Virus bagle

Réponse 1 / 40

dou-l Messages postés 2871 Statut Membre 61

slt,

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

patou28 Messages postés 211 Statut Membre 2

ComboFix 08-04-08.7 - patou 2008-04-09 8:30:23.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1141 [GMT 2:00]
Endroit: C:\Users\patou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW5UJIQ6\ComboFix[1].exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_srosa

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 18:19 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-08 18:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 18:14 --------- d-----w C:\Users\patou\AppData\Roaming\Grisoft
2008-04-08 16:36 --------- d-----w C:\Program Files\free-downloads.net
2008-04-08 16:36 --------- d-----w C:\Program Files\Conduit
2008-04-08 16:33 --------- d-----w C:\Program Files\Google
2008-04-08 13:32 --------- d-----w C:\Program Files\Navilog1
2008-04-08 08:32 --------- d-----w C:\Users\patou\AppData\Roaming\uTorrent
2008-04-08 08:32 --------- d-----w C:\Users\patou\AppData\Roaming\DeepBurner
2008-04-08 06:57 --------- d-----w C:\PROGRA~2\Google Updater
2008-04-04 11:24 --------- d-----w C:\Program Files\VirtualDub
2008-04-03 11:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 11:21 --------- d-----w C:\Users\patou\AppData\Roaming\Off Road
2008-03-31 16:16 --------- d-----w C:\Users\patou\AppData\Roaming\Zylom
2008-03-31 16:16 --------- d-----w C:\Program Files\Zylom Games
2008-03-31 16:14 --------- d-----w C:\Program Files\Kaggz 4
2008-03-31 16:10 --------- d-----w C:\Program Files\Another Day
2008-03-31 16:05 --------- d-----w C:\Program Files\PopCap Games
2008-03-31 16:03 --------- d-----w C:\Program Files\Blox Forever Deluxe
2008-03-31 16:02 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-31 15:58 --------- d-----w C:\Program Files\Alawar
2008-03-31 14:04 --------- d-----w C:\PROGRA~2\AlawarGameBox
2008-03-31 12:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-31 12:23 --------- d-----w C:\PROGRA~2\InstallShield
2008-03-31 11:58 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-31 11:51 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-31 09:18 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-31 08:58 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-03-30 08:13 --------- d-----w C:\Program Files\MagicBall
2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2008-03-29 17:16 --------- d-----w C:\Program Files\Zone.com Deluxe Games
2008-03-29 17:07 --------- d-----w C:\Program Files\Real
2008-03-29 17:02 --------- d-----w C:\Program Files\GameHouse
2008-03-29 16:20 --------- d-----w C:\Users\patou\AppData\Roaming\Absolutist.com
2008-03-29 16:20 --------- d-----w C:\Program Files\Absolutist.com
2008-03-29 15:58 --------- d-----w C:\Program Files\shockwave.com
2008-03-29 15:56 --------- d-----w C:\Program Files\Ricochet Xtreme
2008-03-29 15:33 --------- d-----w C:\Program Files\Kyodai Mahjongg
2008-03-29 15:19 --------- d-----w C:\Program Files\BongoBoogie
2008-03-29 15:18 --------- d-----w C:\Program Files\Axium
2008-03-29 14:58 --------- d-----w C:\Program Files\Realore
2008-03-29 14:54 --------- d-----w C:\Program Files\phelios
2008-03-29 14:39 --------- d-----w C:\Program Files\AirXonix
2008-03-29 14:23 --------- d-----w C:\Program Files\Twilight
2008-03-27 17:10 --------- d-----w C:\Program Files\Magic Vines
2008-03-27 14:13 --------- d-----w C:\Program Files\Happyneuron
2008-03-27 13:23 --------- d-----w C:\Program Files\Digby's Donuts
2008-03-27 12:38 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-26 14:54 --------- d-----w C:\Program Files\Serials 2000 7.1 Plus
2008-03-24 17:32 --------- d-----w C:\Users\patou\AppData\Roaming\Ahead
2008-03-24 17:24 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-24 17:20 --------- d-----w C:\Program Files\Nero
2008-03-24 11:28 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-24 11:27 --------- d-----w C:\PROGRA~2\Nero
2008-03-23 11:01 --------- d-----w C:\Program Files\Ahead
2008-03-23 10:11 --------- d-----w C:\Program Files\Windows Mail
2008-03-23 10:11 --------- d-----w C:\Program Files\Windows Calendar
2008-03-23 10:00 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-23 10:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-23 10:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-23 10:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-23 09:58 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-23 09:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-22 15:37 --------- d-----w C:\Program Files\Java
2008-03-22 15:36 --------- d-----w C:\Program Files\Common Files\Java
2008-03-22 09:05 --------- d-----w C:\Program Files\Micro Application
2008-03-22 08:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-22 08:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-22 08:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-22 08:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-22 08:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-22 08:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-22 08:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-22 08:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-22 08:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-22 08:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-22 08:05 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-22 08:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-03-22 08:04 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-22 08:04 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-22 08:02 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-22 08:02 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-22 08:02 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-22 08:02 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-22 08:02 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-22 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-22 08:01 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-22 08:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-22 08:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-22 08:01 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-22 08:01 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-22 08:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-22 08:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-22 08:01 1,686,528 ----a-w C:\Windows\System32\gameux.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 10:00 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-03-09 12:00 480648]
"MediaDico"="C:\Program Files\Micro Application\MediaDICO\LanceMediaDICO.exe" [2003-03-26 20:41 252416]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-21 09:54 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"wcmdmgr"="C:\Windows\wt\updater\wcmdmgrl.exe" [2002-09-27 15:47 20480]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-20 15:14:24 125624]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2862084443-3713990064-3127265993-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"TCP Query User{582E90B7-A42F-4D21-9DFB-3E0FA3CD964B}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2C0AEBF0-4EAC-466C-B51B-EEAEBD290B82}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{51EA46A6-52AE-4220-B756-66A4ECEC89AD}"= TCP:9502:emule
"{8CAC0B88-28CB-4A48-89AE-28ACAFCD225F}"= UDP:44804:utorrent
"TCP Query User{9DE99940-EC48-4EA9-8D7C-F7A8028ACB69}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= UDP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"UDP Query User{2946B8D5-A346-4E4C-9BC8-C8B62E6A86BC}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= TCP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"{4BF9C7AC-0A00-4494-97C4-CCE8DBC8CA80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{18F74E77-7E01-40E4-99C0-89987E67551F}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{AD404B56-45F5-428D-94F6-BAD8811FB72E}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{B6D4B668-1A52-4CD2-B59C-CFC36CA92D1B}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"TCP Query User{D48AB1A8-B51F-47B4-8CC5-10A3F016362B}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{7EAF04D3-76BD-4FCA-BFE7-561427AAD459}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"TCP Query User{5FF7477D-8C92-4E11-BE14-E9ABC56BDD88}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6C325B18-3406-4916-B775-65BE430AC5A1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{474F06FB-24EE-4B78-AA4E-8B4A4BB87759}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{394A4BAB-CDB2-4F79-BD8F-A10D999ED332}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{31DB7E95-C64A-4F2B-880B-734FED5FCFFF}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{C5D182F2-CD03-4F36-87AC-52F5885B0DA5}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{43FEC8E7-C84B-4CAC-A972-FFE3478F1BF6}C:\\windows\\system32\\wintems.exe"= UDP:C:\windows\system32\wintems.exe:wintems
"UDP Query User{DD86CAB6-34CC-4936-97B4-B9603BFDC640}C:\\windows\\system32\\wintems.exe"= TCP:C:\windows\system32\wintems.exe:wintems
"{4A339774-EC72-423E-A182-3D599CA20635}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{10D7B6E4-2679-42E2-9D5C-90BFDFDA5F13}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{0AE87FCC-DB55-4B33-8589-622516DD0893}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{24F5390F-9AA2-4037-A59F-97E546753C8B}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 08:36:19
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Micro Application\MediaDICO\MediaDICO.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Micro Application\MediaDICO\Rac.EXE
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-09 8:38:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 06:38:31
ComboFix2.txt 2008-04-08 14:13:08
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-06 17:57:52 --- E O F ---

Réponse 2 / 40

dou-l Messages postés 2871 Statut Membre 61

Redémarre ton ordinateur en mode sans échec puis refait elibagla trois ou qutre fois faut pas eviter !! puis poste les rapport !

patou28 Messages postés 211 Statut Membre 2

Tue Apr 08 12:55:31 2008
EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Tue Apr 08 12:57:02 2008
EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr
C:\Users\patou\Downloads\eMule\Incoming\GRAND PRIX 3 DEMO.EXE --> Eliminado Bagle.dldr
C:\Users\patou\Downloads\eMule\Incoming\GRAND PRIX 3 DEMO.ZIP --> Eliminado Bagle.dldr

Nº Total de Directorios: 13604
Nº Total de Ficheros: 84164
Nº de Ficheros Analizados: 14364
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3

Tue Apr 08 14:13:13 2008
EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Tue Apr 08 14:15:05 2008
EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 13579
Nº Total de Ficheros: 84062
Nº de Ficheros Analizados: 14278
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Apr 09 12:29:29 2008
EliBagle v11.23 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Apr 09 12:29:34 2008
EliBagle v11.23 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\Windows\System32\drivers\downld\31828353.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\71401.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\75535.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\80480.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\83210.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\83226.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\85535.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\86221.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\91182.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\92477.EXE --> Eliminado Bagle

Nº Total de Directorios: 13679
Nº Total de Ficheros: 85413
Nº de Ficheros Analizados: 14440
Nº de Ficheros Infectados: 11
Nº de Ficheros Limpiados: 11

Réponse 3 / 40

dou-l Messages postés 2871 Statut Membre 61

refait un combofix stp

patou28 Messages postés 211 Statut Membre 2

ComboFix 08-04-08.9 - patou 2008-04-09 13:35:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1217 [GMT 2:00]
Endroit: C:\Users\patou\Downloads\combo-fix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 07:57 --------- d-----w C:\PROGRA~2\Google Updater
2008-04-08 18:19 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-08 18:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 18:14 --------- d-----w C:\Users\patou\AppData\Roaming\Grisoft
2008-04-08 16:36 --------- d-----w C:\Program Files\free-downloads.net
2008-04-08 16:36 --------- d-----w C:\Program Files\Conduit
2008-04-08 16:33 --------- d-----w C:\Program Files\Google
2008-04-08 13:32 --------- d-----w C:\Program Files\Navilog1
2008-04-08 08:32 --------- d-----w C:\Users\patou\AppData\Roaming\uTorrent
2008-04-08 08:32 --------- d-----w C:\Users\patou\AppData\Roaming\DeepBurner
2008-04-04 11:24 --------- d-----w C:\Program Files\VirtualDub
2008-04-03 11:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 11:21 --------- d-----w C:\Users\patou\AppData\Roaming\Off Road
2008-03-31 16:16 --------- d-----w C:\Users\patou\AppData\Roaming\Zylom
2008-03-31 16:16 --------- d-----w C:\Program Files\Zylom Games
2008-03-31 16:14 --------- d-----w C:\Program Files\Kaggz 4
2008-03-31 16:10 --------- d-----w C:\Program Files\Another Day
2008-03-31 16:05 --------- d-----w C:\Program Files\PopCap Games
2008-03-31 16:03 --------- d-----w C:\Program Files\Blox Forever Deluxe
2008-03-31 16:02 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-31 15:58 --------- d-----w C:\Program Files\Alawar
2008-03-31 14:04 --------- d-----w C:\PROGRA~2\AlawarGameBox
2008-03-31 12:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-31 12:23 --------- d-----w C:\PROGRA~2\InstallShield
2008-03-31 11:58 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-31 11:51 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-31 09:18 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-31 08:58 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-03-30 08:13 --------- d-----w C:\Program Files\MagicBall
2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2008-03-29 17:16 --------- d-----w C:\Program Files\Zone.com Deluxe Games
2008-03-29 17:07 --------- d-----w C:\Program Files\Real
2008-03-29 17:02 --------- d-----w C:\Program Files\GameHouse
2008-03-29 16:20 --------- d-----w C:\Users\patou\AppData\Roaming\Absolutist.com
2008-03-29 16:20 --------- d-----w C:\Program Files\Absolutist.com
2008-03-29 15:58 --------- d-----w C:\Program Files\shockwave.com
2008-03-29 15:56 --------- d-----w C:\Program Files\Ricochet Xtreme
2008-03-29 15:33 --------- d-----w C:\Program Files\Kyodai Mahjongg
2008-03-29 15:19 --------- d-----w C:\Program Files\BongoBoogie
2008-03-29 15:18 --------- d-----w C:\Program Files\Axium
2008-03-29 14:58 --------- d-----w C:\Program Files\Realore
2008-03-29 14:54 --------- d-----w C:\Program Files\phelios
2008-03-29 14:39 --------- d-----w C:\Program Files\AirXonix
2008-03-29 14:23 --------- d-----w C:\Program Files\Twilight
2008-03-27 17:10 --------- d-----w C:\Program Files\Magic Vines
2008-03-27 14:13 --------- d-----w C:\Program Files\Happyneuron
2008-03-27 13:23 --------- d-----w C:\Program Files\Digby's Donuts
2008-03-27 12:38 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-26 14:54 --------- d-----w C:\Program Files\Serials 2000 7.1 Plus
2008-03-24 17:32 --------- d-----w C:\Users\patou\AppData\Roaming\Ahead
2008-03-24 17:24 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-24 17:20 --------- d-----w C:\Program Files\Nero
2008-03-24 11:28 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-24 11:27 --------- d-----w C:\PROGRA~2\Nero
2008-03-23 11:01 --------- d-----w C:\Program Files\Ahead
2008-03-23 10:11 --------- d-----w C:\Program Files\Windows Mail
2008-03-23 10:11 --------- d-----w C:\Program Files\Windows Calendar
2008-03-23 10:00 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-23 10:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-23 10:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-23 10:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-23 09:58 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-23 09:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-22 15:37 --------- d-----w C:\Program Files\Java
2008-03-22 15:36 --------- d-----w C:\Program Files\Common Files\Java
2008-03-22 09:05 --------- d-----w C:\Program Files\Micro Application
2008-03-22 08:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-22 08:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-22 08:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-22 08:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-22 08:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-22 08:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-22 08:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-22 08:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-22 08:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-22 08:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-22 08:05 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-22 08:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-03-22 08:04 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-22 08:04 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-22 08:02 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-22 08:02 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-22 08:02 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-22 08:02 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-22 08:02 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-22 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-22 08:01 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-22 08:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-22 08:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-22 08:01 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-22 08:01 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-22 08:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-22 08:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-22 08:01 1,686,528 ----a-w C:\Windows\System32\gameux.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 10:00 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-03-09 12:00 480648]
"MediaDico"="C:\Program Files\Micro Application\MediaDICO\LanceMediaDICO.exe" [2003-03-26 20:41 252416]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-21 09:54 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"wcmdmgr"="C:\Windows\wt\updater\wcmdmgrl.exe" [2002-09-27 15:47 20480]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-20 15:14:24 125624]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2862084443-3713990064-3127265993-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"TCP Query User{582E90B7-A42F-4D21-9DFB-3E0FA3CD964B}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2C0AEBF0-4EAC-466C-B51B-EEAEBD290B82}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{51EA46A6-52AE-4220-B756-66A4ECEC89AD}"= TCP:9502:emule
"{8CAC0B88-28CB-4A48-89AE-28ACAFCD225F}"= UDP:44804:utorrent
"TCP Query User{9DE99940-EC48-4EA9-8D7C-F7A8028ACB69}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= UDP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"UDP Query User{2946B8D5-A346-4E4C-9BC8-C8B62E6A86BC}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= TCP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"{4BF9C7AC-0A00-4494-97C4-CCE8DBC8CA80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{18F74E77-7E01-40E4-99C0-89987E67551F}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{AD404B56-45F5-428D-94F6-BAD8811FB72E}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{B6D4B668-1A52-4CD2-B59C-CFC36CA92D1B}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"TCP Query User{D48AB1A8-B51F-47B4-8CC5-10A3F016362B}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{7EAF04D3-76BD-4FCA-BFE7-561427AAD459}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"TCP Query User{5FF7477D-8C92-4E11-BE14-E9ABC56BDD88}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6C325B18-3406-4916-B775-65BE430AC5A1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{474F06FB-24EE-4B78-AA4E-8B4A4BB87759}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{394A4BAB-CDB2-4F79-BD8F-A10D999ED332}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{31DB7E95-C64A-4F2B-880B-734FED5FCFFF}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{C5D182F2-CD03-4F36-87AC-52F5885B0DA5}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{43FEC8E7-C84B-4CAC-A972-FFE3478F1BF6}C:\\windows\\system32\\wintems.exe"= UDP:C:\windows\system32\wintems.exe:wintems
"UDP Query User{DD86CAB6-34CC-4936-97B4-B9603BFDC640}C:\\windows\\system32\\wintems.exe"= TCP:C:\windows\system32\wintems.exe:wintems
"{4A339774-EC72-423E-A182-3D599CA20635}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{10D7B6E4-2679-42E2-9D5C-90BFDFDA5F13}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{0AE87FCC-DB55-4B33-8589-622516DD0893}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{24F5390F-9AA2-4037-A59F-97E546753C8B}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 13:38:09
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-09 13:39:11
ComboFix-quarantined-files.txt 2008-04-09 11:38:59
ComboFix2.txt 2008-04-09 06:38:42
ComboFix3.txt 2008-04-08 14:13:08
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-06 17:57:52 --- E O F ---

Réponse 4 / 40

dou-l Messages postés 2871 Statut Membre 61

Ca va pas t'as pâs renomer combofix !!!!!!!!!

regarde le lien !!https://forum.pcastuces.com/sujet.asp?f=25&s=37315

et refait le

patou28 Messages postés 211 Statut Membre 2

ComboFix 08-04-08.10 - patou 2008-04-09 14:42:12.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1069 [GMT 2:00]
Endroit: C:\Users\patou\Desktop\rubis.exe
* Création d'un nouveau point de restauration
.
/wow section - STAGE 23
Le texte du message associé au numéro 0x5 est introuvable dans le fichier de messages pour System.
Findstr -MLF:temp01 -G:temp00
C:\Windows\system32\conime.exe
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe" /URL="http://www.antivir-pe.com/vireninfo" /TITLE="Virus Information"
pv -d30000 * -t -l
SED -r "/.*(findstr\.exe|\.cfexe) \s//@pv -kfi /;s/.*//"
catchme -apx

((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 11:54 --------- d-----w C:\Program Files\Avira
2008-04-09 11:54 --------- d-----w C:\PROGRA~2\Avira
2008-04-09 07:57 --------- d-----w C:\PROGRA~2\Google Updater
2008-04-08 18:19 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-08 18:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 18:14 --------- d-----w C:\Users\patou\AppData\Roaming\Grisoft
2008-04-08 16:36 --------- d-----w C:\Program Files\free-downloads.net
2008-04-08 16:36 --------- d-----w C:\Program Files\Conduit
2008-04-08 16:33 --------- d-----w C:\Program Files\Google
2008-04-08 13:32 --------- d-----w C:\Program Files\Navilog1
2008-04-08 08:32 --------- d-----w C:\Users\patou\AppData\Roaming\uTorrent
2008-04-08 08:32 --------- d-----w C:\Users\patou\AppData\Roaming\DeepBurner
2008-04-04 11:24 --------- d-----w C:\Program Files\VirtualDub
2008-04-03 11:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 11:21 --------- d-----w C:\Users\patou\AppData\Roaming\Off Road
2008-03-31 16:16 --------- d-----w C:\Users\patou\AppData\Roaming\Zylom
2008-03-31 16:16 --------- d-----w C:\Program Files\Zylom Games
2008-03-31 16:14 --------- d-----w C:\Program Files\Kaggz 4
2008-03-31 16:10 --------- d-----w C:\Program Files\Another Day
2008-03-31 16:05 --------- d-----w C:\Program Files\PopCap Games
2008-03-31 16:03 --------- d-----w C:\Program Files\Blox Forever Deluxe
2008-03-31 16:02 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-31 15:58 --------- d-----w C:\Program Files\Alawar
2008-03-31 14:04 --------- d-----w C:\PROGRA~2\AlawarGameBox
2008-03-31 12:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-31 12:23 --------- d-----w C:\PROGRA~2\InstallShield
2008-03-31 11:58 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-31 11:51 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-31 09:18 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-31 08:58 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-03-30 08:13 --------- d-----w C:\Program Files\MagicBall
2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2008-03-29 17:16 --------- d-----w C:\Program Files\Zone.com Deluxe Games
2008-03-29 17:07 --------- d-----w C:\Program Files\Real
2008-03-29 17:02 --------- d-----w C:\Program Files\GameHouse
2008-03-29 16:20 --------- d-----w C:\Users\patou\AppData\Roaming\Absolutist.com
2008-03-29 16:20 --------- d-----w C:\Program Files\Absolutist.com
2008-03-29 15:58 --------- d-----w C:\Program Files\shockwave.com
2008-03-29 15:56 --------- d-----w C:\Program Files\Ricochet Xtreme
2008-03-29 15:33 --------- d-----w C:\Program Files\Kyodai Mahjongg
2008-03-29 15:19 --------- d-----w C:\Program Files\BongoBoogie
2008-03-29 15:18 --------- d-----w C:\Program Files\Axium
2008-03-29 14:58 --------- d-----w C:\Program Files\Realore
2008-03-29 14:54 --------- d-----w C:\Program Files\phelios
2008-03-29 14:39 --------- d-----w C:\Program Files\AirXonix
2008-03-29 14:23 --------- d-----w C:\Program Files\Twilight
2008-03-27 17:10 --------- d-----w C:\Program Files\Magic Vines
2008-03-27 14:13 --------- d-----w C:\Program Files\Happyneuron
2008-03-27 13:23 --------- d-----w C:\Program Files\Digby's Donuts
2008-03-27 12:38 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-26 14:54 --------- d-----w C:\Program Files\Serials 2000 7.1 Plus
2008-03-24 17:32 --------- d-----w C:\Users\patou\AppData\Roaming\Ahead
2008-03-24 17:24 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-24 17:20 --------- d-----w C:\Program Files\Nero
2008-03-24 11:28 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-24 11:27 --------- d-----w C:\PROGRA~2\Nero
2008-03-23 11:01 --------- d-----w C:\Program Files\Ahead
2008-03-23 10:11 --------- d-----w C:\Program Files\Windows Mail
2008-03-23 10:11 --------- d-----w C:\Program Files\Windows Calendar
2008-03-23 10:00 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-23 10:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-23 10:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-23 10:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-23 09:58 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-23 09:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-22 15:37 --------- d-----w C:\Program Files\Java
2008-03-22 15:36 --------- d-----w C:\Program Files\Common Files\Java
2008-03-22 09:05 --------- d-----w C:\Program Files\Micro Application
2008-03-22 08:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-22 08:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-22 08:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-22 08:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-22 08:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-22 08:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-22 08:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-22 08:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-22 08:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-22 08:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-22 08:05 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-22 08:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-03-22 08:04 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-22 08:04 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-22 08:02 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-22 08:02 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-22 08:02 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-22 08:02 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-22 08:02 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-22 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-22 08:01 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-22 08:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-22 08:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-22 08:01 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-22 08:01 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-22 08:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 10:00 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-03-09 12:00 480648]
"MediaDico"="C:\Program Files\Micro Application\MediaDICO\LanceMediaDICO.exe" [2003-03-26 20:41 252416]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-21 09:54 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"wcmdmgr"="C:\Windows\wt\updater\wcmdmgrl.exe" [2002-09-27 15:47 20480]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-09 13:58 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-20 15:14:24 125624]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2862084443-3713990064-3127265993-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"TCP Query User{582E90B7-A42F-4D21-9DFB-3E0FA3CD964B}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2C0AEBF0-4EAC-466C-B51B-EEAEBD290B82}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{51EA46A6-52AE-4220-B756-66A4ECEC89AD}"= TCP:9502:emule
"{8CAC0B88-28CB-4A48-89AE-28ACAFCD225F}"= UDP:44804:utorrent
"TCP Query User{9DE99940-EC48-4EA9-8D7C-F7A8028ACB69}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= UDP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"UDP Query User{2946B8D5-A346-4E4C-9BC8-C8B62E6A86BC}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= TCP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"{4BF9C7AC-0A00-4494-97C4-CCE8DBC8CA80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{18F74E77-7E01-40E4-99C0-89987E67551F}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{AD404B56-45F5-428D-94F6-BAD8811FB72E}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{B6D4B668-1A52-4CD2-B59C-CFC36CA92D1B}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"TCP Query User{D48AB1A8-B51F-47B4-8CC5-10A3F016362B}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{7EAF04D3-76BD-4FCA-BFE7-561427AAD459}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"TCP Query User{5FF7477D-8C92-4E11-BE14-E9ABC56BDD88}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6C325B18-3406-4916-B775-65BE430AC5A1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{474F06FB-24EE-4B78-AA4E-8B4A4BB87759}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{394A4BAB-CDB2-4F79-BD8F-A10D999ED332}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{31DB7E95-C64A-4F2B-880B-734FED5FCFFF}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{C5D182F2-CD03-4F36-87AC-52F5885B0DA5}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{43FEC8E7-C84B-4CAC-A972-FFE3478F1BF6}C:\\windows\\system32\\wintems.exe"= UDP:C:\windows\system32\wintems.exe:wintems
"UDP Query User{DD86CAB6-34CC-4936-97B4-B9603BFDC640}C:\\windows\\system32\\wintems.exe"= TCP:C:\windows\system32\wintems.exe:wintems
"{4A339774-EC72-423E-A182-3D599CA20635}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{10D7B6E4-2679-42E2-9D5C-90BFDFDA5F13}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{0AE87FCC-DB55-4B33-8589-622516DD0893}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{24F5390F-9AA2-4037-A59F-97E546753C8B}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]

*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 14:49:04
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.

patou28 Messages postés 211 Statut Membre 2

ComboFix 08-04-08.10 - patou 2008-04-09 14:42:12.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1069 [GMT 2:00]
Endroit: C:\Users\patou\Desktop\rubis.exe
* Création d'un nouveau point de restauration
.
/wow section - STAGE 23
Le texte du message associé au numéro 0x5 est introuvable dans le fichier de messages pour System.
Findstr -MLF:temp01 -G:temp00
C:\Windows\system32\conime.exe
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe" /URL="http://www.antivir-pe.com/vireninfo" /TITLE="Virus Information"
pv -d30000 * -t -l
SED -r "/.*(findstr\.exe|\.cfexe) \s//@pv -kfi /;s/.*//"
catchme -apx

((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 11:54 --------- d-----w C:\Program Files\Avira
2008-04-09 11:54 --------- d-----w C:\PROGRA~2\Avira
2008-04-09 07:57 --------- d-----w C:\PROGRA~2\Google Updater
2008-04-08 18:19 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-08 18:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 18:14 --------- d-----w C:\Users\patou\AppData\Roaming\Grisoft
2008-04-08 16:36 --------- d-----w C:\Program Files\free-downloads.net
2008-04-08 16:36 --------- d-----w C:\Program Files\Conduit
2008-04-08 16:33 --------- d-----w C:\Program Files\Google
2008-04-08 13:32 --------- d-----w C:\Program Files\Navilog1
2008-04-08 08:32 --------- d-----w C:\Users\patou\AppData\Roaming\uTorrent
2008-04-08 08:32 --------- d-----w C:\Users\patou\AppData\Roaming\DeepBurner
2008-04-04 11:24 --------- d-----w C:\Program Files\VirtualDub
2008-04-03 11:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 11:21 --------- d-----w C:\Users\patou\AppData\Roaming\Off Road
2008-03-31 16:16 --------- d-----w C:\Users\patou\AppData\Roaming\Zylom
2008-03-31 16:16 --------- d-----w C:\Program Files\Zylom Games
2008-03-31 16:14 --------- d-----w C:\Program Files\Kaggz 4
2008-03-31 16:10 --------- d-----w C:\Program Files\Another Day
2008-03-31 16:05 --------- d-----w C:\Program Files\PopCap Games
2008-03-31 16:03 --------- d-----w C:\Program Files\Blox Forever Deluxe
2008-03-31 16:02 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-31 15:58 --------- d-----w C:\Program Files\Alawar
2008-03-31 14:04 --------- d-----w C:\PROGRA~2\AlawarGameBox
2008-03-31 12:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-31 12:23 --------- d-----w C:\PROGRA~2\InstallShield
2008-03-31 11:58 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-31 11:51 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-31 09:18 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-31 08:58 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-03-30 08:13 --------- d-----w C:\Program Files\MagicBall
2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2008-03-29 17:16 --------- d-----w C:\Program Files\Zone.com Deluxe Games
2008-03-29 17:07 --------- d-----w C:\Program Files\Real
2008-03-29 17:02 --------- d-----w C:\Program Files\GameHouse
2008-03-29 16:20 --------- d-----w C:\Users\patou\AppData\Roaming\Absolutist.com
2008-03-29 16:20 --------- d-----w C:\Program Files\Absolutist.com
2008-03-29 15:58 --------- d-----w C:\Program Files\shockwave.com
2008-03-29 15:56 --------- d-----w C:\Program Files\Ricochet Xtreme
2008-03-29 15:33 --------- d-----w C:\Program Files\Kyodai Mahjongg
2008-03-29 15:19 --------- d-----w C:\Program Files\BongoBoogie
2008-03-29 15:18 --------- d-----w C:\Program Files\Axium
2008-03-29 14:58 --------- d-----w C:\Program Files\Realore
2008-03-29 14:54 --------- d-----w C:\Program Files\phelios
2008-03-29 14:39 --------- d-----w C:\Program Files\AirXonix
2008-03-29 14:23 --------- d-----w C:\Program Files\Twilight
2008-03-27 17:10 --------- d-----w C:\Program Files\Magic Vines
2008-03-27 14:13 --------- d-----w C:\Program Files\Happyneuron
2008-03-27 13:23 --------- d-----w C:\Program Files\Digby's Donuts
2008-03-27 12:38 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-26 14:54 --------- d-----w C:\Program Files\Serials 2000 7.1 Plus
2008-03-24 17:32 --------- d-----w C:\Users\patou\AppData\Roaming\Ahead
2008-03-24 17:24 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-24 17:20 --------- d-----w C:\Program Files\Nero
2008-03-24 11:28 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-24 11:27 --------- d-----w C:\PROGRA~2\Nero
2008-03-23 11:01 --------- d-----w C:\Program Files\Ahead
2008-03-23 10:11 --------- d-----w C:\Program Files\Windows Mail
2008-03-23 10:11 --------- d-----w C:\Program Files\Windows Calendar
2008-03-23 10:00 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-23 10:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-23 10:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-23 10:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-23 09:58 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-23 09:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-22 15:37 --------- d-----w C:\Program Files\Java
2008-03-22 15:36 --------- d-----w C:\Program Files\Common Files\Java
2008-03-22 09:05 --------- d-----w C:\Program Files\Micro Application
2008-03-22 08:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-22 08:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-22 08:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-22 08:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-22 08:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-22 08:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-22 08:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-22 08:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-22 08:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-22 08:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-22 08:05 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-22 08:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-03-22 08:04 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-22 08:04 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-22 08:02 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-22 08:02 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-22 08:02 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-22 08:02 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-22 08:02 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-22 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-22 08:01 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-22 08:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-22 08:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-22 08:01 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-22 08:01 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-22 08:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 10:00 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-03-09 12:00 480648]
"MediaDico"="C:\Program Files\Micro Application\MediaDICO\LanceMediaDICO.exe" [2003-03-26 20:41 252416]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-21 09:54 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"wcmdmgr"="C:\Windows\wt\updater\wcmdmgrl.exe" [2002-09-27 15:47 20480]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-09 13:58 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-20 15:14:24 125624]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2862084443-3713990064-3127265993-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"TCP Query User{582E90B7-A42F-4D21-9DFB-3E0FA3CD964B}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2C0AEBF0-4EAC-466C-B51B-EEAEBD290B82}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{51EA46A6-52AE-4220-B756-66A4ECEC89AD}"= TCP:9502:emule
"{8CAC0B88-28CB-4A48-89AE-28ACAFCD225F}"= UDP:44804:utorrent
"TCP Query User{9DE99940-EC48-4EA9-8D7C-F7A8028ACB69}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= UDP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"UDP Query User{2946B8D5-A346-4E4C-9BC8-C8B62E6A86BC}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= TCP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"{4BF9C7AC-0A00-4494-97C4-CCE8DBC8CA80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{18F74E77-7E01-40E4-99C0-89987E67551F}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{AD404B56-45F5-428D-94F6-BAD8811FB72E}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{B6D4B668-1A52-4CD2-B59C-CFC36CA92D1B}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"TCP Query User{D48AB1A8-B51F-47B4-8CC5-10A3F016362B}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{7EAF04D3-76BD-4FCA-BFE7-561427AAD459}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"TCP Query User{5FF7477D-8C92-4E11-BE14-E9ABC56BDD88}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6C325B18-3406-4916-B775-65BE430AC5A1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{474F06FB-24EE-4B78-AA4E-8B4A4BB87759}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{394A4BAB-CDB2-4F79-BD8F-A10D999ED332}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{31DB7E95-C64A-4F2B-880B-734FED5FCFFF}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{C5D182F2-CD03-4F36-87AC-52F5885B0DA5}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{43FEC8E7-C84B-4CAC-A972-FFE3478F1BF6}C:\\windows\\system32\\wintems.exe"= UDP:C:\windows\system32\wintems.exe:wintems
"UDP Query User{DD86CAB6-34CC-4936-97B4-B9603BFDC640}C:\\windows\\system32\\wintems.exe"= TCP:C:\windows\system32\wintems.exe:wintems
"{4A339774-EC72-423E-A182-3D599CA20635}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{10D7B6E4-2679-42E2-9D5C-90BFDFDA5F13}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{0AE87FCC-DB55-4B33-8589-622516DD0893}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{24F5390F-9AA2-4037-A59F-97E546753C8B}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]

*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 14:49:04
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.

Réponse 5 / 40

dou-l Messages postés 2871 Statut Membre 61

ok encore des soucis ?

patou28 Messages postés 211 Statut Membre 2

merci de prendre du temps
La SUITE C'EST QUOI

Réponse 6 / 40

dou-l Messages postés 2871 Statut Membre 61

tjr des problemes ??

patou28 Messages postés 211 Statut Membre 2

comment y remedier

Réponse 7 / 40

dou-l Messages postés 2871 Statut Membre 61

donc tjr des problemes

Refait un elibagla stp

puis on continuera !

patou28 Messages postés 211 Statut Membre 2

j'ai fais un scan avec elibagla impossible de trouver le rapport infosat .txt mais apparament il y avez aucun fichiers infectés

Réponse 8 / 40

dou-l Messages postés 2871 Statut Membre 61

OK

dit moi encore des soucis ???

patou28 Messages postés 211 Statut Membre 2

j'aimerais savoir s'il me reste des traces de bagle , et par la même occasion peut tu me dire pourquoi je ne peut pas faire de scan en ligne j'ai beau cliquer sur la barre activex impossible
Pour tout je te remercie de m'avoir consacré de ton temps , encore MERCI

Réponse 9 / 40

dou-l Messages postés 2871 Statut Membre 61

T'es sur que le rapport est inaxecisble ,??

Essaye un scan en ligne firefox: https://www.trendmicro.com/en_us/forHome/products/housecall.html

patou28 Messages postés 211 Statut Membre 2

j'ai un fichierinfecté que je ne peux pas supprimé

Réponse 10 / 40

dou-l Messages postés 2871 Statut Membre 61

lequel envoi le rapport ?

patou28 Messages postés 211 Statut Membre 2

ou se trouve le rapport dans housecall

Réponse 11 / 40

dou-l Messages postés 2871 Statut Membre 61

Il te l'ont pas donné a la fin du scan ??

t'as le nom du fichier ?

patou28 Messages postés 211 Statut Membre 2

je n'ai pas le raopport juste ADWARE 180SOLUTIONS infections liées aux graywares/programes espions de plus j'ai fais un scan avec antivir je te colle le rapport ici

AntiVir PersonalEdition Classic
Report file date: mercredi 9 avril 2008 16:44

Scanning for 1188953 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: patou
Computer name: RUBIS

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 11:58:28
ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 07/04/2008 11:58:28
ANTIVIR3.VDF : 7.0.3.138 69632 Bytes 09/04/2008 11:58:28
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 09/04/2008 11:58:29
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/04/2008 11:58:29
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: K:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mercredi 9 avril 2008 16:44

The scan of running processes will be started
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'conime.exe' - '0' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '0' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '0' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '0' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '0' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '0' Module(s) have been scanned
Scan process 'RichVideo.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '0' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '0' Module(s) have been scanned
Scan process 'eDSService.exe' - '0' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'RAC.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '0' Module(s) have been scanned
Scan process 'CLMSServer.exe' - '0' Module(s) have been scanned
Scan process 'ImApp.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'MediaDico.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'MgApp.exe' - '1' Module(s) have been scanned
Scan process 'PCMMediaSharing.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'SysMonitor.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
28 processes with 28 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0005
[NOTE] Please restart the search with Administrator rights
Boot sector 'D:\'
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0005
[NOTE] Please restart the search with Administrator rights
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '27' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'K:\'
Search path K:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: mercredi 9 avril 2008 19:22
Used time: 2:37:36 min

The scan has been done completely.

13732 Scanning directories
210499 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
210499 Files not concerned
2006 Archives were scanned
3 Warnings
148 Notes

Réponse 12 / 40

dou-l Messages postés 2871 Statut Membre 61

ok encore des soucis ??????

Réponse 13 / 40

dou-l Messages postés 2871 Statut Membre 61

Je revien demain matin pour la suite a+

patou28 Messages postés 211 Statut Membre 2

Bonjour Dou-l
il me reste encore des saletés

Réponse 14 / 40

dou-l Messages postés 2871 Statut Membre 61

Quelle genre encore win32 non valide ?

patou28 Messages postés 211 Statut Membre 2

je ne sais pas, j'ai passé AV

AntiVir PersonalEdition Classic
Report file date: 2008-04-10 10:22

Scanning for 1188953 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: RUBIS

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 11:58:28
ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 2008-04-07 11:58:28
ANTIVIR3.VDF : 7.0.3.138 69632 Bytes 2008-04-09 11:58:28
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 2008-04-09 11:58:29
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-04-09 11:58:29
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 2008-04-10 10:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'CLMSServer.exe' - '1' Module(s) have been scanned
Scan process 'PCMMediaSharing.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'SysMonitor.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
62 processes with 62 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '25' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>

End of the scan: 2008-04-10 10:59
Used time: 36:52 min

The scan has been done completely.

14092 Scanning directories
223617 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
223617 Files not concerned
2175 Archives were scanned
3 Warnings
148 Notes

IRA ANTIVIR voila le rapport est-ce que ça peut t'aider

Réponse 15 / 40

dou-l Messages postés 2871 Statut Membre 61

Il reste du bagle t'as viré le crack ou l'e-mail que t'as télécharger ??

C'est hyper important de le virer !!!

Ensuite refait un elibagla et si sa donne rien on supprimera manuellement !!

patou28 Messages postés 211 Statut Membre 2

c'est que je ne sais pas ou il se trouve

Réponse 16 / 40

dou-l Messages postés 2871 Statut Membre 61

Il se trouve ici : C:\infosat.txt

patou28 Messages postés 211 Statut Membre 2

je suis desespérée j'ai passée elibagla impossible de trové le rapport dans c: j'ai fais une recherche infosat.txt rien je te remercie de ta patience le resultat a la fin du scan 0 fichiers infectés mais pendant le scan j'ai une fenêtre "acceso denegado a la carpeta " je suppose que beaucoup de fichiers non pas été scanné

Réponse 17 / 40

dou-l Messages postés 2871 Statut Membre 61

Ok dit moi tes soucis ?? Encore des win32 n'est pas une application valide ??, Dis moi entierement tout tes soucis !!!

Réponse 18 / 40

dou-l Messages postés 2871 Statut Membre 61

Dsl je vien de me rendre compte d'un truc ces temp si je tourne au ralenti !!!

Désactive le contrôle des comptes utilisateurs :

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Puis refait un combofix (le renom bien sur )

patou28 Messages postés 211 Statut Membre 2

mon compte est desactivé depuis hier d'ailleurs impossible de le réactiver
Voila le rapport de combofix
ComboFix 08-04-09.9 - patou 2008-04-10 13:58:59.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1153 [GMT 2:00]
Endroit: C:\Users\patou\Desktop\kiki.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 11:02 --------- d-----w C:\Users\patou\AppData\Roaming\uTorrent
2008-04-10 10:53 --------- d-----w C:\PROGRA~2\AlawarGameBox
2008-04-10 10:33 --------- d-----w C:\Users\patou\AppData\Roaming\AdobeUM
2008-04-10 09:22 --------- d-----w C:\Program Files\ieSpell
2008-04-10 08:57 --------- d-----w C:\PROGRA~2\Google Updater
2008-04-10 06:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 14:07 --------- d-----w C:\Program Files\Navilog1
2008-04-09 11:54 --------- d-----w C:\Program Files\Avira
2008-04-09 11:54 --------- d-----w C:\PROGRA~2\Avira
2008-04-08 18:19 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-08 18:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 18:14 --------- d-----w C:\Users\patou\AppData\Roaming\Grisoft
2008-04-08 16:36 --------- d-----w C:\Program Files\free-downloads.net
2008-04-08 16:36 --------- d-----w C:\Program Files\Conduit
2008-04-08 16:33 --------- d-----w C:\Program Files\Google
2008-04-08 08:32 --------- d-----w C:\Users\patou\AppData\Roaming\DeepBurner
2008-04-04 11:24 --------- d-----w C:\Program Files\VirtualDub
2008-04-03 11:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 11:21 --------- d-----w C:\Users\patou\AppData\Roaming\Off Road
2008-03-31 16:16 --------- d-----w C:\Users\patou\AppData\Roaming\Zylom
2008-03-31 16:16 --------- d-----w C:\Program Files\Zylom Games
2008-03-31 16:14 --------- d-----w C:\Program Files\Kaggz 4
2008-03-31 16:10 --------- d-----w C:\Program Files\Another Day
2008-03-31 16:05 --------- d-----w C:\Program Files\PopCap Games
2008-03-31 16:03 --------- d-----w C:\Program Files\Blox Forever Deluxe
2008-03-31 16:02 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-31 15:58 --------- d-----w C:\Program Files\Alawar
2008-03-31 12:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-31 12:23 --------- d-----w C:\PROGRA~2\InstallShield
2008-03-31 11:58 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-31 11:51 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-31 09:18 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-31 08:58 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-03-30 08:13 --------- d-----w C:\Program Files\MagicBall
2008-03-29 17:16 --------- d-----w C:\Program Files\Zone.com Deluxe Games
2008-03-29 17:07 --------- d-----w C:\Program Files\Real
2008-03-29 17:02 --------- d-----w C:\Program Files\GameHouse
2008-03-29 16:20 --------- d-----w C:\Users\patou\AppData\Roaming\Absolutist.com
2008-03-29 16:20 --------- d-----w C:\Program Files\Absolutist.com
2008-03-29 15:58 --------- d-----w C:\Program Files\shockwave.com
2008-03-29 15:56 --------- d-----w C:\Program Files\Ricochet Xtreme
2008-03-29 15:33 --------- d-----w C:\Program Files\Kyodai Mahjongg
2008-03-29 15:19 --------- d-----w C:\Program Files\BongoBoogie
2008-03-29 15:18 --------- d-----w C:\Program Files\Axium
2008-03-29 14:58 --------- d-----w C:\Program Files\Realore
2008-03-29 14:54 --------- d-----w C:\Program Files\phelios
2008-03-29 14:23 --------- d-----w C:\Program Files\Twilight
2008-03-27 17:10 --------- d-----w C:\Program Files\Magic Vines
2008-03-27 14:13 --------- d-----w C:\Program Files\Happyneuron
2008-03-27 13:23 --------- d-----w C:\Program Files\Digby's Donuts
2008-03-27 12:38 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-26 14:54 --------- d-----w C:\Program Files\Serials 2000 7.1 Plus
2008-03-24 17:32 --------- d-----w C:\Users\patou\AppData\Roaming\Ahead
2008-03-24 17:24 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-24 17:20 --------- d-----w C:\Program Files\Nero
2008-03-24 11:28 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-24 11:27 --------- d-----w C:\PROGRA~2\Nero
2008-03-23 11:01 --------- d-----w C:\Program Files\Ahead
2008-03-23 10:11 --------- d-----w C:\Program Files\Windows Calendar
2008-03-23 10:00 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-23 10:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-23 10:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-23 10:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-23 09:58 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-23 09:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-22 15:37 --------- d-----w C:\Program Files\Java
2008-03-22 15:36 --------- d-----w C:\Program Files\Common Files\Java
2008-03-22 09:05 --------- d-----w C:\Program Files\Micro Application
2008-03-22 08:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-22 08:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-22 08:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-22 08:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-22 08:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-22 08:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-22 08:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-22 08:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-22 08:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-22 08:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-22 08:05 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-22 08:04 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-22 08:04 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-22 08:02 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-22 08:02 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-22 08:02 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-22 08:02 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-22 08:02 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-22 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-22 08:01 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-22 08:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-22 08:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-22 08:01 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-22 08:01 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-22 08:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-22 08:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-22 08:01 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-22 08:01 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-22 08:00 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-22 07:59 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-22 07:59 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-22 07:59 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-21 09:54 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"wcmdmgr"="C:\Windows\wt\updater\wcmdmgrl.exe" [2002-09-27 15:47 20480]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-09 13:58 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-20 15:14:24 125624]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2862084443-3713990064-3127265993-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"TCP Query User{582E90B7-A42F-4D21-9DFB-3E0FA3CD964B}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2C0AEBF0-4EAC-466C-B51B-EEAEBD290B82}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{51EA46A6-52AE-4220-B756-66A4ECEC89AD}"= TCP:9502:emule
"{8CAC0B88-28CB-4A48-89AE-28ACAFCD225F}"= UDP:44804:utorrent
"TCP Query User{9DE99940-EC48-4EA9-8D7C-F7A8028ACB69}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= UDP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"UDP Query User{2946B8D5-A346-4E4C-9BC8-C8B62E6A86BC}C:\\program files\\nero\\nero controlcenter\\setupx.exe"= TCP:C:\program files\nero\nero controlcenter\setupx.exe:Nero Installer
"{4BF9C7AC-0A00-4494-97C4-CCE8DBC8CA80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{18F74E77-7E01-40E4-99C0-89987E67551F}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{AD404B56-45F5-428D-94F6-BAD8811FB72E}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{B6D4B668-1A52-4CD2-B59C-CFC36CA92D1B}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"TCP Query User{D48AB1A8-B51F-47B4-8CC5-10A3F016362B}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{7EAF04D3-76BD-4FCA-BFE7-561427AAD459}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"TCP Query User{5FF7477D-8C92-4E11-BE14-E9ABC56BDD88}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6C325B18-3406-4916-B775-65BE430AC5A1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{474F06FB-24EE-4B78-AA4E-8B4A4BB87759}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{394A4BAB-CDB2-4F79-BD8F-A10D999ED332}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{31DB7E95-C64A-4F2B-880B-734FED5FCFFF}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{C5D182F2-CD03-4F36-87AC-52F5885B0DA5}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{43FEC8E7-C84B-4CAC-A972-FFE3478F1BF6}C:\\windows\\system32\\wintems.exe"= UDP:C:\windows\system32\wintems.exe:wintems
"UDP Query User{DD86CAB6-34CC-4936-97B4-B9603BFDC640}C:\\windows\\system32\\wintems.exe"= TCP:C:\windows\system32\wintems.exe:wintems
"{4A339774-EC72-423E-A182-3D599CA20635}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{10D7B6E4-2679-42E2-9D5C-90BFDFDA5F13}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{0AE87FCC-DB55-4B33-8589-622516DD0893}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{24F5390F-9AA2-4037-A59F-97E546753C8B}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 14:01:31
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-10 14:02:26
ComboFix-quarantined-files.txt 2008-04-10 12:02:18
ComboFix2.txt 2008-04-09 13:19:06
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-10 05:58:00 --- E O F ---

Réponse 19 / 40

dou-l Messages postés 2871 Statut Membre 61

on va essayer autrement !

télécharge sdfix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Télécharge le sur le bureau

-
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

-Redémarre ton ordinateur
-Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
-A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
-Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
-Choisis ton compte.
-Déroule la liste des instructions ci-dessous :
-Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
-Appuie sur Y pour commencer le processus de nettoyage.
-Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
-Appuie sur une touche pour redémarrer le PC.
-Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
-Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
-Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
-Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

patou28 Messages postés 211 Statut Membre 2

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 14:21:50
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:dd,90,b2,1b,11,35,83,33,9f,af,57,e0,12,8a,0b,15,79,3d,d0,45,1e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:dd,90,b2,1b,11,35,83,33,9f,af,57,e0,12,8a,0b,15,79,3d,d0,45,1e,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Réponse 20 / 40

dou-l Messages postés 2871 Statut Membre 61

ton rapport n'est pas complé !!

patou28 Messages postés 211 Statut Membre 2

EN MODE SANS ECHEC je n'arrive pas je l'ai fais en mode normal quand je tape la lettre Y tout se ferme donc j'ai tapé la lettre A et j'ai ça est-ce que ça t'aide

[b]System Report[/b]
*************

Run on 10/04/2008 at 15:07

Microsoft Windows [version 6.0.6000]

Current user is not an administrator

[b]Running Processes[/b]:

C:\Windows\system32\Dwm.exe [1812]
C:\Windows\system32\taskeng.exe [1908]
C:\Windows\Explorer.EXE [1920]
C:\Program Files\Windows Defender\MSASCui.exe [508]
C:\Windows\RtHDVCpl.exe [268]
C:\Acer\Empowering Technology\SysMonitor.exe [540]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [604]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [1208]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [1496]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [1504]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [1652]
C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1584]
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2024]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [1196]
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE [2472]
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE [2516]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3136]
C:\Windows\system32\wbem\unsecapp.exe [2568]
C:\Program Files\Internet Explorer\iexplore.exe [1272]
C:\Program Files\IncrediMail\bin\ImApp.exe [6136]
C:\Program Files\Windows Media Player\wmplayer.exe [5284]
C:\Windows\system32\conime.exe [5312]

[b]Drivers - Running[/b]:

ACPI
AFD
AmdK8
atapi
atikmdag
AtiPcie
AVG
AvgAsCln
avgio
avgntflt
avipbb
Beep
bowser
cdfs
cdrom
CLFS
crcdisk
DfsC
disk
DXGKrnl
Ecache
fdc
FileInfo
flpydisk
FltMgr
HdAudAddService
HDAudBus
HTTP
i8042prt
int15
IntcAzAudAddService
iScsiPrt
kbdclass
KSecDD
lltdio
luafv
monitor
mouclass
MountMgr
MRxDAV
mrxsmb
mrxsmb10
mrxsmb20
Msfs
msisadrv
mssmbios
Mup
NDIS
NdisTapi
NdisWan
NDProxy
NetBIOS
netbt
Npfs
nsiproxy
Ntfs
NTIDrvr
Null
ohci1394
Parport
partmgr
Parvdm
pci
pciide
PEAUTH
PptpMiniport
PSched
PSDFilter
PSDNServ
psdvdisk
PxHelp20
RasAcd
Rasl2tp
RasPppoe
rdbss
RDPCDD
RDPENCDD
rspndr
secdrv
Serenum
Serial
Smb
spldr
sptd
srv
srv2
srvnet
ssmdrv
swenum
Tcpip
tcpipreg
tdx
TermDD
tunmp
tunnel
umbus
usbehci
usbhub
usbohci
USBSTOR
VgaSave
volmgr
volmgrx
volsnap
Wanarpv6
Wdf01000
WUDFRd
yukonwlh

[b]Drivers - Stopped[/b]:

adp94xx
adpahci
adpu160m
adpu320
agp440
aic78xx
aliide
amdagp
amdide
AmdK7
arc
arcsas
AsyncMac
blbdrive
BrFiltLo
BrFiltUp
Brserid
BrSerWdm
BrUsbMdm
BrUsbSer
BTHMODEM
catchme
circlass
cmdide
Compbatt
Crusoe
drmkaud
E1G60
elxstor
fastfat
Filetrace
gagp30kx
HidBth
HidIr
HidUsb
HpCISSs
i2omp
iaStorV
iirsp
intelide
intelppm
IpFilterDriver
IpInIp
IPMIDRV
IPNAT
IRENUM
isapnp
iteatapi
iteraid
kbdhid
LSI_FC
LSI_SAS
LSI_SCSI
megasas
Modem
mouhid
mpio
mpsdrv
Mraid35x
msahci
msdsm
MSKSSRV
MSPCLOCK
MSPQM
MsRPC
MSTEE
NativeWifiP
Ndisuio
nfrd960
ntrigdigi
nvraid
nvstor
nv_agp
NwlnkFlt
NwlnkFwd
pcmcia
Processor
ql2300
ql40xx
QWAVEdrv
rdpdr
RDPWD
sbp2port
sermouse
sffdisk
sffp_mmc
sffp_sd
sfloppy
sisagp
SiSRaid2
SiSRaid4
Symc8xx
Sym_hi
Sym_u3
Tcpip6
TDPIPE
TDTCP
tssecsrv
uagp35
udfs
uliagpkx
uliahci
UlSata
ulsata2
usbccgp
usbcir
usbprint
usbscan
usbuhci
vga
viaagp
ViaC7
viaide
vsmraid
WacomPen
Wanarp
Wd
WmiAcpi
ws2ifsl

[b]Services - Running[/b]:

Acer
AcerMemUsageCheckService
AeLookupSvc
AntiVirScheduler
AntiVirService
Ati
AudioEndpointBuilder
Audiosrv
AVG
BFE
BITS
Browser
CryptSvc
DcomLaunch
Dhcp
Dnscache
DPS
eDataSecurity
EMDMgmt
eRecoveryService
Eventlog
EventSystem
fdPHost
FDResPub
gpsvc
gusvc
hidserv
IKEEXT
iphlpsvc
KtmRm
LanmanServer
LanmanWorkstation
LightScribeService
lmhosts
MMCSS
Netman
netprofm
NlaSvc
nsi
PcaSvc
PlugPlay
PolicyAgent
ProfSvc
RasMan
RichVideo
RpcSs
SamSs
SBSDWSCService
Schedule
seclogon
SENS
ShellHWDetection
slsvc
Spooler
SSDPSRV
StarWindServiceAE
stisvc
SysMain
TabletInputService
TapiSrv
TermService
Themes
TrkWks
TrustedInstaller
upnphost
UxSms
W32Time
WdiSystemHost
WebClient
WerSvc
WinDefend
Winmgmt
WPDBusEnum
wscsvc
WSearch
wuauserv
wudfsvc

[b]Services - Stopped[/b]:

ALG
Appinfo
CertPropSvc
clr_optimization_v2.0.50727_32
CLTNetCnService
COMSysApp
DFSR
dot3svc
EapHost
ehRecvr
ehSched
ehstart
FontCache3.0.0.0
hkmsvc
idsvc
IPBusEnum
KeyIso
lltdsvc
Mcx2Svc
MpsSvc
MSDTC
MSiSCSI
msiserver
napagent
NBService
Netlogon
NetTcpPortSharing
odserv
ose
p2pimsvc
p2psvc
pla
PNRPAutoReg
PNRPsvc
ProtectedStorage
QWAVE
RasAuto
RemoteAccess
RemoteRegistry
RpcLocator
SCardSvr
SCPolicySvc
SDRSVC
SessionEnv
SharedAccess
SLUINotify
SNMPTRAP
swprv
TBS
THREADORDER
UI0Detect
vds
VSS
wcncsvc
WcsPlugInService
WdiServiceHost
Wecsvc
wercplsupport
WinHttpAutoProxySvc
WinRM
Wlansvc
wmiApSrv
WMPNetworkSvc
WPCSvc

[b]Files Created/Modified - 60 Days[/b]:

C:\

10 Apr 2008 14:02:28 16 872 A.... "C:\ComboFix.txt"
10 Apr 2008 14:49:18 2 146 951 168 A.SH. "C:\hiberfil.sys"
21 Mar 2008 13:17:14 0 A.SHR "C:\IO.SYS"
21 Mar 2008 13:17:14 0 A.SHR "C:\MSDOS.SYS"
10 Apr 2008 14:49:18 2 460 876 800 A.SH. "C:\pagefile.sys"

C:\Windows\

20 Mar 2008 13:58:44 123 A.... "C:\Windows\Alaunch.ini"
10 Apr 2008 14:49:22 67 584 A.S.. "C:\Windows\bootstat.dat"
29 Mar 2008 18:48:04 69 A.... "C:\Windows\BS15.INI"
20 Mar 2008 13:49:46 1 308 A.... "C:\Windows\CLEANUP.CMD"
29 Mar 2008 16:40:38 4 096 A.... "C:\Windows\d3dx.dat"
10 Apr 2008 13:29:34 537 A.... "C:\Windows\DigbysDonuts.ini"
22 Mar 2008 10:05:36 2 923 520 A.... "C:\Windows\explorer.exe"
31 Mar 2008 18:02:54 737 280 A.... "C:\Windows\iun6002.exe"
29 Mar 2008 18:03:18 38 A.... "C:\Windows\LTANK.INI"
22 Mar 2008 11:05:30 1 951 A.... "C:\Windows\MediaRAC.ini"
22 Mar 2008 11:04:52 40 A.... "C:\Windows\navigma.INI"
24 Mar 2008 19:36:12 69 A.... "C:\Windows\NeroDigital.ini"
10 Apr 2008 14:46:54 348 140 A.... "C:\Windows\ntbtlog.txt"
20 Mar 2008 14:58:22 376 A.... "C:\Windows\ODBC.INI"
10 Apr 2008 14:16:20 314 A.... "C:\Windows\PFRO.log"
7 Apr 2008 11:44:42 31 A.... "C:\Windows\popcinfo.dat"
30 Mar 2008 10:42:10 0 A.... "C:\Windows\setupact.log"
30 Mar 2008 10:42:10 0 A.... "C:\Windows\setuperr.log"
10 Apr 2008 14:01:30 215 A.... "C:\Windows\system.ini"
31 Mar 2008 10:58:44 98 304 A.... "C:\Windows\system32CmdLineExt.dll"
10 Apr 2008 12:38:46 353 A.... "C:\Windows\win.ini"
10 Apr 2008 14:44:46 259 930 A.... "C:\Windows\WindowsUpdate.log"
21 Mar 2008 10:18:48 749 A..HR "C:\Windows\WindowsShell.Manifest"
8 Apr 2008 18:35:36 2 560 A.... "C:\Windows\_MSRSTRT.EXE"
22 Mar 2008 10:01:14 2 144 256 A.... "C:\Windows\AppPatch\AcGenral.dll"
22 Mar 2008 10:01:14 537 600 A.... "C:\Windows\AppPatch\AcLayers.dll"
22 Mar 2008 10:01:14 2 560 A.... "C:\Windows\AppPatch\AcRes.dll"
22 Mar 2008 10:01:14 449 536 A.... "C:\Windows\AppPatch\AcSpecfc.dll"
22 Mar 2008 10:01:14 173 056 A.... "C:\Windows\AppPatch\AcXtrnal.dll"
22 Mar 2008 10:01:14 82 194 A.... "C:\Windows\AppPatch\drvmain.sdb"
21 Feb 2008 6:43:36 52 736 A.... "C:\Windows\AppPatch\iebrshim.dll"
22 Mar 2008 10:01:14 1 534 322 A.... "C:\Windows\AppPatch\msimain.sdb"
22 Mar 2008 10:01:14 22 618 A.... "C:\Windows\AppPatch\pcamain.sdb"
22 Mar 2008 10:01:14 3 217 016 A.... "C:\Windows\AppPatch\sysmain.sdb"
10 Apr 2008 14:49:22 0 A.... "C:\Windows\Debug\PASSWD.LOG"
22 Feb 2008 5:50:34 1 060 A.... "C:\Windows\Downloaded Program Files\jinstall-6u5.inf"
18 Mar 2008 10:57:04 206 128 A.... "C:\Windows\Downloaded Program Files\sysreqlab2.dll"
7 Mar 2008 12:16:26 669 A.... "C:\Windows\Downloaded Program Files\SysReqLab2.osd"
23 Mar 2008 11:56:36 21 504 A.... "C:\Windows\ehome\ehdebug.dll"
23 Mar 2008 11:56:40 864 256 A.... "C:\Windows\ehome\ehepg.dll"
23 Mar 2008 11:56:40 252 416 A.... "C:\Windows\ehome\ehReplay.dll"
23 Mar 2008 11:56:36 10 094 080 A.... "C:\Windows\ehome\ehres.dll"
23 Mar 2008 11:56:32 4 370 432 A.... "C:\Windows\ehome\ehshell.dll"
23 Mar 2008 11:56:34 18 944 A.... "C:\Windows\ehome\ehtrace.dll"
23 Mar 2008 11:56:34 517 120 A.... "C:\Windows\ehome\ehui.dll"
23 Mar 2008 11:56:32 1 497 600 A.... "C:\Windows\ehome\ehuihlp.dll"
23 Mar 2008 11:56:38 6 656 A.... "C:\Windows\ehome\McrMgr.dll"
23 Mar 2008 11:56:38 173 056 A.... "C:\Windows\ehome\McrMgr.exe"
8 Apr 2008 16:08:44 110 A.... "C:\Windows\erdnt\CFrecovery.bat"
26 Mar 2008 17:21:26 53 856 A.... "C:\Windows\Fonts\AGUSTINASANS.ttf"
26 Mar 2008 17:23:52 103 416 A.... "C:\Windows\Fonts\caricature.ttf"
26 Mar 2008 17:17:00 36 152 A.... "C:\Windows\Fonts\Circus.ttf"
26 Mar 2008 17:27:08 95 628 A.... "C:\Windows\Fonts\DEEJS__.TTF"
26 Mar 2008 17:28:12 50 968 A.... "C:\Windows\Fonts\EARWIGFA.TTF"
26 Mar 2008 17:23:26 45 296 A.... "C:\Windows\Fonts\FLORALIE.TTF"
26 Mar 2008 17:23:26 21 112 A.... "C:\Windows\Fonts\flower3.TTF"
26 Mar 2008 17:21:52 128 704 A.... "C:\Windows\Fonts\JOURNAL.TTF"
26 Mar 2008 17:29:42 78 356 A.... "C:\Windows\Fonts\kaileenw.ttf"
26 Mar 2008 17:22:14 57 104 A.... "C:\Windows\Fonts\LOKICOLA.TTF"
26 Mar 2008 17:25:22 74 204 A.... "C:\Windows\Fonts\Mias Scribblings.ttf"
26 Mar 2008 17:19:54 33 888 A.... "C:\Windows\Fonts\MISSB__.TTF"
26 Mar 2008 17:28:16 85 700 A.... "C:\Windows\Fonts\Moonstar.ttf"
26 Mar 2008 17:24:44 80 460 A.... "C:\Windows\Fonts\Pro_Wrestling_Logos.ttf"
26 Mar 2008 17:23:16 266 048 A.... "C:\Windows\Fonts\RecycleIt.ttf"
26 Mar 2008 17:27:22 28 796 A.... "C:\Windows\Fonts\ROCKS__.TTF"
26 Mar 2008 17:15:48 11 032 A.... "C:\Windows\Fonts\RSTAR.TTF"
26 Mar 2008 17:21:36 55 472 A.... "C:\Windows\Fonts\symphony.ttf"
26 Mar 2008 17:24:16 68 844 A.... "C:\Windows\Fonts\THEBOMB.TTF"
26 Mar 2008 17:19:26 54 488 A.... "C:\Windows\Fonts\waltograph42.otf"
26 Mar 2008 17:26:56 161 448 A.... "C:\Windows\Fonts\WarnerLogoFontNine.TTF"
26 Mar 2008 17:16:38 84 852 A.... "C:\Windows\Fonts\Windsong.ttf"
22 Mar 2008 10:11:30 7 562 A.... "C:\Windows\inf\acpi.inf"
22 Mar 2008 10:11:30 14 684 A.... "C:\Windows\inf\acpi.PNF"
22 Mar 2008 10:11:28 7 124 A.... "C:\Windows\inf\battery.inf"
22 Mar 2008 10:11:28 12 724 A.... "C:\Windows\inf\battery.PNF"
10 Apr 2008 8:09:44 665 600 A.... "C:\Windows\inf\drvindex.dat"
20 Mar 2008 12:32:40 9 856 A.... "C:\Windows\inf\flpydisk.PNF"
22 Mar 2008 10:11:14 5 284 A.... "C:\Windows\inf\hdaudbus.inf"
22 Mar 2008 10:11:14 9 220 A.... "C:\Windows\inf\hdaudbus.PNF"
25 Mar 2008 20:27:50 27 584 A.... "C:\Windows\inf\hpoa1nd.PNF"
25 Mar 2008 20:27:42 19 000 A.... "C:\Windows\inf\hpoa1so.PNF"
23 Mar 2008 19:21:12 1 701 416 A.... "C:\Windows\inf\INFCACHE.1"
10 Apr 2008 8:09:50 51 200 A.... "C:\Windows\inf\infpub.dat"
10 Apr 2008 8:09:50 86 016 A.... "C:\Windows\inf\infstor.dat"
10 Apr 2008 8:09:44 86 016 A.... "C:\Windows\inf\infstrng.dat"
22 Mar 2008 10:11:18 65 966 A.... "C:\Windows\inf\keyboard.inf"
22 Mar 2008 10:17:04 96 504 A.... "C:\Windows\inf\keyboard.PNF"
23 Mar 2008 12:08:30 789 490 A.... "C:\Windows\inf\monitor.inf"
23 Mar 2008 12:08:32 1 163 660 A.... "C:\Windows\inf\monitor.PNF"
23 Mar 2008 12:08:06 47 458 A.... "C:\Windows\inf\mshdc.inf"
23 Mar 2008 12:08:06 82 344 A.... "C:\Windows\inf\mshdc.PNF"
22 Mar 2008 10:11:20 56 342 A.... "C:\Windows\inf\msmouse.inf"
22 Mar 2008 10:11:24 99 376 A.... "C:\Windows\inf\msmouse.PNF"
23 Mar 2008 12:01:56 35 218 A.... "C:\Windows\inf\netrasa.inf"
23 Mar 2008 12:01:56 55 042 A.... "C:\Windows\inf\netrass.inf"
23 Mar 2008 12:01:56 15 020 A.... "C:\Windows\inf\netrast.inf"
20 Mar 2008 13:37:22 121 376 A.... "C:\Windows\inf\oem10.inf"
20 Mar 2008 13:37:24 202 128 A.... "C:\Windows\inf\oem10.PNF"
25 Mar 2008 20:27:56 269 636 A.... "C:\Windows\inf\prnhp001.PNF"
22 Mar 2008 10:11:28 3 256 A.... "C:\Windows\inf\sbp2.inf"
22 Mar 2008 10:11:28 7 100 A.... "C:\Windows\inf\sbp2.PNF"
21 Mar 2008 10:12:28 7 994 A.... "C:\Windows\inf\sdbus.inf"
21 Mar 2008 10:12:28 13 908 A.... "C:\Windows\inf\sdbus.PNF"
10 Apr 2008 8:09:48 17 440 A.... "C:\Windows\inf\setupapi.ev1"
10 Apr 2008 8:09:50 13 912 A.... "C:\Windows\inf\setupapi.ev2"
10 Apr 2008 8:09:50 86 016 A.... "C:\Windows\inf\setupapi.ev3"
10 Apr 2008 14:49:54 2 585 088 A.... "C:\Windows\inf\setupapi.app.log"
10 Apr 2008 8:09:50 9 595 951 A.... "C:\Windows\inf\setupapi.dev.log"
21 Mar 2008 10:12:28 9 330 A.... "C:\Windows\inf\sffdisk.inf"
21 Mar 2008 10:12:28 12 696 A.... "C:\Windows\inf\sffdisk.PNF"
25 Mar 2008 20:27:42 34 156 A.... "C:\Windows\inf\sti.PNF"
23 Mar 2008 19:21:08 40 740 A.... "C:\Windows\inf\usb.inf"
25 Mar 2008 20:27:38 73 648 A.... "C:\Windows\inf\usb.PNF"
23 Mar 2008 19:21:12 53 128 A.... "C:\Windows\inf\usbport.inf"
23 Mar 2008 19:21:12 98 088 A.... "C:\Windows\inf\usbport.PNF"
25 Mar 2008 20:27:48 7 448 A.... "C:\Windows\inf\usbprint.PNF"
21 Mar 2008 10:14:40 28 908 A.... "C:\Windows\inf\usbstor.inf"
21 Mar 2008 10:14:40 61 992 A.... "C:\Windows\inf\usbstor.PNF"
23 Mar 2008 12:07:34 2 062 A.... "C:\Windows\inf\volume.inf"
23 Mar 2008 12:07:36 6 260 A.... "C:\Windows\inf\volume.PNF"
20 Mar 2008 13:34:24 9 800 A.... "C:\Windows\inf\wpdfs.PNF"
20 Mar 2008 13:38:42 84 A.... "C:\Windows\Panther\Contents0.dir"
20 Mar 2008 13:36:54 4 396 A.... "C:\Windows\Panther\DDACLSys.log"
20 Mar 2008 13:38:42 1 905 A.... "C:\Windows\Panther\diagerr.xml"
20 Mar 2008 13:38:42 4 069 A.... "C:\Windows\Panther\diagwrn.xml"
20 Mar 2008 13:38:42 24 130 A.... "C:\Windows\Panther\MainQueueOnline0.que"
20 Mar 2008 13:38:42 390 431 A.... "C:\Windows\Panther\setupact.log"
20 Mar 2008 12:31:20 0 A.... "C:\Windows\Panther\setuperr.log"
20 Mar 2008 13:38:42 16 640 A.... "C:\Windows\Panther\setupinfo"
20 Mar 2008 13:40:56 4 081 A.... "C:\Windows\Panther\unattend.xml"
22 Mar 2008 10:15:00 682 072 A.... "C:\Windows\rescache\ResCache.mni"
22 Mar 2008 10:03:36 18 432 A.... "C:\Windows\servicing\CbsMsg.dll"
12 Feb 2008 22:06:14 31 232 A.... "C:\Windows\system\vdremote.dll"
12 Feb 2008 22:05:20 25 088 A.... "C:\Windows\system\vdsvrlnk.dll"
10 Apr 2008 14:50:10 3 072 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0"
10 Apr 2008 14:50:10 3 072 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0"
10 Apr 2008 14:50:10 3 072 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0"
21 Mar 2008 9:57:48 39 424 A.... "C:\Windows\System32\ACCTRES.dll"
21 Feb 2008 6:43:36 124 928 A.... "C:\Windows\System32\advpack.dll"
22 Mar 2008 10:01:48 2 048 A.... "C:\Windows\System32\asferror.dll"
21 Mar 2008 9:47:06 1 984 512 A.... "C:\Windows\System32\authui.dll"
21 Mar 2008 9:47:04 65 024 A.... "C:\Windows\System32\avicap32.dll"
21 Mar 2008 9:47:04 88 576 A.... "C:\Windows\System32\avifil32.dll"
22 Mar 2008 10:03:36 12 800 A.... "C:\Windows\System32\batt.dll"
23 Mar 2008 12:01:52 36 864 A.... "C:\Windows\System32\cdd.dll"
22 Mar 2008 10:03:38 19 456 A.... "C:\Windows\System32\cfgmgr32.dll"
19 Feb 2008 7:10:24 620 088 A.... "C:\Windows\System32\ci.dll"
22 Mar 2008 10:03:38 224 824 A.... "C:\Windows\System32\clfs.sys"
23 Mar 2008 11:59:46 61 952 A.... "C:\Windows\System32\cmifw.dll"
8 Apr 2008 20:03:06 2 577 A.... "C:\Windows\System32\config.nt"
22 Mar 2008 10:04:50 49 664 A.... "C:\Windows\System32\csrsrv.dll"
21 Mar 2008 9:47:06 204 800 A.... "C:\Windows\System32\dhcpcsvc.dll"
22 Mar 2008 10:03:36 35 328 A.... "C:\Windows\System32\dispci.dll"
23 Mar 2008 12:01:52 134 656 A.... "C:\Windows\System32\dps.dll"
22 Mar 2008 10:03:38 260 096 A.... "C:\Windows\System32\dpx.dll"
22 Mar 2008 10:03:38 101 888 A.... "C:\Windows\System32\drvinst.exe"
23 Mar 2008 12:00:28 4 096 A.... "C:\Windows\System32\dxmasf.dll"
21 Feb 2008 6:43:36 347 136 A.... "C:\Windows\System32\dxtmsft.dll"
21 Feb 2008 6:43:36 214 528 A.... "C:\Windows\System32\dxtrans.dll"
29 Feb 2008 8:34:52 7 168 A.... "C:\Windows\System32\f3ahvoas.dll"
10 Apr 2008 8:11:36 364 768 A.... "C:\Windows\System32\FNTCACHE.DAT"
22 Mar 2008 10:01:12 1 686 528 A.... "C:\Windows\System32\gameux.dll"
21 Feb 2008 6:43:36 296 448 A.... "C:\Windows\System32\gdi32.dll"
21 Mar 2008 9:51:26 8 704 A.... "C:\Windows\System32\hccoin.dll"
21 Mar 2008 9:51:26 8 704 A.... "C:\Windows\System32\hcrstco.dll"
21 Feb 2008 6:43:36 63 488 A.... "C:\Windows\System32\icardie.dll"
23 Mar 2008 11:59:46 86 016 A.... "C:\Windows\System32\icfupgd.dll"
21 Feb 2008 6:43:04 70 656 A.... "C:\Windows\System32\ie4uinit.exe"
21 Mar 2008 9:45:36 2 455 488 A.... "C:\Windows\System32\ieapfltr.dat"
21 Feb 2008 6:43:36 383 488 A.... "C:\Windows\System32\ieapfltr.dll"
21 Feb 2008 6:43:36 6 066 176 A.... "C:\Windows\System32\ieframe.dll"
21 Feb 2008 6:43:38 44 544 A.... "C:\Windows\System32\iernonce.dll"
21 Feb 2008 6:43:38 56 320 A.... "C:\Windows\System32\iesetup.dll"
21 Feb 2008 6:43:38 180 736 A.... "C:\Windows\System32\ieui.dll"
21 Feb 2008 6:43:04 26 624 A.... "C:\Windows\System32\ieUnatt.exe"
21 Mar 2008 9:44:36 152 576 A.... "C:\Windows\System32\imagehlp.dll"
21 Mar 2008 9:46:34 737 792 A.... "C:\Windows\System32\inetcomm.dll"
21 Feb 2008 6:42:44 1 831 424 A.... "C:\Windows\System32\inetcpl.cpl"
21 Mar 2008 9:46:34 84 480 A.... "C:\Windows\System32\INETRES.dll"
23 Mar 2008 11:59:46 178 688 A.... "C:\Windows\System32\iphlpsvc.dll"
23 Mar 2008 12:01:54 286 208 A.... "C:\Windows\System32\ipnathlp.dll"
22 Feb 2008 2:23:36 135 168 A.... "C:\Windows\System32\java.exe"
22 Feb 2008 2:23:40 135 168 A.... "C:\Windows\System32\javaw.exe"
22 Feb 2008 3:33:32 139 264 A.... "C:\Windows\System32\javaws.exe"
21 Feb 2008 6:43:38 27 648 A.... "C:\Windows\System32\jsproxy.dll"
22 Mar 2008 17:37:42 6 408 A.... "C:\Windows\System32\jupdate-1.6.0_05-b13.log"
29 Feb 2008 8:35:18 6 656 A.... "C:\Windows\System32\kbd106n.dll"
29 Feb 2008 8:51:26 19 000 A.... "C:\Windows\System32\kd1394.dll"
23 Mar 2008 12:01:56 38 400 A.... "C:\Windows\System32\kmddsp.tsp"
22 Mar 2008 10:01:48 9 728 A.... "C:\Windows\System32\LAPRXY.DLL"
22 Mar 2008 10:03:36 115 200 A.... "C:\Windows\System32\loadperf.dll"
23 Mar 2008 12:01:52 694 784 A.... "C:\Windows\System32\localspl.dll"
22 Mar 2008 10:03:36 39 424 A.... "C:\Windows\System32\lodctr.exe"
9 Mar 2008 12:00:48 751 016 A.... "C:\Windows\System32\Magentic Screensaver.scr"
21 Mar 2008 9:47:04 82 944 A.... "C:\Windows\System32\mciavi32.dll"
23 Mar 2008 11:56:30 1 244 672 A.... "C:\Windows\System32\mcmde.dll"
23 Mar 2008 11:59:46 396 800 A.... "C:\Windows\System32\MPSSVC.dll"
6 Apr 2008 7:56:20 19 836 024 A.... "C:\Windows\System32\mrt.exe"
23 Mar 2008 12:00:26 4 096 A.... "C:\Windows\System32\msdxm.ocx"
23 Mar 2008 12:01:54 564 736 A.... "C:\Windows\System32\msftedit.dll"
21 Feb 2008 6:43:38 3 591 680 A.... "C:\Windows\System32\mshtml.dll"
21 Feb 2008 2:53:42 1 383 424 A.... "C:\Windows\System32\mshtml.tlb"
21 Feb 2008 6:43:38 478 208 A.... "C:\Windows\System32\mshtmled.dll"
21 Mar 2008 9:57:48 205 824 A.... "C:\Windows\System32\msoeacct.dll"
21 Mar 2008 9:57:48 87 040 A.... "C:\Windows\System32\msoert2.dll"
21 Mar 2008 9:47:04 12 800 A.... "C:\Windows\System32\msrle32.dll"
21 Mar 2008 9:52:48 414 208 A.... "C:\Windows\System32\msscp.dll"
21 Feb 2008 6:43:38 671 232 A.... "C:\Windows\System32\mstime.dll"
21 Mar 2008 9:47:04 123 904 A.... "C:\Windows\System32\msvfw32.dll"
21 Mar 2008 9:47:04 31 232 A.... "C:\Windows\System32\msvidc32.dll"
23 Mar 2008 11:58:32 1 191 936 A.... "C:\Windows\System32\msxml3.dll"
23 Mar 2008 11:58:32 2 048 A.... "C:\Windows\System32\msxml3r.dll"
22 Mar 2008 10:01:32 1 335 296 A.... "C:\Windows\System32\msxml6.dll"
22 Mar 2008 10:01:32 2 048 A.... "C:\Windows\System32\msxml6r.dll"
31 Mar 2008 18:07:34 37 473 A.... "C:\Windows\System32\muzika.xm"
23 Mar 2008 12:01:56 49 664 A.... "C:\Windows\System32\ndptsp.tsp"
22 Mar 2008 10:02:22 24 064 A.... "C:\Windows\System32\netcfg.exe"
23 Mar 2008 12:01:54 384 000 A.... "C:\Windows\System32\netcfgx.dll"
22 Mar 2008 10:02:22 22 016 A.... "C:\Windows\System32\netiougc.exe"
22 Mar 2008 10:03:36 23 552 A.... "C:\Windows\System32\nshhttp.dll"
23 Mar 2008 11:59:12 3 504 696 A.... "C:\Windows\System32\ntkrnlpa.exe"
23 Mar 2008 11:59:10 3 470 392 A.... "C:\Windows\System32\ntoskrnl.exe"
21 Mar 2008 9:47:06 220 160 A.... "C:\Windows\System32\ntprint.dll"
21 Mar 2008 9:47:06 61 440 A.... "C:\Windows\System32\ntprint.exe"
22 Mar 2008 10:03:38 558 080 A.... "C:\Windows\System32\oleaut32.dll"
23 Mar 2008 12:01:52 15 360 A.... "C:\Windows\System32\pacerprf.dll"
10 Apr 2008 13:36:38 103 726 A.... "C:\Windows\System32\perfc009.dat"
10 Apr 2008 13:36:38 117 366 A.... "C:\Windows\System32\perfc00C.dat"
10 Apr 2008 13:36:38 609 944 A.... "C:\Windows\System32\perfh009.dat"
10 Apr 2008 13:36:38 690 594 A.... "C:\Windows\System32\perfh00C.dat"
10 Apr 2008 13:36:38 1 512 256 A.... "C:\Windows\System32\PerfStringBackup.INI"
21 Feb 2008 6:43:40 44 544 A.... "C:\Windows\System32\pngfilt.dll"
22 Mar 2008 10:03:34 17 408 A.... "C:\Windows\System32\prflbmsg.dll"
22 Mar 2008 9:55:22 750 080 A.... "C:\Windows\System32\qmgr.dll"
22 Mar 2008 10:02:04 1 327 104 A.... "C:\Windows\System32\quartz.dll"
23 Mar 2008 12:01:56 77 824 A.... "C:\Windows\System32\rascfg.dll"
23 Mar 2008 12:01:54 1 820 A.... "C:\Windows\System32\rasctrnm.h"
23 Mar 2008 12:01:56 52 736 A.... "C:\Windows\System32\rasdiag.dll"
23 Mar 2008 12:01:54 32 768 A.... "C:\Windows\System32\rasmxs.dll"
23 Mar 2008 12:01:56 22 016 A.... "C:\Windows\System32\rasser.dll"
23 Mar 2008 12:01:58 467 456 A.... "C:\Windows\System32\riched20.dll"
23 Mar 2008 12:01:58 8 192 A.... "C:\Windows\System32\riched32.dll"
22 Mar 2008 9:59:06 788 992 A.... "C:\Windows\System32\rpcrt4.dll"
29 Feb 2008 8:38:56 313 856 A.... "C:\Windows\System32\rstrui.exe"
21 Mar 2008 9:47:06 269 824 A.... "C:\Windows\System32\schannel.dll"
22 Mar 2008 10:03:34 595 456 A.... "C:\Windows\System32\schedsvc.dll"
21 Mar 2008 9:47:04 69 632 A.... "C:\Windows\System32\sendmail.dll"
22 Mar 2008 10:03:36 1 585 664 A.... "C:\Windows\System32\setupapi.dll"
21 Mar 2008 9:47:08 11 315 200 A.... "C:\Windows\System32\shell32.dll"
21 Mar 2008 9:50:14 223 232 A.... "C:\Windows\System32\SLC.dll"
21 Mar 2008 9:50:14 39 936 A.... "C:\Windows\System32\slcinst.dll"
21 Mar 2008 9:50:14 186 368 A.... "C:\Windows\System32\SLLUA.exe"
21 Mar 2008 9:50:14 2 605 568 A.... "C:\Windows\System32\SLsvc.exe"
21 Mar 2008 9:50:14 351 232 A.... "C:\Windows\System32\SLUI.exe"
21 Mar 2008 9:50:14 33 280 A.... "C:\Windows\System32\slwmi.dll"
23 Mar 2008 12:00:28 7 680 A.... "C:\Windows\System32\spwmp.dll"
29 Feb 2008 8:39:14 40 960 A.... "C:\Windows\System32\srclient.dll"
29 Feb 2008 8:39:14 371 712 A.... "C:\Windows\System32\srcore.dll"
22 Mar 2008 10:05:36 542 720 A.... "C:\Windows\System32\sysmain.dll"
22 Mar 2008 10:02:22 167 424 A.... "C:\Windows\System32\tcpipcfg.dll"
22 Mar 2008 10:05:36 714 240 A.... "C:\Windows\System32\timedate.cpl"
23 Mar 2008 12:01:52 33 280 A.... "C:\Windows\System32\traffic.dll"
22 Mar 2008 9:57:30 2 048 A.... "C:\Windows\System32\tzres.dll"
22 Mar 2008 10:03:38 221 696 A.... "C:\Windows\System32\umpnpmgr.dll"
22 Mar 2008 10:03:36 32 256 A.... "C:\Windows\System32\unlodctr.exe"
21 Feb 2008 6:43:42 1 159 680 A.... "C:\Windows\System32\urlmon.dll"
21 Mar 2008 9:44:00 633 856 A.... "C:\Windows\System32\user32.dll"
21 Mar 2008 9:55:40 194 560 A.... "C:\Windows\System32\WebClnt.dll"
23 Mar 2008 11:59:46 16 896 A.... "C:\Windows\System32\wfapigp.dll"
29 Feb 2008 6:16:40 2 027 008 A.... "C:\Windows\System32\win32k.sys"
21 Feb 2008 6:43:44 826 368 A.... "C:\Windows\System32\wininet.dll"
15 Feb 2008 1:19:26 944 184 A.... "C:\Windows\System32\winload.exe"
22 Mar 2008 10:04:50 376 320 A.... "C:\Windows\System32\winsrv.dll"
22 Mar 2008 10:05:36 1 655 289 A.... "C:\Windows\System32\wlan.tmf"
22 Mar 2008 10:05:36 47 104 A.... "C:\Windows\System32\wlanapi.dll"
22 Mar 2008 10:05:36 67 584 A.... "C:\Windows\System32\wlanhlp.dll"
22 Mar 2008 10:05:34 290 816 A.... "C:\Windows\System32\wlanmsm.dll"
22 Mar 2008 10:05:34 297 984 A.... "C:\Windows\System32\wlansec.dll"
22 Mar 2008 10:05:34 502 784 A.... "C:\Windows\System32\wlansvc.dll"
22 Mar 2008 10:01:48 223 232 A.... "C:\Windows\System32\WMASF.DLL"
21 Mar 2008 9:44:36 5 120 A.... "C:\Windows\System32\wmi.dll"
23 Mar 2008 12:00:30 10 617 344 A.... "C:\Windows\System32\wmp.dll"
23 Mar 2008 12:00:32 8 147 968 A.... "C:\Windows\System32\wmploc.DLL"
22 Mar 2008 10:03:38 613 888 A.... "C:\Windows\System32\wpd_ci.dll"
23 Mar 2008 12:01:52 13 824 A.... "C:\Windows\System32\wshqos.dll"
22 Mar 2008 10:05:38 24 064 A.... "C:\Windows\System32\wtsapi32.dll"
20 Mar 2008 13:45:44 549 720 A.... "C:\Windows\System32\wuapi.dll"
20 Mar 2008 13:45:24 31 232 A.... "C:\Windows\System32\wuapp.exe"
20 Mar 2008 13:46:06 53 080 A.... "C:\Windows\System32\wuauclt.exe"
20 Mar 2008 13:46:06 1 712 984 A.... "C:\Windows\System32\wuaueng.dll"
20 Mar 2008 13:46:06 1 524 224 A.... "C:\Windows\System32\wucltux.dll"
20 Mar 2008 13:45:44 80 896 A.... "C:\Windows\System32\wudriver.dll"
20 Mar 2008 13:45:44 33 624 A.... "C:\Windows\System32\wups.dll"
20 Mar 2008 13:46:06 43 352 A.... "C:\Windows\System32\wups2.dll"
20 Mar 2008 13:45:24 163 000 A.... "C:\Windows\System32\wuwebv.dll"
31 Mar 2008 17:14:02 94 ...H. "C:\Windows\System32\zbq_Q1swg.ini"
10 Apr 2008 14:49:32 6 A..H. "C:\Windows\Tasks\SA.DAT"
10 Apr 2008 14:44:46 32 510 A.... "C:\Windows\Tasks\SCHEDLGU.TXT"
10 Apr 2008 15:04:44 13 354 A.... "C:\Windows\Temp\lpksetup-20080410-150432-0.log"
10 Apr 2008 15:04:46 622 A.... "C:\Windows\Temp\lpksetup-20080410-150443-0.log"
10 Apr 2008 15:06:22 524 288 A.... "C:\Windows\Temp\TMP00000049C97442AEF5356B26"
23 Mar 2008 19:23:26 414 A.... "C:\Windows\winsxs\cleanup.xml"
10 Apr 2008 8:10:02 82 A.... "C:\Windows\winsxs\poqexec.log"
10 Apr 2008 14:39:04 0 A.... "C:\Windows\Debug\UserMode\ChkAcc.bak"
10 Apr 2008 14:49:26 0 A.... "C:\Windows\Debug\UserMode\ChkAcc.log"
9 Apr 2008 8:57:02 25 280 A.... "C:\Windows\Debug\WIA\wiatrace.log"
10 Apr 2008 13:58:48 12 120 064 A.... "C:\Windows\erdnt\Hiv-backup\COMPON~1"
10 Apr 2008 13:58:46 557 056 A.... "C:\Windows\erdnt\Hiv-backup\DEFAULT"
10 Apr 2008 13:58:48 814 A.... "C:\Windows\erdnt\Hiv-backup\ERDNT.CON"
10 Apr 2008 13:58:48 1 049 A.... "C:\Windows\erdnt\Hiv-backup\ERDNT.INF"
10 Apr 2008 13:58:48 57 344 A.... "C:\Windows\erdnt\Hiv-backup\SAM"
10 Apr 2008 13:58:42 20 480 A.... "C:\Windows\erdnt\Hiv-backup\SECURITY"
10 Apr 2008 13:58:44 31 633 408 A.... "C:\Windows\erdnt\Hiv-backup\SOFTWARE"
10 Apr 2008 13:58:46 16 416 768 A.... "C:\Windows\erdnt\Hiv-backup\SYSTEM"
9 Apr 2008 8:33:36 10 960 896 A.... "C:\Windows\erdnt\subs\COMPON~1"
9 Apr 2008 8:33:34 442 368 A.... "C:\Windows\erdnt\subs\DEFAULT"
9 Apr 2008 8:33:36 814 A.... "C:\Windows\erdnt\subs\ERDNT.CON"
9 Apr 2008 8:33:36 546 A.... "C:\Windows\erdnt\subs\ERDNT.INF"
9 Apr 2008 8:33:34 57 344 A.... "C:\Windows\erdnt\subs\SAM"
9 Apr 2008 8:33:34 20 480 A.... "C:\Windows\erdnt\subs\SECURITY"
9 Apr 2008 8:33:34 31 182 848 A.... "C:\Windows\erdnt\subs\SOFTWARE"
9 Apr 2008 8:33:34 31 182 848 A.... "C:\Windows\erdnt\subs\software.bak"
9 Apr 2008 8:33:34 15 507 456 A.... "C:\Windows\erdnt\subs\SYSTEM"
9 Apr 2008 8:33:34 15 507 456 A.... "C:\Windows\erdnt\subs\system.bak"
10 Apr 2008 13:36:28 3 766 A.... "C:\Windows\inf\WmiApRpl\WmiApRpl.h"
10 Apr 2008 15:01:06 26 457 378 A.... "C:\Windows\Logs\CBS\CBS.log"
23 Mar 2008 12:11:34 56 800 201 A.... "C:\Windows\Logs\CBS\CBS.persist.log"
9 Apr 2008 13:20:14 12 028 A.... "C:\Windows\Logs\DPX\setupact.log"
9 Apr 2008 13:20:14 12 028 A.... "C:\Windows\Logs\DPX\setuperr.log"
20 Mar 2008 13:40:56 974 A.... "C:\Windows\Panther\actionqueue\oobeSystem.uaq"
20 Mar 2008 13:36:56 968 A.... "C:\Windows\Panther\actionqueue\specialize.uaq"
20 Mar 2008 13:48:30 29 777 A.... "C:\Windows\Panther\UnattendGC\diagerr.xml"
20 Mar 2008 13:48:30 24 419 A.... "C:\Windows\Panther\UnattendGC\diagwrn.xml"
20 Mar 2008 13:48:30 77 243 A.... "C:\Windows\Panther\UnattendGC\setupact.log"
8 Apr 2008 19:33:36 7 207 A.... "C:\Windows\Performance\WinSAT\winsat.log"
20 Mar 2008 13:45:28 97 760 A.... "C:\Windows\rescache\rc0002\ResCache.dir"
20 Mar 2008 13:45:32 949 442 A.... "C:\Windows\rescache\rc0002\Segment0.cmf"
20 Mar 2008 13:47:02 48 064 A.... "C:\Windows\rescache\rc0002\Segment0.toc"
20 Mar 2008 13:45:32 854 612 A.... "C:\Windows\rescache\rc0002\Segment1.cmf"
20 Mar 2008 13:47:02 48 064 A.... "C:\Windows\rescache\rc0002\Segment1.toc"
20 Mar 2008 13:45:32 1 313 717 A.... "C:\Windows\rescache\rc0002\Segment2.cmf"
20 Mar 2008 13:47:02 48 064 A.... "C:\Windows\rescache\rc0002\Segment2.toc"
20 Mar 2008 13:45:32 924 827 A.... "C:\Windows\rescache\rc0002\Segment3.cmf"
20 Mar 2008 13:47:02 48 064 A.... "C:\Windows\rescache\rc0002\Segment3.toc"
20 Mar 2008 13:45:34 1 163 209 A.... "C:\Windows\rescache\rc0002\Segment4.cmf"
20 Mar 2008 13:47:02 48 064 A.... "C:\Windows\rescache\rc0002\Segment4.toc"
20 Mar 2008 13:45:34 447 094 A.... "C:\Windows\rescache\rc0002\Segment5.cmf"
20 Mar 2008 13:47:02 48 064 A.... "C:\Windows\rescache\rc0002\Segment5.toc"
20 Mar 2008 13:45:38 97 760 A.... "C:\Windows\rescache\rc0003\ResCache.dir"
22 Mar 2008 10:15:00 949 442 A.... "C:\Windows\rescache\rc0003\Segment0.cmf"
22 Mar 2008 10:15:00 48 064 A.... "C:\Windows\rescache\rc0003\Segment0.toc"
22 Mar 2008 10:15:00 854 612 A.... "C:\Windows\rescache\rc0003\Segment1.cmf"
22 Mar 2008 10:15:00 48 064 A.... "C:\Windows\rescache\rc0003\Segment1.toc"
22 Mar 2008 10:15:00 1 313 717 A.... "C:\Windows\rescache\rc0003\Segment2.cmf"
22 Mar 2008 10:15:00 48 064 A.... "C:\Windows\rescache\rc0003\Segment2.toc"
22 Mar 2008 10:15:00 924 827 A.... "C:\Windows\rescache\rc0003\Segment3.cmf"
22 Mar 2008 10:15:00 48 064 A.... "C:\Windows\rescache\rc0003\Segment3.toc"
22 Mar 2008 10:15:02 1 163 209 A.... "C:\Windows\rescache\rc0003\Segment4.cmf"
22 Mar 2008 10:15:02 48 064 A.... "C:\Windows\rescache\rc0003\Segment4.toc"
22 Mar 2008 10:15:02 447 094 A.... "C:\Windows\rescache\rc0003\Segment5.cmf"
22 Mar 2008 10:15:02 48 064 A.... "C:\Windows\rescache\rc0003\Segment5.toc"
20 Mar 2008 13:37:22 8 192 A.... "C:\Windows\security\database\edb.chk"
20 Mar 2008 13:36:54 1 048 576 A.... "C:\Windows\security\database\edb.log"
20 Mar 2008 13:36:54 1 056 768 A.... "C:\Windows\security\database\secedit.sdb"
20 Mar 2008 13:36:54 1 056 768 A.... "C:\Windows\security\database\tmp.edb"
22 Mar 2008 9:57:30 18 944 A.... "C:\Windows\servicing\GC32\tzupd.exe"
1 Mar 2008 0:40:58 15 485 A.... "C:\Windows\servicing\Packages\Package_8_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
22 Feb 2008 23:58:34 2 557 A.... "C:\Windows\servicing\Packages\Package_2_for_KB948590~31bf3856ad364e35~x86~~6.0.1.0.mum"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_44_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 12 201 A.... "C:\Windows\servicing\Packages\Package_45_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 2 673 A.... "C:\Windows\servicing\Packages\Package_37_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_38_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_39_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_42_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_33_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_36_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_30_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 2 673 A.... "C:\Windows\servicing\Packages\Package_31_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:40:16 23 254 A.... "C:\Windows\servicing\Packages\Package_9_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 2 584 A.... "C:\Windows\servicing\Packages\Package_3_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
14 Mar 2008 23:06:02 2 459 A.... "C:\Windows\servicing\Packages\Package_1_for_KB948881~31bf3856ad364e35~x86~~6.0.1.1.mum"
23 Feb 2008 0:10:40 3 665 A.... "C:\Windows\servicing\Packages\Package_for_KB947864~31bf3856ad364e35~x86~~6.0.1.0.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_14_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_15_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_27_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_28_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 2 673 A.... "C:\Windows\servicing\Packages\Package_29_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 12 171 A.... "C:\Windows\servicing\Packages\Package_12_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
29 Feb 2008 23:02:06 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB941693_client~31bf3856ad364e35~x86~~6.0.1.2.cat"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_23_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_26_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_20_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 2 673 A.... "C:\Windows\servicing\Packages\Package_21_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
27 Mar 2008 21:05:08 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB905866~31bf3856ad364e35~x86~~6.0.19.0.cat"
23 Feb 2008 0:02:14 16 661 A.... "C:\Windows\servicing\Packages\Package_2_for_KB948590~31bf3856ad364e35~x86~~6.0.1.0.cat"
1 Mar 2008 0:38:04 13 282 A.... "C:\Windows\servicing\Packages\Package_37_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_24_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:18 23 254 A.... "C:\Windows\servicing\Packages\Package_38_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_25_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:16 23 254 A.... "C:\Windows\servicing\Packages\Package_39_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:18 23 254 A.... "C:\Windows\servicing\Packages\Package_42_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 2 673 A.... "C:\Windows\servicing\Packages\Package_17_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:38:16 14 442 A.... "C:\Windows\servicing\Packages\Package_33_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_18_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_19_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_22_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:16 23 254 A.... "C:\Windows\servicing\Packages\Package_36_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 6 198 A.... "C:\Windows\servicing\Packages\Package_13_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:32 23 254 A.... "C:\Windows\servicing\Packages\Package_30_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:10 13 282 A.... "C:\Windows\servicing\Packages\Package_31_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_16_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:38:28 14 442 A.... "C:\Windows\servicing\Packages\Package_44_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 8 037 A.... "C:\Windows\servicing\Packages\Package_10_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:38:26 14 442 A.... "C:\Windows\servicing\Packages\Package_45_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 3 083 A.... "C:\Windows\servicing\Packages\Package_11_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
25 Feb 2008 23:17:42 2 408 A.... "C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.17.0.mum"
14 Mar 2008 23:06:02 2 210 A.... "C:\Windows\servicing\Packages\Package_for_KB948881~31bf3856ad364e35~x86~~6.0.1.1.mum"
27 Mar 2008 21:06:14 2 558 A.... "C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.19.0.mum"
14 Mar 2008 23:06:56 11 800 A.... "C:\Windows\servicing\Packages\Package_1_for_KB948881~31bf3856ad364e35~x86~~6.0.1.1.cat"
23 Feb 2008 0:11:48 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB947864~31bf3856ad364e35~x86~~6.0.1.0.cat"
23 Feb 2008 0:10:40 1 717 A.... "C:\Windows\servicing\Packages\Package_for_KB947864_client~31bf3856ad364e35~x86~~6.0.1.0.mum"
1 Mar 2008 0:39:52 23 254 A.... "C:\Windows\servicing\Packages\Package_27_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_34_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:36 23 254 A.... "C:\Windows\servicing\Packages\Package_28_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_35_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:38:16 13 282 A.... "C:\Windows\servicing\Packages\Package_29_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:22 14 442 A.... "C:\Windows\servicing\Packages\Package_12_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_47_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:36 23 254 A.... "C:\Windows\servicing\Packages\Package_23_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_48_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_49_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_32_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:38:22 14 442 A.... "C:\Windows\servicing\Packages\Package_26_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_43_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:22 23 254 A.... "C:\Windows\servicing\Packages\Package_20_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:10 13 282 A.... "C:\Windows\servicing\Packages\Package_21_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_46_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:28 23 254 A.... "C:\Windows\servicing\Packages\Package_14_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_40_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:24 23 254 A.... "C:\Windows\servicing\Packages\Package_15_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 12 176 A.... "C:\Windows\servicing\Packages\Package_41_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
23 Feb 2008 0:00:24 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB948590_client~31bf3856ad364e35~x86~~6.0.1.0.cat"
1 Mar 2008 0:33:00 5 207 A.... "C:\Windows\servicing\Packages\Package_2_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
23 Feb 2008 0:11:20 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB947864_client_0~31bf3856ad364e35~x86~~6.0.1.0.cat"
29 Feb 2008 23:02:02 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB941693_client_1~31bf3856ad364e35~x86~~6.0.1.2.cat"
1 Mar 2008 0:38:10 13 282 A.... "C:\Windows\servicing\Packages\Package_17_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:28 23 254 A.... "C:\Windows\servicing\Packages\Package_18_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:22 14 442 A.... "C:\Windows\servicing\Packages\Package_19_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:16 14 442 A.... "C:\Windows\servicing\Packages\Package_22_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
23 Feb 2008 0:11:20 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB947864_client_1~31bf3856ad364e35~x86~~6.0.1.0.cat"
1 Mar 2008 0:39:06 19 742 A.... "C:\Windows\servicing\Packages\Package_13_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:24 23 254 A.... "C:\Windows\servicing\Packages\Package_16_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:10 13 282 A.... "C:\Windows\servicing\Packages\Package_10_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:06 13 282 A.... "C:\Windows\servicing\Packages\Package_11_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
29 Feb 2008 23:02:00 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB941693_client_0~31bf3856ad364e35~x86~~6.0.1.2.cat"
1 Mar 2008 0:39:32 23 254 A.... "C:\Windows\servicing\Packages\Package_24_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:52 23 254 A.... "C:\Windows\servicing\Packages\Package_25_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
27 Mar 2008 21:06:14 1 383 A.... "C:\Windows\servicing\Packages\Package_for_KB905866_client_1~31bf3856ad364e35~x86~~6.0.19.0.mum"
1 Mar 2008 0:33:00 26 634 A.... "C:\Windows\servicing\Packages\Package_7_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
14 Mar 2008 23:06:44 10 640 A.... "C:\Windows\servicing\Packages\Package_for_KB948881~31bf3856ad364e35~x86~~6.0.1.1.cat"
27 Mar 2008 21:06:14 2 400 A.... "C:\Windows\servicing\Packages\Package_3_for_KB905866~31bf3856ad364e35~x86~~6.0.19.0.mum"
14 Mar 2008 23:06:02 2 459 A.... "C:\Windows\servicing\Packages\Package_3_for_KB948881~31bf3856ad364e35~x86~~6.0.1.1.mum"
27 Mar 2008 21:06:14 1 715 A.... "C:\Windows\servicing\Packages\Package_for_KB905866_client~31bf3856ad364e35~x86~~6.0.19.0.mum"
27 Mar 2008 21:06:14 1 424 A.... "C:\Windows\servicing\Packages\Package_for_KB905866_client_0~31bf3856ad364e35~x86~~6.0.19.0.mum"
23 Feb 2008 0:10:38 6 505 A.... "C:\Windows\servicing\Packages\Package_2_for_KB947864~31bf3856ad364e35~x86~~6.0.1.0.mum"
1 Mar 2008 0:38:22 14 442 A.... "C:\Windows\servicing\Packages\Package_47_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:12 23 254 A.... "C:\Windows\servicing\Packages\Package_48_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:30 14 442 A.... "C:\Windows\servicing\Packages\Package_49_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:32 23 254 A.... "C:\Windows\servicing\Packages\Package_32_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:28 14 442 A.... "C:\Windows\servicing\Packages\Package_43_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 10 866 A.... "C:\Windows\servicing\Packages\Package_52_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:39:14 23 254 A.... "C:\Windows\servicing\Packages\Package_46_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:22 23 254 A.... "C:\Windows\servicing\Packages\Package_40_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:28 14 442 A.... "C:\Windows\servicing\Packages\Package_41_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:38:16 14 442 A.... "C:\Windows\servicing\Packages\Package_34_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:32 23 254 A.... "C:\Windows\servicing\Packages\Package_35_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 2 401 A.... "C:\Windows\servicing\Packages\Package_4_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
22 Feb 2008 23:58:34 3 510 A.... "C:\Windows\servicing\Packages\Package_for_KB948590~31bf3856ad364e35~x86~~6.0.1.0.mum"
22 Feb 2008 23:58:34 2 401 A.... "C:\Windows\servicing\Packages\Package_5_for_KB948590~31bf3856ad364e35~x86~~6.0.1.0.mum"
1 Mar 2008 0:33:00 8 850 A.... "C:\Windows\servicing\Packages\Package_53_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 14 876 A.... "C:\Windows\servicing\Packages\Package_50_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
1 Mar 2008 0:33:00 15 088 A.... "C:\Windows\servicing\Packages\Package_51_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
27 Mar 2008 21:04:56 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB905866_client_1~31bf3856ad364e35~x86~~6.0.19.0.cat"
1 Mar 2008 0:38:34 15 485 A.... "C:\Windows\servicing\Packages\Package_3_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
14 Mar 2008 23:06:56 11 800 A.... "C:\Windows\servicing\Packages\Package_3_for_KB948881~31bf3856ad364e35~x86~~6.0.1.1.cat"
27 Mar 2008 21:05:02 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB905866_client~31bf3856ad364e35~x86~~6.0.19.0.cat"
27 Mar 2008 21:04:56 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB905866_client_0~31bf3856ad364e35~x86~~6.0.19.0.cat"
23 Feb 2008 0:10:40 26 709 A.... "C:\Windows\servicing\Packages\Package_5_for_KB947864~31bf3856ad364e35~x86~~6.0.1.0.mum"
23 Feb 2008 0:12:20 86 404 A.... "C:\Windows\servicing\Packages\Package_2_for_KB947864~31bf3856ad364e35~x86~~6.0.1.0.cat"
29 Feb 2008 23:02:12 3 510 A.... "C:\Windows\servicing\Packages\Package_for_KB941693~31bf3856ad364e35~x86~~6.0.1.2.mum"
14 Mar 2008 23:06:02 1 722 A.... "C:\Windows\servicing\Packages\Package_for_KB948881_client~31bf3856ad364e35~x86~~6.0.1.1.mum"
1 Mar 2008 0:39:58 32 373 A.... "C:\Windows\servicing\Packages\Package_52_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:33:00 18 890 A.... "C:\Windows\servicing\Packages\Package_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.mum"
14 Mar 2008 23:06:02 1 361 A.... "C:\Windows\servicing\Packages\Package_for_KB948881_client_1~31bf3856ad364e35~x86~~6.0.1.1.mum"
22 Feb 2008 23:58:34 1 445 A.... "C:\Windows\servicing\Packages\Package_for_KB948590_client_0~31bf3856ad364e35~x86~~6.0.1.0.mum"
23 Feb 2008 0:01:08 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB948590~31bf3856ad364e35~x86~~6.0.1.0.cat"
14 Mar 2008 23:06:02 1 434 A.... "C:\Windows\servicing\Packages\Package_for_KB948881_client_0~31bf3856ad364e35~x86~~6.0.1.1.mum"
23 Feb 2008 0:02:20 16 661 A.... "C:\Windows\servicing\Packages\Package_5_for_KB948590~31bf3856ad364e35~x86~~6.0.1.0.cat"
22 Feb 2008 23:58:34 1 386 A.... "C:\Windows\servicing\Packages\Package_for_KB948590_client_1~31bf3856ad364e35~x86~~6.0.1.0.mum"
1 Mar 2008 0:37:36 10 930 A.... "C:\Windows\servicing\Packages\Package_53_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:10 23 254 A.... "C:\Windows\servicing\Packages\Package_50_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
1 Mar 2008 0:39:10 23 254 A.... "C:\Windows\servicing\Packages\Package_51_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat"
25 Feb 2008 23:18:14 12 686 A.... "C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.17.0.cat"
27 Mar 2008 21:05:36 12 686 A.... "C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.19.0.cat"
23 Feb 2008 0:11:26 10 930 A.... "C:\Windows\servicing\Packages\Package_for_KB947864_client~31bf3856ad364e35~x86~~6.0.1.0.cat"
1 Mar 2008 0:33:00 1 739 A.... "C:\Windows\servicing\Packages\Package_for_KB938371_client~31bf3856ad364e35~x86~~6.0.2.27.mum"
23 Feb 2008 0:12:32

Virus bagle

40 réponses

Votre réponse

Discussions similaires

Newsletters