOD288C.tmp
06/04/2008 16:14:16 0 byte 0 days old -- NOD288D.tmp
06/04/2008 16:14:18 0 byte 0 days old -- NOD288E.tmp
06/04/2008 16:14:20 0 byte 0 days old -- NOD288F.tmp
06/04/2008 16:14:21 0 byte 0 days old -- NOD2890.tmp
06/04/2008 16:14:23 0 byte 0 days old -- NOD2891.tmp
06/04/2008 16:14:24 0 byte 0 days old -- NOD2892.tmp
06/04/2008 16:14:26 0 byte 0 days old -- NOD2893.tmp
----- recent files in C:\Program Files\
10/03/2008 21:43:40 (DIR) 0 byte 27 days old -- Real
10/03/2008 21:43:52 (DIR) 0 byte 27 days old -- Google
11/03/2008 22:01:44 (DIR) 0 byte 26 days old -- Adobe
14/03/2008 14:19:23 (DIR) 0 byte 23 days old -- Microsoft Visual Studio
14/03/2008 14:19:42 (DIR) 0 byte 23 days old -- Microsoft Works
14/03/2008 14:19:55 (DIR) 0 byte 23 days old -- Microsoft Office
14/03/2008 14:22:03 (DIR) 0 byte 23 days old -- Microsoft.NET
14/03/2008 14:42:24 (DIR) 0 byte 23 days old -- Fichiers communs
14/03/2008 14:42:43 (DIR) 0 byte 23 days old -- AGEIA Technologies
23/03/2008 21:56:23 (DIR) 0 byte 14 days old -- eMule
24/03/2008 19:06:05 (DIR) 0 byte 13 days old -- Smart Projects
28/03/2008 15:20:44 (DIR) 0 byte 9 days old -- Winamp Remote
29/03/2008 13:28:10 (DIR) 0 byte 8 days old -- Alive Games
29/03/2008 17:39:13 (DIR) 0 byte 8 days old -- Project64 1.6
04/04/2008 23:06:57 (DIR) 0 byte 2 days old -- InstallShield Installation Information
06/04/2008 01:12:09 (DIR) 0 byte 0 days old -- ESET
06/04/2008 13:08:51 (DIR) 0 byte 0 days old -- Warcraft III
06/04/2008 13:33:43 (DIR) 0 byte 0 days old -- CCleaner
06/04/2008 14:54:30 (DIR) 0 byte 0 days old -- GRISOFT
06/04/2008 15:00:20 (DIR) 0 byte 0 days old -- eChanblard
06/04/2008 15:41:19 (DIR) 0 byte 0 days old -- Trend Micro
----- recent files in C:\Program Files\Fichiers communs\
10/03/2008 21:44:00 (DIR) 0 byte 27 days old -- Real
10/03/2008 21:44:02 (DIR) 0 byte 27 days old -- xing shared
14/03/2008 14:19:02 (DIR) 0 byte 23 days old -- System
14/03/2008 14:22:22 (DIR) 0 byte 23 days old -- Microsoft Shared
14/03/2008 14:32:06 (DIR) 0 byte 23 days old -- InstallShield
14/03/2008 14:42:28 (DIR) 0 byte 23 days old -- Wise Installation Wizard
01/04/2008 07:05:32 (DIR) 0 byte 5 days old -- Adobe
----- recent files in C:\Documents and Settings\hp\Application Data\
10/03/2008 21:45:58 (DIR) 0 byte 27 days old -- Real
10/03/2008 23:07:22 (DIR) 0 byte 27 days old -- Google
14/03/2008 14:43:14 (DIR) 0 byte 23 days old -- InstallShield
14/03/2008 14:43:59 (DIR) 0 byte 23 days old -- SecuROM
14/03/2008 14:45:46 (DIR) 0 byte 23 days old -- Codemasters
27/03/2008 17:43:43 (DIR) 0 byte 10 days old -- MegauploadToolbar
27/03/2008 19:36:33 (DIR) 0 byte 10 days old -- Microsoft
29/03/2008 13:28:11 (DIR) 0 byte 8 days old -- Alive Games
06/04/2008 07:26:18 (DIR) 0 byte 0 days old -- Adobe
----- recent files in C:\DOCUME~1\hp\LOCALS~1\Temp\
08/03/2008 00:31:45 97 byte 29 days old -- GCHWCfg.xml
08/03/2008 07:13:11 1285 byte 29 days old -- MAR45.tmp
08/03/2008 07:13:11 1342 byte 29 days old -- MAR44.tmp
08/03/2008 07:13:22 113 byte 29 days old -- STS48.tmp
09/03/2008 07:51:55 1342 byte 28 days old -- MAR46.tmp
09/03/2008 07:51:55 1285 byte 28 days old -- MAR47.tmp
09/03/2008 07:52:08 113 byte 28 days old -- STS4A.tmp
09/03/2008 19:09:10 1342 byte 28 days old -- MAR48.tmp
09/03/2008 19:09:11 1285 byte 28 days old -- MAR49.tmp
09/03/2008 19:09:20 113 byte 28 days old -- STS4C.tmp
10/03/2008 07:10:34 1285 byte 27 days old -- MAR4B.tmp
10/03/2008 07:10:34 1342 byte 27 days old -- MAR4A.tmp
10/03/2008 07:10:45 113 byte 27 days old -- STS4E.tmp
10/03/2008 21:37:48 240624 byte 27 days old -- MSIad1e1.LOG
10/03/2008 21:43:54 105008 byte 27 days old -- GoogleToolbarInstaller2.log
10/03/2008 21:43:54 889 byte 27 days old -- GoogleToolbarInstaller1.log
10/03/2008 21:44:21 (DIR) 0 byte 27 days old -- ~rnsetup
10/03/2008 22:01:39 (DIR) 0 byte 27 days old -- WLZ6168.tmp
11/03/2008 15:10:16 1285 byte 26 days old -- MAR4D.tmp
11/03/2008 15:10:16 1342 byte 26 days old -- MAR4C.tmp
11/03/2008 15:10:27 113 byte 26 days old -- STS50.tmp
11/03/2008 17:44:41 1285 byte 26 days old -- MAR4F.tmp
11/03/2008 17:44:41 1342 byte 26 days old -- MAR4E.tmp
11/03/2008 17:44:52 113 byte 26 days old -- STS52.tmp
11/03/2008 22:01:33 (DIR) 0 byte 26 days old -- Adobe Reader 8
11/03/2008 22:01:36 600 byte 26 days old -- {AC76BA86-7AD7-1036-7B44-A81200000003}.ini
11/03/2008 22:06:23 64 byte 26 days old -- Mon catalogue-pju.ldb
11/03/2008 22:06:52 434176 byte 26 days old -- Mon catalogue-pju.psa
12/03/2008 07:10:57 1342 byte 25 days old -- MAR50.tmp
12/03/2008 07:10:57 1285 byte 25 days old -- MAR51.tmp
12/03/2008 07:11:08 113 byte 25 days old -- STS54.tmp
12/03/2008 21:46:43 49152 byte 25 days old -- ~DF6964.tmp
14/03/2008 07:04:51 1285 byte 23 days old -- MAR53.tmp
14/03/2008 07:04:51 1342 byte 23 days old -- MAR52.tmp
14/03/2008 07:04:57 113 byte 23 days old -- STS56.tmp
14/03/2008 14:05:28 180356 byte 23 days old -- Microsoft Office 2003 Setup(0001)_Task(0001).txt
14/03/2008 14:05:28 9854 byte 23 days old -- Microsoft Office 2003 Setup(0001).txt
14/03/2008 14:13:19 240600 byte 23 days old -- MSI26c13.LOG
14/03/2008 14:16:02 63347 byte 23 days old -- offcln11.log
14/03/2008 14:26:47 696548 byte 23 days old -- Microsoft Office 2003 Setup(0002)_Task(0001).txt
14/03/2008 14:26:47 9717 byte 23 days old -- Microsoft Office 2003 Setup(0002).txt
14/03/2008 14:42:53 (DIR) 0 byte 23 days old -- AGEIA
14/03/2008 14:43:58 208896 byte 23 days old -- drm_dyndata_7330016.dll
14/03/2008 14:44:01 65536 byte 23 days old -- drm_dialogs.dll
14/03/2008 15:30:46 1342 byte 23 days old -- MAR54.tmp
14/03/2008 15:30:50 1285 byte 23 days old -- MAR55.tmp
14/03/2008 15:31:02 113 byte 23 days old -- STS58.tmp
14/03/2008 19:31:25 (DIR) 0 byte 23 days old -- WERf43c.dir00
14/03/2008 19:43:12 (DIR) 0 byte 23 days old -- WEReee2.dir00
14/03/2008 19:47:34 (DIR) 0 byte 23 days old -- WERaedf.dir00
15/03/2008 06:54:07 1342 byte 22 days old -- MAR56.tmp
15/03/2008 06:54:10 1285 byte 22 days old -- MAR57.tmp
15/03/2008 06:54:28 113 byte 22 days old -- STS5A.tmp
15/03/2008 23:40:42 46021 byte 22 days old -- TFR62.tmp
15/03/2008 23:40:42 67560 byte 22 days old -- TFR65.tmp
15/03/2008 23:40:42 27777 byte 22 days old -- TFR6A.tmp
15/03/2008 23:40:43 62753 byte 22 days old -- TFR75.tmp
15/03/2008 23:40:43 23427 byte 22 days old -- TFR7E.tmp
15/03/2008 23:40:43 23262 byte 22 days old -- TFR78.tmp
15/03/2008 23:40:43 21122 byte 22 days old -- TFR6D.tmp
15/03/2008 23:40:43 67994 byte 22 days old -- TFR71.tmp
16/03/2008 00:53:47 1342 byte 21 days old -- MAR58.tmp
16/03/2008 00:53:48 1285 byte 21 days old -- MAR59.tmp
16/03/2008 00:54:01 113 byte 21 days old -- STS5C.tmp
16/03/2008 10:24:01 1285 byte 21 days old -- MAR5B.tmp
16/03/2008 10:24:01 1342 byte 21 days old -- MAR5A.tmp
16/03/2008 10:24:19 113 byte 21 days old -- STS5E.tmp
17/03/2008 07:15:49 1342 byte 20 days old -- MAR5C.tmp
17/03/2008 07:15:50 1285 byte 20 days old -- MAR5D.tmp
17/03/2008 07:16:17 113 byte 20 days old -- STS60.tmp
18/03/2008 07:08:39 1342 byte 19 days old -- MAR5E.tmp
18/03/2008 07:08:40 1285 byte 19 days old -- MAR5F.tmp
18/03/2008 07:08:56 113 byte 19 days old -- STS62.tmp
19/03/2008 07:32:52 1285 byte 18 days old -- MAR61.tmp
19/03/2008 07:32:52 1342 byte 18 days old -- MAR60.tmp
19/03/2008 07:33:09 113 byte 18 days old -- STS64.tmp
20/03/2008 09:07:21 1342 byte 17 days old -- MAR62.tmp
20/03/2008 09:07:22 1285 byte 17 days old -- MAR63.tmp
20/03/2008 09:07:46 113 byte 17 days old -- STS66.tmp
20/03/2008 16:03:23 1342 byte 17 days old -- MAR64.tmp
20/03/2008 16:03:24 1285 byte 17 days old -- MAR65.tmp
20/03/2008 16:03:37 113 byte 17 days old -- STS68.tmp
20/03/2008 16:12:13 49152 byte 17 days old -- ~DF86AC.tmp
21/03/2008 06:07:50 1342 byte 16 days old -- MAR66.tmp
21/03/2008 06:07:51 1285 byte 16 days old -- MAR67.tmp
21/03/2008 06:08:04 113 byte 16 days old -- STS6A.tmp
22/03/2008 09:48:30 1285 byte 15 days old -- MAR69.tmp
22/03/2008 09:48:30 1342 byte 15 days old -- MAR68.tmp
22/03/2008 09:48:44 113 byte 15 days old -- STS6C.tmp
23/03/2008 11:21:15 1342 byte 14 days old -- MAR6A.tmp
23/03/2008 11:21:18 1285 byte 14 days old -- MAR6B.tmp
23/03/2008 11:21:40 113 byte 14 days old -- STS6E.tmp
24/03/2008 07:11:26 1285 byte 13 days old -- MAR6D.tmp
24/03/2008 07:11:26 1342 byte 13 days old -- MAR6C.tmp
24/03/2008 07:11:46 113 byte 13 days old -- STS70.tmp
24/03/2008 19:16:15 17212 byte 13 days old -- SIntf32.dll
24/03/2008 19:16:15 12067 byte 13 days old -- SIntf16.dll
24/03/2008 19:16:15 24516 byte 13 days old -- SIntfNT.dll
25/03/2008 00:41:47 12711 byte 12 days old -- VGXA5.tmp
25/03/2008 00:41:48 6254 byte 12 days old -- VGXAE.tmp
25/03/2008 00:41:48 1289 byte 12 days old -- VGXAF.tmp
25/03/2008 00:41:48 7901 byte 12 days old -- VGXB0.tmp
25/03/2008 00:41:48 3531 byte 12 days old -- VGXAD.tmp
25/03/2008 00:41:48 1137 byte 12 days old -- VGXB2.tmp
25/03/2008 00:41:48 1240 byte 12 days old -- VGXB1.tmp
25/03/2008 00:41:48 2875 byte 12 days old -- VGXAC.tmp
25/03/2008 00:41:48 5934 byte 12 days old -- VGXAB.tmp
25/03/2008 00:41:48 2114 byte 12 days old -- VGXA8.tmp
25/03/2008 00:41:48 1432 byte 12 days old -- VGXA9.tmp
25/03/2008 00:41:48 3823 byte 12 days old -- VGXAA.tmp
25/03/2008 00:41:48 3529 byte 12 days old -- VGXA7.tmp
25/03/2008 00:41:48 2710 byte 12 days old -- VGXA6.tmp
25/03/2008 07:33:01 1342 byte 12 days old -- MAR6E.tmp
25/03/2008 07:33:01 1285 byte 12 days old -- MAR6F.tmp
25/03/2008 07:33:19 113 byte 12 days old -- STS72.tmp
26/03/2008 07:16:15 1342 byte 11 days old -- MAR70.tmp
26/03/2008 07:16:17 1285 byte 11 days old -- MAR71.tmp
26/03/2008 07:16:44 113 byte 11 days old -- STS74.tmp
26/03/2008 14:50:23 49152 byte 11 days old -- ~DF3892.tmp
27/03/2008 06:58:27 1285 byte 10 days old -- MAR73.tmp
27/03/2008 06:58:27 1342 byte 10 days old -- MAR72.tmp
27/03/2008 06:58:44 113 byte 10 days old -- STS76.tmp
27/03/2008 07:02:52 512 byte 10 days old -- ~DF84A2.tmp
27/03/2008 07:02:52 16384 byte 10 days old -- ~DF8496.tmp
27/03/2008 18:39:49 512 byte 10 days old -- ~DF633E.tmp
27/03/2008 18:39:49 16384 byte 10 days old -- ~DF6332.tmp
27/03/2008 19:32:28 28084736 byte 10 days old -- Virtual_PC_2007_Install.msi
27/03/2008 19:32:28 164352 byte 10 days old -- 1036.mst
27/03/2008 19:32:28 910080 byte 10 days old -- msxml6-KB927977-enu-x86.exe
27/03/2008 19:35:39 469588 byte 10 days old -- VPCInstallLog.txt
27/03/2008 20:05:24 1342 byte 10 days old -- MAR74.tmp
27/03/2008 20:05:25 1285 byte 10 days old -- MAR75.tmp
27/03/2008 20:05:39 113 byte 10 days old -- STS78.tmp
27/03/2008 20:10:20 (DIR) 0 byte 10 days old -- WLZ384D.tmp
27/03/2008 21:13:16 1285 byte 10 days old -- MAR77.tmp
27/03/2008 21:13:16 1342 byte 10 days old -- MAR76.tmp
27/03/2008 21:13:33 113 byte 10 days old -- STS7A.tmp
27/03/2008 21:18:17 5828 byte 10 days old -- MSI4a768.LOG
28/03/2008 06:59:09 1342 byte 9 days old -- MAR78.tmp
28/03/2008 06:59:09 1285 byte 9 days old -- MAR79.tmp
28/03/2008 06:59:30 113 byte 9 days old -- STS7C.tmp
28/03/2008 15:19:12 (DIR) 0 byte 9 days old -- WLZFC5D.tmp
28/03/2008 15:29:42 1342 byte 9 days old -- MAR7A.tmp
28/03/2008 15:29:42 1285 byte 9 days old -- MAR7B.tmp
28/03/2008 15:29:59 113 byte 9 days old -- STS7E.tmp
29/03/2008 06:55:17 1285 byte 8 days old -- MAR7D.tmp
29/03/2008 06:55:17 1342 byte 8 days old -- MAR7C.tmp
29/03/2008 06:55:34 113 byte 8 days old -- STS80.tmp
29/03/2008 13:41:02 1342 byte 8 days old -- MAR7E.tmp
29/03/2008 13:41:03 1285 byte 8 days old -- MAR7F.tmp
29/03/2008 13:41:28 113 byte 8 days old -- STS82.tmp
30/03/2008 08:52:15 1285 byte 7 days old -- MAR81.tmp
30/03/2008 08:52:15 1342 byte 7 days old -- MAR80.tmp
30/03/2008 08:52:36 113 byte 7 days old -- STS84.tmp
31/03/2008 07:20:43 1342 byte 6 days old -- MAR82.tmp
31/03/2008 07:20:43 1285 byte 6 days old -- MAR83.tmp
31/03/2008 07:20:59 113 byte 6 days old -- STS86.tmp
01/04/2008 06:54:37 1285 byte 5 days old -- MAR85.tmp
01/04/2008 06:54:37 1342 byte 5 days old -- MAR84.tmp
01/04/2008 07:13:07 113 byte 5 days old -- STS8E.tmp
01/04/2008 20:51:23 725 byte 5 days old -- TWAIN.LOG
01/04/2008 20:51:23 3 byte 5 days old -- Twain001.Mtx
01/04/2008 20:51:23 156 byte 5 days old -- Twunk001.MTX
02/04/2008 08:49:08 1342 byte 4 days old -- MAR86.tmp
02/04/2008 08:49:08 1285 byte 4 days old -- MAR87.tmp
02/04/2008 08:49:20 113 byte 4 days old -- STS89.tmp
02/04/2008 15:44:32 1285 byte 4 days old -- MAR89.tmp
02/04/2008 15:44:32 1342 byte 4 days old -- MAR88.tmp
02/04/2008 15:44:54 113 byte 4 days old -- STS8B.tmp
02/04/2008 22:08:39 1285 byte 4 days old -- MAR8B.tmp
02/04/2008 22:08:39 1342 byte 4 days old -- MAR8A.tmp
02/04/2008 22:09:00 113 byte 4 days old -- STS8D.tmp
03/04/2008 08:09:21 1342 byte 3 days old -- MAR8C.tmp
03/04/2008 08:09:21 1285 byte 3 days old -- MAR8D.tmp
03/04/2008 08:09:39 113 byte 3 days old -- STS90.tmp
04/04/2008 06:55:15 1342 byte 2 days old -- MAR8E.tmp
04/04/2008 06:55:17 1285 byte 2 days old -- MAR8F.tmp
04/04/2008 06:55:38 113 byte 2 days old -- STS92.tmp
04/04/2008 21:42:26 1342 byte 2 days old -- MAR90.tmp
04/04/2008 21:42:27 1285 byte 2 days old -- MAR91.tmp
04/04/2008 21:42:38 113 byte 2 days old -- STS94.tmp
04/04/2008 22:36:43 1342 byte 2 days old -- MAR92.tmp
04/04/2008 22:36:43 1285 byte 2 days old -- MAR93.tmp
04/04/2008 22:36:56 113 byte 2 days old -- STS96.tmp
05/04/2008 07:16:36 1342 byte 1 days old -- MAR94.tmp
05/04/2008 07:16:36 1285 byte 1 days old -- MAR95.tmp
05/04/2008 07:16:48 113 byte 1 days old -- STS98.tmp
05/04/2008 18:06:11 832 byte 1 days old -- java_install_reg.log
05/04/2008 18:50:29 1285 byte 1 days old -- MAR97.tmp
05/04/2008 18:50:29 1342 byte 1 days old -- MAR96.tmp
05/04/2008 18:50:44 113 byte 1 days old -- STS9A.tmp
06/04/2008 01:08:11 1342 byte 0 days old -- MAR98.tmp
06/04/2008 01:08:12 1285 byte 0 days old -- MAR99.tmp
06/04/2008 01:08:31 113 byte 0 days old -- STS9C.tmp
06/04/2008 01:35:52 286 byte 0 days old -- MSI9d24b.LOG
06/04/2008 07:25:53 1342 byte 0 days old -- MAR9A.tmp
06/04/2008 07:25:54 1285 byte 0 days old -- MAR9B.tmp
06/04/2008 07:26:14 113 byte 0 days old -- STSA6.tmp
06/04/2008 09:06:09 403974 byte 0 days old -- VGX5496.tmp
06/04/2008 09:06:11 65568 byte 0 days old -- VGX549A.tmp
06/04/2008 09:06:13 65568 byte 0 days old -- VGX549E.tmp
06/04/2008 09:06:13 2377 byte 0 days old -- VGX54A0.tmp
06/04/2008 09:06:14 13370 byte 0 days old -- VGX54A2.tmp
06/04/2008 09:06:16 90625 byte 0 days old -- VGX54A6.tmp
06/04/2008 09:06:20 65568 byte 0 days old -- VGX54AB.tmp
06/04/2008 09:06:23 65568 byte 0 days old -- VGX54B2.tmp
06/04/2008 09:06:26 65568 byte 0 days old -- VGX54BD.tmp
06/04/2008 09:06:32 65568 byte 0 days old -- VGX54CE.tmp
06/04/2008 09:06:35 65568 byte 0 days old -- VGX54D1.tmp
06/04/2008 09:06:38 65568 byte 0 days old -- VGX54DB.tmp
06/04/2008 09:06:39 31997 byte 0 days old -- VGX54E6.tmp
06/04/2008 09:06:39 7265 byte 0 days old -- VGX54DF.tmp
06/04/2008 09:06:39 65568 byte 0 days old -- VGX54DE.tmp
06/04/2008 09:06:41 6827 byte 0 days old -- VGX54EF.tmp
06/04/2008 09:06:41 65568 byte 0 days old -- VGX54ED.tmp
06/04/2008 09:06:41 65568 byte 0 days old -- VGX54EC.tmp
06/04/2008 09:06:41 12313 byte 0 days old -- VGX54F6.tmp
06/04/2008 09:06:41 6180 byte 0 days old -- VGX54F3.tmp
06/04/2008 09:06:41 2642 byte 0 days old -- VGX54F1.tmp
06/04/2008 09:06:42 24222 byte 0 days old -- VGX54F9.tmp
06/04/2008 09:06:44 65568 byte 0 days old -- VGX5503.tmp
06/04/2008 09:06:44 65568 byte 0 days old -- VGX5502.tmp
06/04/2008 09:06:45 65568 byte 0 days old -- VGX550B.tmp
06/04/2008 09:06:45 65568 byte 0 days old -- VGX5508.tmp
06/04/2008 09:06:46 24480 byte 0 days old -- VGX5513.tmp
06/04/2008 09:06:47 22869 byte 0 days old -- VGX5515.tmp
06/04/2008 09:06:48 65568 byte 0 days old -- VGX5517.tmp
06/04/2008 09:06:48 65568 byte 0 days old -- VGX5518.tmp
06/04/2008 09:06:49 65792 byte 0 days old -- VGX5521.tmp
06/04/2008 09:06:50 49444 byte 0 days old -- VGX5525.tmp
06/04/2008 09:06:50 65568 byte 0 days old -- VGX5524.tmp
06/04/2008 09:06:50 289 byte 0 days old -- VGX552D.tmp
06/04/2008 09:06:50 11796 byte 0 days old -- VGX5528.tmp
06/04/2008 09:06:51 8147 byte 0 days old -- VGX553B.tmp
06/04/2008 09:06:51 179 byte 0 days old -- VGX5530.tmp
06/04/2008 09:06:51 208 byte 0 days old -- VGX552F.tmp
06/04/2008 09:06:51 338 byte 0 days old -- VGX552E.tmp
06/04/2008 09:06:51 13285 byte 0 days old -- VGX5531.tmp
06/04/2008 09:06:51 5656 byte 0 days old -- VGX5539.tmp
06/04/2008 09:06:51 9233 byte 0 days old -- VGX5535.tmp
06/04/2008 09:06:51 33002 byte 0 days old -- VGX5533.tmp
06/04/2008 09:06:52 2204 byte 0 days old -- VGX5540.tmp
06/04/2008 09:06:52 8491 byte 0 days old -- VGX553D.tmp
06/04/2008 09:06:52 40056 byte 0 days old -- VGX5542.tmp
06/04/2008 09:06:52 19780 byte 0 days old -- VGX5549.tmp
06/04/2008 09:06:52 19066 byte 0 days old -- VGX5544.tmp
06/04/2008 09:06:53 10547 byte 0 days old -- VGX554C.tmp
06/04/2008 09:06:53 15567 byte 0 days old -- VGX554A.tmp
06/04/2008 09:06:53 6824 byte 0 days old -- VGX5552.tmp
06/04/2008 09:06:53 11167 byte 0 days old -- VGX554E.tmp
06/04/2008 09:06:54 65568 byte 0 days old -- VGX5554.tmp
06/04/2008 09:06:54 62832 byte 0 days old -- VGX555B.tmp
06/04/2008 09:06:54 6278 byte 0 days old -- VGX5558.tmp
06/04/2008 09:06:55 65568 byte 0 days old -- VGX555F.tmp
06/04/2008 09:06:55 6264 byte 0 days old -- VGX555D.tmp
06/04/2008 09:06:56 11548 byte 0 days old -- VGX5563.tmp
06/04/2008 09:06:56 65568 byte 0 days old -- VGX5562.tmp
06/04/2008 09:06:57 65568 byte 0 days old -- VGX5566.tmp
06/04/2008 09:06:57 65568 byte 0 days old -- VGX5567.tmp
06/04/2008 09:06:57 10706 byte 0 days old -- VGX556A.tmp
06/04/2008 09:06:58 65568 byte 0 days old -- VGX556E.tmp
06/04/2008 09:06:58 12780 byte 0 days old -- VGX556D.tmp
06/04/2008 09:06:58 6456 byte 0 days old -- VGX5570.tmp
06/04/2008 09:06:59 65568 byte 0 days old -- VGX5574.tmp
06/04/2008 09:06:59 65568 byte 0 days old -- VGX5573.tmp
06/04/2008 09:07:00 2959 byte 0 days old -- VGX557B.tmp
06/04/2008 09:07:00 65568 byte 0 days old -- VGX5579.tmp
06/04/2008 09:07:00 6252 byte 0 days old -- VGX5578.tmp
06/04/2008 09:07:01 65568 byte 0 days old -- VGX557F.tmp
06/04/2008 09:07:01 11968 byte 0 days old -- VGX5583.tmp
06/04/2008 09:07:01 65568 byte 0 days old -- VGX5581.tmp
06/04/2008 09:07:02 49058 byte 0 days old -- VGX5587.tmp
06/04/2008 09:07:02 65568 byte 0 days old -- VGX5585.tmp
06/04/2008 09:07:03 12511 byte 0 days old -- VGX5590.tmp
06/04/2008 09:07:03 6256 byte 0 days old -- VGX558E.tmp
06/04/2008 09:07:03 20166 byte 0 days old -- VGX558B.tmp
06/04/2008 09:07:03 16163 byte 0 days old -- VGX5596.tmp
06/04/2008 09:07:03 13822 byte 0 days old -- VGX5593.tmp
06/04/2008 09:07:03 10576 byte 0 days old -- VGX5592.tmp
06/04/2008 09:07:03 13314 byte 0 days old -- VGX558A.tmp
06/04/2008 09:07:04 20832 byte 0 days old -- VGX559D.tmp
06/04/2008 09:07:04 7641 byte 0 days old -- VGX5599.tmp
06/04/2008 09:07:04 6007 byte 0 days old -- VGX5597.tmp
06/04/2008 09:07:04 65568 byte 0 days old -- VGX559E.tmp
06/04/2008 09:07:05 13918 byte 0 days old -- VGX55A2.tmp
06/04/2008 09:07:05 6456 byte 0 days old -- VGX55A1.tmp
06/04/2008 09:07:06 21537 byte 0 days old -- VGX55A9.tmp
06/04/2008 09:07:06 65568 byte 0 days old -- VGX55A7.tmp
06/04/2008 09:07:06 65568 byte 0 days old -- VGX55A6.tmp
06/04/2008 09:07:06 19557 byte 0 days old -- VGX55AB.tmp
06/04/2008 09:07:07 65568 byte 0 days old -- VGX55AF.tmp
06/04/2008 09:07:08 98496 byte 0 days old -- VGX55B2.tmp
06/04/2008 09:07:08 10491 byte 0 days old -- VGX55B1.tmp
06/04/2008 09:07:09 5880 byte 0 days old -- VGX55B8.tmp
06/04/2008 09:07:09 65568 byte 0 days old -- VGX55B6.tmp
06/04/2008 09:07:10 65568 byte 0 days old -- VGX55BD.tmp
06/04/2008 09:07:10 26456 byte 0 days old -- VGX55BA.tmp
06/04/2008 09:07:11 65568 byte 0 days old -- VGX55C1.tmp
06/04/2008 09:07:11 65568 byte 0 days old -- VGX55BF.tmp
06/04/2008 09:07:12 65568 byte 0 days old -- VGX55C4.tmp
06/04/2008 09:07:12 14692 byte 0 days old -- VGX55C5.tmp
06/04/2008 09:07:13 4706 byte 0 days old -- VGX55CB.tmp
06/04/2008 09:07:13 98544 byte 0 days old -- VGX55C8.tmp
06/04/2008 09:07:13 65568 byte 0 days old -- VGX55CC.tmp
06/04/2008 09:07:14 65568 byte 0 days old -- VGX55D0.tmp
06/04/2008 09:07:14 2467 byte 0 days old -- VGX55CF.tmp
06/04/2008 09:07:15 65568 byte 0 days old -- VGX55D4.tmp
06/04/2008 09:07:16 3746 byte 0 days old -- VGX55DA.tmp
06/04/2008 09:07:16 65568 byte 0 days old -- VGX55D7.tmp
06/04/2008 09:07:16 65568 byte 0 days old -- VGX55D6.tmp
06/04/2008 09:07:16 12477 byte 0 days old -- VGX55E0.tmp
06/04/2008 09:07:16 6482 byte 0 days old -- VGX55DD.tmp
06/04/2008 09:07:16 5590 byte 0 days old -- VGX55DB.tmp
06/04/2008 09:07:17 65568 byte 0 days old -- VGX55E3.tmp
06/04/2008 09:07:18 65568 byte 0 days old -- VGX55E9.tmp
06/04/2008 09:07:18 92950 byte 0 days old -- VGX55E8.tmp
06/04/2008 09:07:18 9128 byte 0 days old -- VGX55E5.tmp
06/04/2008 09:07:19 65568 byte 0 days old -- VGX55ED.tmp
06/04/2008 09:07:19 29741 byte 0 days old -- VGX55EC.tmp
06/04/2008 09:07:20 7574 byte 0 days old -- VGX55F2.tmp
06/04/2008 09:07:20 9453 byte 0 days old -- VGX55F0.tmp
06/04/2008 09:07:21 8972 byte 0 days old -- VGX55F9.tmp
06/04/2008 09:07:21 11564 byte 0 days old -- VGX55F6.tmp
06/04/2008 09:07:21 51206 byte 0 days old -- VGX55F4.tmp
06/04/2008 09:07:22 65568 byte 0 days old -- VGX55FF.tmp
06/04/2008 09:07:22 11260 byte 0 days old -- VGX55FD.tmp
06/04/2008 09:07:22 41857 byte 0 days old -- VGX55FB.tmp
06/04/2008 09:07:23 42979 byte 0 days old -- VGX5600.tmp
06/04/2008 09:07:23 10903 byte 0 days old -- VGX5607.tmp
06/04/2008 09:07:23 16731 byte 0 days old -- VGX5606.tmp
06/04/2008 09:07:23 3147 byte 0 days old -- VGX5603.tmp
06/04/2008 09:07:23 4788 byte 0 days old -- VGX5609.tmp
06/04/2008 09:07:25 65568 byte 0 days old -- VGX5610.tmp
06/04/2008 09:07:25 65568 byte 0 days old -- VGX560D.tmp
06/04/2008 09:07:25 65568 byte 0 days old -- VGX560C.tmp
06/04/2008 09:07:26 63294 byte 0 days old -- VGX5613.tmp
06/04/2008 09:07:26 39512 byte 0 days old -- VGX5614.tmp
06/04/2008 09:07:26 6172 byte 0 days old -- VGX5617.tmp
06/04/2008 09:07:27 12130 byte 0 days old -- VGX5618.tmp
06/04/2008 09:07:27 11637 byte 0 days old -- VGX561A.tmp
06/04/2008 09:07:28 65568 byte 0 days old -- VGX561E.tmp
06/04/2008 09:07:28 65568 byte 0 days old -- VGX561D.tmp
06/04/2008 09:07:28 12625 byte 0 days old -- VGX5625.tmp
06/04/2008 09:07:28 5414 byte 0 days old -- VGX5620.tmp
06/04/2008 09:07:28 10226 byte 0 days old -- VGX5622.tmp
06/04/2008 09:07:29 34129 byte 0 days old -- VGX5628.tmp
06/04/2008 09:07:29 6029 byte 0 days old -- VGX5627.tmp
06/04/2008 09:07:29 8493 byte 0 days old -- VGX562B.tmp
06/04/2008 09:07:29 11583 byte 0 days old -- VGX562F.tmp
06/04/2008 09:07:29 65568 byte 0 days old -- VGX562E.tmp
06/04/2008 09:07:30 6294 byte 0 days old -- VGX5635.tmp
06/04/2008 09:07:30 11338 byte 0 days old -- VGX5637.tmp
06/04/2008 09:07:30 24776 byte 0 days old -- VGX5632.tmp
06/04/2008 09:07:30 5029 byte 0 days old -- VGX5633.tmp
06/04/2008 09:07:30 15168 byte 0 days old -- VGX563B.tmp
06/04/2008 09:07:30 7278 byte 0 days old -- VGX5639.tmp
06/04/2008 09:07:31 46150 byte 0 days old -- VGX5640.tmp
06/04/2008 09:07:31 5304 byte 0 days old -- VGX563E.tmp
06/04/2008 09:07:32 10746 byte 0 days old -- VGX5647.tmp
06/04/2008 09:07:32 65568 byte 0 days old -- VGX5644.tmp
06/04/2008 09:07:32 65568 byte 0 days old -- VGX5643.tmp
06/04/2008 09:07:33 32454 byte 0 days old -- VGX564B.tmp
06/04/2008 09:07:33 65568 byte 0 days old -- VGX564A.tmp
06/04/2008 09:07:33 1854 byte 0 days old -- VGX564E.tmp
06/04/2008 09:07:34 65556 byte 0 days old -- VGX5652.tmp
06/04/2008 09:07:34 65760 byte 0 days old -- VGX5651.tmp
06/04/2008 09:07:35 28328 byte 0 days old -- VGX5655.tmp
06/04/2008 09:07:35 65568 byte 0 days old -- VGX5657.tmp
06/04/2008 09:07:36 10332 byte 0 days old -- VGX565D.tmp
06/04/2008 09:07:36 4389 byte 0 days old -- VGX565F.tmp
06/04/2008 09:07:36 65568 byte 0 days old -- VGX5659.tmp
06/04/2008 09:07:36 235 byte 0 days old -- VGX565B.tmp
06/04/2008 09:07:37 65568 byte 0 days old -- VGX5663.tmp
06/04/2008 09:07:37 65568 byte 0 days old -- VGX5662.tmp
06/04/2008 09:07:38 65568 byte 0 days old -- VGX5666.tmp
06/04/2008 09:07:38 65568 byte 0 days old -- VGX5667.tmp
06/04/2008 09:07:39 7050 byte 0 days old -- VGX566F.tmp
06/04/2008 09:07:39 16188 byte 0 days old -- VGX566C.tmp
06/04/2008 09:07:39 53794 byte 0 days old -- VGX566B.tmp
06/04/2008 09:07:40 6853 byte 0 days old -- VGX5672.tmp
06/04/2008 09:07:40 65568 byte 0 days old -- VGX5670.tmp
06/04/2008 09:07:40 10910 byte 0 days old -- VGX5677.tmp
06/04/2008 09:07:40 5817 byte 0 days old -- VGX5675.tmp
06/04/2008 09:07:41 65568 byte 0 days old -- VGX567B.tmp
06/04/2008 09:07:41 65568 byte 0 days old -- VGX567C.tmp
06/04/2008 09:07:41 4450 byte 0 days old -- VGX567E.tmp
06/04/2008 09:07:42 65568 byte 0 days old -- VGX5685.tmp
06/04/2008 09:07:42 2106 byte 0 days old -- VGX5687.tmp
06/04/2008 09:07:42 4232 byte 0 days old -- VGX5681.tmp
06/04/2008 09:07:42 65568 byte 0 days old -- VGX5683.tmp
06/04/2008 09:07:43 3049 byte 0 days old -- VGX568B.tmp
06/04/2008 09:07:43 20992 byte 0 days old -- VGX5689.tmp
06/04/2008 09:07:44 1391 byte 0 days old -- VGX5690.tmp
06/04/2008 09:07:44 65568 byte 0 days old -- VGX568E.tmp
06/04/2008 09:07:45 65568 byte 0 days old -- VGX5693.tmp
06/04/2008 09:07:45 70588 byte 0 days old -- VGX5695.tmp
06/04/2008 09:07:45 65568 byte 0 days old -- VGX5696.tmp
06/04/2008 09:07:46 11118 byte 0 days old -- VGX569A.tmp
06/04/2008 09:07:46 9613 byte 0 days old -- VGX5699.tmp
06/04/2008 09:07:47 60578 byte 0 days old -- VGX569E.tmp
06/04/2008 09:07:48 65568 byte 0 days old -- VGX56A0.tmp
06/04/2008 09:07:48 36411 byte 0 days old -- VGX56A1.tmp
06/04/2008 09:07:49 9882 byte 0 days old -- VGX56A7.tmp
06/04/2008 09:07:49 65568 byte 0 days old -- VGX56A5.tmp
06/04/2008 09:07:50 65568 byte 0 days old -- VGX56A8.tmp
06/04/2008 09:07:50 24318 byte 0 days old -- VGX56AA.tmp
06/04/2008 09:07:50 19971 byte 0 days old -- VGX56AD.tmp
06/04/2008 09:07:51 71984 byte 0 days old -- VGX56B0.tmp
06/04/2008 09:07:51 65568 byte 0 days old -- VGX56B1.tmp
06/04/2008 09:07:52 75754 byte 0 days old -- VGX56B7.tmp
06/04/2008 09:07:52 1277 byte 0 days old -- VGX56B6.tmp
06/04/2008 09:07:52 21690 byte 0 days old -- VGX56B4.tmp
06/04/2008 09:07:53 3131 byte 0 days old -- VGX56C1.tmp
06/04/2008 09:07:53 1873 byte 0 days old -- VGX56C4.tmp
06/04/2008 09:07:53 3256 byte 0 days old -- VGX56BE.tmp
06/04/2008 09:07:53 65568 byte 0 days old -- VGX56BA.tmp
06/04/2008 09:07:53 2251 byte 0 days old -- VGX56BD.tmp
06/04/2008 09:07:54 474 byte 0 days old -- VGX56CB.tmp
06/04/2008 09:07:54 8254 byte 0 days old -- VGX56C9.tmp
06/04/2008 09:07:54 595 byte 0 days old -- VGX56CF.tmp
06/04/2008 09:07:54 65568 byte 0 days old -- VGX56C5.tmp
06/04/2008 09:07:54 9585 byte 0 days old -- VGX56C7.tmp
06/04/2008 09:07:55 29290 byte 0 days old -- VGX56D1.tmp
06/04/2008 09:07:55 65568 byte 0 days old -- VGX56D2.tmp
06/04/2008 09:07:55 3972 byte 0 days old -- VGX56D4.tmp
06/04/2008 09:07:56 9130 byte 0 days old -- VGX56D9.tmp
06/04/2008 09:07:56 10364 byte 0 days old -- VGX56D7.tmp
06/04/2008 09:07:56 65568 byte 0 days old -- VGX56DA.tmp
06/04/2008 09:07:57 65568 byte 0 days old -- VGX56DE.tmp
06/04/2008 09:07:58 226 byte 0 days old -- VGX56E2.tmp
06/04/2008 09:07:58 65568 byte 0 days old -- VGX56E0.tmp
06/04/2008 09:07:59 65568 byte 0 days old -- VGX56E4.tmp
06/04/2008 09:07:59 65568 byte 0 days old -- VGX56E7.tmp
06/04/2008 09:08:00 65568 byte 0 days old -- VGX56EA.tmp
06/04/2008 09:08:00 65568 byte 0 days old -- VGX56E9.tmp
06/04/2008 09:08:01 65568 byte 0 days old -- VGX56ED.tmp
06/04/2008 09:08:02 1756 byte 0 days old -- VGX56F2.tmp
06/04/2008 09:08:02 65568 byte 0 days old -- VGX56F0.tmp
06/04/2008 09:08:02 6955 byte 0 days old -- VGX56F4.tmp
06/04/2008 09:08:02 11837 byte 0 days old -- VGX56F7.tmp
06/04/2008 09:08:02 65568 byte 0 days old -- VGX56F5.tmp
06/04/2008 09:08:03 6403 byte 0 days old -- VGX56FA.tmp
06/04/2008 09:08:03 35761 byte 0 days old -- VGX5700.tmp
06/04/2008 09:08:03 12385 byte 0 days old -- VGX56FE.tmp
06/04/2008 09:08:03 7440 byte 0 days old -- VGX56FB.tmp
06/04/2008 09:08:04 11288 byte 0 days old -- VGX5702.tmp
06/04/2008 09:08:04 10228 byte 0 days old -- VGX5707.tmp
06/04/2008 09:08:04 52086 byte 0 days old -- VGX5704.tmp
06/04/2008 09:08:05 65568 byte 0 days old -- VGX5708.tmp
06/04/2008 09:08:05 47893 byte 0 days old -- VGX570B.tmp
06/04/2008 09:08:06 10136 byte 0 days old -- VGX5711.tmp
06/04/2008 09:08:06 43941 byte 0 days old -- VGX570F.tmp
06/04/2008 09:08:06 65568 byte 0 days old -- VGX570E.tmp
06/04/2008 09:08:06 6490 byte 0 days old -- VGX5717.tmp
06/04/2008 09:08:06 12633 byte 0 days old -- VGX5715.tmp
06/04/2008 09:08:06 11602 byte 0 days old -- VGX5713.tmp
06/04/2008 09:08:07 9339 byte 0 days old -- VGX571E.tmp
06/04/2008 09:08:07 10357 byte 0 days old -- VGX571B.tmp
06/04/2008 09:08:07 12507 byte 0 days old -- VGX571A.tmp
06/04/2008 09:08:07 65568 byte 0 days old -- VGX571F.tmp
06/04/2008 09:08:08 65696 byte 0 days old -- VGX5723.tmp
06/04/2008 09:08:09 6743 byte 0 days old -- VGX5726.tmp
06/04/2008 09:08:09 65632 byte 0 days old -- VGX5725.tmp
06/04/2008 09:08:10 65568 byte 0 days old -- VGX572A.tmp
06/04/2008 09:08:10 65568 byte 0 days old -- VGX5729.tmp
06/04/2008 09:08:10 10287 byte 0 days old -- VGX572F.tmp
06/04/2008 09:08:10 10234 byte 0 days old -- VGX572D.tmp
06/04/2008 09:08:11 65568 byte 0 days old -- VGX5735.tmp
06/04/2008 09:08:11 9579 byte 0 days old -- VGX5734.tmp
06/04/2008 09:08:11 65568 byte 0 days old -- VGX5732.tmp
06/04/2008 09:08:12 11268 byte 0 days old -- VGX5739.tmp
06/04/2008 09:08:12 8010 byte 0 days old -- VGX573E.tmp
06/04/2008 09:08:12 9268 byte 0 days old -- VGX573C.tmp
06/04/2008 09:08:12 65568 byte 0 days old -- VGX573A.tmp
06/04/2008 09:08:13 32831 byte 0 days old -- VGX5743.tmp
06/04/2008 09:08:13 12678 byte 0 days old -- VGX5741.tmp
06/04/2008 09:08:13 11316 byte 0 days old -- VGX5746.tmp
06/04/2008 09:08:13 9691 byte 0 days old -- VGX5744.tmp
06/04/2008 09:08:14 6200 byte 0 days old -- VGX574A.tmp
06/04/2008 09:08:14 98576 byte 0 days old -- VGX574D.tmp
06/04/2008 09:08:14 6628 byte 0 days old -- VGX574C.tmp
06/04/2008 09:08:15 13735 byte 0 days old -- VGX5753.tmp
06/04/2008 09:08:15 7517 byte 0 days old -- VGX5751.tmp
06/04/2008 09:08:15 7271 byte 0 days old -- VGX5750.tmp
06/04/2008 09:08:16 98560 byte 0 days old -- VGX5757.tmp
06/04/2008 09:08:16 42766 byte 0 days old -- VGX5758.tmp
06/04/2008 09:08:16 12756 byte 0 days old -- VGX575A.tmp
06/04/2008 09:08:16 9312 byte 0 days old -- VGX575C.tmp
06/04/2008 09:08:17 65568 byte 0 days old -- VGX575F.tmp
06/04/2008 09:08:18 65568 byte 0 days old -- VGX5762.tmp
06/04/2008 09:08:18 52292 byte 0 days old -- VGX5763.tmp
06/04/2008 09:08:18 22388 byte 0 days old -- VGX5766.tmp
06/04/2008 09:08:19 65568 byte 0 days old -- VGX5767.tmp
06/04/2008 09:08:19 12705 byte 0 days old -- VGX576A.tmp
06/04/2008 09:08:20 6132 byte 0 days old -- VGX5771.tmp
06/04/2008 09:08:20 12453 byte 0 days old -- VGX576E.tmp
06/04/2008 09:08:20 65568 byte 0 days old -- VGX576D.tmp
06/04/2008 09:08:20 65568 byte 0 days old -- VGX5772.tmp
06/04/2008 09:08:21 65568 byte 0 days old -- VGX577A.tmp
06/04/2008 09:08:21 26716 byte 0 days old -- VGX5778.tmp
06/04/2008 09:08:21 11768 byte 0 days old -- VGX5774.tmp
06/04/2008 09:08:22 213 byte 0 days old -- VGX5781.tmp
06/04/2008 09:08:22 6318 byte 0 days old -- VGX5784.tmp
06/04/2008 09:08:22 65568 byte 0 days old -- VGX577F.tmp
06/04/2008 09:08:22 30954 byte 0 days old -- VGX577B.tmp
06/04/2008 09:08:22 340 byte 0 days old -- VGX577E.tmp
06/04/2008 09:08:23 6482 byte 0 days old -- VGX578B.tmp
06/04/2008 09:08:23 8646 byte 0 days old -- VGX5788.tmp
06/04/2008 09:08:23 17936 byte 0 days old -- VGX5786.tmp
06/04/2008 09:08:24 65568 byte 0 days old -- VGX578E.tmp
06/04/2008 09:08:24 12090 byte 0 days old -- VGX5790.tmp
06/04/2008 09:08:25 12726 byte 0 days old -- VGX5794.tmp
06/04/2008 09:08:25 7182 byte 0 days old -- VGX5792.tmp
06/04/2008 09:08:25 4712 byte 0 days old -- VGX5796.tmp
06/04/2008 09:08:26 8994 byte 0 days old -- VGX579B.tmp
06/04/2008 09:08:26 11910 byte 0 days old -- VGX579D.tmp
06/04/2008 09:08:26 98368 byte 0 days old -- VGX579E.tmp
06/04/2008 09:08:26 13918 byte 0 days old -- VGX57A3.tmp
06/04/2008 09:08:26 15674 byte 0 days old -- VGX57A1.tmp
06/04/2008 09:08:26 16096 byte 0 days old -- VGX5798.tmp
06/04/2008 09:08:27 2770 byte 0 days old -- VGX57B2.tmp
06/04/2008 09:08:27 3040 byte 0 days old -- VGX57A9.tmp
06/04/2008 09:08:27 2748 byte 0 days old -- VGX57A6.tmp
06/04/2008 09:08:27 11514 byte 0 days old -- VGX57A4.tmp
06/04/2008 09:08:27 6072 byte 0 days old -- VGX57AA.tmp
06/04/2008 09:08:27 5955 byte 0 days old -- VGX57B0.tmp
06/04/2008 09:08:27 16298 byte 0 days old -- VGX57AE.tmp
06/04/2008 09:08:27 6358 byte 0 days old -- VGX57AD.tmp
06/04/2008 09:08:28 3707 byte 0 days old -- VGX57B9.tmp
06/04/2008 09:08:28 10838 byte 0 days old -- VGX57B5.tmp
06/04/2008 09:08:28 65568 byte 0 days old -- VGX57BB.tmp
06/04/2008 09:08:28 243 byte 0 days old -- VGX57BA.tmp
06/04/2008 09:08:29 1267 byte 0 days old -- VGX57C2.tmp
06/04/2008 09:08:29 983 byte 0 days old -- VGX57C0.tmp
06/04/2008 09:08:29 2357 byte 0 days old -- VGX57BE.tmp
06/04/2008 09:08:29 6322 byte 0 days old -- VGX57C4.tmp
06/04/2008 09:08:30 65568 byte 0 days old -- VGX57C9.tmp
06/04/2008 09:08:30 6060 byte 0 days old -- VGX57C7.tmp
06/04/2008 09:19:19 1342 byte 0 days old -- MAR9C.tmp
06/04/2008 09:19:23 1285 byte 0 days old -- MAR9D.tmp
06/04/2008 09:19:46 113 byte 0 days old -- STSA4.tmp
06/04/2008 10:47:54 1285 byte 0 days old -- MAR9F.tmp
06/04/2008 10:47:54 1342 byte 0 days old -- MAR9E.tmp
06/04/2008 10:48:10 113 byte 0 days old -- STSA5.tmp
06/04/2008 11:02:52 1285 byte 0 days old -- MARA1.tmp
06/04/2008 11:02:52 1342 byte 0 days old -- MARA0.tmp
06/04/2008 11:03:03 113 byte 0 days old -- STSA3.tmp
06/04/2008 11:47:34 1342 byte 0 days old -- MARA2.tmp
06/04/2008 11:47:38 1285 byte 0 days old -- MARA3.tmp
06/04/2008 11:47:50 113 byte 0 days old -- STS135.tmp
06/04/2008 11:47:58 1179648 byte 0 days old -- ~DF199A.tmp
06/04/2008 11:47:58 512 byte 0 days old -- ~DF19BE.tmp
06/04/2008 11:48:17 512 byte 0 days old -- ~DF52E5.tmp
06/04/2008 11:48:17 1146880 byte 0 days old -- ~DF51E3.tmp
06/04/2008 12:48:33 1285 byte 0 days old -- MARA5.tmp
06/04/2008 12:48:33 1342 byte 0 days old -- MARA4.tmp
06/04/2008 12:48:49 113 byte 0 days old -- STS209.tmp
06/04/2008 14:58:09 543095 byte 0 days old -- hpodvd09.log
06/04/2008 15:00:18 1342 byte 0 days old -- MARA6.tmp
06/04/2008 15:00:19 1285 byte 0 days old -- MARA7.tmp
06/04/2008 15:00:31 113 byte 0 days old -- STSDF.tmp
06/04/2008 15:05:06 18019 byte 0 days old -- jusched.log
06/04/2008 15:28:13 512 byte 0 days old -- ~DF7CA2.tmp
06/04/2008 15:28:13 1179648 byte 0 days old -- ~DF7C5A.tmp
06/04/2008 15:28:50 1146880 byte 0 days old -- ~DFAB9E.tmp
06/04/2008 15:28:50 512 byte 0 days old -- ~DFAC19.tmp
06/04/2008 15:46:19 16384 byte 0 days old -- ~DFFFC3.tmp
06/04/2008 15:55:09 (DIR) 0 byte 0 days old -- nsx1CC1.tmp
06/04/2008 16:05:22 (DIR) 0 byte 0 days old -- WPDNSE
06/04/2008 16:12:22 (DIR) 0 byte 0 days old -- MessengerCache
06/04/2008 16:12:26 48 byte 0 days old -- systemscan.ini
06/04/2008 16:12:30 16384 byte 0 days old -- ~DFD8A8.tmp
06/04/2008 16:12:33 (DIR) 0 byte 0 days old -- nsh2867.tmp
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"SoundMan"="SOUNDMAN.EXE"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
"NBKeyScan"="\"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe\""
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"WinampAgent"="\"C:\Program Files\Winamp\winampa.exe\""
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"748b8663"="rundll32.exe \"C:\WINDOWS\system32\rtreooht.dll\",b"
"egui"="\"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe\" /hide /waitservice"
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"msnmsgr"="\"C:\Program Files\MSN Messenger\msnmsgr.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe\""
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"eMuleAutoStart"="C:\Program Files\eChanblard\emule.exe -AutoStart"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{70AB0A8B-8A8A-496F-A339-4CD2F3352991}"=""
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Sans fil"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Planificateur de paquets QoS"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\hp\Bureau\sys78704.exe
Running in: User mode
Date: 06/04/2008
Time: 16:14:27
Output limited to:
-Recent files
-Registry Run Keys
-Scheduled jobs
-Services and Drivers (all)
-Suspicious Files
-Include HIJACKTHIS.log
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
14/03/2008 14:13:42 (DIR) 0 byte 23 days old -- MSOCache
27/03/2008 21:12:45 21 byte 10 days old -- qpmd8376.bin
04/04/2008 23:09:16 (DIR) 0 byte 2 days old -- CFusionMX
06/04/2008 01:12:53 (DIR) 0 byte 0 days old -- Config.Msi
06/04/2008 11:14:51 (DIR) 0 byte 0 days old -- VundoFix Backups
06/04/2008 11:50:43 (DIR) 0 byte 0 days old -- divertissement
06/04/2008 12:51:53 (DIR) 0 byte 0 days old -- hijackthis_199
06/04/2008 14:10:55 500 byte 0 days old -- VundoFix.txt
06/04/2008 14:59:41 1610612736 byte 0 days old -- pagefile.sys
06/04/2008 15:41:19 (DIR) 0 byte 0 days old -- Program Files
06/04/2008 15:54:13 (DIR) 0 byte 0 days old -- WINDOWS
----- recent files in C:\WINDOWS\
11/03/2008 21:56:00 (DIR) 0 byte 26 days old -- Downloaded Installations
14/03/2008 14:13:46 (DIR) 0 byte 23 days old -- system
14/03/2008 14:18:46 (DIR) 0 byte 23 days old -- Help
14/03/2008 14:22:01 (DIR) 0 byte 23 days old -- SHELLNEW
14/03/2008 14:22:19 (DIR) 0 byte 23 days old -- Fonts
14/03/2008 14:23:57 603 byte 23 days old -- win.ini
14/03/2008 14:25:09 722 byte 23 days old -- ODBC.INI
14/03/2008 14:42:36 (DIR) 0 byte 23 days old -- WinSxS
25/03/2008 19:52:40 319 byte 12 days old -- game.ini
25/03/2008 19:57:51 (DIR) 0 byte 12 days old -- ftpcache
25/03/2008 22:16:48 54156 byte 12 days old -- QTFont.qfn
28/03/2008 15:18:24 139264 byte 9 days old -- War3Unin.exe
28/03/2008 15:18:24 2829 byte 9 days old -- War3Unin.pif
28/03/2008 15:18:35 55163 byte 9 days old -- War3Unin.dat
01/04/2008 20:47:56 (DIR) 0 byte 5 days old -- Tasks
05/04/2008 10:37:38 1013 byte 1 days old -- cookies.ini
06/04/2008 01:12:54 (DIR) 0 byte 0 days old -- Installer
06/04/2008 01:27:07 (DIR) 0 byte 0 days old -- inf
06/04/2008 01:27:09 (DIR) 0 byte 0 days old -- Downloaded Program Files
06/04/2008 01:27:19 (DIR) 0 byte 0 days old -- Prefetch
06/04/2008 12:10:12 69 byte 0 days old -- NeroDigital.ini
06/04/2008 13:41:43 (DIR) 0 byte 0 days old -- Debug
06/04/2008 14:58:34 32424 byte 0 days old -- SchedLgU.Txt
06/04/2008 14:59:43 2048 byte 0 days old -- bootstat.dat
06/04/2008 14:59:55 0 byte 0 days old -- 0.log
06/04/2008 15:00:20 50 byte 0 days old -- wiaservc.log
06/04/2008 15:00:31 157 byte 0 days old -- wiadebug.log
06/04/2008 15:56:01 404 byte 0 days old -- wmsetup.log
06/04/2008 15:56:01 1816464 byte 0 days old -- WindowsUpdate.log
06/04/2008 16:05:30 (DIR) 0 byte 0 days old -- system32
06/04/2008 16:14:24 (DIR) 0 byte 0 days old -- Temp
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
10/03/2008 21:43:43 278528 byte 27 days old -- pncrt.dll
10/03/2008 21:43:46 5632 byte 27 days old -- pndx5032.dll
10/03/2008 21:43:46 6656 byte 27 days old -- pndx5016.dll
10/03/2008 21:43:57 185944 byte 27 days old -- rmoc3260.dll
14/03/2008 14:42:35 (DIR) 0 byte 23 days old -- AGEIA
14/03/2008 14:42:58 (DIR) 0 byte 23 days old -- DRVSTORE
14/03/2008 14:43:58 107888 byte 23 days old -- CmdLineExt.dll
14/03/2008 15:30:08 246312 byte 23 days old -- FNTCACHE.DAT
14/03/2008 19:09:43 36864 byte 23 days old -- byxxvvs.dll
14/03/2008 19:10:43 290816 byte 23 days old -- ddaya.dll
14/03/2008 19:10:44 63 byte 23 days old -- 748b94ed
14/03/2008 19:11:52 98368 byte 23 days old -- egfvtsju.dll
14/03/2008 19:30:57 36864 byte 23 days old -- awtrrqn.dll
14/03/2008 19:40:41 36864 byte 23 days old -- qomlmlm.dll
15/03/2008 19:12:16 1367273 byte 22 days old -- ifibvydo.ini
15/03/2008 21:47:41 36864 byte 22 days old -- hggdbyy.dll
16/03/2008 10:23:59 1367464 byte 21 days old -- ehflgrou.ini
17/03/2008 19:15:16 1360129 byte 20 days old -- oluvuvmt.ini
17/03/2008 19:18:38 93760 byte 20 days old -- frrtyohp.dll
18/03/2008 19:14:18 92736 byte 19 days old -- oqyrkygm.dll
18/03/2008 19:16:14 2105942 byte 19 days old -- bmgwjppt.ini
19/03/2008 15:31:58 1308421 byte 18 days old -- dkwbadyy.ini
19/03/2008 19:16:59 93248 byte 18 days old -- jttccucf.dll
20/03/2008 19:17:21 1524235 byte 17 days old -- eeqxloqj.ini
21/03/2008 19:16:00 94784 byte 16 days old -- sovepgcs.dll
21/03/2008 19:18:37 1261656 byte 16 days old -- jaqxnatd.ini
22/03/2008 09:48:20 1219588 byte 15 days old -- jkddmpth.ini
22/03/2008 19:20:42 93248 byte 15 days old -- ntksgjlm.dll
23/03/2008 18:54:41 1215241 byte 14 days old -- ljvvtoyr.ini
24/03/2008 19:02:12 1215401 byte 13 days old -- wkbverwu.ini
25/03/2008 19:17:39 1413302 byte 12 days old -- xsqgsvbq.ini
25/03/2008 19:17:41 94272 byte 12 days old -- ruphpaud.dll
25/03/2008 19:53:18 (DIR) 0 byte 12 days old -- DirectX
26/03/2008 19:18:21 1280878 byte 11 days old -- hewxbbbu.ini
27/03/2008 19:22:18 1295479 byte 10 days old -- dqhwhlue.ini
27/03/2008 19:35:37 781696 byte 10 days old -- PerfStringBackup.INI
27/03/2008 19:35:38 41302 byte 10 days old -- perfc009.dat
27/03/2008 19:35:38 50072 byte 10 days old -- perfc00C.dat
27/03/2008 19:35:38 372336 byte 10 days old -- perfh00C.dat
27/03/2008 19:35:38 314998 byte 10 days old -- perfh009.dat
28/03/2008 19:20:12 90688 byte 9 days old -- qghhwvbm.dll
28/03/2008 19:23:35 1189953 byte 9 days old -- kabttmxm.ini
29/03/2008 13:41:07 1180852 byte 8 days old -- fowmmveu.ini
30/03/2008 09:56:33 1180990 byte 7 days old -- ijylsjwa.ini
30/03/2008 19:21:20 1181030 byte 7 days old -- gibkborv.ini
31/03/2008 07:20:49 1176286 byte 6 days old -- lwvxgpug.ini
01/04/2008 18:23:03 143 byte 5 days old -- mcrh.tmp
01/04/2008 18:25:01 1215655 byte 5 days old -- oiihtjro.ini
01/04/2008 19:24:57 90688 byte 5 days old -- rwtkgyxe.dll
02/04/2008 19:06:39 1168017 byte 4 days old -- dgyffiah.ini
03/04/2008 08:09:21 1152813 byte 3 days old -- rbiwdthr.ini
03/04/2008 19:26:59 89152 byte 3 days old -- pqombcuh.dll
05/04/2008 19:24:51 1094668 byte 1 days old -- wwlcpgaw.ini
05/04/2008 19:26:04 85056 byte 1 days old -- rtreooht.dll
06/04/2008 01:05:24 3072 byte 0 days old -- CONFIG.NT
06/04/2008 07:24:29 (DIR) 0 byte 0 days old -- Macromed
06/04/2008 13:07:56 (DIR) 0 byte 0 days old -- CatRoot2
06/04/2008 14:54:33 (DIR) 0 byte 0 days old -- drivers
06/04/2008 14:55:17 198722 byte 0 days old -- ayadd.ini2
06/04/2008 14:55:32 198722 byte 0 days old -- ayadd.ini
06/04/2008 15:00:00 2206 byte 0 days old -- wpa.dbl
06/04/2008 15:00:13 23946 byte 0 days old -- nvapps.xml
06/04/2008 16:05:30 1094188 byte 0 days old -- thooertr.ini
----- recent files in C:\WINDOWS\system32\drivers\
13/03/2008 16:43:42 40456 byte 24 days old -- eamon.sys
13/03/2008 16:44:36 29704 byte 24 days old -- easdrv.sys
13/03/2008 16:52:18 33800 byte 24 days old -- epfwtdir.sys
----- recent files in C:\WINDOWS\temp\
27/03/2008 17:17:02 (DIR) 0 byte 10 days old -- History
27/03/2008 17:17:02 (DIR) 0 byte 10 days old -- Fichiers Internet temporaires
27/03/2008 17:17:02 (DIR) 0 byte 10 days old -- Cookies
06/04/2008 16:13:55 0 byte 0 days old -- NOD2882.tmp
06/04/2008 16:13:57 0 byte 0 days old -- NOD2883.tmp
06/04/2008 16:13:59 0 byte 0 days old -- NOD2884.tmp
06/04/2008 16:14:01 0 byte 0 days old -- NOD2885.tmp
06/04/2008 16:14:03 0 byte 0 days old -- NOD2886.tmp
06/04/2008 16:14:04 0 byte 0 days old -- NOD2887.tmp
06/04/2008 16:14:06 0 byte 0 days old -- NOD2888.tmp
06/04/2008 16:14:07 0 byte 0 days old -- NOD2889.tmp
06/04/2008 16:14:10 0 byte 0 days old -- NOD288A.tmp
06/04/2008 16:14:12 0 byte 0 days old -- NOD288B.tmp
06/04/2008 16:14:14 0 byte 0 days old -- NOD288C.tmp
06/04/2008 16:14:16 0 byte 0 days old -- NOD288D.tmp
06/04/2008 16:14:18 0 byte 0 days old -- NOD288E.tmp
06/04/2008 16:14:20 0 byte 0 days old -- NOD288F.tmp
06/04/2008 16:14:21 0 byte 0 days old -- NOD2890.tmp
06/04/2008 16:14:23 0 byte 0 days old -- NOD2891.tmp
06/04/2008 16:14:24 0 byte 0 days old -- NOD2892.tmp
06/04/2008 16:14:26 0 byte 0 days old -- NOD2893.tmp
----- recent files in C:\Program Files\
10/03/2008 21:43:40 (DIR) 0 byte 27 days old -- Real
10/03/2008 21:43:52 (DIR) 0 byte 27 days old -- Google
11/03/2008 22:01:44 (DIR) 0 byte 26 days old -- Adobe
14/03/2008 14:19:23 (DIR) 0 byte 23 days old -- Microsoft Visual Studio
14/03/2008 14:19:42 (DIR) 0 byte 23 days old -- Microsoft Works
14/03/2008 14:19:55 (DIR) 0 byte 23 days old -- Microsoft Office
14/03/2008 14:22:03 (DIR) 0 byte 23 days old -- Microsoft.NET
14/03/2008 14:42:24 (DIR) 0 byte 23 days old -- Fichiers communs
14/03/2008 14:42:43 (DIR) 0 byte 23 days old -- AGEIA Technologies
23/03/2008 21:56:23 (DIR) 0 byte 14 days old -- eMule
24/03/2008 19:06:05 (DIR) 0 byte 13 days old -- Smart Projects
28/03/2008 15:20:44 (DIR) 0 byte 9 days old -- Winamp Remote
29/03/2008 13:28:10 (DIR) 0 byte 8 days old -- Alive Games
29/03/2008 17:39:13 (DIR) 0 byte 8 days old -- Project64 1.6
04/04/2008 23:06:57 (DIR) 0 byte 2 days old -- InstallShield Installation Information
06/04/2008 01:12:09 (DIR) 0 byte 0 days old -- ESET
06/04/2008 13:08:51 (DIR) 0 byte 0 days old -- Warcraft III
06/04/2008 13:33:43 (DIR) 0 byte 0 days old -- CCleaner
06/04/2008 14:54:30 (DIR) 0 byte 0 days old -- GRISOFT
06/04/2008 15:00:20 (DIR) 0 byte 0 days old -- eChanblard
06/04/2008 15:41:19 (DIR) 0 byte 0 days old -- Trend Micro
----- recent files in C:\Program Files\Fichiers communs\
10/03/2008 21:44:00 (DIR) 0 byte 27 days old -- Real
10/03/2008 21:44:02 (DIR) 0 byte 27 days old -- xing shared
14/03/2008 14:19:02 (DIR) 0 byte 23 days old -- System
14/03/2008 14:22:22 (DIR) 0 byte 23 days old -- Microsoft Shared
14/03/2008 14:32:06 (DIR) 0 byte 23 days old -- InstallShield
14/03/2008 14:42:28 (DIR) 0 byte 23 days old -- Wise Installation Wizard
01/04/2008 07:05:32 (DIR) 0 byte 5 days old -- Adobe
----- recent files in C:\Documents and Settings\hp\Application Data\
10/03/2008 21:45:58 (DIR) 0 byte 27 days old -- Real
10/03/2008 23:07:22 (DIR) 0 byte 27 days old -- Google
14/03/2008 14:43:14 (DIR) 0 byte 23 days old -- InstallShield
14/03/2008 14:43:59 (DIR) 0 byte 23 days old -- SecuROM
14/03/2008 14:45:46 (DIR) 0 byte 23 days old -- Codemasters
27/03/2008 17:43:43 (DIR) 0 byte 10 days old -- MegauploadToolbar
27/03/2008 19:36:33 (DIR) 0 byte 10 days old -- Microsoft
29/03/2008 13:28:11 (DIR) 0 byte 8 days old -- Alive Games
06/04/2008 07:26:18 (DIR) 0 byte 0 days old -- Adobe
----- recent files in C:\DOCUME~1\hp\LOCALS~1\Temp\
08/03/2008 00:31:45 97 byte 29 days old -- GCHWCfg.xml
08/03/2008 07:13:11 1285 byte 29 days old -- MAR45.tmp
08/03/2008 07:13:11 1342 byte 29 days old -- MAR44.tmp
08/03/2008 07:13:22 113 byte 29 days old -- STS48.tmp
09/03/2008 07:51:55 1342 byte 28 days old -- MAR46.tmp
09/03/2008 07:51:55 1285 byte 28 days old -- MAR47.tmp
09/03/2008 07:52:08 113 byte 28 days old -- STS4A.tmp
09/03/2008 19:09:10 1342 byte 28 days old -- MAR48.tmp
09/03/2008 19:09:11 1285 byte 28 days old -- MAR49.tmp
09/03/2008 19:09:20 113 byte 28 days old -- STS4C.tmp
10/03/2008 07:10:34 1285 byte 27 days old -- MAR4B.tmp
10/03/2008 07:10:34 1342 byte 27 days old -- MAR4A.tmp
10/03/2008 07:10:45 113 byte 27 days old -- STS4E.tmp
10/03/2008 21:37:48 240624 byte 27 days old -- MSIad1e1.LOG
10/03/2008 21:43:54 105008 byte 27 days old -- GoogleToolbarInstaller2.log
10/03/2008 21:43:54 889 byte 27 days old -- GoogleToolbarInstaller1.log
10/03/2008 21:44:21 (DIR) 0 byte 27 days old -- ~rnsetup
10/03/2008 22:01:39 (DIR) 0 byte 27 days old -- WLZ6168.tmp
11/03/2008 15:10:16 1285 byte 26 days old -- MAR4D.tmp
11/03/2008 15:10:16 1342 byte 26 days old -- MAR4C.tmp
11/03/2008 15:10:27 113 byte 26 days old -- STS50.tmp
11/03/2008 17:44:41 1285 byte 26 days old -- MAR4F.tmp
11/03/2008 17:44:41 1342 byte 26 days old -- MAR4E.tmp
11/03/2008 17:44:52 113 byte 26 days old -- STS52.tmp
11/03/2008 22:01:33 (DIR) 0 byte 26 days old -- Adobe Reader 8
11/03/2008 22:01:36 600 byte 26 days old -- {AC76BA86-7AD7-1036-7B44-A81200000003}.ini
11/03/2008 22:06:23 64 byte 26 days old -- Mon catalogue-pju.ldb
11/03/2008 22:06:52 434176 byte 26 days old -- Mon catalogue-pju.psa
12/03/2008 07:10:57 1342 byte 25 days old -- MAR50.tmp
12/03/2008 07:10:57 1285 byte 25 days old -- MAR51.tmp
12/03/2008 07:11:08 113 byte 25 days old -- STS54.tmp
12/03/2008 21:46:43 49152 byte 25 days old -- ~DF6964.tmp
14/03/2008 07:04:51 1285 byte 23 days old -- MAR53.tmp
14/03/2008 07:04:51 1342 byte 23 days old -- MAR52.tmp
14/03/2008 07:04:57 113 byte 23 days old -- STS56.tmp
14/03/2008 14:05:28 180356 byte 23 days old -- Microsoft Office 2003 Setup(0001)_Task(0001).txt
14/03/2008 14:05:28 9854 byte 23 days old -- Microsoft Office 2003 Setup(0001).txt
14/03/2008 14:13:19 240600 byte 23 days old -- MSI26c13.LOG
14/03/2008 14:16:02 63347 byte 23 days old -- offcln11.log
14/03/2008 14:26:47 696548 byte 23 days old -- Microsoft Office 2003 Setup(0002)_Task(0001).txt
14/03/2008 14:26:47 9717 byte 23 days old -- Microsoft Office 2003 Setup(0002).txt
14/03/2008 14:42:53 (DIR) 0 byte 23 days old -- AGEIA
14/03/2008 14:43:58 208896 byte 23 days old -- drm_dyndata_7330016.dll
14/03/2008 14:44:01 65536 byte 23 days old -- drm_dialogs.dll
14/03/2008 15:30:46 1342 byte 23 days old -- MAR54.tmp
14/03/2008 15:30:50 1285 byte 23 days old -- MAR55.tmp
14/03/2008 15:31:02 113 byte 23 days old -- STS58.tmp
14/03/2008 19:31:25 (DIR) 0 byte 23 days old -- WERf43c.dir00
14/03/2008 19:43:12 (DIR) 0 byte 23 days old -- WEReee2.dir00
14/03/2008 19:47:34 (DIR) 0 byte 23 days old -- WERaedf.dir00
15/03/2008 06:54:07 1342 byte 22 days old -- MAR56.tmp
15/03/2008 06:54:10 1285 byte 22 days old -- MAR57.tmp
15/03/2008 06:54:28 113 byte 22 days old -- STS5A.tmp
15/03/2008 23:40:42 46021 byte 22 days old -- TFR62.tmp
15/03/2008 23:40:42 67560 byte 22 days old -- TFR65.tmp
15/03/2008 23:40:42 27777 byte 22 days old -- TFR6A.tmp
15/03/2008 23:40:43 62753 byte 22 days old -- TFR75.tmp
15/03/2008 23:40:43 23427 byte 22 days old -- TFR7E.tmp
15/03/2008 23:40:43 23262 byte 22 days old -- TFR78.tmp
15/03/2008 23:40:43 21122 byte 22 days old -- TFR6D.tmp
15/03/2008 23:40:43 67994 byte 22 days old -- TFR71.tmp
16/03/2008 00:53:47 1342 byte 21 days old -- MAR58.tmp
16/03/2008 00:53:48 1285 byte 21 days old -- MAR59.tmp
16/03/2008 00:54:01 113 byte 21 days old -- STS5C.tmp
16/03/2008 10:24:01 1285 byte 21 days old -- MAR5B.tmp
16/03/2008 10:24:01 1342 byte 21 days old -- MAR5A.tmp
16/03/2008 10:24:19 113 byte 21 days old -- STS5E.tmp
17/03/2008 07:15:49 1342 byte 20 days old -- MAR5C.tmp
17/03/2008 07:15:50 1285 byte 20 days old -- MAR5D.tmp
17/03/2008 07:16:17 113 byte 20 days old -- STS60.tmp
18/03/2008 07:08:39 1342 byte 19 days old -- MAR5E.tmp
18/03/2008 07:08:40 1285 byte 19 days old -- MAR5F.tmp
18/03/2008 07:08:56 113 byte 19 days old -- STS62.tmp
19/03/2008 07:32:52 1285 byte 18 days old -- MAR61.tmp
19/03/2008 07:32:52 1342 byte 18 days old -- MAR60.tmp
19/03/2008 07:33:09 113 byte 18 days old -- STS64.tmp
20/03/2008 09:07:21 1342 byte 17 days old -- MAR62.tmp
20/03/2008 09:07:22 1285 byte 17 days old -- MAR63.tmp
20/03/2008 09:07:46 113 byte 17 days old -- STS66.tmp
20/03/2008 16:03:23 1342 byte 17 days old -- MAR64.tmp
20/03/2008 16:03:24 1285 byte 17 days old -- MAR65.tmp
20/03/2008 16:03:37 113 byte 17 days old -- STS68.tmp
20/03/2008 16:12:13 49152 byte 17 days old -- ~DF86AC.tmp
21/03/2008 06:07:50 1342 byte 16 days old -- MAR66.tmp
21/03/2008 06:07:51 1285 byte 16 days old -- MAR67.tmp
21/03/2008 06:08:04 113 byte 16 days old -- STS6A.tmp
22/03/2008 09:48:30 1285 byte 15 days old -- MAR69.tmp
22/03/2008 09:48:30 1342 byte 15 days old -- MAR68.tmp
22/03/2008 09:48:44 113 byte 15 days old -- STS6C.tmp
23/03/2008 11:21:15 1342 byte 14 days old -- MAR6A.tmp
23/03/2008 11:21:18 1285 byte 14 days old -- MAR6B.tmp
23/03/2008 11:21:40 113 byte 14 days old -- STS6E.tmp
24/03/2008 07:11:26 1285 byte 13 days old -- MAR6D.tmp
24/03/2008 07:11:26 1342 byte 13 days old -- MAR6C.tmp
24/03/2008 07:11:46 113 byte 13 days old -- STS70.tmp
24/03/2008 19:16:15 17212 byte 13 days old -- SIntf32.dll
24/03/2008 19:16:15 12067 byte 13 days old -- SIntf16.dll
24/03/2008 19:16:15 24516 byte 13 days old -- SIntfNT.dll
25/03/2008 00:41:47 12711 byte 12 days old -- VGXA5.tmp
25/03/2008 00:41:48 6254 byte 12 days old -- VGXAE.tmp
25/03/2008 00:41:48 1289 byte 12 days old -- VGXAF.tmp
25/03/2008 00:41:48 7901 byte 12 days old -- VGXB0.tmp
25/03/2008 00:41:48 3531 byte 12 days old -- VGXAD.tmp
25/03/2008 00:41:48 1137 byte 12 days old -- VGXB2.tmp
25/03/2008 00:41:48 1240 byte 12 days old -- VGXB1.tmp
25/03/2008 00:41:48 2875 byte 12 days old -- VGXAC.tmp
25/03/2008 00:41:48 5934 byte 12 days old -- VGXAB.tmp
25/03/2008 00:41:48 2114 byte 12 days old -- VGXA8.tmp
25/03/2008 00:41:48 1432 byte 12 days old -- VGXA9.tmp
25/03/2008 00:41:48 3823 byte 12 days old -- VGXAA.tmp
25/03/2008 00:41:48 3529 byte 12 days old -- VGXA7.tmp
25/03/2008 00:41:48 2710 byte 12 days old -- VGXA6.tmp
25/03/2008 07:33:01 1342 byte 12 days old -- MAR6E.tmp
25/03/2008 07:33:01 1285 byte 12 days old -- MAR6F.tmp
25/03/2008 07:33:19 113 byte 12 days old -- STS72.tmp
26/03/2008 07:16:15 1342 byte 11 days old -- MAR70.tmp
26/03/2008 07:16:17 1285 byte 11 days old -- MAR71.tmp
26/03/2008 07:16:44 113 byte 11 days old -- STS74.tmp
26/03/2008 14:50:23 49152 byte 11 days old -- ~DF3892.tmp
27/03/2008 06:58:27 1285 byte 10 days old -- MAR73.tmp
27/03/2008 06:58:27 1342 byte 10 days old -- MAR72.tmp
27/03/2008 06:58:44 113 byte 10 days old -- STS76.tmp
27/03/2008 07:02:52 512 byte 10 days old -- ~DF84A2.tmp
27/03/2008 07:02:52 16384 byte 10 days old -- ~DF8496.tmp
27/03/2008 18:39:49 512 byte 10 days old -- ~DF633E.tmp
27/03/2008 18:39:49 16384 byte 10 days old -- ~DF6332.tmp
27/03/2008 19:32:28 28084736 byte 10 days old -- Virtual_PC_2007_Install.msi
27/03/2008 19:32:28 164352 byte 10 days old -- 1036.mst
27/03/2008 19:32:28 910080 byte 10 days old -- msxml6-KB927977-enu-x86.exe
27/03/2008 19:35:39 469588 byte 10 days old -- VPCInstallLog.txt
27/03/2008 20:05:24 1342 byte 10 days old -- MAR74.tmp
27/03/2008 20:05:25 1285 byte 10 days old -- MAR75.tmp
27/03/2008 20:05:39 113 byte 10 days old -- STS78.tmp
27/03/2008 20:10:20 (DIR) 0 byte 10 days old -- WLZ384D.tmp
27/03/2008 21:13:16 1285 byte 10 days old -- MAR77.tmp
27/03/2008 21:13:16 1342 byte 10 days old -- MAR76.tmp
27/03/2008 21:13:33 113 byte 10 days old -- STS7A.tmp
27/03/2008 21:18:17 5828 byte 10 days old -- MSI4a768.LOG
28/03/2008 06:59:09 1342 byte 9 days old -- MAR78.tmp
28/03/2008 06:59:09 1285 byte 9 days old -- MAR79.tmp
28/03/2008 06:59:30 113 byte 9 days old -- STS7C.tmp
28/03/2008 15:19:12 (DIR) 0 byte 9 days old -- WLZFC5D.tmp
28/03/2008 15:29:42 1342 byte 9 days old -- MAR7A.tmp
28/03/2008 15:29:42 1285 byte 9 days old -- MAR7B.tmp
28/03/2008 15:29:59 113 byte 9 days old -- STS7E.tmp
29/03/2008 06:55:17 1285 byte 8 days old -- MAR7D.tmp
29/03/2008 06:55:17 1342 byte 8 days old -- MAR7C.tmp
29/03/2008 06:55:34 113 byte 8 days old -- STS80.tmp
29/03/2008 13:41:02 1342 byte 8 days old -- MAR7E.tmp
29/03/2008 13:41:03 1285 byte 8 days old -- MAR7F.tmp
29/03/2008 13:41:28 113 byte 8 days old -- STS82.tmp
30/03/2008 08:52:15 1285 byte 7 days old -- MAR81.tmp
30/03/2008 08:52:15 1342 byte 7 days old -- MAR80.tmp
30/03/2008 08:52:36 113 byte 7 days old -- STS84.tmp
31/03/2008 07:20:43 1342 byte 6 days old -- MAR82.tmp
31/03/2008 07:20:43 1285 byte 6 days old -- MAR83.tmp
31/03/2008 07:20:59 113 byte 6 days old -- STS86.tmp
01/04/2008 06:54:37 1285 byte 5 days old -- MAR85.tmp
01/04/2008 06:54:37 1342 byte 5 days old -- MAR84.tmp
01/04/2008 07:13:07 113 byte 5 days old -- STS8E.tmp
01/04/2008 20:51:23 725 byte 5 days old -- TWAIN.LOG
01/04/2008 20:51:23 3 byte 5 days old -- Twain001.Mtx
01/04/2008 20:51:23 156 byte 5 days old -- Twunk001.MTX
02/04/2008 08:49:08 1342 byte 4 days old -- MAR86.tmp
02/04/2008 08:49:08 1285 byte 4 days old -- MAR87.tmp
02/04/2008 08:49:20 113 byte 4 days old -- STS89.tmp
02/04/2008 15:44:32 1285 byte 4 days old -- MAR89.tmp
02/04/2008 15:44:32 1342 byte 4 days old -- MAR88.tmp
02/04/2008 15:44:54 113 byte 4 days old -- STS8B.tmp
02/04/2008 22:08:39 1285 byte 4 days old -- MAR8B.tmp
02/04/2008 22:08:39 1342 byte 4 days old -- MAR8A.tmp
02/04/2008 22:09:00 113 byte 4 days old -- STS8D.tmp
03/04/2008 08:09:21 1342 byte 3 days old -- MAR8C.tmp
03/04/2008 08:09:21 1285 byte 3 days old -- MAR8D.tmp
03/04/2008 08:09:39 113 byte 3 days old -- STS90.tmp
04/04/2008 06:55:15 1342 byte 2 days old -- MAR8E.tmp
04/04/2008 06:55:17 1285 byte 2 days old -- MAR8F.tmp
04/04/2008 06:55:38 113 byte 2 days old -- STS92.tmp
04/04/2008 21:42:26 1342 byte 2 days old -- MAR90.tmp
04/04/2008 21:42:27 1285 byte 2 days old -- MAR91.tmp
04/04/2008 21:42:38 113 byte 2 days old -- STS94.tmp
04/04/2008 22:36:43 1342 byte 2 days old -- MAR92.tmp
04/04/2008 22:36:43 1285 byte 2 days old -- MAR93.tmp
04/04/2008 22:36:56 113 byte 2 days old -- STS96.tmp
05/04/2008 07:16:36 1342 byte 1 days old -- MAR94.tmp
05/04/2008 07:16:36 1285 byte 1 days old -- MAR95.tmp
05/04/2008 07:16:48 113 byte 1 days old -- STS98.tmp
05/04/2008 18:06:11 832 byte 1 days old -- java_install_reg.log
05/04/2008 18:50:29 1285 byte 1 days old -- MAR97.tmp
05/04/2008 18:50:29 1342 byte 1 days old -- MAR96.tmp
05/04/2008 18:50:44 113 byte 1 days old -- STS9A.tmp
06/04/2008 01:08:11 1342 byte 0 days old -- MAR98.tmp
06/04/2008 01:08:12 1285 byte 0 days old -- MAR99.tmp
06/04/2008 01:08:31 113 byte 0 days old -- STS9C.tmp
06/04/2008 01:35:52 286 byte 0 days old -- MSI9d24b.LOG
06/04/2008 07:25:53 1342 byte 0 days old -- MAR9A.tmp
06/04/2008 07:25:54 1285 byte 0 days old -- MAR9B.tmp
06/04/2008 07:26:14 113 byte 0 days old -- STSA6.tmp
06/04/2008 09:06:09 403974 byte 0 days old -- VGX5496.tmp
06/04/2008 09:06:11 65568 byte 0 days old -- VGX549A.tmp
06/04/2008 09:06:13 65568 byte 0 days old -- VGX549E.tmp
06/04/2008 09:06:13 2377 byte 0 days old -- VGX54A0.tmp
06/04/2008 09:06:14 13370 byte 0 days old -- VGX54A2.tmp
06/04/2008 09:06:16 90625 byte 0 days old -- VGX54A6.tmp
06/04/2008 09:06:20 65568 byte 0 days old -- VGX54AB.tmp
06/04/2008 09:06:23 65568 byte 0 days old -- VGX54B2.tmp
06/04/2008 09:06:26 65568 byte 0 days old -- VGX54BD.tmp
06/04/2008 09:06:32 65568 byte 0 days old -- VGX54CE.tmp
06/04/2008 09:06:35 65568 byte 0 days old -- VGX54D1.tmp
06/04/2008 09:06:38 65568 byte 0 days old -- VGX54DB.tmp
06/04/2008 09:06:39 31997 byte 0 days old -- VGX54E6.tmp
06/04/2008 09:06:39 7265 byte 0 days old -- VGX54DF.tmp
06/04/2008 09:06:39 65568 byte 0 days old -- VGX54DE.tmp
06/04/2008 09:06:41 6827 byte 0 days old -- VGX54EF.tmp
06/04/2008 09:06:41 65568 byte 0 days old -- VGX54ED.tmp
06/04/2008 09:06:41 65568 byte 0 days old -- VGX54EC.tmp
06/04/2008 09:06:41 12313 byte 0 days old -- VGX54F6.tmp
06/04/2008 09:06:41 6180 byte 0 days old -- VGX54F3.tmp
06/04/2008 09:06:41 2642 byte 0 days old -- VGX54F1.tmp
06/04/2008 09:06:42 24222 byte 0 days old -- VGX54F9.tmp
06/04/2008 09:06:44 65568 byte 0 days old -- VGX5503.tmp
06/04/2008 09:06:44 65568 byte 0 days old -- VGX5502.tmp
06/04/2008 09:06:45 65568 byte 0 days old -- VGX550B.tmp
06/04/2008 09:06:45 65568 byte 0 days old -- VGX5508.tmp
06/04/2008 09:06:46 24480 byte 0 days old -- VGX5513.tmp
06/04/2008 09:06:47 22869 byte 0 days old -- VGX5515.tmp
06/04/2008 09:06:48 65568 byte 0 days old -- VGX5517.tmp
06/04/2008 09:06:48 65568 byte 0 days old -- VGX5518.tmp
06/04/2008 09:06:49 65792 byte 0 days old -- VGX5521.tmp
06/04/2008 09:06:50 49444 byte 0 days old -- VGX5525.tmp
06/04/2008 09:06:50 65568 byte 0 days old -- VGX5524.tmp
06/04/2008 09:06:50 289 byte 0 days old -- VGX552D.tmp
06/04/2008 09:06:50 11796 byte 0 days old -- VGX5528.tmp
06/04/2008 09:06:51 8147 byte 0 days old -- VGX553B.tmp
06/04/2008 09:06:51 179 byte 0 days old -- VGX5530.tmp
06/04/2008 09:06:51 208 byte 0 days old -- VGX552F.tmp
06/04/2008 09:06:51 338 byte 0 days old -- VGX552E.tmp
06/04/2008 09:06:51 13285 byte 0 days old -- VGX5531.tmp
06/04/2008 09:06:51 5656 byte 0 days old -- VGX5539.tmp
06/04/2008 09:06:51 9233 byte 0 days old -- VGX5535.tmp
06/04/2008 09:06:51 33002 byte 0 days old -- VGX5533.tmp
06/04/2008 09:06:52 2204 byte 0 days old -- VGX5540.tmp
06/04/2008 09:06:52 8491 byte 0 days old -- VGX553D.tmp
06/04/2008 09:06:52 40056 byte 0 days old -- VGX5542.tmp
06/04/2008 09:06:52 19780 byte 0 days old -- VGX5549.tmp
06/04/2008 09:06:52 19066 byte 0 days old -- VGX5544.tmp
06/04/2008 09:06:53 10547 byte 0 days old -- VGX554C.tmp
06/04/2008 09:06:53 15567 byte 0 days old -- VGX554A.tmp
06/04/2008 09:06:53 6824 byte 0 days old -- VGX5552.tmp
06/04/2008 09:06:53 11167 byte 0 days old -- VGX554E.tmp
06/04/2008 09:06:54 65568 byte 0 days old -- VGX5554.tmp
06/04/2008 09:06:54 62832 byte 0 days old -- VGX555B.tmp
06/04/2008 09:06:54 6278 byte 0 days old -- VGX5558.tmp
06/04/2008 09:06:55 65568 byte 0 days old -- VGX555F.tmp
06/04/2008 09:06:55 6264 byte 0 days old -- VGX555D.tmp
06/04/2008 09:06:56 11548 byte 0 days old -- VGX5563.tmp
06/04/2008 09:06:56 65568 byte 0 days old -- VGX5562.tmp
06/04/2008 09:06:57 65568 byte 0 days old -- VGX5566.tmp
06/04/2008 09:06:57 65568 byte 0 days old -- VGX5567.tmp
06/04/2008 09:06:57 10706 byte 0 days old -- VGX556A.tmp
06/04/2008 09:06:58 65568 byte 0 days old -- VGX556E.tmp
06/04/2008 09:06:58 12780 byte 0 days old -- VGX556D.tmp
06/04/2008 09:06:58 6456 byte 0 days old -- VGX5570.tmp
06/04/2008 09:06:59 65568 byte 0 days old -- VGX5574.tmp
06/04/2008 09:06:59 65568 byte 0 days old -- VGX5573.tmp
06/04/2008 09:07:00 2959 byte 0 days old -- VGX557B.tmp
06/04/2008 09:07:00 65568 byte 0 days old -- VGX5579.tmp
06/04/2008 09:07:00 6252 byte 0 days old -- VGX5578.tmp
06/04/2008 09:07:01 65568 byte 0 days old -- VGX557F.tmp
06/04/2008 09:07:01 11968 byte 0 days old -- VGX5583.tmp
06/04/2008 09:07:01 65568 byte 0 days old -- VGX5581.tmp
06/04/2008 09:07:02 49058 byte 0 days old -- VGX5587.tmp
06/04/2008 09:07:02 65568 byte 0 days old -- VGX5585.tmp
06/04/2008 09:07:03 12511 byte 0 days old -- VGX5590.tmp
06/04/2008 09:07:03 6256 byte 0 days old -- VGX558E.tmp
06/04/2008 09:07:03 20166 byte 0 days old -- VGX558B.tmp
06/04/2008 09:07:03 16163 byte 0 days old -- VGX5596.tmp
06/04/2008 09:07:03 13822 byte 0 days old -- VGX5593.tmp
06/04/2008 09:07:03 10576 byte 0 days old -- VGX5592.tmp
06/04/2008 09:07:03 13314 byte 0 days old -- VGX558A.tmp
06/04/2008 09:07:04 20832 byte 0 days old -- VGX559D.tmp
06/04/2008 09:07:04 7641 byte 0 days old -- VGX5599.tmp
06/04/2008 09:07:04 6007 byte 0 days old -- VGX5597.tmp
06/04/2008 09:07:04 65568 byte 0 days old -- VGX559E.tmp
06/04/2008 09:07:05 13918 byte 0 days old -- VGX55A2.tmp
06/04/2008 09:07:05 6456 byte 0 days old -- VGX55A1.tmp
06/04/2008 09:07:06 21537 byte 0 days old -- VGX55A9.tmp
06/04/2008 09:07:06 65568 byte 0 days old -- VGX55A7.tmp
06/04/2008 09:07:06 65568 byte 0 days old -- VGX55A6.tmp
06/04/2008 09:07:06 19557 byte 0 days old -- VGX55AB.tmp
06/04/2008 09:07:07 65568 byte 0 days old -- VGX55AF.tmp
06/04/2008 09:07:08 98496 byte 0 days old -- VGX55B2.tmp
06/04/2008 09:07:08 10491 byte 0 days old -- VGX55B1.tmp
06/04/2008 09:07:09 5880 byte 0 days old -- VGX55B8.tmp
06/04/2008 09:07:09 65568 byte 0 days old -- VGX55B6.tmp
06/04/2008 09:07:10 65568 byte 0 days old -- VGX55BD.tmp
06/04/2008 09:07:10 26456 byte 0 days old -- VGX55BA.tmp
06/04/2008 09:07:11 65568 byte 0 days old -- VGX55C1.tmp
06/04/2008 09:07:11 65568 byte 0 days old -- VGX55BF.tmp
06/04/2008 09:07:12 65568 byte 0 days old -- VGX55C4.tmp
06/04/2008 09:07:12 14692 byte 0 days old -- VGX55C5.tmp
06/04/2008 09:07:13 4706 byte 0 days old -- VGX55CB.tmp
06/04/2008 09:07:13 98544 byte 0 days old -- VGX55C8.tmp
06/04/2008 09:07:13 65568 byte 0 days old -- VGX55CC.tmp
06/04/2008 09:07:14 65568 byte 0 days old -- VGX55D0.tmp
06/04/2008 09:07:14 2467 byte 0 days old -- VGX55CF.tmp
06/04/2008 09:07:15 65568 byte 0 days old -- VGX55D4.tmp
06/04/2008 09:07:16 3746 byte 0 days old -- VGX55DA.tmp
06/04/2008 09:07:16 65568 byte 0 days old -- VGX55D7.tmp
06/04/2008 09:07:16 65568 byte 0 days old -- VGX55D6.tmp
06/04/2008 09:07:16 12477 byte 0 days old -- VGX55E0.tmp
06/04/2008 09:07:16 6482 byte 0 days old -- VGX55DD.tmp
06/04/2008 09:07:16 5590 byte 0 days old -- VGX55DB.tmp
06/04/2008 09:07:17 65568 byte 0 days old -- VGX55E3.tmp
06/04/2008 09:07:18 65568 byte 0 days old -- VGX55E9.tmp
06/04/2008 09:07:18 92950 byte 0 days old -- VGX55E8.tmp
06/04/2008 09:07:18 9128 byte 0 days old -- VGX55E5.tmp
06/04/2008 09:07:19 65568 byte 0 days old -- VGX55ED.tmp
06/04/2008 09:07:19 29741 byte 0 days old -- VGX55EC.tmp
06/04/2008 09:07:20 7574 byte 0 days old -- VGX55F2.tmp
06/04/2008 09:07:20 9453 byte 0 days old -- VGX55F0.tmp
06/04/2008 09:07:21 8972 byte 0 days old -- VGX55F9.tmp
06/04/2008 09:07:21 11564 byte 0 days old -- VGX55F6.tmp
06/04/2008 09:07:21 51206 byte 0 days old -- VGX55F4.tmp
06/04/2008 09:07:22 65568 byte 0 days old -- VGX55FF.tmp
06/04/2008 09:07:22 11260 byte 0 days old -- VGX55FD.tmp
06/04/2008 09:07:22 41857 byte 0 days old -- VGX55FB.tmp
06/04/2008 09:07:23 42979 byte 0 days old -- VGX5600.tmp
06/04/2008 09:07:23 10903 byte 0 days old -- VGX5607.tmp
06/04/2008 09:07:23 16731 byte 0 days old -- VGX5606.tmp
06/04/2008 09:07:23 3147 byte 0 days old -- VGX5603.tmp
06/04/2008 09:07:23 4788 byte 0 days old -- VGX5609.tmp
06/04/2008 09:07:25 65568 byte 0 days old -- VGX5610.tmp
06/04/2008 09:07:25 65568 byte 0 days old -- VGX560D.tmp
06/04/2008 09:07:25 65568 byte 0 days old -- VGX560C.tmp
06/04/2008 09:07:26 63294 byte 0 days old -- VGX5613.tmp
06/04/2008 09:07:26 39512 byte 0 days old -- VGX5614.tmp
06/04/2008 09:07:26 6172 byte 0 days old -- VGX5617.tmp
06/04/2008 09:07:27 12130 byte 0 days old -- VGX5618.tmp
06/04/2008 09:07:27 11637 byte 0 days old -- VGX561A.tmp
06/04/2008 09:07:28 65568 byte 0 days old -- VGX561E.tmp
06/04/2008 09:07:28 65568 byte 0 days old -- VGX561D.tmp
06/04/2008 09:07:28 12625 byte 0 days old -- VGX5625.tmp
06/04/2008 09:07:28 5414 byte 0 days old -- VGX5620.tmp
06/04/2008 09:07:28 10226 byte 0 days old -- VGX5622.tmp
06/04/2008 09:07:29 34129 byte 0 days old -- VGX5628.tmp
06/04/2008 09:07:29 6029 byte 0 days old -- VGX5627.tmp
06/04/2008 09:07:29 8493 byte 0 days old -- VGX562B.tmp
06/04/2008 09:07:29 11583 byte 0 days old -- VGX562F.tmp
06/04/2008 09:07:29 65568 byte 0 days old -- VGX562E.tmp
06/04/2008 09:07:30 6294 byte 0 days old -- VGX5635.tmp
06/04/2008 09:07:30 11338 byte 0 days old -- VGX5637.tmp
06/04/2008 09:07:30 24776 byte 0 days old -- VGX5632.tmp
06/04/2008 09:07:30 5029 byte 0 days old -- VGX5633.tmp
06/04/2008 09:07:30 15168 byte 0 days old -- VGX563B.tmp
06/04/2008 09:07:30 7278 byte 0 days old -- VGX5639.tmp
06/04/2008 09:07:31 46150 byte 0 days old -- VGX5640.tmp
06/04/2008 09:07:31 5304 byte 0 days old -- VGX563E.tmp
06/04/2008 09:07:32 10746 byte 0 days old -- VGX5647.tmp
06/04/2008 09:07:32 65568 byte 0 days old -- VGX5644.tmp
06/04/2008 09:07:32 65568 byte 0 days old -- VGX5643.tmp
06/04/2008 09:07:33 32454 byte 0 days old -- VGX564B.tmp
06/04/2008 09:07:33 65568 byte 0 days old -- VGX564A.tmp
06/04/2008 09:07:33 1854 byte 0 days old -- VGX564E.tmp
06/04/2008 09:07:34 65556 byte 0 days old -- VGX5652.tmp
06/04/2008 09:07:34 65760 byte 0 days old -- VGX5651.tmp
06/04/2008 09:07:35 28328 byte 0 days old -- VGX5655.tmp
06/04/2008 09:07:35 65568 byte 0 days old -- VGX5657.tmp
06/04/2008 09:07:36 10332 byte 0 days old -- VGX565D.tmp
06/04/2008 09:07:36 4389 byte 0 days old -- VGX565F.tmp
06/04/2008 09:07:36 65568 byte 0 days old -- VGX5659.tmp
06/04/2008 09:07:36 235 byte 0 days old -- VGX565B.tmp
06/04/2008 09:07:37 65568 byte 0 days old -- VGX5663.tmp
06/04/2008 09:07:37 65568 byte 0 days old -- VGX5662.tmp
06/04/2008 09:07:38 65568 byte 0 days old -- VGX5666.tmp
06/04/2008 09:07:38 65568 byte 0 days old -- VGX5667.tmp
06/04/2008 09:07:39 7050 byte 0 days old -- VGX566F.tmp
06/04/2008 09:07:39 16188 byte 0 days old -- VGX566C.tmp
06/04/2008 09:07:39 53794 byte 0 days old -- VGX566B.tmp
06/04/2008 09:07:40 6853 byte 0 days old -- VGX5672.tmp
06/04/2008 09:07:40 65568 byte 0 days old -- VGX5670.tmp
06/04/2008 09:07:40 10910 byte 0 days old -- VGX5677.tmp
06/04/2008 09:07:40 5817 byte 0 days old -- VGX5675.tmp
06/04/2008 09:07:41 65568 byte 0 days old -- VGX567B.tmp
06/04/2008 09:07:41 65568 byte 0 days old -- VGX567C.tmp
06/04/2008 09:07:41 4450 byte 0 days old -- VGX567E.tmp
06/04/2008 09:07:42 65568 byte 0 days old -- VGX5685.tmp
06/04/2008 09:07:42 2106 byte 0 days old -- VGX5687.tmp
06/04/2008 09:07:42 4232 byte 0 days old -- VGX5681.tmp
06/04/2008 09:07:42 65568 byte 0 days old -- VGX5683.tmp
06/04/2008 09:07:43 3049 byte 0 days old -- VGX568B.tmp
06/04/2008 09:07:43 20992 byte 0 days old -- VGX5689.tmp
06/04/2008 09:07:44 1391 byte 0 days old -- VGX5690.tmp
06/04/2008 09:07:44 65568 byte 0 days old -- VGX568E.tmp
06/04/2008 09:07:45 65568 byte 0 days old -- VGX5693.tmp
06/04/2008 09:07:45 70588 byte 0 days old -- VGX5695.tmp
06/04/2008 09:07:45 65568 byte 0 days old -- VGX5696.tmp
06/04/2008 09:07:46 11118 byte 0 days old -- VGX569A.tmp
06/04/2008 09:07:46 9613 byte 0 days old -- VGX5699.tmp
06/04/2008 09:07:47 60578 byte 0 days old -- VGX569E.tmp
06/04/2008 09:07:48 65568 byte 0 days old -- VGX56A0.tmp
06/04/2008 09:07:48 36411 byte 0 days old -- VGX56A1.tmp
06/04/2008 09:07:49 9882 byte 0 days old -- VGX56A7.tmp
06/04/2008 09:07:49 65568 byte 0 days old -- VGX56A5.tmp
06/04/2008 09:07:50 65568 byte 0 days old -- VGX56A8.tmp
06/04/2008 09:07:50 24318 byte 0 days old -- VGX56AA.tmp
06/04/2008 09:07:50 19971 byte 0 days old -- VGX56AD.tmp
06/04/2008 09:07:51 71984 byte 0 days old -- VGX56B0.tmp
06/04/2008 09:07:51 65568 byte 0 days old -- VGX56B1.tmp
06/04/2008 09:07:52 75754 byte 0 days old -- VGX56B7.tmp
06/04/2008 09:07:52 1277 byte 0 days old -- VGX56B6.tmp
06/04/2008 09:07:52 21690 byte 0 days old -- VGX56B4.tmp
06/04/2008 09:07:53 3131 byte 0 days old -- VGX56C1.tmp
06/04/2008 09:07:53 1873 byte 0 days old -- VGX56C4.tmp
06/04/2008 09:07:53 3256 byte 0 days old -- VGX56BE.tmp
06/04/2008 09:07:53 65568 byte 0 days old -- VGX56BA.tmp
06/04/2008 09:07:53 2251 byte 0 days old -- VGX56BD.tmp
06/04/2008 09:07:54 474 byte 0 days old -- VGX56CB.tmp
06/04/2008 09:07:54 8254 byte 0 days old -- VGX56C9.tmp
06/04/2008 09:07:54 595 byte 0 days old -- VGX56CF.tmp
06/04/2008 09:07:54 65568 byte 0 days old -- VGX56C5.tmp
06/04/2008 09:07:54 9585 byte 0 days old -- VGX56C7.tmp
06/04/2008 09:07:55 29290 byte 0 days old -- VGX56D1.tmp
06/04/2008 09:07:55 65568 byte 0 days old -- VGX56D2.tmp
06/04/2008 09:07:55 3972 byte 0 days old -- VGX56D4.tmp
06/04/2008 09:07:56 9130 byte 0 days old -- VGX56D9.tmp
06/04/2008 09:07:56 10364 byte 0 days old -- VGX56D7.tmp
06/04/2008 09:07:56 65568 byte 0 days old -- VGX56DA.tmp
06/04/2008 09:07:57 65568 byte 0 days old -- VGX56DE.tmp
06/04/2008 09:07:58 226 byte 0 days old -- VGX56E2.tmp
06/04/2008 09:07:58 65568 byte 0 days old -- VGX56E0.tmp
06/04/2008 09:07:59 65568 byte 0 days old -- VGX56E4.tmp
06/04/2008 09:07:59 65568 byte 0 days old -- VGX56E7.tmp
06/04/2008 09:08:00 65568 byte 0 days old -- VGX56EA.tmp
06/04/2008 09:08:00 65568 byte 0 days old -- VGX56E9.tmp
06/04/2008 09:08:01 65568 byte 0 days old -- VGX56ED.tmp
06/04/2008 09:08:02 1756 byte 0 days old -- VGX56F2.tmp
06/04/2008 09:08:02 65568 byte 0 days old -- VGX56F0.tmp
06/04/2008 09:08:02 6955 byte 0 days old -- VGX56F4.tmp
06/04/2008 09:08:02 11837 byte 0 days old -- VGX56F7.tmp
06/04/2008 09:08:02 65568 byte 0 days old -- VGX56F5.tmp
06/04/2008 09:08:03 6403 byte 0 days old -- VGX56FA.tmp
06/04/2008 09:08:03 35761 byte 0 days old -- VGX5700.tmp
06/04/2008 09:08:03 12385 byte 0 days old -- VGX56FE.tmp
06/04/2008 09:08:03 7440 byte 0 days old -- VGX56FB.tmp
06/04/2008 09:08:04 11288 byte 0 days old -- VGX5702.tmp
06/04/2008 09:08:04 10228 byte 0 days old -- VGX5707.tmp
06/04/2008 09:08:04 52086 byte 0 days old -- VGX5704.tmp
06/04/2008 09:08:05 65568 byte 0 days old -- VGX5708.tmp
06/04/2008 09:08:05 47893 byte 0 days old -- VGX570B.tmp
06/04/2008 09:08:06 10136 byte 0 days old -- VGX5711.tmp
06/04/2008 09:08:06 43941 byte 0 days old -- VGX570F.tmp
06/04/2008 09:08:06 65568 byte 0 days old -- VGX570E.tmp
06/04/2008 09:08:06 6490 byte 0 days old -- VGX5717.tmp
06/04/2008 09:08:06 12633 byte 0 days old -- VGX5715.tmp
06/04/2008 09:08:06 11602 byte 0 days old -- VGX5713.tmp
06/04/2008 09:08:07 9339 byte 0 days old -- VGX571E.tmp
06/04/2008 09:08:07 10357 byte 0 days old -- VGX571B.tmp
06/04/2008 09:08:07 12507 byte 0 days old -- VGX571A.tmp
06/04/2008 09:08:07 65568 byte 0 days old -- VGX571F.tmp
06/04/2008 09:08:08 65696 byte 0 days old -- VGX5723.tmp
06/04/2008 09:08:09 6743 byte 0 days old -- VGX5726.tmp
06/04/2008 09:08:09 65632 byte 0 days old -- VGX5725.tmp
06/04/2008 09:08:10 65568 byte 0 days old -- VGX572A.tmp
06/04/2008 09:08:10 65568 byte 0 days old -- VGX5729.tmp
06/04/2008 09:08:10 10287 byte 0 days old -- VGX572F.tmp
06/04/2008 09:08:10 10234 byte 0 days old -- VGX572D.tmp
06/04/2008 09:08:11 65568 byte 0 days old -- VGX5735.tmp
06/04/2008 09:08:11 9579 byte 0 days old -- VGX5734.tmp
06/04/2008 09:08:11 65568 byte 0 days old -- VGX5732.tmp
06/04/2008 09:08:12 11268 byte 0 days old -- VGX5739.tmp
06/04/2008 09:08:12 8010 byte 0 days old -- VGX573E.tmp
06/04/2008 09:08:12 9268 byte 0 days old -- VGX573C.tmp
06/04/2008 09:08:12 65568 byte 0 days old -- VGX573A.tmp
06/04/2008 09:08:13 32831 byte 0 days old -- VGX5743.tmp
06/04/2008 09:08:13 12678 byte 0 days old -- VGX5741.tmp
06/04/2008 09:08:13 11316 byte 0 days old -- VGX5746.tmp
06/04/2008 09:08:13 9691 byte 0 days old -- VGX5744.tmp
06/04/2008 09:08:14 6200 byte 0 days old -- VGX574A.tmp
06/04/2008 09:08:14 98576 byte 0 days old -- VGX574D.tmp
06/04/2008 09:08:14 6628 byte 0 days old -- VGX574C.tmp
06/04/2008 09:08:15 13735 byte 0 days old -- VGX5753.tmp
06/04/2008 09:08:15 7517 byte 0 days old -- VGX5751.tmp
06/04/2008 09:08:15 7271 byte 0 days old -- VGX5750.tmp
06/04/2008 09:08:16 98560 byte 0 days old -- VGX5757.tmp
06/04/2008 09:08:16 42766 byte 0 days old -- VGX5758.tmp
06/04/2008 09:08:16 12756 byte 0 days old -- VGX575A.tmp
06/04/2008 09:08:16 9312 byte 0 days old -- VGX575C.tmp
06/04/2008 09:08:17 65568 byte 0 days old -- VGX575F.tmp
06/04/2008 09:08:18 65568 byte 0 days old -- VGX5762.tmp
06/04/2008 09:08:18 52292 byte 0 days old -- VGX5763.tmp
06/04/2008 09:08:18 22388 byte 0 days old -- VGX5766.tmp
06/04/2008 09:08:19 65568 byte 0 days old -- VGX5767.tmp
06/04/2008 09:08:19 12705 byte 0 days old -- VGX576A.tmp
06/04/2008 09:08:20 6132 byte 0 days old -- VGX5771.tmp
06/04/2008 09:08:20 12453 byte 0 days old -- VGX576E.tmp
06/04/2008 09:08:20 65568 byte 0 days old -- VGX576D.tmp
06/04/2008 09:08:20 65568 byte 0 days old -- VGX5772.tmp
06/04/2008 09:08:21 65568 byte 0 days old -- VGX577A.tmp
06/04/2008 09:08:21 26716 byte 0 days old -- VGX5778.tmp
06/04/2008 09:08:21 11768 byte 0 days old -- VGX5774.tmp
06/04/2008 09:08:22 213 byte 0 days old -- VGX5781.tmp
06/04/2008 09:08:22 6318 byte 0 days old -- VGX5784.tmp
06/04/2008 09:08:22 65568 byte 0 days old -- VGX577F.tmp
06/04/2008 09:08:22 30954 byte 0 days old -- VGX577B.tmp
06/04/2008 09:08:22 340 byte 0 days old -- VGX577E.tmp
06/04/2008 09:08:23 6482 byte 0 days old -- VGX578B.tmp
06/04/2008 09:08:23 8646 byte 0 days old -- VGX5788.tmp
06/04/2008 09:08:23 17936 byte 0 days old -- VGX5786.tmp
06/04/2008 09:08:24 65568 byte 0 days old -- VGX578E.tmp
06/04/2008 09:08:24 12090 byte 0 days old -- VGX5790.tmp
06/04/2008 09:08:25 12726 byte 0 days old -- VGX5794.tmp
06/04/2008 09:08:25 7182 byte 0 days old -- VGX5792.tmp
06/04/2008 09:08:25 4712 byte 0 days old -- VGX5796.tmp
06/04/2008 09:08:26 8994 byte 0 days old -- VGX579B.tmp
06/04/2008 09:08:26 11910 byte 0 days old -- VGX579D.tmp
06/04/2008 09:08:26 98368 byte 0 days old -- VGX579E.tmp
06/04/2008 09:08:26 13918 byte 0 days old -- VGX57A3.tmp
06/04/2008 09:08:26 15674 byte 0 days old -- VGX57A1.tmp
06/04/2008 09:08:26 16096 byte 0 days old -- VGX5798.tmp
06/04/2008 09:08:27 2770 byte 0 days old -- VGX57B2.tmp
06/04/2008 09:08:27 3040 byte 0 days old -- VGX57A9.tmp
06/04/2008 09:08:27 2748 byte 0 days old -- VGX57A6.tmp
06/04/2008 09:08:27 11514 byte 0 days old -- VGX57A4.tmp
06/04/2008 09:08:27 6072 byte 0 days old -- VGX57AA.tmp
06/04/2008 09:08:27 5955 byte 0 days old -- VGX57B0.tmp
06/04/2008 09:08:27 16298 byte 0 days old -- VGX57AE.tmp
06/04/2008 09:08:27 6358 byte 0 days old -- VGX57AD.tmp
06/04/2008 09:08:28 3707 byte 0 days old -- VGX57B9.tmp
06/04/2008 09:08:28 10838 byte 0 days old -- VGX57B5.tmp
06/04/2008 09:08:28 65568 byte 0 days old -- VGX57BB.tmp
06/04/2008 09:08:28 243 byte 0 days old -- VGX57BA.tmp
06/04/2008 09:08:29 1267 byte 0 days old -- VGX57C2.tmp
06/04/2008 09:08:29 983 byte 0 days old -- VGX57C0.tmp
06/04/2008 09:08:29 2357 byte 0 days old -- VGX57BE.tmp
06/04/2008 09:08:29 6322 byte 0 days old -- VGX57C4.tmp
06/04/2008 09:08:30 65568 byte 0 days old -- VGX57C9.tmp
06/04/2008 09:08:30 6060 byte 0 days old -- VGX57C7.tmp
06/04/2008 09:19:19 1342 byte 0 days old -- MAR9C.tmp
06/04/2008 09:19:23 1285 byte 0 days old -- MAR9D.tmp
06/04/2008 09:19:46 113 byte 0 days old -- STSA4.tmp
06/04/2008 10:47:54 1285 byte 0 days old -- MAR9F.tmp
06/04/2008 10:47:54 1342 byte 0 days old -- MAR9E.tmp
06/04/2008 10:48:10 113 byte 0 days old -- STSA5.tmp
06/04/2008 11:02:52 1285 byte 0 days old -- MARA1.tmp
06/04/2008 11:02:52 1342 byte 0 days old -- MARA0.tmp
06/04/2008 11:03:03 113 byte 0 days old -- STSA3.tmp
06/04/2008 11:47:34 1342 byte 0 days old -- MARA2.tmp
06/04/2008 11:47:38 1285 byte 0 days old -- MARA3.tmp
06/04/2008 11:47:50 113 byte 0 days old -- STS135.tmp
06/04/2008 11:47:58 1179648 byte 0 days old -- ~DF199A.tmp
06/04/2008 11:47:58 512 byte 0 days old -- ~DF19BE.tmp
06/04/2008 11:48:17 512 byte 0 days old -- ~DF52E5.tmp
06/04/2008 11:48:17 1146880 byte 0 days old -- ~DF51E3.tmp
06/04/2008 12:48:33 1285 byte 0 days old -- MARA5.tmp
06/04/2008 12:48:33 1342 byte 0 days old -- MARA4.tmp
06/04/2008 12:48:49 113 byte 0 days old -- STS209.tmp
06/04/2008 14:58:09 543095 byte 0 days old -- hpodvd09.log
06/04/2008 15:00:18 1342 byte 0 days old -- MARA6.tmp
06/04/2008 15:00:19 1285 byte 0 days old -- MARA7.tmp
06/04/2008 15:00:31 113 byte 0 days old -- STSDF.tmp
06/04/2008 15:05:06 18019 byte 0 days old -- jusched.log
06/04/2008 15:28:13 512 byte 0 days old -- ~DF7CA2.tmp
06/04/2008 15:28:13 1179648 byte 0 days old -- ~DF7C5A.tmp
06/04/2008 15:28:50 1146880 byte 0 days old -- ~DFAB9E.tmp
06/04/2008 15:28:50 512 byte 0 days old -- ~DFAC19.tmp
06/04/2008 15:46:19 16384 byte 0 days old -- ~DFFFC3.tmp
06/04/2008 15:55:09 (DIR) 0 byte 0 days old -- nsx1CC1.tmp
06/04/2008 16:05:22 (DIR) 0 byte 0 days old -- WPDNSE
06/04/2008 16:12:22 (DIR) 0 byte 0 days old -- MessengerCache
06/04/2008 16:12:26 48 byte 0 days old -- systemscan.ini
06/04/2008 16:12:30 16384 byte 0 days old -- ~DFD8A8.tmp
06/04/2008 16:12:33 (DIR) 0 byte 0 days old -- nsh2867.tmp
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"SoundMan"="SOUNDMAN.EXE"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
"NBKeyScan"="\"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe\""
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"WinampAgent"="\"C:\Program Files\Winamp\winampa.exe\""
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"748b8663"="rundll32.exe \"C:\WINDOWS\system32\rtreooht.dll\",b"
"egui"="\"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe\" /hide /waitservice"
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"msnmsgr"="\"C:\Program Files\MSN Messenger\msnmsgr.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe\""
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"eMuleAutoStart"="C:\Program Files\eChanblard\emule.exe -AutoStart"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{70AB0A8B-8A8A-496F-A339-4CD2F3352991}"=""
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Sans fil"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Planificateur de paquets QoS"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
Re,
toujours des problèmes de taille.
lance Hijackthis.exe.
choisis do a scan and save a logfile et poste le rapport de Hijackthis.
toujours des problèmes de taille.
lance Hijackthis.exe.
choisis do a scan and save a logfile et poste le rapport de Hijackthis.
Re, J'éspere que ca ira cette fois, voila le raport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:06, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\eChanblard\emule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\hp\Bureau\sys78704.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\nsx1CC1.tmp\runme.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\hp\Bureau\sys78704.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\nsh2867.tmp\runme.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A70509C-DABB-42D7-AE9B-0B9F1D9B334D} - C:\WINDOWS\system32\ddaya.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F2005970-D151-453B-87F7-4BED3A868F84} - (no file)
O2 - BHO: {e5ab8f8a-9da9-0668-fe64-42e6842194af} - {fa491248-6e24-46ef-8660-9ad9a8f8ba5e} - C:\WINDOWS\system32\pqombcuh.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [748b8663] rundll32.exe "C:\WINDOWS\system32\rtreooht.dll",b
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eChanblard\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2801EF06-BB36-46B8-8236-80CB50F68702}: NameServer = 192.168.1.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BDB4522-A34C-4FE0-BC08-94429F83BFD3}: NameServer = 192.168.1.1
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:06, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\eChanblard\emule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\hp\Bureau\sys78704.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\nsx1CC1.tmp\runme.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\hp\Bureau\sys78704.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\nsh2867.tmp\runme.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A70509C-DABB-42D7-AE9B-0B9F1D9B334D} - C:\WINDOWS\system32\ddaya.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F2005970-D151-453B-87F7-4BED3A868F84} - (no file)
O2 - BHO: {e5ab8f8a-9da9-0668-fe64-42e6842194af} - {fa491248-6e24-46ef-8660-9ad9a8f8ba5e} - C:\WINDOWS\system32\pqombcuh.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [748b8663] rundll32.exe "C:\WINDOWS\system32\rtreooht.dll",b
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eChanblard\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2801EF06-BB36-46B8-8236-80CB50F68702}: NameServer = 192.168.1.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BDB4522-A34C-4FE0-BC08-94429F83BFD3}: NameServer = 192.168.1.1
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Re,
Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/ de Bibi26
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\rtreooht.dll
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/ de Bibi26
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\rtreooht.dll
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
RE,voila le raport de btfix:
BTFix 1.094 (par bibi26) - 06/04/2008 16:50:27 - Analyse
Lancé depuis C:\Documents and Settings\hp\Bureau\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\Program Files\AskTBar\
---> Analyse terminée le 06/04/2008 16:50:29
-le scan de vundofix ne donne pas de resultats, il m'afiche le msg suiant: "done searching files. No infected files were found"
et enfin le raport de virustotal:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.4.1 2008.04.04 -
AntiVir 7.6.0.81 2008.04.05 -
Authentium 4.93.8 2008.04.05 -
Avast 4.7.1098.0 2008.04.06 -
AVG 7.5.0.516 2008.04.06 Lop
BitDefender 7.2 2008.04.06 -
CAT-QuickHeal 9.50 2008.04.05 -
ClamAV 0.92.1 2008.04.06 -
DrWeb 4.44.0.09170 2008.04.06 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5672 2008.04.04 -
Ewido 4.0 2008.04.06 -
F-Prot 4.4.2.54 2008.04.05 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13260.0 2008.04.06 -
FileAdvisor 1 2008.04.06 -
Fortinet 3.14.0.0 2008.04.06 -
Ikarus T3.1.1.20 2008.04.06 -
Kaspersky 7.0.0.125 2008.04.06 -
McAfee 5267 2008.04.04 -
Microsoft 1.3408 2008.04.06 Trojan:Win32/Vundo.gen!D
NOD32v2 3005 2008.04.06 -
Norman 5.80.02 2008.04.04 -
Panda 9.0.0.4 2008.04.06 Suspicious file
Prevx1 V2 2008.04.06 Trojan.Vundo
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.06 Sus/Behav-200
Sunbelt 3.0.1032.0 2008.04.05 -
Symantec 10 2008.04.06 -
TheHacker 6.2.92.266 2008.04.05 -
VBA32 3.12.6.4 2008.04.06 -
VirusBuster 4.3.26:9 2008.04.05 Adware.Vundo.Gen!Pac.18
Webwasher-Gateway 6.6.2 2008.04.05 -
Information additionnelle
File size: 85056 bytes
MD5...: a130ab27ce57feac8bebee083b03b201
SHA1..: 9a00904963af3a3626d2ecdc6d6b48e9afbb161e
SHA256: 9a4a4a9df280a28067ed3b1115949b979563f3926dab2f3f95c5a280a2a33ed0
SHA512: 4a46ce1fe1868f5246fd2998fb2d2920de24413c162ecc66bdfde8a71e6a61cf
e5f7381b675ecc0cbe20118fe925a57afee961942237161af2fb57cd0dcd581d
PEiD..: StarForce V3.X DLL -> StarForce Copy Protection System
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000509b
timedatestamp.....: 0x9255c2f (Mon Nov 11 23:09:35 1974)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18000 0x4200 7.32 a47632e67188aeb80074921e9d7e1992
.data 0x19000 0x10000 0xfa00 7.99 a43fde03ac193b07ff2194da23cce7d5
.rdata 0x29000 0x1000 0x400 6.36 2b8c8ddcd0ddaca7de68276583eba0dc
.idata 0x2a000 0x1000 0x800 3.21 bd4e9d48259743216f924cb4c98fdef6
( 3 imports )
> user32.dll: SetMenuInfo, SetFocus, ToAscii, OffsetRect, LoadAcceleratorsW, GetMenu, GetCursor, DrawMenuBar, DrawCaption, DispatchMessageA, DialogBoxParamA, DestroyWindow, DestroyCaret, DefDlgProcA, CreateDialogIndirectParamA, CharUpperA, CharToOemBuffA, CharLowerA, BeginPaint, ShowWindow, ActivateKeyboardLayout
> kernel32.dll: lstrcmpiA, EnumResourceNamesA, GetStartupInfoA, InitializeCriticalSection, LeaveCriticalSection, lstrlenA, lstrcpyA, EnumResourceLanguagesA, WriteFile, LoadResource, LoadLibraryA
> oleaut32.dll: OleLoadPicturePath, RegisterTypeLib, SafeArrayDestroy, OleLoadPicture, VarBstrCmp
( 0 exports )
packers: PE_Patch
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=A21AF91E40B4781D4C9D0186FE9DC3006CFBC2CD
MERCI D'avance
BTFix 1.094 (par bibi26) - 06/04/2008 16:50:27 - Analyse
Lancé depuis C:\Documents and Settings\hp\Bureau\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\Program Files\AskTBar\
---> Analyse terminée le 06/04/2008 16:50:29
-le scan de vundofix ne donne pas de resultats, il m'afiche le msg suiant: "done searching files. No infected files were found"
et enfin le raport de virustotal:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.4.1 2008.04.04 -
AntiVir 7.6.0.81 2008.04.05 -
Authentium 4.93.8 2008.04.05 -
Avast 4.7.1098.0 2008.04.06 -
AVG 7.5.0.516 2008.04.06 Lop
BitDefender 7.2 2008.04.06 -
CAT-QuickHeal 9.50 2008.04.05 -
ClamAV 0.92.1 2008.04.06 -
DrWeb 4.44.0.09170 2008.04.06 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5672 2008.04.04 -
Ewido 4.0 2008.04.06 -
F-Prot 4.4.2.54 2008.04.05 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13260.0 2008.04.06 -
FileAdvisor 1 2008.04.06 -
Fortinet 3.14.0.0 2008.04.06 -
Ikarus T3.1.1.20 2008.04.06 -
Kaspersky 7.0.0.125 2008.04.06 -
McAfee 5267 2008.04.04 -
Microsoft 1.3408 2008.04.06 Trojan:Win32/Vundo.gen!D
NOD32v2 3005 2008.04.06 -
Norman 5.80.02 2008.04.04 -
Panda 9.0.0.4 2008.04.06 Suspicious file
Prevx1 V2 2008.04.06 Trojan.Vundo
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.06 Sus/Behav-200
Sunbelt 3.0.1032.0 2008.04.05 -
Symantec 10 2008.04.06 -
TheHacker 6.2.92.266 2008.04.05 -
VBA32 3.12.6.4 2008.04.06 -
VirusBuster 4.3.26:9 2008.04.05 Adware.Vundo.Gen!Pac.18
Webwasher-Gateway 6.6.2 2008.04.05 -
Information additionnelle
File size: 85056 bytes
MD5...: a130ab27ce57feac8bebee083b03b201
SHA1..: 9a00904963af3a3626d2ecdc6d6b48e9afbb161e
SHA256: 9a4a4a9df280a28067ed3b1115949b979563f3926dab2f3f95c5a280a2a33ed0
SHA512: 4a46ce1fe1868f5246fd2998fb2d2920de24413c162ecc66bdfde8a71e6a61cf
e5f7381b675ecc0cbe20118fe925a57afee961942237161af2fb57cd0dcd581d
PEiD..: StarForce V3.X DLL -> StarForce Copy Protection System
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000509b
timedatestamp.....: 0x9255c2f (Mon Nov 11 23:09:35 1974)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18000 0x4200 7.32 a47632e67188aeb80074921e9d7e1992
.data 0x19000 0x10000 0xfa00 7.99 a43fde03ac193b07ff2194da23cce7d5
.rdata 0x29000 0x1000 0x400 6.36 2b8c8ddcd0ddaca7de68276583eba0dc
.idata 0x2a000 0x1000 0x800 3.21 bd4e9d48259743216f924cb4c98fdef6
( 3 imports )
> user32.dll: SetMenuInfo, SetFocus, ToAscii, OffsetRect, LoadAcceleratorsW, GetMenu, GetCursor, DrawMenuBar, DrawCaption, DispatchMessageA, DialogBoxParamA, DestroyWindow, DestroyCaret, DefDlgProcA, CreateDialogIndirectParamA, CharUpperA, CharToOemBuffA, CharLowerA, BeginPaint, ShowWindow, ActivateKeyboardLayout
> kernel32.dll: lstrcmpiA, EnumResourceNamesA, GetStartupInfoA, InitializeCriticalSection, LeaveCriticalSection, lstrlenA, lstrcpyA, EnumResourceLanguagesA, WriteFile, LoadResource, LoadLibraryA
> oleaut32.dll: OleLoadPicturePath, RegisterTypeLib, SafeArrayDestroy, OleLoadPicture, VarBstrCmp
( 0 exports )
packers: PE_Patch
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=A21AF91E40B4781D4C9D0186FE9DC3006CFBC2CD
MERCI D'avance
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re,
télécharge combofix (par sUBs)ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
télécharge combofix (par sUBs)ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
RE,voila le raport de combofix:
ComboFix 08-04-04.1 - hp 2008-04-06 18:33:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.569 [GMT 0:00]
Endroit: C:\Documents and Settings\hp\Bureau\ComboFix.exe
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtrrqn.dll
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\byxxvvs.dll
C:\WINDOWS\system32\dgyffiah.ini
C:\WINDOWS\system32\dqhwhlue.ini
C:\WINDOWS\system32\egfvtsju.dll
C:\WINDOWS\system32\fowmmveu.ini
C:\WINDOWS\system32\frrtyohp.dll
C:\WINDOWS\system32\gibkborv.ini
C:\WINDOWS\system32\hewxbbbu.ini
C:\WINDOWS\system32\hggdbyy.dll
C:\WINDOWS\system32\ijylsjwa.ini
C:\WINDOWS\system32\jaqxnatd.ini
C:\WINDOWS\system32\jkddmpth.ini
C:\WINDOWS\system32\jttccucf.dll
C:\WINDOWS\system32\kabttmxm.ini
C:\WINDOWS\system32\ljvvtoyr.ini
C:\WINDOWS\system32\lwvxgpug.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ntksgjlm.dll
C:\WINDOWS\system32\oiihtjro.ini
C:\WINDOWS\system32\oqyrkygm.dll
C:\WINDOWS\system32\pqombcuh.dll
C:\WINDOWS\system32\qghhwvbm.dll
C:\WINDOWS\system32\qomlmlm.dll
C:\WINDOWS\system32\rbiwdthr.ini
C:\WINDOWS\system32\rtreooht.dll
C:\WINDOWS\system32\ruphpaud.dll
C:\WINDOWS\system32\rwtkgyxe.dll
C:\WINDOWS\system32\sovepgcs.dll
C:\WINDOWS\system32\thooertr.ini
C:\WINDOWS\system32\wkbverwu.ini
C:\WINDOWS\system32\wwlcpgaw.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:41 . 2008-04-06 15:41 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 14:54 . 2007-01-18 12:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-06 13:33 . 2008-04-06 13:33 <REP> d-------- C:\Program Files\CCleaner
2008-04-06 11:14 . 2008-04-06 11:14 <REP> d-------- C:\VundoFix Backups
2008-04-06 09:40 . 2008-04-06 12:51 <REP> d-------- C:\hijackthis_199
2008-04-06 01:12 . 2008-04-06 01:12 <REP> d-------- C:\Program Files\ESET
2008-04-06 01:12 . 2008-04-06 01:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-29 13:28 . 2008-03-29 13:28 <REP> d-------- C:\Program Files\Alive Games
2008-03-29 13:28 . 2008-03-29 13:28 <REP> d-------- C:\Documents and Settings\hp\Application Data\Alive Games
2008-03-25 19:57 . 2008-03-25 19:57 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-25 19:53 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-03-25 19:53 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-03-25 19:53 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-25 19:53 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-03-25 19:53 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-03-25 19:53 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-03-25 19:53 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-03-25 19:53 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-03-25 19:53 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-03-25 19:53 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-03-25 19:52 . 2008-03-25 19:52 319 --a------ C:\WINDOWS\game.ini
2008-03-24 19:17 . 2008-03-25 19:17 1,413,302 ---hs---- C:\WINDOWS\system32\xsqgsvbq.ini
2008-03-24 19:15 . 2008-03-28 15:18 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-24 19:15 . 2008-03-28 15:18 55,163 --a------ C:\WINDOWS\War3Unin.dat
2008-03-24 19:15 . 2008-03-28 15:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-24 19:13 . 2008-04-06 13:08 <REP> d-------- C:\Program Files\Warcraft III
2008-03-24 19:06 . 2008-03-24 19:06 <REP> d-------- C:\Program Files\Smart Projects
2008-03-19 19:16 . 2008-03-20 19:17 1,524,235 ---hs---- C:\WINDOWS\system32\eeqxloqj.ini
2008-03-18 19:17 . 2008-03-19 15:31 1,308,421 ---hs---- C:\WINDOWS\system32\dkwbadyy.ini
2008-03-17 19:15 . 2008-03-18 19:16 2,105,942 ---hs---- C:\WINDOWS\system32\bmgwjppt.ini
2008-03-16 19:14 . 2008-03-17 19:15 1,360,129 ---hs---- C:\WINDOWS\system32\oluvuvmt.ini
2008-03-15 19:17 . 2008-03-16 10:23 1,367,464 ---hs---- C:\WINDOWS\system32\ehflgrou.ini
2008-03-14 19:12 . 2008-03-15 19:12 1,367,273 ---hs---- C:\WINDOWS\system32\ifibvydo.ini
2008-03-14 19:10 . 2008-03-14 19:10 290,816 --------- C:\WINDOWS\system32\ddaya.dll
2008-03-14 19:10 . 2008-03-14 19:10 63 --a------ C:\WINDOWS\system32\748b94ed
2008-03-14 14:45 . 2008-03-14 14:45 <REP> d-------- C:\Documents and Settings\hp\Application Data\Codemasters
2008-03-14 14:43 . 2008-03-14 14:43 <REP> dr-h----- C:\Documents and Settings\hp\Application Data\SecuROM
2008-03-14 14:43 . 2008-03-14 14:43 <REP> d-------- C:\Documents and Settings\hp\Application Data\InstallShield
2008-03-14 14:43 . 2008-03-14 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-14 14:43 . 2008-03-14 14:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-14 14:42 . 2008-03-14 14:42 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-14 14:42 . 2008-03-14 14:42 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-14 14:24 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-14 14:22 . 2008-03-14 14:22 <REP> d-------- C:\Program Files\Microsoft.NET
2008-03-14 14:19 . 2008-03-14 14:19 <REP> d-------- C:\Program Files\Microsoft Works
2008-03-14 14:18 . 2008-03-14 14:22 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-03-14 14:13 . 2008-03-14 14:13 <REP> dr-h----- C:\MSOCache
2008-03-13 16:52 . 2008-03-13 16:52 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-03-13 16:44 . 2008-03-13 16:44 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-13 16:43 . 2008-03-13 16:43 40,456 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-03-11 21:56 . 2008-03-11 21:56 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-03-10 21:57 . 2008-03-28 15:20 <REP> d-------- C:\Program Files\Winamp Remote
2008-03-10 21:44 . 2008-03-10 21:44 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-03-10 21:43 . 2008-03-10 21:43 <REP> d-------- C:\Program Files\Real
2008-03-10 21:43 . 2008-03-10 21:43 <REP> d-------- C:\Program Files\Google
2008-03-10 21:43 . 2008-03-10 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Real
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 18:39 --------- d-----w C:\Program Files\eChanblard
2008-04-04 23:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 07:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-29 17:39 --------- d-----w C:\Program Files\Project64 1.6
2008-03-27 21:12 21 ----a-w C:\qpmd8376.bin
2008-03-27 17:43 --------- d-----w C:\Documents and Settings\hp\Application Data\MegauploadToolbar
2008-03-23 21:56 --------- d-----w C:\Program Files\eMule
2008-03-14 14:32 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-06 07:47 --------- d-----w C:\Program Files\Replay Media Catcher
2008-03-02 23:11 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-01 13:26 --------- d-----w C:\Documents and Settings\hp\Application Data\Nero
2008-03-01 13:25 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-03-01 13:22 --------- d-----w C:\Program Files\Nero
2008-03-01 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-01 13:10 --------- d-----w C:\Program Files\Ahead
2008-03-01 13:09 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-01 13:09 --------- d-----w C:\Program Files\AskTBar
2008-02-26 19:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-26 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-24 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-24 15:39 --------- d-----w C:\Program Files\Yahoo!
2008-02-24 15:39 --------- d-----w C:\Program Files\FLV Player
2008-02-15 00:08 --------- d-----w C:\Program Files\MSN Messenger
2008-02-14 22:39 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-14 21:14 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-10 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-10 20:56 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-02-10 20:56 --------- d-----w C:\Program Files\Avanquest update
2008-02-10 20:54 24,192 ----a-w C:\Documents and Settings\hp\usbsermptxp.sys
2008-02-10 20:54 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-02-10 20:54 22,768 ----a-w C:\Documents and Settings\hp\usbsermpt.sys
2007-12-17 19:13 1,841,152 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-12-17 19:10 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-12-17 19:08 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-12-12 22:34 18,480 ----a-w C:\Documents and Settings\hp\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937AA559-6D6F-45AB-BB81-76682E8DB8B4}]
2008-03-14 19:10 290816 --------- C:\WINDOWS\system32\ddaya.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 15:53 68856]
"eMuleAutoStart"="C:\Program Files\eChanblard\emule.exe" [2008-03-07 21:12 6012928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-05 12:26 5566464]
"nwiz"="nwiz.exe" [2005-03-05 12:26 1495040 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 18:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-10 21:43 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddaya.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 14:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e7edba-ab51-11dc-b4e5-0060b3422cac}]
\Shell\1\Command - K:\autorun.pif
\Shell\2\Command - K:\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-04 18:04:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 18:40:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\ddaya.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-06 18:43:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 18:42:54
Pre-Run: 178,544,824,320 octets libres
Post-Run: 178,452,418,560 octets libres
.
2008-03-13 07:24:10 --- E O F ---
ComboFix 08-04-04.1 - hp 2008-04-06 18:33:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.569 [GMT 0:00]
Endroit: C:\Documents and Settings\hp\Bureau\ComboFix.exe
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtrrqn.dll
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\byxxvvs.dll
C:\WINDOWS\system32\dgyffiah.ini
C:\WINDOWS\system32\dqhwhlue.ini
C:\WINDOWS\system32\egfvtsju.dll
C:\WINDOWS\system32\fowmmveu.ini
C:\WINDOWS\system32\frrtyohp.dll
C:\WINDOWS\system32\gibkborv.ini
C:\WINDOWS\system32\hewxbbbu.ini
C:\WINDOWS\system32\hggdbyy.dll
C:\WINDOWS\system32\ijylsjwa.ini
C:\WINDOWS\system32\jaqxnatd.ini
C:\WINDOWS\system32\jkddmpth.ini
C:\WINDOWS\system32\jttccucf.dll
C:\WINDOWS\system32\kabttmxm.ini
C:\WINDOWS\system32\ljvvtoyr.ini
C:\WINDOWS\system32\lwvxgpug.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ntksgjlm.dll
C:\WINDOWS\system32\oiihtjro.ini
C:\WINDOWS\system32\oqyrkygm.dll
C:\WINDOWS\system32\pqombcuh.dll
C:\WINDOWS\system32\qghhwvbm.dll
C:\WINDOWS\system32\qomlmlm.dll
C:\WINDOWS\system32\rbiwdthr.ini
C:\WINDOWS\system32\rtreooht.dll
C:\WINDOWS\system32\ruphpaud.dll
C:\WINDOWS\system32\rwtkgyxe.dll
C:\WINDOWS\system32\sovepgcs.dll
C:\WINDOWS\system32\thooertr.ini
C:\WINDOWS\system32\wkbverwu.ini
C:\WINDOWS\system32\wwlcpgaw.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:41 . 2008-04-06 15:41 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 14:54 . 2007-01-18 12:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-06 13:33 . 2008-04-06 13:33 <REP> d-------- C:\Program Files\CCleaner
2008-04-06 11:14 . 2008-04-06 11:14 <REP> d-------- C:\VundoFix Backups
2008-04-06 09:40 . 2008-04-06 12:51 <REP> d-------- C:\hijackthis_199
2008-04-06 01:12 . 2008-04-06 01:12 <REP> d-------- C:\Program Files\ESET
2008-04-06 01:12 . 2008-04-06 01:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-29 13:28 . 2008-03-29 13:28 <REP> d-------- C:\Program Files\Alive Games
2008-03-29 13:28 . 2008-03-29 13:28 <REP> d-------- C:\Documents and Settings\hp\Application Data\Alive Games
2008-03-25 19:57 . 2008-03-25 19:57 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-25 19:53 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-03-25 19:53 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-03-25 19:53 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-25 19:53 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-03-25 19:53 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-03-25 19:53 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-03-25 19:53 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-03-25 19:53 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-03-25 19:53 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-03-25 19:53 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-03-25 19:52 . 2008-03-25 19:52 319 --a------ C:\WINDOWS\game.ini
2008-03-24 19:17 . 2008-03-25 19:17 1,413,302 ---hs---- C:\WINDOWS\system32\xsqgsvbq.ini
2008-03-24 19:15 . 2008-03-28 15:18 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-24 19:15 . 2008-03-28 15:18 55,163 --a------ C:\WINDOWS\War3Unin.dat
2008-03-24 19:15 . 2008-03-28 15:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-24 19:13 . 2008-04-06 13:08 <REP> d-------- C:\Program Files\Warcraft III
2008-03-24 19:06 . 2008-03-24 19:06 <REP> d-------- C:\Program Files\Smart Projects
2008-03-19 19:16 . 2008-03-20 19:17 1,524,235 ---hs---- C:\WINDOWS\system32\eeqxloqj.ini
2008-03-18 19:17 . 2008-03-19 15:31 1,308,421 ---hs---- C:\WINDOWS\system32\dkwbadyy.ini
2008-03-17 19:15 . 2008-03-18 19:16 2,105,942 ---hs---- C:\WINDOWS\system32\bmgwjppt.ini
2008-03-16 19:14 . 2008-03-17 19:15 1,360,129 ---hs---- C:\WINDOWS\system32\oluvuvmt.ini
2008-03-15 19:17 . 2008-03-16 10:23 1,367,464 ---hs---- C:\WINDOWS\system32\ehflgrou.ini
2008-03-14 19:12 . 2008-03-15 19:12 1,367,273 ---hs---- C:\WINDOWS\system32\ifibvydo.ini
2008-03-14 19:10 . 2008-03-14 19:10 290,816 --------- C:\WINDOWS\system32\ddaya.dll
2008-03-14 19:10 . 2008-03-14 19:10 63 --a------ C:\WINDOWS\system32\748b94ed
2008-03-14 14:45 . 2008-03-14 14:45 <REP> d-------- C:\Documents and Settings\hp\Application Data\Codemasters
2008-03-14 14:43 . 2008-03-14 14:43 <REP> dr-h----- C:\Documents and Settings\hp\Application Data\SecuROM
2008-03-14 14:43 . 2008-03-14 14:43 <REP> d-------- C:\Documents and Settings\hp\Application Data\InstallShield
2008-03-14 14:43 . 2008-03-14 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-14 14:43 . 2008-03-14 14:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-14 14:42 . 2008-03-14 14:42 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-14 14:42 . 2008-03-14 14:42 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-14 14:24 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-14 14:22 . 2008-03-14 14:22 <REP> d-------- C:\Program Files\Microsoft.NET
2008-03-14 14:19 . 2008-03-14 14:19 <REP> d-------- C:\Program Files\Microsoft Works
2008-03-14 14:18 . 2008-03-14 14:22 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-03-14 14:13 . 2008-03-14 14:13 <REP> dr-h----- C:\MSOCache
2008-03-13 16:52 . 2008-03-13 16:52 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-03-13 16:44 . 2008-03-13 16:44 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-13 16:43 . 2008-03-13 16:43 40,456 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-03-11 21:56 . 2008-03-11 21:56 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-03-10 21:57 . 2008-03-28 15:20 <REP> d-------- C:\Program Files\Winamp Remote
2008-03-10 21:44 . 2008-03-10 21:44 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-03-10 21:43 . 2008-03-10 21:43 <REP> d-------- C:\Program Files\Real
2008-03-10 21:43 . 2008-03-10 21:43 <REP> d-------- C:\Program Files\Google
2008-03-10 21:43 . 2008-03-10 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Real
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 18:39 --------- d-----w C:\Program Files\eChanblard
2008-04-04 23:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 07:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-29 17:39 --------- d-----w C:\Program Files\Project64 1.6
2008-03-27 21:12 21 ----a-w C:\qpmd8376.bin
2008-03-27 17:43 --------- d-----w C:\Documents and Settings\hp\Application Data\MegauploadToolbar
2008-03-23 21:56 --------- d-----w C:\Program Files\eMule
2008-03-14 14:32 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-06 07:47 --------- d-----w C:\Program Files\Replay Media Catcher
2008-03-02 23:11 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-01 13:26 --------- d-----w C:\Documents and Settings\hp\Application Data\Nero
2008-03-01 13:25 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-03-01 13:22 --------- d-----w C:\Program Files\Nero
2008-03-01 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-01 13:10 --------- d-----w C:\Program Files\Ahead
2008-03-01 13:09 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-01 13:09 --------- d-----w C:\Program Files\AskTBar
2008-02-26 19:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-26 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-24 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-24 15:39 --------- d-----w C:\Program Files\Yahoo!
2008-02-24 15:39 --------- d-----w C:\Program Files\FLV Player
2008-02-15 00:08 --------- d-----w C:\Program Files\MSN Messenger
2008-02-14 22:39 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-14 21:14 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-10 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-10 20:56 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-02-10 20:56 --------- d-----w C:\Program Files\Avanquest update
2008-02-10 20:54 24,192 ----a-w C:\Documents and Settings\hp\usbsermptxp.sys
2008-02-10 20:54 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-02-10 20:54 22,768 ----a-w C:\Documents and Settings\hp\usbsermpt.sys
2007-12-17 19:13 1,841,152 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-12-17 19:10 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-12-17 19:08 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-12-12 22:34 18,480 ----a-w C:\Documents and Settings\hp\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937AA559-6D6F-45AB-BB81-76682E8DB8B4}]
2008-03-14 19:10 290816 --------- C:\WINDOWS\system32\ddaya.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 15:53 68856]
"eMuleAutoStart"="C:\Program Files\eChanblard\emule.exe" [2008-03-07 21:12 6012928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-05 12:26 5566464]
"nwiz"="nwiz.exe" [2005-03-05 12:26 1495040 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 18:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-10 21:43 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddaya.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 14:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e7edba-ab51-11dc-b4e5-0060b3422cac}]
\Shell\1\Command - K:\autorun.pif
\Shell\2\Command - K:\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-04 18:04:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 18:40:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\ddaya.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-06 18:43:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 18:42:54
Pre-Run: 178,544,824,320 octets libres
Post-Run: 178,452,418,560 octets libres
.
2008-03-13 07:24:10 --- E O F ---
Re,
Copie ou imprime les instructions avant car tu n'y auras pas accès
Déconnecte toi d'internet et ferme toutes tes applications.
Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\xsqgsvbq.ini
C:\WINDOWS\system32\eeqxloqj.ini
C:\WINDOWS\system32\dkwbadyy.ini
C:\WINDOWS\system32\bmgwjppt.ini
C:\WINDOWS\system32\oluvuvmt.ini
C:\WINDOWS\system32\ehflgrou.ini
C:\WINDOWS\system32\ifibvydo.ini
C:\WINDOWS\system32\ddaya.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937AA559-6D6F-45AB-BB81-76682E8DB8B4}]]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe
Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Réactive ton parefeu, ton antivirus, la garde de ton antispyware
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
Copie ou imprime les instructions avant car tu n'y auras pas accès
Déconnecte toi d'internet et ferme toutes tes applications.
Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\xsqgsvbq.ini
C:\WINDOWS\system32\eeqxloqj.ini
C:\WINDOWS\system32\dkwbadyy.ini
C:\WINDOWS\system32\bmgwjppt.ini
C:\WINDOWS\system32\oluvuvmt.ini
C:\WINDOWS\system32\ehflgrou.ini
C:\WINDOWS\system32\ifibvydo.ini
C:\WINDOWS\system32\ddaya.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937AA559-6D6F-45AB-BB81-76682E8DB8B4}]]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe
Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Réactive ton parefeu, ton antivirus, la garde de ton antispyware
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
VOILA je crois que c'est bon ;MERCI ,MERCI BEACOUP
voila les raports:
combofix:
ComboFix 08-04-04.1 - hp 2008-04-06 20:00:31.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.621 [GMT 0:00]
Endroit: C:\Documents and Settings\hp\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\hp\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
FILE ::
C:\WINDOWS\system32\bmgwjppt.ini
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\dkwbadyy.ini
C:\WINDOWS\system32\eeqxloqj.ini
C:\WINDOWS\system32\ehflgrou.ini
C:\WINDOWS\system32\ifibvydo.ini
C:\WINDOWS\system32\oluvuvmt.ini
C:\WINDOWS\system32\xsqgsvbq.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bmgwjppt.ini
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\dkwbadyy.ini
C:\WINDOWS\system32\eeqxloqj.ini
C:\WINDOWS\system32\ehflgrou.ini
C:\WINDOWS\system32\ifibvydo.ini
C:\WINDOWS\system32\oluvuvmt.ini
C:\WINDOWS\system32\xsqgsvbq.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:41 . 2008-04-06 15:41 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 14:54 . 2007-01-18 12:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-06 13:33 . 2008-04-06 13:33 <REP> d-------- C:\Program Files\CCleaner
2008-04-06 11:14 . 2008-04-06 11:14 <REP> d-------- C:\VundoFix Backups
2008-04-06 09:40 . 2008-04-06 12:51 <REP> d-------- C:\hijackthis_199
2008-04-06 01:12 . 2008-04-06 01:12 <REP> d-------- C:\Program Files\ESET
2008-04-06 01:12 . 2008-04-06 01:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-29 13:28 . 2008-03-29 13:28 <REP> d-------- C:\Program Files\Alive Games
2008-03-29 13:28 . 2008-03-29 13:28 <REP> d-------- C:\Documents and Settings\hp\Application Data\Alive Games
2008-03-25 19:57 . 2008-03-25 19:57 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-25 19:53 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-03-25 19:53 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-03-25 19:53 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-25 19:53 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-03-25 19:53 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-03-25 19:53 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-03-25 19:53 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-03-25 19:53 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-03-25 19:53 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-03-25 19:53 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-03-25 19:52 . 2008-03-25 19:52 319 --a------ C:\WINDOWS\game.ini
2008-03-24 19:15 . 2008-03-28 15:18 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-24 19:15 . 2008-03-28 15:18 55,163 --a------ C:\WINDOWS\War3Unin.dat
2008-03-24 19:15 . 2008-03-28 15:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-24 19:13 . 2008-04-06 13:08 <REP> d-------- C:\Program Files\Warcraft III
2008-03-24 19:06 . 2008-03-24 19:06 <REP> d-------- C:\Program Files\Smart Projects
2008-03-14 19:10 . 2008-03-14 19:10 63 --a------ C:\WINDOWS\system32\748b94ed
2008-03-14 14:45 . 2008-03-14 14:45 <REP> d-------- C:\Documents and Settings\hp\Application Data\Codemasters
2008-03-14 14:43 . 2008-03-14 14:43 <REP> dr-h----- C:\Documents and Settings\hp\Application Data\SecuROM
2008-03-14 14:43 . 2008-03-14 14:43 <REP> d-------- C:\Documents and Settings\hp\Application Data\InstallShield
2008-03-14 14:43 . 2008-03-14 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-14 14:43 . 2008-03-14 14:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-14 14:42 . 2008-03-14 14:42 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-14 14:42 . 2008-03-14 14:42 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-14 14:24 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-14 14:22 . 2008-03-14 14:22 <REP> d-------- C:\Program Files\Microsoft.NET
2008-03-14 14:19 . 2008-03-14 14:19 <REP> d-------- C:\Program Files\Microsoft Works
2008-03-14 14:18 . 2008-03-14 14:22 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-03-14 14:13 . 2008-03-14 14:13 <REP> dr-h----- C:\MSOCache
2008-03-13 16:52 . 2008-03-13 16:52 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-03-13 16:44 . 2008-03-13 16:44 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-13 16:43 . 2008-03-13 16:43 40,456 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-03-11 21:56 . 2008-03-11 21:56 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-03-10 21:57 . 2008-03-28 15:20 <REP> d-------- C:\Program Files\Winamp Remote
2008-03-10 21:44 . 2008-03-10 21:44 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-03-10 21:43 . 2008-03-10 21:43 <REP> d-------- C:\Program Files\Real
2008-03-10 21:43 . 2008-03-10 21:43 <REP> d-------- C:\Program Files\Google
2008-03-10 21:43 . 2008-03-10 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Real
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 20:06 --------- d-----w C:\Program Files\eChanblard
2008-04-04 23:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 07:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-29 17:39 --------- d-----w C:\Program Files\Project64 1.6
2008-03-27 21:12 21 ----a-w C:\qpmd8376.bin
2008-03-27 17:43 --------- d-----w C:\Documents and Settings\hp\Application Data\MegauploadToolbar
2008-03-23 21:56 --------- d-----w C:\Program Files\eMule
2008-03-14 14:32 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-06 07:47 --------- d-----w C:\Program Files\Replay Media Catcher
2008-03-02 23:11 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-01 13:26 --------- d-----w C:\Documents and Settings\hp\Application Data\Nero
2008-03-01 13:25 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-03-01 13:22 --------- d-----w C:\Program Files\Nero
2008-03-01 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-01 13:10 --------- d-----w C:\Program Files\Ahead
2008-03-01 13:09 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-01 13:09 --------- d-----w C:\Program Files\AskTBar
2008-02-26 19:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-26 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-24 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-24 15:39 --------- d-----w C:\Program Files\Yahoo!
2008-02-24 15:39 --------- d-----w C:\Program Files\FLV Player
2008-02-15 00:08 --------- d-----w C:\Program Files\MSN Messenger
2008-02-14 22:39 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-14 21:14 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-10 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-10 20:56 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-02-10 20:56 --------- d-----w C:\Program Files\Avanquest update
2008-02-10 20:54 24,192 ----a-w C:\Documents and Settings\hp\usbsermptxp.sys
2008-02-10 20:54 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-02-10 20:54 22,768 ----a-w C:\Documents and Settings\hp\usbsermpt.sys
2007-12-17 19:13 1,841,152 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-12-17 19:10 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-12-17 19:08 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-12-12 22:34 18,480 ----a-w C:\Documents and Settings\hp\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 15:53 68856]
"eMuleAutoStart"="C:\Program Files\eChanblard\emule.exe" [2008-03-07 21:12 6012928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-05 12:26 5566464]
"nwiz"="nwiz.exe" [2005-03-05 12:26 1495040 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 18:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-10 21:43 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddaya.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 14:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e7edba-ab51-11dc-b4e5-0060b3422cac}]
\Shell\1\Command - K:\autorun.pif
\Shell\2\Command - K:\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-04 18:04:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 20:06:22
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-06 20:07:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 20:07:37
ComboFix2.txt 2008-04-06 18:43:04
Pre-Run: 178,748,043,264 octets libres
Post-Run: 178,749,177,856 octets libres
.
2008-03-13 07:24:10 --- E O F ---
raport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eChanblard\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2801EF06-BB36-46B8-8236-80CB50F68702}: NameServer = 192.168.1.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BDB4522-A34C-4FE0-BC08-94429F83BFD3}: NameServer = 192.168.1.1
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
voila les raports:
combofix:
ComboFix 08-04-04.1 - hp 2008-04-06 20:00:31.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.621 [GMT 0:00]
Endroit: C:\Documents and Settings\hp\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\hp\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
FILE ::
C:\WINDOWS\system32\bmgwjppt.ini
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\dkwbadyy.ini
C:\WINDOWS\system32\eeqxloqj.ini
C:\WINDOWS\system32\ehflgrou.ini
C:\WINDOWS\system32\ifibvydo.ini
C:\WINDOWS\system32\oluvuvmt.ini
C:\WINDOWS\system32\xsqgsvbq.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bmgwjppt.ini
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\dkwbadyy.ini
C:\WINDOWS\system32\eeqxloqj.ini
C:\WINDOWS\system32\ehflgrou.ini
C:\WINDOWS\system32\ifibvydo.ini
C:\WINDOWS\system32\oluvuvmt.ini
C:\WINDOWS\system32\xsqgsvbq.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:41 . 2008-04-06 15:41 <REP> d-------- C:\Program Files\Trend Micro
2008-04-06 14:54 . 2007-01-18 12:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-06 13:33 . 2008-04-06 13:33 <REP> d-------- C:\Program Files\CCleaner
2008-04-06 11:14 . 2008-04-06 11:14 <REP> d-------- C:\VundoFix Backups
2008-04-06 09:40 . 2008-04-06 12:51 <REP> d-------- C:\hijackthis_199
2008-04-06 01:12 . 2008-04-06 01:12 <REP> d-------- C:\Program Files\ESET
2008-04-06 01:12 . 2008-04-06 01:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-29 13:28 . 2008-03-29 13:28 <REP> d-------- C:\Program Files\Alive Games
2008-03-29 13:28 . 2008-03-29 13:28 <REP> d-------- C:\Documents and Settings\hp\Application Data\Alive Games
2008-03-25 19:57 . 2008-03-25 19:57 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-25 19:53 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-03-25 19:53 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-03-25 19:53 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-25 19:53 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-03-25 19:53 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-03-25 19:53 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-03-25 19:53 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-03-25 19:53 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-03-25 19:53 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-03-25 19:53 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-03-25 19:52 . 2008-03-25 19:52 319 --a------ C:\WINDOWS\game.ini
2008-03-24 19:15 . 2008-03-28 15:18 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-24 19:15 . 2008-03-28 15:18 55,163 --a------ C:\WINDOWS\War3Unin.dat
2008-03-24 19:15 . 2008-03-28 15:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-24 19:13 . 2008-04-06 13:08 <REP> d-------- C:\Program Files\Warcraft III
2008-03-24 19:06 . 2008-03-24 19:06 <REP> d-------- C:\Program Files\Smart Projects
2008-03-14 19:10 . 2008-03-14 19:10 63 --a------ C:\WINDOWS\system32\748b94ed
2008-03-14 14:45 . 2008-03-14 14:45 <REP> d-------- C:\Documents and Settings\hp\Application Data\Codemasters
2008-03-14 14:43 . 2008-03-14 14:43 <REP> dr-h----- C:\Documents and Settings\hp\Application Data\SecuROM
2008-03-14 14:43 . 2008-03-14 14:43 <REP> d-------- C:\Documents and Settings\hp\Application Data\InstallShield
2008-03-14 14:43 . 2008-03-14 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-14 14:43 . 2008-03-14 14:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-14 14:42 . 2008-03-14 14:42 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-14 14:42 . 2008-03-14 14:42 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-14 14:24 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-14 14:22 . 2008-03-14 14:22 <REP> d-------- C:\Program Files\Microsoft.NET
2008-03-14 14:19 . 2008-03-14 14:19 <REP> d-------- C:\Program Files\Microsoft Works
2008-03-14 14:18 . 2008-03-14 14:22 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-03-14 14:13 . 2008-03-14 14:13 <REP> dr-h----- C:\MSOCache
2008-03-13 16:52 . 2008-03-13 16:52 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-03-13 16:44 . 2008-03-13 16:44 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-13 16:43 . 2008-03-13 16:43 40,456 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-03-11 21:56 . 2008-03-11 21:56 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-03-10 21:57 . 2008-03-28 15:20 <REP> d-------- C:\Program Files\Winamp Remote
2008-03-10 21:44 . 2008-03-10 21:44 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-03-10 21:43 . 2008-03-10 21:43 <REP> d-------- C:\Program Files\Real
2008-03-10 21:43 . 2008-03-10 21:43 <REP> d-------- C:\Program Files\Google
2008-03-10 21:43 . 2008-03-10 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Real
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 20:06 --------- d-----w C:\Program Files\eChanblard
2008-04-04 23:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 07:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-29 17:39 --------- d-----w C:\Program Files\Project64 1.6
2008-03-27 21:12 21 ----a-w C:\qpmd8376.bin
2008-03-27 17:43 --------- d-----w C:\Documents and Settings\hp\Application Data\MegauploadToolbar
2008-03-23 21:56 --------- d-----w C:\Program Files\eMule
2008-03-14 14:32 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-06 07:47 --------- d-----w C:\Program Files\Replay Media Catcher
2008-03-02 23:11 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-01 13:26 --------- d-----w C:\Documents and Settings\hp\Application Data\Nero
2008-03-01 13:25 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-03-01 13:22 --------- d-----w C:\Program Files\Nero
2008-03-01 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-01 13:10 --------- d-----w C:\Program Files\Ahead
2008-03-01 13:09 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-01 13:09 --------- d-----w C:\Program Files\AskTBar
2008-02-26 19:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-26 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-24 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-24 15:39 --------- d-----w C:\Program Files\Yahoo!
2008-02-24 15:39 --------- d-----w C:\Program Files\FLV Player
2008-02-15 00:08 --------- d-----w C:\Program Files\MSN Messenger
2008-02-14 22:39 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-14 21:14 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-10 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-10 20:56 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-02-10 20:56 --------- d-----w C:\Program Files\Avanquest update
2008-02-10 20:54 24,192 ----a-w C:\Documents and Settings\hp\usbsermptxp.sys
2008-02-10 20:54 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-02-10 20:54 22,768 ----a-w C:\Documents and Settings\hp\usbsermpt.sys
2007-12-17 19:13 1,841,152 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-12-17 19:10 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-12-17 19:08 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-12-12 22:34 18,480 ----a-w C:\Documents and Settings\hp\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 15:53 68856]
"eMuleAutoStart"="C:\Program Files\eChanblard\emule.exe" [2008-03-07 21:12 6012928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-05 12:26 5566464]
"nwiz"="nwiz.exe" [2005-03-05 12:26 1495040 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 18:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-10 21:43 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddaya.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 14:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e7edba-ab51-11dc-b4e5-0060b3422cac}]
\Shell\1\Command - K:\autorun.pif
\Shell\2\Command - K:\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-04 18:04:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 20:06:22
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-06 20:07:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 20:07:37
ComboFix2.txt 2008-04-06 18:43:04
Pre-Run: 178,748,043,264 octets libres
Post-Run: 178,749,177,856 octets libres
.
2008-03-13 07:24:10 --- E O F ---
raport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eChanblard\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2801EF06-BB36-46B8-8236-80CB50F68702}: NameServer = 192.168.1.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BDB4522-A34C-4FE0-BC08-94429F83BFD3}: NameServer = 192.168.1.1
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Re,
pas fini.
j'en ai même oublié ça :
Double clique sur BTFix.exe.
Clique sur Nettoyer.
Poste le rapport dans ta réponse avec un nouveau rapport Hijackthis.
pas fini.
j'en ai même oublié ça :
Double clique sur BTFix.exe.
Clique sur Nettoyer.
Poste le rapport dans ta réponse avec un nouveau rapport Hijackthis.
RE, voila le raport de btfix
BTFix 1.094 (par bibi26) - 06/04/2008 20:22:08 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\hp\Bureau\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
- C:\Program Files\AskTBar\bar\1.bin\
- C:\Program Files\AskTBar\bar\Cache\
- C:\Program Files\AskTBar\bar\History\
- C:\Program Files\AskTBar\bar\Settings\
- C:\Program Files\AskTBar\bar\
- C:\Program Files\AskTBar\SrchAstt\1.bin\
- C:\Program Files\AskTBar\SrchAstt\
- C:\Program Files\AskTBar\
---> Nettoyage terminé le 06/04/2008 20:22:11
et celui de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eChanblard\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2801EF06-BB36-46B8-8236-80CB50F68702}: NameServer = 192.168.1.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BDB4522-A34C-4FE0-BC08-94429F83BFD3}: NameServer = 192.168.1.1
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
BTFix 1.094 (par bibi26) - 06/04/2008 20:22:08 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\hp\Bureau\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
- C:\Program Files\AskTBar\bar\1.bin\
- C:\Program Files\AskTBar\bar\Cache\
- C:\Program Files\AskTBar\bar\History\
- C:\Program Files\AskTBar\bar\Settings\
- C:\Program Files\AskTBar\bar\
- C:\Program Files\AskTBar\SrchAstt\1.bin\
- C:\Program Files\AskTBar\SrchAstt\
- C:\Program Files\AskTBar\
---> Nettoyage terminé le 06/04/2008 20:22:11
et celui de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eChanblard\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2801EF06-BB36-46B8-8236-80CB50F68702}: NameServer = 192.168.1.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BDB4522-A34C-4FE0-BC08-94429F83BFD3}: NameServer = 192.168.1.1
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Re,
les infections visibles sont jugulés.
nettoyage et sécurisation .
Le P2P est un nid à infection, mais je pense que tu le sais.
1) Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.
Si c'est le cas tu as le choix entre ces deux possibilités :
Zone Alarm Tuto et lien de téléchargement ici :
https://www.malekal.com/tutoriel-zonealarm-firewall/
Kerio Tuto et lien de téléchargement ici :
http://www.malekal.com/kerio_firewall.php
Il y en a d'autres que tu peux trouver en ouvrant ce lien :
http://www.malekal.com/menu_tutorials_logiciels.php
Perso, j'ai On line Armor, mais il est un peu complexe. J'ai l'impression que tu peux y arriver mais ce n'est pas évident.
Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).
2) Lis bien et exécute cette manip dans l’ordre.
#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.
Ne les utilise pas tout de suite.
Antispywares et autres :
Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :
https://www.malwarebytes.com/
A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
Nettoyeurs (de fichiers inutiles) et autres :
*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !
========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
.
=======================================
Cherche si tu trouves ce fichier :
C:\Program Files\Windows Media Player\WMPNetwk.exe
Si tu ne l'a pas trouvé, fais ceci :
========================================
Arrête ce service
Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc)
pour ça fais cette manip :
Démarrer -> executer tape services.msc clic droit sur le service cité - > propriétés et dans "type de démarrage" et mets le sur « arrêté » et « désactivé ».
=======================================
->Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
puis tape « entrée ».
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
========================================
->Lance CCleaner.
Suppression des fichiers temporaires
Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]
========================================
Lance Malwarebytes AntiMalware
Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur. L'analyse peut prendre un certain teps. Il suffit de vérifier de temps en temps son avancement.
A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
========================================
->Relance CCleaner.
Suppression des incohérences du registre
• Clique sur l'icône [Erreurs] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].
Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
->Redémarre en mode normal,
- > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :
https://www.bitdefender.com/toolbox/
Utilisation :
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
Ensuite, cliquer sur "Cliquez ici pour scanner".
Patienter jusqu'à la fin du scan qui peut durer assez longtemps...
Copier/coller le rapport entier sur le forum.
Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
Ouvre ce lien : http://www.commentcamarche.net/telecharger/telecharger 111 firefox
télécharge et installe Firefox (plus sécurisé que IE, que tu gardes pour les programmes nécessitant un Active X et pour les mises à jour de Windows).
Télécharge ATF-Cleaner (Attribune) : http://www.atribune.org/ccount/click.php?id=1
-- Met le sur ton bureau
=> Lance ATF-Cleaner :
* Sous l'onglet Main, choisis : Select All
* Clique sur le bouton Empty Selected
* Sous l'onglet Firefox (si présent) : Clique sur select all
-- Au message "are you sure you want to delete your firefox saved password" clique sur NON
-- Clique sur Empty selected
* Sous l'onglet Opéra (si présent) : Clique sur select all
-- Au message "are you sure you want to delete your firefox saved password" clique sur NON
-- Clique sur Empty selected
* Quitte ATF-Cleaner
Relance Hijackthis et copie/colle un nouveau rapport sur le forum.
les infections visibles sont jugulés.
nettoyage et sécurisation .
Le P2P est un nid à infection, mais je pense que tu le sais.
1) Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.
Si c'est le cas tu as le choix entre ces deux possibilités :
Zone Alarm Tuto et lien de téléchargement ici :
https://www.malekal.com/tutoriel-zonealarm-firewall/
Kerio Tuto et lien de téléchargement ici :
http://www.malekal.com/kerio_firewall.php
Il y en a d'autres que tu peux trouver en ouvrant ce lien :
http://www.malekal.com/menu_tutorials_logiciels.php
Perso, j'ai On line Armor, mais il est un peu complexe. J'ai l'impression que tu peux y arriver mais ce n'est pas évident.
Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).
2) Lis bien et exécute cette manip dans l’ordre.
#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.
Ne les utilise pas tout de suite.
Antispywares et autres :
Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :
https://www.malwarebytes.com/
A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
Nettoyeurs (de fichiers inutiles) et autres :
*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !
========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
.
=======================================
Cherche si tu trouves ce fichier :
C:\Program Files\Windows Media Player\WMPNetwk.exe
Si tu ne l'a pas trouvé, fais ceci :
========================================
Arrête ce service
Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc)
pour ça fais cette manip :
Démarrer -> executer tape services.msc clic droit sur le service cité - > propriétés et dans "type de démarrage" et mets le sur « arrêté » et « désactivé ».
=======================================
->Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
puis tape « entrée ».
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
========================================
->Lance CCleaner.
Suppression des fichiers temporaires
Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]
========================================
Lance Malwarebytes AntiMalware
Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur. L'analyse peut prendre un certain teps. Il suffit de vérifier de temps en temps son avancement.
A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
========================================
->Relance CCleaner.
Suppression des incohérences du registre
• Clique sur l'icône [Erreurs] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].
Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
->Redémarre en mode normal,
- > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :
https://www.bitdefender.com/toolbox/
Utilisation :
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
Ensuite, cliquer sur "Cliquez ici pour scanner".
Patienter jusqu'à la fin du scan qui peut durer assez longtemps...
Copier/coller le rapport entier sur le forum.
Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
Ouvre ce lien : http://www.commentcamarche.net/telecharger/telecharger 111 firefox
télécharge et installe Firefox (plus sécurisé que IE, que tu gardes pour les programmes nécessitant un Active X et pour les mises à jour de Windows).
Télécharge ATF-Cleaner (Attribune) : http://www.atribune.org/ccount/click.php?id=1
-- Met le sur ton bureau
=> Lance ATF-Cleaner :
* Sous l'onglet Main, choisis : Select All
* Clique sur le bouton Empty Selected
* Sous l'onglet Firefox (si présent) : Clique sur select all
-- Au message "are you sure you want to delete your firefox saved password" clique sur NON
-- Clique sur Empty selected
* Sous l'onglet Opéra (si présent) : Clique sur select all
-- Au message "are you sure you want to delete your firefox saved password" clique sur NON
-- Clique sur Empty selected
* Quitte ATF-Cleaner
Relance Hijackthis et copie/colle un nouveau rapport sur le forum.
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\hp\Bureau\sys78704.exe
Running in: User mode
Date: 06/04/2008
Time: 15:48:18
Output limited to:
-Recent files
-Registry Run Keys
-Scheduled jobs
-Services and Drivers (all)
-Suspicious Files
-Include HIJACKTHIS.log
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
14/03/2008 14:13:42 (DIR) 0 byte 23 days old -- MSOCache
27/03/2008 21:12:45 21 byte 10 days old -- qpmd8376.bin
04/04/2008 23:09:16 (DIR) 0 byte 2 days old -- CFusionMX
06/04/2008 01:12:53 (DIR) 0 byte 0 days old -- Config.Msi
06/04/2008 11:14:51 (DIR) 0 byte 0 days old -- VundoFix Backups
06/04/2008 11:50:43 (DIR) 0 byte 0 days old -- divertissement
06/04/2008 12:51:53 (DIR) 0 byte 0 days old -- hijackthis_199
06/04/2008 14:10:55 500 byte 0 days old -- VundoFix.txt
06/04/2008 14:59:41 1610612736 byte 0 days old -- pagefile.sys
06/04/2008 14:59:55 (DIR) 0 byte 0 days old -- WINDOWS
06/04/2008 15:41:19 (DIR) 0 byte 0 days old -- Program Files
----- recent files in C:\WINDOWS\
11/03/2008 21:56:00 (DIR) 0 byte 26 days old -- Downloaded Installations
14/03/2008 14:13:46 (DIR) 0 byte 23 days old -- system
14/03/2008 14:18:46 (DIR) 0 byte 23 days old -- Help
14/03/2008 14:22:01 (DIR) 0 byte 23 days old -- SHELLNEW
14/03/2008 14:22:19 (DIR) 0 byte 23 days old -- Fonts
14/03/2008 14:23:57 603 byte 23 days old -- win.ini
14/03/2008 14:25:09 722 byte 23 days old -- ODBC.INI
14/03/2008 14:42:36 (DIR) 0 byte 23 days old -- WinSxS
25/03/2008 19:52:40 319 byte 12 days old -- game.ini
25/03/2008 19:57:51 (DIR) 0 byte 12 days old -- ftpcache
25/03/2008 22:16:48 54156 byte 12 days old -- QTFont.qfn
28/03/2008 15:18:24 139264 byte 9 days old -- War3Unin.exe
28/03/2008 15:18:24 2829 byte 9 days old -- War3Unin.pif
28/03/2008 15:18:35 55163 byte 9 days old -- War3Unin.dat
01/04/2008 20:47:56 (DIR) 0 byte 5 days old -- Tasks
05/04/2008 10:37:38 1013 byte 1 days old -- cookies.ini
06/04/2008 01:12:54 (DIR) 0 byte 0 days old -- Installer
06/04/2008 01:27:07 (DIR) 0 byte 0 days old -- inf
06/04/2008 01:27:09 (DIR) 0 byte 0 days old -- Downloaded Program Files
06/04/2008 01:27:19 (DIR) 0 byte 0 days old -- Prefetch
06/04/2008 12:10:12 69 byte 0 days old -- NeroDigital.ini
06/04/2008 13:41:43 (DIR) 0 byte 0 days old -- Debug
06/04/2008 14:58:34 32424 byte 0 days old -- SchedLgU.Txt
06/04/2008 14:59:43 2048 byte 0 days old -- bootstat.dat
06/04/2008 14:59:55 0 byte 0 days old -- 0.log
06/04/2008 15:00:20 50 byte 0 days old -- wiaservc.log
06/04/2008 15:00:22 (DIR) 0 byte 0 days old -- system32
06/04/2008 15:00:31 157 byte 0 days old -- wiadebug.log
06/04/2008 15:00:38 1811735 byte 0 days old -- WindowsUpdate.log
06/04/2008 15:46:31 (DIR) 0 byte 0 days old -- Temp
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
10/03/2008 21:43:43 278528 byte 27 days old -- pncrt.dll
10/03/2008 21:43:46 5632 byte 27 days old -- pndx5032.dll
10/03/2008 21:43:46 6656 byte 27 days old -- pndx5016.dll
10/03/2008 21:43:57 185944 byte 27 days old -- rmoc3260.dll
14/03/2008 14:42:35 (DIR) 0 byte 23 days old -- AGEIA
14/03/2008 14:42:58 (DIR) 0 byte 23 days old -- DRVSTORE
14/03/2008 14:43:58 107888 byte 23 days old -- CmdLineExt.dll
14/03/2008 15:30:08 246312 byte 23 days old -- FNTCACHE.DAT
14/03/2008 19:09:43 36864 byte 23 days old -- byxxvvs.dll
14/03/2008 19:10:43 290816 byte 23 days old -- ddaya.dll
14/03/2008 19:10:44 63 byte 23 days old -- 748b94ed
14/03/2008 19:11:52 98368 byte 23 days old -- egfvtsju.dll
14/03/2008 19:30:57 36864 byte 23 days old -- awtrrqn.dll
14/03/2008 19:40:41 36864 byte 23 days old -- qomlmlm.dll
15/03/2008 19:12:16 1367273 byte 22 days old -- ifibvydo.ini
15/03/2008 21:47:41 36864 byte 22 days old -- hggdbyy.dll
16/03/2008 10:23:59 1367464 byte 21 days old -- ehflgrou.ini
17/03/2008 19:15:16 1360129 byte 20 days old -- oluvuvmt.ini
17/03/2008 19:18:38 93760 byte 20 days old -- frrtyohp.dll
18/03/2008 19:14:18 92736 byte 19 days old -- oqyrkygm.dll
18/03/2008 19:16:14 2105942 byte 19 days old -- bmgwjppt.ini
19/03/2008 15:31:58 1308421 byte 18 days old -- dkwbadyy.ini
19/03/2008 19:16:59 93248 byte 18 days old -- jttccucf.dll
20/03/2008 19:17:21 1524235 byte 17 days old -- eeqxloqj.ini
21/03/2008 19:16:00 94784 byte 16 days old -- sovepgcs.dll
21/03/2008 19:18:37 1261656 byte 16 days old -- jaqxnatd.ini
22/03/2008 09:48:20 1219588 byte 15 days old -- jkddmpth.ini
22/03/2008 19:20:42 93248 byte 15 days old -- ntksgjlm.dll
23/03/2008 18:54:41 1215241 byte 14 days old -- ljvvtoyr.ini
24/03/2008 19:02:12 1215401 byte 13 days old -- wkbverwu.ini
25/03/2008 19:17:39 1413302 byte 12 days old -- xsqgsvbq.ini
25/03/2008 19:17:41 94272 byte 12 days old -- ruphpaud.dll
25/03/2008 19:53:18 (DIR) 0 byte 12 days old -- DirectX
26/03/2008 19:18:21 1280878 byte 11 days old -- hewxbbbu.ini
27/03/2008 19:22:18 1295479 byte 10 days old -- dqhwhlue.ini
27/03/2008 19:35:37 781696 byte 10 days old -- PerfStringBackup.INI
27/03/2008 19:35:38 41302 byte 10 days old -- perfc009.dat
27/03/2008 19:35:38 50072 byte 10 days old -- perfc00C.dat
27/03/2008 19:35:38 372336 byte 10 days old -- perfh00C.dat
27/03/2008 19:35:38 314998 byte 10 days old -- perfh009.dat
28/03/2008 19:20:12 90688 byte 9 days old -- qghhwvbm.dll
28/03/2008 19:23:35 1189953 byte 9 days old -- kabttmxm.ini
29/03/2008 13:41:07 1180852 byte 8 days old -- fowmmveu.ini
30/03/2008 09:56:33 1180990 byte 7 days old -- ijylsjwa.ini
30/03/2008 19:21:20 1181030 byte 7 days old -- gibkborv.ini
31/03/2008 07:20:49 1176286 byte 6 days old -- lwvxgpug.ini
01/04/2008 18:23:03 143 byte 5 days old -- mcrh.tmp
01/04/2008 18:25:01 1215655 byte 5 days old -- oiihtjro.ini
01/04/2008 19:24:57 90688 byte 5 days old -- rwtkgyxe.dll
02/04/2008 19:06:39 1168017 byte 4 days old -- dgyffiah.ini
03/04/2008 08:09:21 1152813 byte 3 days old -- rbiwdthr.ini
03/04/2008 19:26:59 89152 byte 3 days old -- pqombcuh.dll
05/04/2008 19:24:51 1094668 byte 1 days old -- wwlcpgaw.ini
05/04/2008 19:26:04 85056 byte 1 days old -- rtreooht.dll
06/04/2008 01:05:24 3072 byte 0 days old -- CONFIG.NT
06/04/2008 07:24:29 (DIR) 0 byte 0 days old -- Macromed
06/04/2008 13:07:56 (DIR) 0 byte 0 days old -- CatRoot2
06/04/2008 14:54:33 (DIR) 0 byte 0 days old -- drivers
06/04/2008 14:55:17 198722 byte 0 days old -- ayadd.ini2
06/04/2008 14:55:32 198722 byte 0 days old -- ayadd.ini
06/04/2008 15:00:00 2206 byte 0 days old -- wpa.dbl
06/04/2008 15:00:13 23946 byte 0 days old -- nvapps.xml
06/04/2008 15:00:22 1094016 byte 0 days old -- thooertr.ini
----- recent files in C:\WINDOWS\system32\drivers\
13/03/2008 16:43:42 40456 byte 24 days old -- eamon.sys
13/03/2008 16:44:36 29704 byte 24 days old -- easdrv.sys
13/03/2008 16:52:18 33800 byte 24 days old -- epfwtdir.sys
----- recent files in C:\WINDOWS\temp\
27/03/2008 17:17:02 (DIR) 0 byte 10 days old -- Cookies
27/03/2008 17:17:02 (DIR) 0 byte 10 days old -- Fichiers Internet temporaires
27/03/2008 17:17:02 (DIR) 0 byte 10 days old -- History
06/04/2008 07:28:46 0 byte 0 days old -- NOD100.tmp
06/04/2008 12:59:48 0 byte 0 days old -- NOD1000.tmp
06/04/2008 12:59:49 0 byte 0 days old -- NOD1001.tmp
06/04/2008 12:59:52 0 byte 0 days old -- NOD1002.tmp
06/04/2008 12:15:10 0 byte 0 days old -- NOD1003.tmp
06/04/2008 12:15:13 0 byte 0 days old -- NOD1004.tmp
06/04/2008 12:15:15 0 byte 0 days old -- NOD1005.tmp
06/04/2008 12:15:19 0 byte 0 days old -- NOD1006.tmp
06/04/2008 12:15:21 0 byte 0 days old -- NOD1007.tmp
06/04/2008 12:15:24 0 byte 0 days old -- NOD1008.tmp
06/04/2008 12:15:27 0 byte 0 days old -- NOD1009.tmp
06/04/2008 12:59:53 0 byte 0 days old -- NOD100A.tmp
06/04/2008 12:59:54 0 byte 0 days old -- NOD100B.tmp
06/04/2008 12:15:30 0 byte 0 days old -- NOD100C.tmp
06/04/2008 12:15:33 0 byte 0 days old -- NOD100D.tmp
06/04/2008 12:15:35 0 byte 0 days old -- NOD100E.tmp
06/04/2008 12:15:37 0 byte 0 days old -- NOD100F.tmp
06/04/2008 07:28:50 0 byte 0 days old -- NOD101.tmp
06/04/2008 12:15:39 0 byte 0 days old -- NOD1010.tmp
06/04/2008 12:59:56 0 byte 0 days old -- NOD1011.tmp
06/04/2008 12:59:58 0 byte 0 days old -- NOD1012.tmp
06/04/2008 13:00:01 0 byte 0 days old -- NOD1013.tmp
06/04/2008 13:00:03 0 byte 0 days old -- NOD1014.tmp
06/04/2008 13:00:04 0 byte 0 days old -- NOD1015.tmp
06/04/2008 13:00:06 0 byte 0 days old -- NOD1016.tmp
06/04/2008 13:00:08 0 byte 0 days old -- NOD1017.tmp
06/04/2008 13:00:09 0 byte 0 days old -- NOD1018.tmp
06/04/2008 13:00:11 0 byte 0 days old -- NOD1019.tmp
06/04/2008 13:00:12 0 byte 0 days old -- NOD101A.tmp
06/04/2008 13:00:14 0 byte 0 days old -- NOD101B.tmp
06/04/2008 13:00:16 0 byte 0 days old -- NOD101C.tmp
06/04/2008 13:00:17 0 byte 0 days old -- NOD101D.tmp
06/04/2008 12:15:42 0 byte 0 days old -- NOD101E.tmp
06/04/2008 12:15:44 0 byte 0 days old -- NOD101F.tmp
06/04/2008 07:28:52 0 byte 0 days old -- NOD102.tmp
06/04/2008 12:15:46 0 byte 0 days old -- NOD1020.tmp
06/04/2008 12:15:48 0 byte 0 days old -- NOD1021.tmp
06/04/2008 12:15:53 0 byte 0 days old -- NOD1022.tmp
06/04/2008 12:15:55 0 byte 0 days old -- NOD1023.tmp
06/04/2008 12:15:57 0 byte 0 days old -- NOD1024.tmp
06/04/2008 12:15:59 0 byte 0 days old -- NOD1025.tmp
06/04/2008 12:16:02 0 byte 0 days old -- NOD1026.tmp
06/04/2008 13:00:19 0 byte 0 days old -- NOD1027.tmp
06/04/2008 13:00:21 0 byte 0 days old -- NOD1028.tmp
06/04/2008 13:00:23 0 byte 0 days old -- NOD1029.tmp
06/04/2008 13:00:25 0 byte 0 days old -- NOD102A.tmp
06/04/2008 13:00:27 0 byte 0 days old -- NOD102B.tmp
06/04/2008 13:00:29 0 byte 0 days old -- NOD102C.tmp
06/04/2008 13:00:30 0 byte 0 days old -- NOD102D.tmp
06/04/2008 13:00:32 0 byte 0 days old -- NOD102E.tmp
06/04/2008 13:00:34 0 byte 0 days old -- NOD102F.tmp
06/04/2008 07:28:58 0 byte 0 days old -- NOD103.tmp
06/04/2008 13:00:36 0 byte 0 days old -- NOD1030.tmp
06/04/2008 13:00:37 0 byte 0 days old -- NOD1031.tmp
06/04/2008 13:00:39 0 byte 0 days old -- NOD1032.tmp
06/04/2008 13:00:41 0 byte 0 days old -- NOD1033.tmp
06/04/2008 13:00:42 0 byte 0 days old -- NOD1034.tmp
06/04/2008 13:00:44 0 byte 0 days old -- NOD1035.tmp
06/04/2008 13:00:45 0 byte 0 days old -- NOD1036.tmp
06/04/2008 13:00:47 0 byte 0 days old -- NOD1037.tmp
06/04/2008 13:00:48 0 byte 0 days old -- NOD1038.tmp
06/04/2008 13:00:50 0 byte 0 days old -- NOD1039.tmp
06/04/2008 13:00:52 0 byte 0 days old -- NOD103A.tmp
06/04/2008 13:00:54 0 byte 0 days old -- NOD103B.tmp
06/04/2008 13:00:56 0 byte 0 days old -- NOD103C.tmp
06/04/2008 13:00:58 0 byte 0 days old -- NOD103D.tmp
06/04/2008 13:00:59 0 byte 0 days old -- NOD103E.tmp
06/04/2008 13:01:01 0 byte 0 days old -- NOD103F.tmp
06/04/2008 09:21:03 0 byte 0 days old -- NOD104.tmp
06/04/2008 13:01:03 0 byte 0 days old -- NOD1040.tmp
06/04/2008 13:01:05 0 byte 0 days old -- NOD1041.tmp
06/04/2008 13:01:07 0 byte 0 days old -- NOD1042.tmp
06/04/2008 13:01:09 0 byte 0 days old -- NOD1043.tmp
06/04/2008 13:01:11 0 byte 0 days old -- NOD1044.tmp
06/04/2008 13:01:13 0 byte 0 days old -- NOD1045.tmp
06/04/2008 13:01:14 0 byte 0 days old -- NOD1046.tmp
06/04/2008 13:01:16 0 byte 0 days old -- NOD1047.tmp
06/04/2008 13:01:17 0 byte 0 days old -- NOD1048.tmp
06/04/2008 13:01:19 0 byte 0 days old -- NOD1049.tmp
06/04/2008 13:01:22 0 byte 0 days old -- NOD104A.tmp
06/04/2008 13:01:24 0 byte 0 days old -- NOD104B.tmp
06/04/2008 13:01:26 0 byte 0 days old -- NOD104C.tmp
06/04/2008 13:01:28 0 byte 0 days old -- NOD104D.tmp
06/04/2008 13:01:30 0 byte 0 days old -- NOD104E.tmp
06/04/2008 13:01:32 0 byte 0 days old -- NOD104F.tmp
06/04/2008 09:21:05 0 byte 0 days old -- NOD105.tmp
06/04/2008 13:01:34 0 byte 0 days old -- NOD1050.tmp
06/04/2008 13:01:36 0 byte 0 days old -- NOD1051.tmp
06/04/2008 13:01:38 0 byte 0 days old -- NOD1052.tmp
06/04/2008 13:01:40 0 byte 0 days old -- NOD1053.tmp
06/04/2008 13:01:41 0 byte 0 days old -- NOD1054.tmp
06/04/2008 13:01:43 0 byte 0 days old -- NOD1055.tmp
06/04/2008 13:01:44 0 byte 0 days old -- NOD1056.tmp
06/04/2008 13:01:46 0 byte 0 days old -- NOD1057.tmp
06/04/2008 13:01:47 0 byte 0 days old -- NOD1058.tmp
06/04/2008 13:01:49 0 byte 0 days old -- NOD1059.tmp
06/04/2008 13:01:51 0 byte 0 days old -- NOD105A.tmp
06/04/2008 13:01:52 0 byte 0 days old -- NOD105B.tmp
06/04/2008 13:01:54 0 byte 0 days old -- NOD105C.tmp
06/04/2008 13:01:56 0 byte 0 days old -- NOD105D.tmp
06/04/2008 13:01:57 0 byte 0 days old -- NOD105E.tmp
06/04/2008 13:01:59 0 byte 0 days old -- NOD105F.tmp
06/04/2008 09:21:07 0 byte 0 days old -- NOD106.tmp
06/04/2008 08:27:48 0 byte 0 days old -- NOD1060.tmp
06/04/2008 12:16:05 0 byte 0 days old -- NOD1061.tmp
06/04/2008 12:16:07 0 byte 0 days old -- NOD1062.tmp
06/04/2008 12:16:09 0 byte 0 days old -- NOD1063.tmp
06/04/2008 12:16:13 0 byte 0 days old -- NOD1064.tmp
06/04/2008 12:16:16 0 byte 0 days old -- NOD1065.tmp
06/04/2008 12:16:17 0 byte 0 days old -- NOD1066.tmp
06/04/2008 12:16:21 0 byte 0 days old -- NOD1067.tmp
06/04/2008 12:16:23 0 byte 0 days old -- NOD1068.tmp
06/04/2008 12:16:25 0 byte 0 days old -- NOD1069.tmp
06/04/2008 13:02:00 0 byte 0 days old -- NOD106A.tmp
06/04/2008 12:16:28 0 byte 0 days old -- NOD106B.tmp
06/04/2008 12:16:31 0 byte 0 days old -- NOD106C.tmp
06/04/2008 13:02:02 0 byte 0 days old -- NOD106D.tmp
06/04/2008 13:02:04 0 byte 0 days old -- NOD106E.tmp
06/04/2008 13:02:06 0 byte 0 days old -- NOD106F.tmp
06/04/2008 09:21:09 0 byte 0 days old -- NOD107.tmp
06/04/2008 13:02:08 0 byte 0 days old -- NOD1070.tmp
06/04/2008 13:02:09 0 byte 0 days old -- NOD1071.tmp
06/04/2008 13:02:11 0 byte 0 days old -- NOD1072.tmp
06/04/2008 13:02:13 0 byte 0 days old -- NOD1073.tmp
06/04/2008 13:02:15 0 byte 0 days old -- NOD1074.tmp
06/04/2008 07:36:18 0 byte 0 days old -- NOD1075.tmp
06/04/2008 13:02:17 0 byte 0 days old -- NOD1076.tmp
06/04/2008 13:02:19 0 byte 0 days old -- NOD1077.tmp
06/04/2008 13:02:20 0 byte 0 days old -- NOD1078.tmp
06/04/2008 13:02:22 0 byte 0 days old -- NOD1079.tmp
06/04/2008 13:02:24 0 byte 0 days old -- NOD107A.tmp
06/04/2008 13:02:26 0 byte 0 days old -- NOD107B.tmp
06/04/2008 13:02:28 0 byte 0 days old -- NOD107C.tmp
06/04/2008 13:02:29 0 byte 0 days old -- NOD107D.tmp
06/04/2008 13:02:31 0 byte 0 days old -- NOD107E.tmp
06/04/2008 13:02:33 0 byte 0 days old -- NOD107F.tmp
06/04/2008 09:21:11 0 byte 0 days old -- NOD108.tmp
06/04/2008 13:02:34 0 byte 0 days old -- NOD1080.tmp
06/04/2008 13:02:36 0 byte 0 days old -- NOD1081.tmp
06/04/2008 13:02:38 0 byte 0 days old -- NOD1082.tmp
06/04/2008 13:02:39 0 byte 0 days old -- NOD1083.tmp
06/04/2008 13:02:41 0 byte 0 days old -- NOD1084.tmp
06/04/2008 13:02:43 0 byte 0 days old -- NOD1085.tmp
06/04/2008 13:02:44 0 byte 0 days old -- NOD1086.tmp
06/04/2008 13:02:47 0 byte 0 days old -- NOD1087.tmp
06/04/2008 13:02:48 0 byte 0 days old -- NOD1088.tmp
06/04/2008 13:02:50 0 byte 0 days old -- NOD1089.tmp
06/04/2008 13:02:52 0 byte 0 days old -- NOD108A.tmp
06/04/2008 13:02:54 0 byte 0 days old -- NOD108B.tmp
06/04/2008 13:02:56 0 byte 0 days old -- NOD108C.tmp
06/04/2008 13:02:58 0 byte 0 days old -- NOD108D.tmp
06/04/2008 13:02:59 0 byte 0 days old -- NOD108E.tmp
06/04/2008 13:03:02 0 byte 0 days old -- NOD108F.tmp
06/04/2008 09:21:13 0 byte 0 days old -- NOD109.tmp
06/04/2008 13:03:04 0 byte 0 days old -- NOD1090.tmp
06/04/2008 13:03:06 0 byte 0 days old -- NOD1091.tmp
06/04/2008 13:03:07 0 byte 0 days old -- NOD1092.tmp
06/04/2008 13:03:09 0 byte 0 days old -- NOD1093.tmp
06/04/2008 13:03:11 0 byte 0 days old -- NOD1094.tmp
06/04/2008 13:03:13 0 byte 0 days old -- NOD1095.tmp
06/04/2008 13:03:15 0 byte 0 days old -- NOD1096.tmp
06/04/2008 13:03:17 0 byte 0 days old -- NOD1097.tmp
06/04/2008 13:03:18 0 byte 0 days old -- NOD1098.tmp
06/04/2008 13:03:20 0 byte 0 days old -- NOD1099.tmp
06/04/2008 13:03:23 0 byte 0 days old -- NOD109A.tmp
06/04/2008 13:03:25 0 byte 0 days old -- NOD109B.tmp
06/04/2008 15:01:35 0 byte 0 days old -- NOD109C.tmp
06/04/2008 13:03:27 0 byte 0 days old -- NOD109D.tmp
06/04/2008 13:03:29 0 byte 0 days old -- NOD109E.tmp
06/04/2008 13:03:31 0 byte 0 days old -- NOD109F.tmp
06/04/2008 07:29:03 0 byte 0 days old -- NOD10A.tmp
06/04/2008 13:03:33 0 byte 0 days old -- NOD10A0.tmp
06/04/2008 15:01:38 0 byte 0 days old -- NOD10A1.tmp
06/04/2008 13:03:35 0 byte 0 days old -- NOD10A2.tmp
06/04/2008 15:01:41 0 byte 0 days old -- NOD10A3.tmp
06/04/2008 13:03:37 0 byte 0 days old -- NOD10A5.tmp
06/04/2008 13:03:39 0 byte 0 days old -- NOD10A6.tmp
06/04/2008 13:03:41 0 byte 0 days old -- NOD10A7.tmp
06/04/2008 13:03:43 0 byte 0 days old -- NOD10A8.tmp
06/04/2008 13:03:45 0 byte 0 days old -- NOD10A9.tmp
06/04/2008 13:03:47 0 byte 0 days old -- NOD10AA.tmp
06/04/2008 15:01:43 0 byte 0 days old -- NOD10AB.tmp
06/04/2008 13:03:49 0 byte 0 days old -- NOD10AC.tmp
06/04/2008 15:01:44 0 byte 0 days old -- NOD10AD.tmp
06/04/2008 15:01:48 0 byte 0 days old -- NOD10AE.tmp
06/04/2008 13:03:52 0 byte 0 days old -- NOD10AF.tmp
06/04/2008 07:29:10 0 byte 0 days old -- NOD10B.tmp
06/04/2008 15:01:50 0 byte 0 days old -- NOD10B0.tmp
06/04/2008 13:03:53 0 byte 0 days old -- NOD10B1.tmp
06/04/2008 13:03:55 0 byte 0 days old -- NOD10B2.tmp
06/04/2008 13:03:57 0 byte 0 days old -- NOD10B3.tmp
06/04/2008 13:03:58 0 byte 0 days old -- NOD10B4.tmp
06/04/2008 13:04:00 0 byte 0 days old -- NOD10B5.tmp
06/04/2008 13:04:03 0 byte 0 days old -- NOD10B6.tmp
06/04/2008 13:04:05 0 byte 0 days old -- NOD10B7.tmp
06/04/2008 13:04:07 0 byte 0 days old -- NOD10B8.tmp
06/04/2008 13:04:09 0 byte 0 days old -- NOD10B9.tmp
06/04/2008 13:04:11 0 byte 0 days old -- NOD10BA.tmp
06/04/2008 08:08:27 0 byte 0 days old -- NOD10BB.tmp
06/04/2008 13:04:13 0 byte 0 days old -- NOD10BC.tmp
06/04/2008 13:04:15 0 byte 0 days old -- NOD10BD.tmp
06/04/2008 13:04:16 0 byte 0 days old -- NOD10BE.tmp
06/04/2008 13:04:18 0 byte 0 days old -- NOD10BF.tmp
06/04/2008 09:21:14 0 byte 0 days old -- NOD10C.tmp
06/04/2008 13:04:20 0 byte 0 days old -- NOD10C0.tmp
06/04/2008 13:04:23 0 byte 0 days old -- NOD10C1.tmp
06/04/2008 15:01:51 0 byte 0 days old -- NOD10C2.tmp
06/04/2008 13:04:27 0 byte 0 days old -- NOD10C3.tmp
06/04/2008 13:04:28 0 byte 0 days old -- NOD10C4.tmp
06/04/2008 13:04:30 0 byte 0 days old -- NOD10C5.tmp
06/04/2008 13:04:32 0 byte 0 days old -- NOD10C6.tmp
06/04/2008 15:01:53 0 byte 0 days old -- NOD10C7.tmp
06/04/2008 13:04:35 0 byte 0 days old -- NOD10C8.tmp
06/04/2008 13:04:39 0 byte 0 days old -- NOD10C9.tmp
06/04/2008 13:04:42 0 byte 0 days old -- NOD10CA.tmp
06/04/2008 15:01:55 0 byte 0 days old -- NOD10CB.tmp
06/04/2008 13:04:46 0 byte 0 days old -- NOD10CC.tmp
06/04/2008 13:04:49 0 byte 0 days old -- NOD10CD.tmp
06/04/2008 15:01:57 0 byte 0 days old -- NOD10CE.tmp
06/04/2008 09:21:16 0 byte 0 days old -- NOD10D.tmp
06/04/2008 13:04:53 0 byte 0 days old -- NOD10D1.tmp
06/04/2008 13:04:55 0 byte 0 days old -- NOD10D2.tmp
06/04/2008 15:01:59 0 byte 0 days old -- NOD10D3.tmp
06/04/2008 13:04:57 0 byte 0 days old -- NOD10D5.tmp
06/04/2008 15:02:00 0 byte 0 days old -- NOD10D6.tmp
06/04/2008 13:04:59 0 byte 0 days old -- NOD10D9.tmp
06/04/2008 15:02:03 0 byte 0 days old -- NOD10DC.tmp
06/04/2008 13:05:02 0 byte 0 days old -- NOD10DD.tmp
06/04/2008 13:05:04 0 byte 0 days old -- NOD10DE.tmp
06/04/2008 13:05:06 0 byte 0 days old -- NOD10DF.tmp
06/04/2008 09:21:18 0 byte 0 days old -- NOD10E.tmp
06/04/2008 15:02:04 0 byte 0 days old -- NOD10E0.tmp
06/04/2008 13:05:08 0 byte 0 days old -- NOD10E2.tmp
06/04/2008 13:05:10 0 byte 0 days old -- NOD10E3.tmp
06/04/2008 15:02:06 0 byte 0 days old -- NOD10E4.tmp
06/04/2008 13:05:13 0 byte 0 days old -- NOD10E5.tmp
06/04/2008 13:05:14 0 byte 0 days old -- NOD10E7.tmp
06/04/2008 15:02:09 0 byte 0 days old -- NOD10E8.tmp
06/04/2008 15:02:10 0 byte 0 days old -- NOD10E9.tmp
06/04/2008 13:05:16 0 byte 0 days old -- NOD10EA.tmp
06/04/2008 13:05:18 0 byte 0 days old -- NOD10EB.tmp
06/04/2008 15:02:12 0 byte 0 days old -- NOD10EC.tmp
06/04/2008 13:05:20 0 byte 0 days old -- NOD10ED.tmp
06/04/2008 15:02:13 0 byte 0 days old -- NOD10EE.tmp
06/04/2008 15:02:15 0 byte 0 days old -- NOD10EF.tmp
06/04/2008 09:21:20 0 byte 0 days old -- NOD10F.tmp
06/04/2008 13:05:23 0 byte 0 days old -- NOD10F0.tmp
06/04/2008 15:02:16 0 byte 0 days old -- NOD10F1.tmp
06/04/2008 15:02:18 0 byte 0 days old -- NOD10F2.tmp
06/04/2008 15:02:19 0 byte 0 days old -- NOD10F3.tmp
06/04/2008 13:05:25 0 byte 0 days old -- NOD10F4.tmp
06/04/2008 15:02:21 0 byte 0 days old -- NOD10F5.tmp
06/04/2008 13:05:27 0 byte 0 days old -- NOD10F6.tmp
06/04/2008 13:05:29 0 byte 0 days old -- NOD10F7.tmp
06/04/2008 07:36:29 0 byte 0 days old -- NOD10F8.tmp
06/04/2008 13:05:31 0 byte 0 days old -- NOD10F9.tmp
06/04/2008 13:05:33 0 byte 0 days old -- NOD10FA.tmp
06/04/2008 13:05:35 0 byte 0 days old -- NOD10FB.tmp
06/04/2008 13:05:37 0 byte 0 days old -- NOD10FC.tmp
06/04/2008 13:05:39 0 byte 0 days old -- NOD10FD.tmp
06/04/2008 13:05:41 0 byte 0 days old -- NOD10FE.tmp
06/04/2008 13:05:43 0 byte 0 days old -- NOD10FF.tmp
06/04/2008 09:21:23 0 byte 0 days old -- NOD110.tmp
06/04/2008 13:05:45 0 byte 0 days old -- NOD1100.tmp
06/04/2008 13:05:48 0 byte 0 days old -- NOD1101.tmp
06/04/2008 13:05:49 0 byte 0 days old -- NOD1102.tmp
06/04/2008 13:05:52 0 byte 0 days old -- NOD1103.tmp
06/04/2008 15:02:22 0 byte 0 days old -- NOD1104.tmp
06/04/2008 15:02:24 0 byte 0 days old -- NOD1105.tmp
06/04/2008 13:05:54 0 byte 0 days old -- NOD1106.tmp
06/04/2008 15:02:25 0 byte 0 days old -- NOD1107.tmp
06/04/2008 15:02:27 0 byte 0 days old -- NOD1108.tmp
06/04/2008 13:05:56 0 byte 0 days old -- NOD1109.tmp
06/04/2008 15:02:28 0 byte 0 days old -- NOD110A.tmp
06/04/2008 13:05:58 0 byte 0 days old -- NOD110B.tmp
06/04/2008 15:02:30 0 byte 0 days old -- NOD110C.tmp
06/04/2008 13:06:00 0 byte 0 days old -- NOD110D.tmp
06/04/2008 13:06:02 0 byte 0 days old -- NOD110E.tmp
06/04/2008 13:06:04 0 byte 0 days old -- NOD110F.tmp
06/04/2008 09:21:24 0 byte 0 days old -- NOD111.tmp
06/04/2008 13:06:06 0 byte 0 days old -- NOD1110.tmp
06/04/2008 13:06:08 0 byte 0 days old -- NOD1111.tmp
06/04/2008 13:06:11 0 byte 0 days old -- NOD1112.tmp
06/04/2008 13:06:17 0 byte 0 days old -- NOD1113.tmp
06/04/2008 13:06:19 0 byte 0 days old -- NOD1114.tmp
06/04/2008 13:06:21 0 byte 0 days old -- NOD1115.tmp
06/04/2008 13:06:23 0 byte 0 days old -- NOD1116.tmp
06/04/2008 13:06:25 0 byte 0 days old -- NOD1117.tmp
06/04/2008 13:06:27 0 byte 0 days old -- NOD1118.tmp
06/04/2008 13:06:29 0 byte 0 days old -- NOD1119.tmp
06/04/2008 13:06:31 0 byte 0 days old -- NOD111A.tmp
06/04/2008 13:06:33 0 byte 0 days old -- NOD111B.tmp
06/04/2008 13:06:35 0 byte 0 days old -- NOD111C.tmp
06/04/2008 13:06:37 0 byte 0 days old -- NOD111D.tmp
06/04/2008 13:06:39 0 byte 0 days old -- NOD111E.tmp
06/04/2008 13:06:41 0 byte 0 days old -- NOD111F.tmp
06/04/2008 09:21:26 0 byte 0 days old -- NOD112.tmp
06/04/2008 15:02:32 0 byte 0 days old -- NOD1120.tmp
06/04/2008 13:06:43 0 byte 0 days old -- NOD1121.tmp
06/04/2008 15:02:33 0 byte 0 days old -- NOD1122.tmp
06/04/2008 15:02:35 0 byte 0 days old -- NOD1123.tmp
06/04/2008 15:02:36 0 byte 0 days old -- NOD1124.tmp
06/04/2008 13:06:45 0 byte 0 days old -- NOD1125.tmp
06/04/2008 15:02:37 0 byte 0 days old -- NOD1126.tmp
06/04/2008 13:06:48 0 byte 0 days old -- NOD1127.tmp
06/04/2008 15:02:39 0 byte 0 days old -- NOD1128.tmp
06/04/2008 13:06:50 0 byte 0 days old -- NOD1129.tmp
06/04/2008 13:06:51 0 byte 0 days old -- NOD112A.tmp
06/04/2008 13:06:53 0 byte 0 days old -- NOD112B.tmp
06/04/2008 13:06:55 0 byte 0 days old -- NOD112C.tmp
06/04/2008 13:06:57 0 byte 0 days old -- NOD112D.tmp
06/04/2008 13:07:00 0 byte 0 days old -- NOD112E.tmp
06/04/2008 13:07:02 0 byte 0 days old -- NOD112F.tmp
06/04/2008 09:21:28 0 byte 0 days old -- NOD113.tmp
06/04/2008 13:07:04 0 byte 0 days old -- NOD1130.tmp
06/04/2008 13:07:06 0 byte 0 days old -- NOD1131.tmp
06/04/2008 13:07:08 0 byte 0 days old -- NOD1132.tmp
06/04/2008 13:07:10 0 byte 0 days old -- NOD1133.tmp
06/04/2008 13:07:12 0 byte 0 days old -- NOD1134.tmp
06/04/2008 13:07:19 0 byte 0 days old -- NOD1135.tmp
06/04/2008 13:07:21 0 byte 0 days old -- NOD1136.tmp
06/04/2008 13:07:23 0 byte 0 days old -- NOD1137.tmp
06/04/2008 13:07:25 0 byte 0 days old -- NOD1138.tmp
06/04/2008 13:07:27 0 byte 0 days old -- NOD1139.tmp
06/04/2008 13:07:29 0 byte 0 days old -- NOD113A.tmp
06/04/2008 07:36:33 0 byte 0 days old -- NOD113B.tmp
06/04/2008 13:07:31 0 byte 0 days old -- NOD113C.tmp
06/04/2008 13:07:33 0 byte 0 days old -- NOD113D.tmp
06/04/2008 13:07:35 0 byte 0 days old -- NOD113E.tmp
06/04/2008 13:07:37 0 byte 0 days old -- NOD113F.tmp
06/04/2008 09:21:32 0 byte 0 days old -- NOD114.tmp
06/04/2008 13:07:39 0 byte 0 days old -- NOD1140.tmp
06/04/2008 13:07:41 0 byte 0 days old -- NOD1141.tmp
06/04/2008 13:07:43 0 byte 0 days old -- NOD1142.tmp
06/04/2008 13:07:45 0 byte 0 days old -- NOD1143.tmp
06/04/2008 07:36:36 0 byte 0 days old -- NOD1144.tmp
06/04/2008 13:07:47 0 byte 0 days old -- NOD1145.tmp
06/04/2008 13:07:49 0 byte 0 days old -- NOD1146.tmp
06/04/2008 13:07:52 0 byte 0 days old -- NOD1147.tmp
06/04/2008 13:07:55 0 byte 0 days old -- NOD1148.tmp
06/04/2008 13:07:57 0 byte 0 days old -- NOD1149.tmp
06/04/2008 13:07:59 0 byte 0 days old -- NOD114A.tmp
06/04/2008 13:08:05 0 byte 0 days old -- NOD114B.tmp
06/04/2008 13:08:08 0 byte 0 days old -- NOD114C.tmp
06/04/2008 13:08:12 0 byte 0 days old -- NOD114D.tmp
06/04/2008 13:08:15 0 byte 0 days old -- NOD114E.tmp
06/04/2008 13:08:18 0 byte 0 days old -- NOD114F.tmp
06/04/2008 09:21:35 0 byte 0 days old -- NOD115.tmp
06/04/2008 13:08:20 0 byte 0 days old -- NOD1150.tmp
06/04/2008 13:08:22 0 byte 0 days old -- NOD1151.tmp
06/04/2008 13:08:24 0 byte 0 days old -- NOD1152.tmp
06/04/2008 13:08:26 0 byte 0 days old -- NOD1153.tmp
06/04/2008 13:08:28 0 byte 0 days old -- NOD1154.tmp
06/04/2008 13:08:30 0 byte 0 days old -- NOD1155.tmp
06/04/2008 13:08:32 0 byte 0 days old -- NOD1156.tmp
06/04/2008 13:08:35 0 byte 0 days old -- NOD1157.tmp
06/04/2008 13:08:39 0 byte 0 days old -- NOD1158.tmp
06/04/2008 13:08:42 0 byte 0 days old -- NOD1159.tmp
06/04/2008 13:08:45 0 byte 0 days old -- NOD115A.tmp
06/04/2008 12:16:34 0 byte 0 days old -- NOD115B.tmp
06/04/2008 13:08:47 0 byte 0 days old -- NOD115C.tmp
06/04/2008 13:08:50 0 byte 0 days old -- NOD115D.tmp
06/04/2008 13:08:53 0 byte 0 days old -- NOD115E.tmp
06/04/2008 13:08:55 0 byte 0 days old -- NOD115F.tmp
06/04/2008 10:48:16 0 byte 0 days old -- NOD116.tmp
06/04/2008 13:08:57 0 byte 0 days old -- NOD1160.tmp
06/04/2008 13:08:59 0 byte 0 days old -- NOD1161.tmp
06/04/2008 13:09:02 0 byte 0 days old -- NOD1162.tmp
06/04/2008 13:09:05 0 byte 0 days old -- NOD1163.tmp
06/04/2008 13:09:07 0 byte 0 days old -- NOD1164.tmp
06/04/2008 07:36:42 0 byte 0 days old -- NOD1165.tmp
06/04/2008 13:09:09 0 byte 0 days old -- NOD1166.tmp
06/04/2008 13:09:13 0 byte 0 days old -- NOD1167.tmp
06/04/2008 13:09:16 0 byte 0 days old -- NOD1168.tmp
06/04/2008 13:09:19 0 byte 0 days old -- NOD1169.tmp
06/04/2008 13:09:22 0 byte 0 days old -- NOD116A.tmp
06/04/2008 13:09:25 0 byte 0 days old -- NOD116B.tmp
06/04/2008 13:09:28 0 byte 0 days old -- NOD116C.tmp
06/04/2008 13:09:31 0 byte 0 days old -- NOD116D.tmp
06/04/2008 13:09:34 0 byte 0 days old -- NOD116E.tmp
06/04/2008 13:09:37 0 byte 0 days old -- NOD116F.tmp
06/04/2008 10:48:19 0 byte 0 days old -- NOD117.tmp
06/04/2008 08:47:05 0 byte 0 days old -- NOD1170.tmp
06/04/2008 13:09:40 0 byte 0 days old -- NOD1171.tmp
06/04/2008 07:36:47 0 byte 0 days old -- NOD1172.tmp
06/04/2008 13:09:43 0 byte 0 days old -- NOD1173.tmp
06/04/2008 13:09:46 0 byte 0 days old -- NOD1174.tmp
06/04/2008 13:09:48 0 byte 0 days old -- NOD1175.tmp
06/04/2008 13:09:51 0 byte 0 days old -- NOD1176.tmp
06/04/2008 07:36:49 0 byte 0 days old -- NOD1177.tmp
06/04/2008 07:36:51 0 byte 0 days old -- NOD1178.tmp
06/04/2008 07:36:54 0 byte 0 days old -- NOD1179.tmp
06/04/2008 13:09:53 0 byte 0 days old -- NOD117A.tmp
06/04/2008 07:36:57 0 byte 0 days old -- NOD117B.tmp
06/04/2008 13:09:56 0 byte 0 days old -- NOD117C.tmp
06/04/2008 13:10:00 0 byte 0 days old -- NOD117D.tmp
06/04/2008 13:10:04 0 byte 0 days old -- NOD117E.tmp
06/04/2008 13:10:08 0 byte 0 days old -- NOD117F.tmp
06/04/2008 10:48:20 0 byte 0 days old -- NOD118.tmp
06/04/2008 13:10:12 0 byte 0 days old -- NOD1180.tmp
06/04/2008 13:10:15 0 byte 0 days old -- NOD1181.tmp
06/04/2008 13:10:18 0 byte 0 days old -- NOD1182.tmp
06/04/2008 13:10:23 0 byte 0 days old -- NOD1183.tmp
06/04/2008 13:10:27 0 byte 0 days old -- NOD1184.tmp
06/04/2008 13:10:30 0 byte 0 days old -- NOD1185.tmp
06/04/2008 07:36:59 0 byte 0 days old -- NOD1186.tmp
06/04/2008 13:10:34 0 byte 0 days old -- NOD1187.tmp
06/04/2008 13:10:37 0 byte 0 days old -- NOD1188.tmp
06/04/2008 13:10:40 0 byte 0 days old -- NOD1189.tmp
06/04/2008 07:37:01 0 byte 0 days old -- NOD118A.tmp
06/04/2008 13:10:43 0 byte 0 days old -- NOD118B.tmp
06/04/2008 13:10:46 0 byte 0 days old -- NOD118C.tmp
06/04/2008 13:10:48 0 byte 0 days old -- NOD118D.tmp
06/04/2008 13:10:51 0 byte 0 days old -- NOD118E.tmp
06/04/2008 13:10:54 0 byte 0 days old -- NOD118F.tmp
06/04/2008 10:48:22 0 byte 0 days old -- NOD119.tmp
06/04/2008 13:10:57 0 byte 0 days old -- NOD1190.tmp
06/04/2008 13:10:59 0 byte 0 days old -- NOD1191.tmp
06/04/2008 13:11:03 0 byte 0 days old -- NOD1192.tmp
06/04/2008 13:11:06 0 byte 0 days old -- NOD1193.tmp
06/04/2008 13:11:08 0 byte 0 days old -- NOD1194.tmp
06/04/2008 13:11:10 0 byte 0 days old -- NOD1195.tmp
06/04/2008 07:37:05 0 byte 0 days old -- NOD1196.tmp
06/04/2008 07:37:08 0 byte 0 days old -- NOD1197.tmp
06/04/2008 13:11:13 0 byte 0 days old -- NOD1198.tmp
06/04/2008 13:11:15 0 byte 0 days old -- NOD1199.tmp
06/04/2008 13:11:18 0 byte 0 days old -- NOD119A.tmp
06/04/2008 13:11:20 0 byte 0 days old -- NOD119B.tmp
06/04/2008 13:11:23 0 byte 0 days old -- NOD119C.tmp
06/04/2008 13:11:25 0 byte 0 days old -- NOD119D.tmp
06/04/2008 13:11:28 0 byte 0 days old -- NOD119E.tmp
06/04/2008 13:11:31 0 byte 0 days old -- NOD119F.tmp
06/04/2008 10:48:23 0 byte 0 days old -- NOD11A.tmp
06/04/2008 13:11:34 0 byte 0 days old -- NOD11A0.tmp
06/04/2008 13:11:37 0 byte 0 days old -- NOD11A1.tmp
06/04/2008 13:11:39 0 byte 0 days old -- NOD11A2.tmp
06/04/2008 13:11:41 0 byte 0 days old -- NOD11A3.tmp
06/04/2008 13:11:43 0 byte 0 days old -- NOD11A4.tmp
06/04/2008 13:11:46 0 byte 0 days old -- NOD11A5.tmp
06/04/2008 13:11:49 0 byte 0 days old -- NOD11A6.tmp
06/04/2008 13:11:52 0 byte 0 days old -- NOD11A7.tmp
06/04/2008 13:11:54 0 byte 0 days old -- NOD11A8.tmp
06/04/2008 13:11:57 0 byte 0 days old -- NOD11A9.tmp
06/04/2008 13:12:00 0 byte 0 days old -- NOD11AA.tmp
06/04/2008 13:12:02 0 byte 0 days old -- NOD11AB.tmp
06/04/2008 13:12:05 0 byte 0 days old -- NOD11AC.tmp
06/04/2008 13:12:11 0 byte 0 days old -- NOD11AD.tmp
06/04/2008 13:12:14 0 byte 0 days old -- NOD11AE.tmp
06/04/2008 13:12:17 0 byte 0 days old -- NOD11AF.tmp
06/04/2008 10:48:25 0 byte 0 days old -- NOD11B.tmp
06/04/2008 13:12:20 0 byte 0 days old -- NOD11B0.tmp
06/04/2008 13:12:24 0 byte 0 days old -- NOD11B1.tmp
06/04/2008 13:12:26 0 byte 0 days old -- NOD11B2.tmp
06/04/2008 13:12:29 0 byte 0 days old -- NOD11B3.tmp
06/04/2008 13:12:31 0 byte 0 days old -- NOD11B4.tmp
06/04/2008 13:12:34 0 byte 0 days old -- NOD11B5.tmp
06/04/2008 13:12:37 0 byte 0 days old -- NOD11B6.tmp
06/04/2008 13:12:40 0 byte 0 days old -- NOD11B7.tmp
06/04/2008 13:12:44 0 byte 0 days old -- NOD11B8.tmp
06/04/2008 13:12:47 0 byte 0 days old -- NOD11B9.tmp
06/04/2008 13:12:51 0 byte 0 days old -- NOD11BA.tmp
06/04/2008 13:12:55 0 byte 0 days old -- NOD11BB.tmp
06/04/2008 13:12:58 0 byte 0 days old -- NOD11BC.tmp
06/04/2008 13:13:01 0 byte 0 days old -- NOD11BD.tmp
06/04/2008 13:13:04 0 byte 0 days old -- NOD11BE.tmp
06/04/2008 13:13:07 0 byte 0 days old -- NOD11BF.tmp
06/04/2008 10:48:27 0 byte 0 days old -- NOD11C.tmp
06/04/2008 13:13:10 0 byte 0 days old -- NOD11C0.tmp
06/04/2008 13:13:12 0 byte 0 days old -- NOD11C1.tmp
06/04/2008 13:13:14 0 byte 0 days old -- NOD11C2.tmp
06/04/2008 13:13:17 0 byte 0 days old -- NOD11C3.tmp
06/04/2008 13:13:19 0 byte 0 days old -- NOD11C4.tmp
06/04/2008 13:13:22 0 byte 0 days old -- NOD11C5.tmp
06/04/2008 13:13:25 0 byte 0 days old -- NOD11C6.tmp
06/04/2008 13:13:28 0 byte 0 days old -- NOD11C7.tmp
06/04/2008 13:13:31 0 byte 0 days old -- NOD11C8.tmp
06/04/2008 13:13:34 0 byte 0 days old -- NOD11C9.tmp
06/04/2008 13:13:37 0 byte 0 days old -- NOD11CA.tmp
06/04/2008 13:13:40 0 byte 0 days old -- NOD11CB.tmp
06/04/2008 13:13:44 0 byte 0 days old -- NOD11CC.tmp
06/04/2008 13:13:47 0 byte 0 days old -- NOD11CD.tmp
06/04/2008 13:13:50 0 byte 0 days old -- NOD11CE.tmp
06/04/2008 13:13:53 0 byte 0 days old -- NOD11CF.tmp
06/04/2008 10:48:28 0 byte 0 days old -- NOD11D.tmp
06/04/2008 13:13:56 0 byte 0 days old -- NOD11D0.tmp
06/04/2008 13:13:58 0 byte 0 days old -- NOD11D1.tmp
06/04/2008 13:14:01 0 byte 0 days old -- NOD11D2.tmp
06/04/2008 13:14:04 0 byte 0 days old -- NOD11D3.tmp
06/04/2008 13:14:07 0 byte 0 days old -- NOD11D4.tmp
06/04/2008 13:14:10 0 byte 0 days old -- NOD11D5.tmp
06/04/2008 13:14:12 0 byte 0 days old -- NOD11D6.tmp
06/04/2008 13:14:15 0 byte 0 days old -- NOD11D7.tmp
06/04/2008 13:14:18 0 byte 0 days old -- NOD11D8.tmp
06/04/2008 13:14:21 0 byte 0 days old -- NOD11D9.tmp
06/04/2008 13:14:25 0 byte 0 days old -- NOD11DA.tmp
06/04/2008 13:14:28 0 byte 0 days old -- NOD11DB.tmp
06/04/2008 13:14:30 0 byte 0 days old -- NOD11DC.tmp
06/04/2008 13:14:34 0 byte 0 days old -- NOD11DD.tmp
06/04/2008 13:14:37 0 byte 0 days old -- NOD11DE.tmp
06/04/2008 13:14:57 0 byte 0 days old -- NOD11DF.tmp
06/04/2008 10:48:32 0 byte 0 days old -- NOD11E.tmp
06/04/2008 13:15:00 0 byte 0 days old -- NOD11E0.tmp
06/04/2008 13:15:04 0 byte 0 days old -- NOD11E1.tmp
06/04/2008 13:15:06 0 byte 0 days old -- NOD11E2.tmp
06/04/2008 13:15:09 0 byte 0 days old -- NOD11E3.tmp
06/04/2008 13:15:13 0 byte 0 days old -- NOD11E4.tmp
06/04/2008 13:15:16 0 byte 0 days old -- NOD11E5.tmp
06/04/2008 13:15:18 0 byte 0 days old -- NOD11E6.tmp
06/04/2008 13:15:22 0 byte 0 days old -- NOD11E7.tmp
06/04/2008 13:15:25 0 byte 0 days old -- NOD11E8.tmp
06/04/2008 13:15:30 0 byte 0 days old -- NOD11E9.tmp
06/04/2008 13:15:33 0 byte 0 days old -- NOD11EA.tmp
06/04/2008 13:15:36 0 byte 0 days old -- NOD11EB.tmp
06/04/2008 13:15:39 0 byte 0 days old -- NOD11EC.tmp
06/04/2008 13:15:43 0 byte 0 days old -- NOD11ED.tmp
06/04/2008 13:15:47 0 byte 0 days old -- NOD11EE.tmp
06/04/2008 13:15:51 0 byte 0 days old -- NOD11EF.tmp
06/04/2008 10:48:34 0 byte 0 days old -- NOD11F.tmp
06/04/2008 13:15:57 0 byte 0 days old -- NOD11F0.tmp
06/04/2008 13:16:02 0 byte 0 days old -- NOD11F1.tmp
06/04/2008 13:16:05 0 byte 0 days old -- NOD11F2.tmp
06/04/2008 13:16:08 0 byte 0 days old -- NOD11F3.tmp
06/04/2008 13:16:11 0 byte 0 days old -- NOD11F4.tmp
06/04/2008 13:16:15 0 byte 0 days old -- NOD11F5.tmp
06/04/2008 13:16:17 0 byte 0 days old -- NOD11F6.tmp
06/04/2008 13:16:19 0 byte 0 days old -- NOD11F7.tmp
06/04/2008 13:16:21 0 byte 0 days old -- NOD11F8.tmp
06/04/2008 13:16:24 0 byte 0 days old -- NOD11F9.tmp
06/04/2008 13:16:27 0 byte 0 days old -- NOD11FA.tmp
06/04/2008 13:16:29 0 byte 0 days old -- NOD11FB.tmp
06/04/2008 13:16:32 0 byte 0 days old -- NOD11FC.tmp
06/04/2008 13:16:36 0 byte 0 days old -- NOD11FD.tmp
06/04/2008 13:16:39 0 byte 0 days old -- NOD11FE.tmp
06/04/2008 13:16:43 0 byte 0 days old -- NOD11FF.tmp
06/04/2008 10:48:36 0 byte 0 days old -- NOD120.tmp
06/04/2008 13:16:45 0 byte 0 days old -- NOD1200.tmp
06/04/2008 13:16:49 0 byte 0 days old -- NOD1201.tmp
06/04/2008 13:16:51 0 byte 0 days old -- NOD1202.tmp
06/04/2008 13:16:55 0 byte 0 days old -- NOD1203.tmp
06/04/2008 13:16:57 0 byte 0 days old -- NOD1204.tmp
06/04/2008 13:17:00 0 byte 0 days old -- NOD1205.tmp
06/04/2008 13:17:03 0 byte 0 days old -- NOD1206.tmp
06/04/2008 13:17:05 0 byte 0 days old -- NOD1207.tmp
06/04/2008 13:17:09 0 byte 0 days old -- NOD1208.tmp
06/04/2008 13:17:12 0 byte 0 days old -- NOD1209.tmp
06/04/2008 13:17:16 0 byte 0 days old -- NOD120A.tmp
06/04/2008 13:17:20 0 byte 0 days old -- NOD120B.tmp
06/04/2008 13:17:23 0 byte 0 days old -- NOD120C.tmp
06/04/2008 13:17:26 0 byte 0 days old -- NOD120D.tmp
06/04/2008 13:17:28 0 byte 0 days old -- NOD120E.tmp
06/04/2008 13:17:31 0 byte 0 days old -- NOD120F.tmp
06/04/2008 10:48:38 0 byte 0 days old -- NOD121.tmp
06/04/2008 13:17:34 0 byte 0 days old -- NOD1210.tmp
06/04/2008 13:17:37 0 byte 0 days old -- NOD1211.tmp
06/04/2008 13:17:40 0 byte 0 days old -- NOD1212.tmp
06/04/2008 13:17:43 0 byte 0 days old -- NOD1213.tmp
06/04/2008 08:08:29 0 byte 0 days old -- NOD1214.tmp
06/04/2008 13:17:46 0 byte 0 days old -- NOD1215.tmp
06/04/2008 13:17:49 0 byte 0 days old -- NOD1216.tmp
06/04/2008 13:17:51 0 byte 0 days old -- NOD1217.tmp
06/04/2008 13:17:55 0 byte 0 days old -- NOD1218.tmp
06/04/2008 13:17:58 0 byte 0 days old -- NOD1219.tmp
06/04/2008 07:37:11 0 byte 0 days old -- NOD121A.tmp
06/04/2008 13:18:01 0 byte 0 days old -- NOD121B.tmp
06/04/2008 13:18:04 0 byte 0 days old -- NOD121C.tmp
06/04/2008 13:18:07 0 byte 0 days old -- NOD121D.tmp
06/04/2008 13:18:11 0 byte 0 days old -- NOD121E.tmp
06/04/2008 13:18:15 0 byte 0 days old -- NOD121F.tmp
06/04/2008 10:48:42 0 byte 0 days old -- NOD122.tmp
06/04/2008 13:18:19 0 byte 0 days old -- NOD1220.tmp
06/04/2008 13:18:23 0 byte 0 days old -- NOD1221.tmp
06/04/2008 13:18:26 0 byte 0 days old -- NOD1222.tmp
06/04/2008 13:18:30 0 byte 0 days old -- NOD1223.tmp
06/04/2008 13:18:32 0 byte 0 days old -- NOD1224.tmp
06/04/2008 13:18:35 0 byte 0 days old -- NOD1225.tmp
06/04/2008 13:18:38 0 byte 0 days old -- NOD1226.tmp
06/04/2008 12:16:37 0 byte 0 days old -- NOD1227.tmp
06/04/2008 12:16:39 0 byte 0 days old -- NOD1228.tmp
06/04/2008 12:16:41 0 byte 0 days old -- NOD1229.tmp
06/04/2008 12:16:43 0 byte 0 days old -- NOD122A.tmp
06/04/2008 13:18:42 0 byte 0 days old -- NOD122B.tmp
06/04/2008 13:18:45 0 byte 0 days old -- NOD122C.tmp
06/04/2008 12:16:45 0 byte 0 days old -- NOD122D.tmp
06/04/2008 12:16:47 0 byte 0 days old -- NOD122E.tmp
06/04/2008 12:16:49 0 byte 0 days old -- NOD122F.tmp
06/04/2008 11:03:07 0 byte 0 days old -- NOD123.tmp
06/04/2008 12:16:50 0 byte 0 days old -- NOD1230.tmp
06/04/2008 13:18:48 0 byte 0 days old -- NOD1231.tmp
06/04/2008 13:18:51 0 byte 0 days old -- NOD1232.tmp
06/04/2008 13:18:54 0 byte 0 days old -- NOD1233.tmp
06/04/2008 13:18:57 0 byte 0 days old -- NOD1234.tmp
06/04/2008 13:19:00 0 byte 0 days old -- NOD1235.tmp
06/04/2008 13:19:04 0 byte 0 days old -- NOD1236.tmp
06/04/2008 13:19:08 0 byte 0 days old -- NOD1237.tmp
06/04/2008 13:19:11 0 byte 0 days old -- NOD1238.tmp
06/04/2008 12:16:53 0 byte 0 days old -- NOD1239.tmp
06/04/2008 12:16:55 0 byte 0 days old -- NOD123A.tmp
06/04/2008 12:16:57 0 byte 0 days old -- NOD123B.tmp
06/04/2008 12:16:59 0 byte 0 days old -- NOD123C.tmp
06/04/2008 12:17:01 0 byte 0 days old -- NOD123D.tmp
06/04/2008 12:17:04 0 byte 0 days old -- NOD123E.tmp
06/04/2008 12:17:05 0 byte 0 days old -- NOD123F.tmp
06/04/2008 10:48:43 0 byte 0 days old -- NOD124.tmp
06/04/2008 12:17:08 0 byte 0 days old -- NOD1240.tmp
06/04/2008 13:19:15 0 byte 0 days old -- NOD1241.tmp
06/04/2008 13:19:19 0 byte 0 days old -- NOD1242.tmp
06/04/2008 12:17:10 0 byte 0 days old -- NOD1243.tmp
06/04/2008 12:17:12 0 byte 0 days old -- NOD1244.tmp
06/04/2008 12:17:14 0 byte 0 days old -- NOD1245.tmp
06/04/2008 12:17:16 0 byte 0 days old -- NOD1246.tmp
06/04/2008 12:17:19 0 byte 0 days old -- NOD1247.tmp
06/04/2008 13:19:23 0 byte 0 days old -- NOD1248.tmp
06/04/2008 13:19:28 0 byte 0 days old -- NOD1249.tmp
06/04/2008 13:19:32 0 byte 0 days old -- NOD124A.tmp
06/04/2008 13:19:36 0 byte 0 days old -- NOD124B.tmp
06/04/2008 13:19:46 0 byte 0 days old -- NOD124C.tmp
06/04/2008 13:19:49 0 byte 0 days old -- NOD124D.tmp
06/04/2008 13:19:53 0 byte 0 days old -- NOD124E.tmp
06/04/2008 13:19:57 0 byte 0 days old -- NOD124F.tmp
06/04/2008 10:48:46 0 byte 0 days old -- NOD125.tmp
06/04/2008 13:20:01 0 byte 0 days old -- NOD1250.tmp
06/04/2008 13:20:05 0 byte 0 days old -- NOD1251.tmp
06/04/2008 13:20:09 0 byte 0 days old -- NOD1252.tmp
06/04/2008 13:20:12 0 byte 0 days old -- NOD1253.tmp
06/04/2008 08:27:52 0 byte 0 days old -- NOD1254.tmp
06/04/2008 13:20:15 0 byte 0 days old -- NOD1255.tmp
06/04/2008 12:17:22 0 byte 0 days old -- NOD1256.tmp
06/04/2008 12:17:25 0 byte 0 days old -- NOD1257.tmp
06/04/2008 12:17:27 0 byte 0 days old -- NOD1258.tmp
06/04/2008 12:17:33 0 byte 0 days old -- NOD1259.tmp
06/04/2008 13:20:18 0 byte 0 days old -- NOD125A.tmp
06/04/2008 13:20:21 0 byte 0 days old -- NOD125B.tmp
06/04/2008 13:20:25 0 byte 0 days old -- NOD125C.tmp
06/04/2008 13:20:28 0 byte 0 days old -- NOD125D.tmp
06/04/2008 12:17:36 0 byte 0 days old -- NOD125E.tmp
06/04/2008 12:17:38 0 byte 0 days old -- NOD125F.tmp
06/04/2008 10:48:48 0 byte 0 days old -- NOD126.tmp
06/04/2008 12:17:40 0 byte 0 days old -- NOD1260.tmp
06/04/2008 12:17:42 0 byte 0 days old -- NOD1261.tmp
06/04/2008 12:17:45 0 byte 0 days old -- NOD1262.tmp
06/04/2008 12:17:47 0 byte 0 days old -- NOD1263.tmp
06/04/2008 12:17:50 0 byte 0 days old -- NOD1264.tmp
06/04/2008 12:17:52 0 byte 0 days old -- NOD1265.tmp
06/04/2008 12:17:54 0 byte 0 days old -- NOD1266.tmp
06/04/2008 12:17:56 0 byte 0 days old -- NOD1267.tmp
06/04/2008 12:17:59 0 byte 0 days old -- NOD1268.tmp
06/04/2008 12:18:01 0 byte 0 days old -- NOD1269.tmp
06/04/2008 12:18:04 0 byte 0 days old -- NOD126A.tmp
06/04/2008 12:18:06 0 byte 0 days old -- NOD126B.tmp
06/04/2008 12:18:08 0 byte 0 days old -- NOD126C.tmp
06/04/2008 12:18:11 0 byte 0 days old -- NOD126D.tmp
06/04/2008 12:18:13 0 byte 0 days old -- NOD126E.tmp
06/04/2008 13:20:30 0 byte 0 days old -- NOD126F.tmp
06/04/2008 10:48:49 0 byte 0 days old -- NOD127.tmp
06/04/2008 13:20:34 0 byte 0 days old -- NOD1270.tmp
06/04/2008 13:20:37 0 byte 0 days old -- NOD1271.tmp
06/04/2008 12:18:16 0 byte 0 days old -- NOD1272.tmp
06/04/2008 12:18:18 0 byte 0 days old -- NOD1273.tmp
06/04/2008 12:18:20 0 byte 0 days old -- NOD1274.tmp
06/04/2008 12:18:22 0 byte 0 days old -- NOD1275.tmp
06/04/2008 13:20:40 0 byte 0 days old -- NOD1276.tmp
06/04/2008 13:20:43 0 byte 0 days old -- NOD1277.tmp
06/04/2008 13:20:46 0 byte 0 days old -- NOD1278.tmp
06/04/2008 13:20:49 0 byte 0 days old -- NOD1279.tmp
06/04/2008 13:20:53 0 byte 0 days old -- NOD127A.tmp
06/04/2008 13:20:55 0 byte 0 days old -- NOD127B.tmp
06/04/2008 13:20:58 0 byte 0 days old -- NOD127C.tmp
06/04/2008 13:21:01 0 byte 0 days old -- NOD127D.tmp
06/04/2008 13:21:04 0 byte 0 days old -- NOD127E.tmp
06/04/2008 13:21:07 0 byte 0 days old -- NOD127F.tmp
06/04/2008 10:48:51 0 byte 0 days old -- NOD128.tmp
06/04/2008 13:21:10 0 byte 0 days old -- NOD1280.tmp
06/04/2008 13:21:13 0 byte 0 days old -- NOD1281.tmp
06/04/2008 13:21:16 0 byte 0 days old -- NOD1282.tmp
06/04/2008 13:21:19 0 byte 0 days old -- NOD1283.tmp
06/04/2008 13:21:22 0 byte 0 days old -- NOD1284.tmp
06/04/2008 13:21:25 0 byte 0 days old -- NOD1285.tmp
06/04/2008 13:21:27 0 byte 0 days old -- NOD1286.tmp
06/04/2008 13:21:31 0 byte 0 days old -- NOD1287.tmp
06/04/2008 13:21:34 0 byte 0 days old -- NOD1288.tmp
06/04/2008 13:21:36 0 byte 0 days old -- NOD1289.tmp
06/04/2008 13:21:40 0 byte 0 days old -- NOD128A.tmp
06/04/2008 13:21:43 0 byte 0 days old -- NOD128B.tmp
06/04/2008 13:21:45 0 byte 0 days old -- NOD128C.tmp
06/04/2008 13:21:49 0 byte 0 days old -- NOD128D.tmp
06/04/2008 13:21:52 0 byte 0 days old -- NOD128E.tmp
06/04/2008 13:21:55 0 byte 0 days old -- NOD128F.tmp
06/04/2008 10:48:55 0 byte 0 days old -- NOD129.tmp
06/04/2008 13:21:58 0 byte 0 days old -- NOD1290.tmp
06/04/2008 13:22:01 0 byte 0 days old -- NOD1291.tmp
06/04/2008 13:22:04 0 byte 0 days old -- NOD1292.tmp
06/04/2008 13:22:07 0 byte 0 days old -- NOD1293.tmp
06/04/2008 13:22:11 0 byte 0 days old -- NOD1294.tmp
06/04/2008 13:22:14 0 byte 0 days old -- NOD1295.tmp
06/04/2008 13:22:17 0 byte 0 days old -- NOD1296.tmp
06/04/2008 13:22:20 0 byte 0 days old -- NOD1297.tmp
06/04/2008 13:22:23 0 byte 0 days old -- NOD1298.tmp
06/04/2008 13:22:26 0 byte 0 days old -- NOD1299.tmp
06/04/2008 13:22:29 0 byte 0 days old -- NOD129A.tmp
06/04/2008 13:22:34 0 byte 0 days old -- NOD129B.tmp
06/04/2008 13:22:38 0 byte 0 days old -- NOD129C.tmp
06/04/2008 13:22:42 0 byte 0 days old -- NOD129D.tmp
06/04/2008 13:22:45 0 byte 0 days old -- NOD129E.tmp
06/04/2008 12:18:25 0 byte 0 days old -- NOD129F.tmp
06/04/2008 11:03:10 0 byte 0 days old -- NOD12A.tmp
06/04/2008 13:22:47 0 byte 0 days old -- NOD12A0.tmp
06/04/2008 13:22:49 0 byte 0 days old -- NOD12A1.tmp
06/04/2008 13:22:52 0 byte 0 days old -- NOD12A2.tmp
06/04/2008 13:22:54 0 byte 0 days old -- NOD12A3.tmp
06/04/2008 13:22:56 0 byte 0 days old -- NOD12A4.tmp
06/04/2008 13:22:58 0 byte 0 days old -- NOD12A5.tmp
06/04/2008 13:23:00 0 byte 0 days old -- NOD12A6.tmp
06/04/2008 13:23:02 0 byte 0 days old -- NOD12A7.tmp
06/04/2008 13:23:04 0 byte 0 days old -- NOD12A8.tmp
06/04/2008 13:23:06 0 byte 0 days old -- NOD12A9.tmp
06/04/2008 13:23:08 0 byte 0 days old -- NOD12AA.tmp