Nettoyer l'ordinateur
Résolu/Fermé
chooxy
Messages postés
12
Date d'inscription
lundi 12 mai 2008
Statut
Membre
Dernière intervention
5 juin 2008
-
15 mai 2008 à 18:21
chooxy Messages postés 12 Date d'inscription lundi 12 mai 2008 Statut Membre Dernière intervention 5 juin 2008 - 16 mai 2008 à 19:02
chooxy Messages postés 12 Date d'inscription lundi 12 mai 2008 Statut Membre Dernière intervention 5 juin 2008 - 16 mai 2008 à 19:02
A voir également:
- Nettoyer l'ordinateur
- Nettoyer ordinateur portable lent - Guide
- Nettoyer mac - Guide
- Réinitialiser ordinateur - Guide
- Nettoyer son ordinateur gratuitement - Guide
- Nettoyer port usb c - Accueil - Téléphones
9 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 mai 2008 à 18:43
15 mai 2008 à 18:43
slt,
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
_____________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
_______________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
_____________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
_______________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 mai 2008 à 20:48
15 mai 2008 à 20:48
tu n'as aucun antiespion et aucun antivirus??????
c'est pas encore gagné!!!
_____________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {50F72FED-5223-44B0-8F6F-BAE7CBB229E7} - C:\WINDOWS\system32\mlJYpoMd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - C:\WINDOWS\system32\urqpMcCT.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O2 - BHO: {271d4a1d-6589-448a-fd94-93dbdeaa204e} - {e402aaed-bd39-49df-a844-9856d1a4d172} - C:\WINDOWS\system32\kmgjmcof.dll
O4 - HKLM\..\Run: [BM631c502d] Rundll32.exe "C:\WINDOWS\system32\soahexcm.dll",s
O20 - Winlogon Notify: urqpMcCT - C:\WINDOWS\SYSTEM32\urqpMcCT.dll
__________________
analyse ces fichiers sur virus total et si inféctés tu les rajoutes dans la procedure suivant au niveau de files
https://www.virustotal.com/gui/
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\kgygyrdq.exe
C:\WINDOWS\system32\awtnpgrs.dll
C:\WINDOWS\system32\iiffDvUO.dll
C:\WINDOWS\system32\hgGwuvWm.dll
D:\Documents and Settings\DP.PANNETIER\lsass.exe
C:\WINDOWS\system32\cbXNDtTk.dll
C:\WINDOWS\system32\oodbs.lor
C:\WINDOWS\oodcnt.INI
C:\WINDOWS\system32\oodag
C:\Program Files\OO Software
C:\WINDOWS\system32\jmplqpsv.dll
C:\WINDOWS\system32\limdpxes.exe
C:\WINDOWS\system32\djitfbcx.dll
C:\WINDOWS\system32\wvfchaio.dll
C:\WINDOWS\system32\wmjpbbqk.exe
C:\WINDOWS\system32\rcpsrxda.dll
C:\WINDOWS\system32\fijkyiox.dll
C:\WINDOWS\system32\tuvWpNdc.dll
C:\WINDOWS\system32\ihunfsml.dll
C:\WINDOWS\system32\oiqetgta.exe
C:\WINDOWS\BM631c502d.xml
C:\WINDOWS\system32\yrtxqvrr.dll
C:\WINDOWS\system32\drivers\lvsvf2.sys
C:\WINDOWS\system32\g9.exe
C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll-uninst.exe
C:\WINDOWS\system32\jlwnw64k.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\mrofinu1000106.exe
C:\Temp\tmpvc14
C:\Program Files\winvi
___________________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
___________________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\mlJYpoMd.dll
C:\WINDOWS\system32\urqpMcCT.dll
C:\Program Files\dbar\Deskbar.dll
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\soahexcm.dll
C:\WINDOWS\system32\urqpMcCT.dll
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}
C:\Program Files\dbar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7AFE75A-7224-43C2-9980-907BF74790E4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e402aaed-bd39-49df-a844-9856d1a4d172}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM631c502d"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpMcCT]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_____________________________
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_____________________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________________
si tu n'as aucun antivirus installe antivir et colle un rapport
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
si tu as un antivirus colle un scan en ligne:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
c'est pas encore gagné!!!
_____________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {50F72FED-5223-44B0-8F6F-BAE7CBB229E7} - C:\WINDOWS\system32\mlJYpoMd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - C:\WINDOWS\system32\urqpMcCT.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O2 - BHO: {271d4a1d-6589-448a-fd94-93dbdeaa204e} - {e402aaed-bd39-49df-a844-9856d1a4d172} - C:\WINDOWS\system32\kmgjmcof.dll
O4 - HKLM\..\Run: [BM631c502d] Rundll32.exe "C:\WINDOWS\system32\soahexcm.dll",s
O20 - Winlogon Notify: urqpMcCT - C:\WINDOWS\SYSTEM32\urqpMcCT.dll
__________________
analyse ces fichiers sur virus total et si inféctés tu les rajoutes dans la procedure suivant au niveau de files
https://www.virustotal.com/gui/
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\kgygyrdq.exe
C:\WINDOWS\system32\awtnpgrs.dll
C:\WINDOWS\system32\iiffDvUO.dll
C:\WINDOWS\system32\hgGwuvWm.dll
D:\Documents and Settings\DP.PANNETIER\lsass.exe
C:\WINDOWS\system32\cbXNDtTk.dll
C:\WINDOWS\system32\oodbs.lor
C:\WINDOWS\oodcnt.INI
C:\WINDOWS\system32\oodag
C:\Program Files\OO Software
C:\WINDOWS\system32\jmplqpsv.dll
C:\WINDOWS\system32\limdpxes.exe
C:\WINDOWS\system32\djitfbcx.dll
C:\WINDOWS\system32\wvfchaio.dll
C:\WINDOWS\system32\wmjpbbqk.exe
C:\WINDOWS\system32\rcpsrxda.dll
C:\WINDOWS\system32\fijkyiox.dll
C:\WINDOWS\system32\tuvWpNdc.dll
C:\WINDOWS\system32\ihunfsml.dll
C:\WINDOWS\system32\oiqetgta.exe
C:\WINDOWS\BM631c502d.xml
C:\WINDOWS\system32\yrtxqvrr.dll
C:\WINDOWS\system32\drivers\lvsvf2.sys
C:\WINDOWS\system32\g9.exe
C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll-uninst.exe
C:\WINDOWS\system32\jlwnw64k.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\mrofinu1000106.exe
C:\Temp\tmpvc14
C:\Program Files\winvi
___________________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
___________________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\mlJYpoMd.dll
C:\WINDOWS\system32\urqpMcCT.dll
C:\Program Files\dbar\Deskbar.dll
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\soahexcm.dll
C:\WINDOWS\system32\urqpMcCT.dll
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}
C:\Program Files\dbar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7AFE75A-7224-43C2-9980-907BF74790E4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e402aaed-bd39-49df-a844-9856d1a4d172}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM631c502d"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpMcCT]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_____________________________
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_____________________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________________
si tu n'as aucun antivirus installe antivir et colle un rapport
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
si tu as un antivirus colle un scan en ligne:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
chooxy
Messages postés
12
Date d'inscription
lundi 12 mai 2008
Statut
Membre
Dernière intervention
5 juin 2008
15 mai 2008 à 22:09
15 mai 2008 à 22:09
Voilà, j'ai fait tout se que tu m'as demander !
RAPPORT COMBOFIX
ComboFix 08-05-12.1 - Benoit 2008-05-15 21:32:05.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.131 [GMT 2:00]
Endroit: D:\Documents and Settings\Benoit.PANNETIER\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\Benoit.PANNETIER\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Program Files\dbar
C:\Program Files\dbar\Deskbar.dll
C:\Program Files\dbar\deskbar.dll
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\mlJYpoMd.dll
C:\WINDOWS\system32\soahexcm.dll
C:\WINDOWS\system32\urqpMcCT.dll
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\dbar\deskbar.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dMopYJlm.ini
C:\WINDOWS\system32\dMopYJlm.ini2
C:\WINDOWS\system32\hgiyyjvs.ini
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\mlJYpoMd.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\soahexcm.dll
C:\WINDOWS\system32\urqpMcCT.dll
C:\WINDOWS\system32\yvaognen.ini
C:\WINDOWS\system32\zxdnt3d.cfg
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.
2008-05-15 21:35 . 2008-05-15 21:35 36 --a------ C:\WINDOWS\system32\msnav32.ax
2008-05-15 21:12 . 2008-05-15 21:12 116,224 --a------ C:\WINDOWS\system32\cdfkijsg.dll
2008-05-15 21:12 . 2008-05-15 21:12 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-05-15 21:09 . 2008-05-15 21:09 2,048 --a------ C:\WINDOWS\system32\tygpjbbl.exe
2008-05-15 21:06 . 2008-05-15 21:06 94,208 --a------ C:\WINDOWS\system32\svjyyigh.dll
2008-05-15 21:06 . 2008-05-15 21:06 2,048 --a------ C:\WINDOWS\system32\lwleiyup.exe
2008-05-15 21:04 . 2008-05-15 21:04 116,224 --a------ C:\WINDOWS\system32\qagrucit.dll
2008-05-15 21:03 . 2008-05-15 21:03 108,544 --a------ C:\WINDOWS\system32\qcngaevj.dll
2008-05-15 21:03 . 2008-05-15 21:03 94,208 --a------ C:\WINDOWS\system32\nengoavy.dll
2008-05-15 19:58 . <REP> C:\WINDOWS\LastGood.Tmp
2008-05-15 18:27 . 2008-05-15 18:27 2,232 --a------ C:\WINDOWS\DerniŠre session.ini
2008-05-15 18:27 . 2008-05-15 18:27 824 --a------ C:\WINDOWS\DerniŠre session_u.ini
2008-05-15 18:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\nLite
2008-05-15 17:31 . 2008-05-15 17:31 <REP> d-------- C:\WINDOWS\Sun
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-15 17:25 . 2008-05-15 17:25 2,048 --a------ C:\WINDOWS\system32\kgygyrdq.exe
2008-05-15 17:23 . 2008-05-15 17:23 108,544 --a------ C:\WINDOWS\system32\awtnpgrs.dll
2008-05-15 17:22 . 2008-05-15 17:22 373,248 --a------ C:\WINDOWS\system32\iiffDvUO.dll
2008-05-15 17:19 . 2008-05-15 17:19 28,672 --a------ C:\WINDOWS\system32\hgGwuvWm.dll
2008-05-15 17:15 . 2008-05-09 20:14 86,016 ---hs---- D:\Documents and Settings\DP.PANNETIER\lsass.exe
2008-05-15 17:15 . 2008-05-15 17:15 28,672 --a------ C:\WINDOWS\system32\cbXNDtTk.dll
2008-05-15 17:13 . 2008-05-15 21:34 7,662 --a------ C:\WINDOWS\system32\oodbs.lor
2008-05-15 17:11 . 2008-05-15 17:11 0 --a------ C:\WINDOWS\oodcnt.INI
2008-05-15 16:47 . 2008-05-15 16:47 <REP> d-------- C:\WINDOWS\system32\oodag
2008-05-15 16:43 . 2008-05-15 16:43 <REP> d-------- C:\Program Files\OO Software
2008-05-15 16:37 . 2008-05-15 16:37 116,224 --a------ C:\WINDOWS\system32\jmplqpsv.dll
2008-05-15 16:30 . 2008-05-15 16:30 2,048 --a------ C:\WINDOWS\system32\limdpxes.exe
2008-05-15 16:27 . 2008-05-15 16:27 94,208 --a------ C:\WINDOWS\system32\djitfbcx.dll
2008-05-15 16:18 . 2008-05-15 16:18 108,544 --a------ C:\WINDOWS\system32\wvfchaio.dll
2008-05-15 16:15 . 2008-05-15 16:15 2,048 --a------ C:\WINDOWS\system32\wmjpbbqk.exe
2008-05-15 16:12 . 2008-05-15 16:12 116,224 --a------ C:\WINDOWS\system32\rcpsrxda.dll
2008-05-15 16:10 . 2008-05-15 16:10 108,544 --a------ C:\WINDOWS\system32\fijkyiox.dll
2008-05-15 16:05 . 2008-05-15 16:05 28,672 --a------ C:\WINDOWS\system32\tuvWpNdc.dll
2008-05-15 16:04 . 2008-05-09 20:14 86,016 ---hs---- D:\Documents and Settings\Martine.PANNETIER\lsass.exe
2008-05-15 15:31 . 2008-05-15 15:47 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\LimeWire
2008-05-15 15:03 . 2008-05-15 15:03 116,224 --a------ C:\WINDOWS\system32\ihunfsml.dll
2008-05-15 15:00 . 2008-05-15 15:00 2,048 --a------ C:\WINDOWS\system32\oiqetgta.exe
2008-05-15 14:55 . 2008-05-15 20:08 109,861 --a------ C:\WINDOWS\BM631c502d.xml
2008-05-15 14:55 . 2008-05-15 14:55 108,544 --a------ C:\WINDOWS\system32\yrtxqvrr.dll
2008-05-15 01:15 . 2008-05-15 01:15 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\OD2
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\WINDOWS\naevius
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\Program Files\Multimediafeed 3GP Mobile Video Converter
2008-05-15 00:54 . 2008-05-15 00:54 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}
2008-05-15 00:54 . 2008-05-15 21:32 <REP> d-------- C:\Program Files\dbar
2008-05-15 00:47 . 2005-05-27 09:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-05-15 00:47 . 2008-05-15 00:47 401,974 --a------ C:\WINDOWS\system32\g9.exe
2008-05-15 00:47 . 2008-05-15 00:47 63,902 --a------ C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll-uninst.exe
2008-05-15 00:47 . 2008-05-15 00:47 49,176 --a------ C:\WINDOWS\system32\jlwnw64k.exe
2008-05-15 00:41 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-05-15 00:40 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Logitech
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\ma-config.com
2008-05-15 00:28 . 2008-05-15 00:28 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Leadertech
2008-05-15 00:25 . 2008-05-15 00:25 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-05-15 00:25 . 2008-05-15 00:31 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-14 23:55 . 2008-05-14 23:55 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._
2008-05-14 23:55 . 2008-05-14 23:55 687,592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-05-14 23:55 . 2008-05-14 23:55 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\Temp\tmpvc14
2008-05-14 23:54 . 2008-05-15 14:54 <REP> d-------- C:\Program Files\winvi
2008-05-14 23:54 . 2008-05-14 23:54 40,960 --a------ D:\Documents and Settings\Benoit.PANNETIER\services.exe
2008-05-14 23:53 . 2008-05-09 20:14 86,016 ---hs---- D:\Documents and Settings\Benoit.PANNETIER\lsass.exe
2008-05-14 23:49 . 2008-05-15 19:44 <REP> d-------- C:\Program Files\CCleaner
2008-05-14 23:44 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-14 23:39 . 2008-05-14 23:39 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 23:36 . 2008-05-14 23:36 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:35 . 2008-05-14 23:35 1,169 --a------ C:\WINDOWS\mozver.dat
2008-05-14 23:33 . 2008-05-14 23:52 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Contacts
2008-05-14 23:33 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-14 23:32 . 2008-05-15 00:27 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-14 23:32 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-14 23:32 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-14 23:31 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\PhotoFiltre
2008-05-14 23:24 . 2008-05-14 23:24 <REP> d---s---- D:\Documents and Settings\Benoit.PANNETIER\UserData
2008-05-14 23:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\Windows Live
2008-05-14 23:23 . 2008-05-14 23:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage r‚seau
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage d'impression
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\ModŠles
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Mes documents
2008-05-14 22:37 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Menu D‚marrer
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Favoris
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Bureau
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:37 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\Symantec
2008-05-14 22:37 . 2008-05-15 17:15 <REP> d-------- D:\Documents and Settings\DP.PANNETIER
2008-05-14 22:37 . 2008-05-15 21:34 1,024 --ah----- D:\Documents and Settings\DP.PANNETIER\ntuser.dat.LOG
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage r‚seau
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage d'impression
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\ModŠles
2008-05-14 22:34 . 2008-05-15 15:49 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Mes documents
2008-05-14 22:34 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Menu D‚marrer
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Favoris
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Bureau
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:34 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\Symantec
2008-05-14 22:34 . 2008-05-15 17:19 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER
2008-05-14 22:34 . 2008-05-15 21:34 1,024 --ah----- D:\Documents and Settings\Martine.PANNETIER\ntuser.dat.LOG
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage r‚seau
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage d'impression
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\ModŠles
2008-05-14 22:25 . 2008-05-15 19:48 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Mes documents
2008-05-14 22:25 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Menu D‚marrer
2008-05-14 22:25 . 2008-05-14 22:26 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Favoris
2008-05-14 22:25 . 2008-05-15 21:33 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Bureau
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:25 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Symantec
2008-05-14 22:25 . 2008-05-15 19:44 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER
2008-05-14 22:25 . 2008-05-15 21:35 131,072 --ah----- D:\Documents and Settings\Benoit.PANNETIER\ntuser.dat.LOG
2008-05-14 22:21 . 2008-05-14 22:21 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-14 21:19 . 2008-05-14 21:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-10 14:15 . 2008-05-10 14:15 86,016 ---hs---- D:\Documents and Settings\DP\lsass.exe
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage r‚seau
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage d'impression
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d--h----- D:\Documents and Settings\DP\ModŠles
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Mes documents
2008-05-10 14:11 . 2008-03-31 03:58 <REP> dr------- D:\Documents and Settings\DP\Menu D‚marrer
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Favoris
2008-05-10 14:11 . 2008-05-14 11:43 <REP> dr------- D:\Documents and Settings\DP\Bureau
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d-------- D:\Documents and Settings\DP\Application Data\You've Got Pictures Screensaver
2008-05-10 14:11 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP\Application Data\Symantec
2008-05-10 14:11 . 2008-05-10 14:15 <REP> d-------- D:\Documents and Settings\DP
2008-05-10 14:11 . 2008-05-15 19:49 1,024 --ah----- D:\Documents and Settings\DP\ntuser.dat.LOG
2008-05-09 20:50 . 2008-05-09 20:50 <REP> d-------- D:\Documents and Settings\MARTINE.106638040316.000\Incomplete
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:16 37,376 ----a-w C:\WINDOWS\mrofinu1188.exe
2008-05-15 05:19 --------- d-----w C:\Program Files\AOL 9.0
2008-05-15 05:15 --------- d-----w C:\Program Files\Services en ligne
2008-05-15 05:14 --------- d-----w C:\Program Files\QuickTime
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-05-15 05:12 --------- d-----w C:\Program Files\AOL Compagnon
2008-05-14 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 21:54 37,376 ----a-w C:\WINDOWS\mrofinu1188.exe.tmp
2008-05-14 21:44 --------- d-----w C:\Program Files\Java
2008-05-14 21:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-11 21:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-10 15:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-05-10 14:58 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 14:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\fssg
2008-05-10 12:20 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\LimeWire
2008-05-10 07:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2008-05-01 16:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-05-01 15:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-03 10:16 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\OD2
2008-04-02 18:29 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\AdobeUM
2008-03-31 20:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\AutoClic
2008-03-31 16:57 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\Symantec
2008-03-31 01:58 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\You've Got Pictures Screensaver
2007-11-21 19:25 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_19.58.50.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-15 18:17:08 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\44c7c0ec439c8b4faed699995de53ae9\Accessibility.ni.dll
+ 2008-05-15 18:17:11 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\86a73b4539dde04daf13ae4da52db3fe\AspNetMMCExt.ni.dll
+ 2008-05-15 18:17:12 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8df7533672843846be7f80f26a1abc0d\CustomMarshalers.ni.dll
+ 2008-05-15 18:17:11 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\20c3189ec0523941a11c4755f292a715\dfsvc.ni.exe
+ 2008-05-15 18:17:14 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a59d0cf578b639469926b3f95f969351\Microsoft.Build.Engine.ni.dll
+ 2008-05-15 18:17:14 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\867c8786328e9244aa86976ba9522dbc\Microsoft.Build.Framework.ni.dll
+ 2008-05-15 18:17:18 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\[u]0/uba34621f4d25b4d9f22048bd2a7b244\Microsoft.Build.Tasks.ni.dll
+ 2008-05-15 18:17:19 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\be5efae088fad0418929daf188db0a75\Microsoft.Build.Utilities.ni.dll
+ 2008-05-15 18:17:22 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\580d046d624b084da8f0217ea63c885e\Microsoft.VisualBasic.ni.dll
+ 2008-05-15 18:17:24 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8455581dc83dc4194210afac7e25669\System.Configuration.ni.dll
+ 2008-05-15 18:17:25 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\6dff6f44f64cee47809aed27fb8c373b\System.Deployment.ni.dll
+ 2008-05-15 18:17:29 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44099fd87e579a4d85f1293484ef86c2\System.DirectoryServices.Protocols.ni.dll
+ 2008-05-15 18:17:28 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\aefdfc7ba4a92a48ac35308981df6d9f\System.DirectoryServices.ni.dll
+ 2008-05-15 18:17:30 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\39c57c406b00dd4f9374950617af31de\System.EnterpriseServices.ni.dll
+ 2008-05-15 18:17:30 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\39c57c406b00dd4f9374950617af31de\System.EnterpriseServices.Wrapper.dll
+ 2008-05-15 18:17:32 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\d1c62e172b97f8498917cf1cd2fe2439\System.Security.ni.dll
+ 2008-05-15 18:17:33 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e4687798a0fd7342a257b9a4277b8957\System.Transactions.ni.dll
+ 2008-05-15 18:17:56 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\b7a9468b40797c4dbc720af144976140\System.Web.Mobile.ni.dll
+ 2008-05-15 18:17:57 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\c4cd0d8be712084fb7bc9c77145ddb6b\System.Web.RegularExpressions.ni.dll
+ 2008-05-15 18:18:00 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51420c7f6857fe4db3b018a125927118\System.Web.Services.ni.dll
+ 2008-05-15 18:17:51 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e6a49757f4f48241aeeb0fa0da72ac93\System.Web.ni.dll
- 2008-05-15 17:56:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 19:34:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-27 15:35:26 333,824 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66166953-5afb-46d1-af58-a83a67aad98f}]
2008-05-15 21:12 116224 --a------ C:\WINDOWS\system32\cdfkijsg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9506910A-0F94-4ea1-B567-7070428B8B2B}]
2008-03-27 17:35 333824 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{F6-63-31-1E-DW}"="C:\windows\system32\rwwnw64d.exe" [2008-05-14 23:54 49163]
"602f63b1"="C:\WINDOWS\system32\svjyyigh.dll" [2008-05-15 21:06 94208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpMcCT]
urqpMcCT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 21:19]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41085d1-21ff-11dd-8467-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edeeaa1e-21f3-11dd-8465-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-15 16:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2008-05-14 20:23:24 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 21:35:15
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\hgiyyjvs.ini
Scan termin‚ avec succŠs
Les fichiers cach‚s: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\svjyyigh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 21:36:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 19:36:22
ComboFix2.txt 2008-05-15 17:59:44
Pre-Run: 26,065,940,480 octets libres
Post-Run: 26,052,009,984 octets libres
309 --- E O F --- 2008-05-14 21:44:18
____________________________________________________________________________________________________________
RAPPORT MalwareByte's Anti-Malware
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 722
Type de recherche: Examen rapide
Eléments examinés: 48849
Temps écoulé: 3 minute(s), 34 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 59
Processus mémoire infecté(s):
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\svjyyigh.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysidesearchsearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\602f63b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F6-63-31-1E-DW} (Adware.Zenosearch) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\temp (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33} (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\svjyyigh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgiyyjvs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\temp\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1188.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvWpNdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNDtTk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtnpgrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwuvWm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iiffDvUO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\BENOIT\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Martine.PANNETIER\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\MARTINE.106638040316.000\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\DP.PANNETIER\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\DP\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\BENOIT\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
____________________________________________________________________________________________________________
RAPPORT ANTIVIR
Avira AntiVir Personal
Report file date: jeudi 15 mai 2008 22:07
Scanning for 1165085 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Benoit
Computer name: PANNETIER
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: BootSectorTest
Configuration file...............: D:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVCENTER_482c9806\8467db3d.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 15 mai 2008 22:07
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
End of the scan: jeudi 15 mai 2008 22:07
Used time: 00:02 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
4 Warnings
0 Notes
RAPPORT COMBOFIX
ComboFix 08-05-12.1 - Benoit 2008-05-15 21:32:05.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.131 [GMT 2:00]
Endroit: D:\Documents and Settings\Benoit.PANNETIER\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\Benoit.PANNETIER\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Program Files\dbar
C:\Program Files\dbar\Deskbar.dll
C:\Program Files\dbar\deskbar.dll
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\mlJYpoMd.dll
C:\WINDOWS\system32\soahexcm.dll
C:\WINDOWS\system32\urqpMcCT.dll
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\dbar\deskbar.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dMopYJlm.ini
C:\WINDOWS\system32\dMopYJlm.ini2
C:\WINDOWS\system32\hgiyyjvs.ini
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\mlJYpoMd.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\soahexcm.dll
C:\WINDOWS\system32\urqpMcCT.dll
C:\WINDOWS\system32\yvaognen.ini
C:\WINDOWS\system32\zxdnt3d.cfg
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.
2008-05-15 21:35 . 2008-05-15 21:35 36 --a------ C:\WINDOWS\system32\msnav32.ax
2008-05-15 21:12 . 2008-05-15 21:12 116,224 --a------ C:\WINDOWS\system32\cdfkijsg.dll
2008-05-15 21:12 . 2008-05-15 21:12 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-05-15 21:09 . 2008-05-15 21:09 2,048 --a------ C:\WINDOWS\system32\tygpjbbl.exe
2008-05-15 21:06 . 2008-05-15 21:06 94,208 --a------ C:\WINDOWS\system32\svjyyigh.dll
2008-05-15 21:06 . 2008-05-15 21:06 2,048 --a------ C:\WINDOWS\system32\lwleiyup.exe
2008-05-15 21:04 . 2008-05-15 21:04 116,224 --a------ C:\WINDOWS\system32\qagrucit.dll
2008-05-15 21:03 . 2008-05-15 21:03 108,544 --a------ C:\WINDOWS\system32\qcngaevj.dll
2008-05-15 21:03 . 2008-05-15 21:03 94,208 --a------ C:\WINDOWS\system32\nengoavy.dll
2008-05-15 19:58 . <REP> C:\WINDOWS\LastGood.Tmp
2008-05-15 18:27 . 2008-05-15 18:27 2,232 --a------ C:\WINDOWS\DerniŠre session.ini
2008-05-15 18:27 . 2008-05-15 18:27 824 --a------ C:\WINDOWS\DerniŠre session_u.ini
2008-05-15 18:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\nLite
2008-05-15 17:31 . 2008-05-15 17:31 <REP> d-------- C:\WINDOWS\Sun
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-15 17:25 . 2008-05-15 17:25 2,048 --a------ C:\WINDOWS\system32\kgygyrdq.exe
2008-05-15 17:23 . 2008-05-15 17:23 108,544 --a------ C:\WINDOWS\system32\awtnpgrs.dll
2008-05-15 17:22 . 2008-05-15 17:22 373,248 --a------ C:\WINDOWS\system32\iiffDvUO.dll
2008-05-15 17:19 . 2008-05-15 17:19 28,672 --a------ C:\WINDOWS\system32\hgGwuvWm.dll
2008-05-15 17:15 . 2008-05-09 20:14 86,016 ---hs---- D:\Documents and Settings\DP.PANNETIER\lsass.exe
2008-05-15 17:15 . 2008-05-15 17:15 28,672 --a------ C:\WINDOWS\system32\cbXNDtTk.dll
2008-05-15 17:13 . 2008-05-15 21:34 7,662 --a------ C:\WINDOWS\system32\oodbs.lor
2008-05-15 17:11 . 2008-05-15 17:11 0 --a------ C:\WINDOWS\oodcnt.INI
2008-05-15 16:47 . 2008-05-15 16:47 <REP> d-------- C:\WINDOWS\system32\oodag
2008-05-15 16:43 . 2008-05-15 16:43 <REP> d-------- C:\Program Files\OO Software
2008-05-15 16:37 . 2008-05-15 16:37 116,224 --a------ C:\WINDOWS\system32\jmplqpsv.dll
2008-05-15 16:30 . 2008-05-15 16:30 2,048 --a------ C:\WINDOWS\system32\limdpxes.exe
2008-05-15 16:27 . 2008-05-15 16:27 94,208 --a------ C:\WINDOWS\system32\djitfbcx.dll
2008-05-15 16:18 . 2008-05-15 16:18 108,544 --a------ C:\WINDOWS\system32\wvfchaio.dll
2008-05-15 16:15 . 2008-05-15 16:15 2,048 --a------ C:\WINDOWS\system32\wmjpbbqk.exe
2008-05-15 16:12 . 2008-05-15 16:12 116,224 --a------ C:\WINDOWS\system32\rcpsrxda.dll
2008-05-15 16:10 . 2008-05-15 16:10 108,544 --a------ C:\WINDOWS\system32\fijkyiox.dll
2008-05-15 16:05 . 2008-05-15 16:05 28,672 --a------ C:\WINDOWS\system32\tuvWpNdc.dll
2008-05-15 16:04 . 2008-05-09 20:14 86,016 ---hs---- D:\Documents and Settings\Martine.PANNETIER\lsass.exe
2008-05-15 15:31 . 2008-05-15 15:47 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\LimeWire
2008-05-15 15:03 . 2008-05-15 15:03 116,224 --a------ C:\WINDOWS\system32\ihunfsml.dll
2008-05-15 15:00 . 2008-05-15 15:00 2,048 --a------ C:\WINDOWS\system32\oiqetgta.exe
2008-05-15 14:55 . 2008-05-15 20:08 109,861 --a------ C:\WINDOWS\BM631c502d.xml
2008-05-15 14:55 . 2008-05-15 14:55 108,544 --a------ C:\WINDOWS\system32\yrtxqvrr.dll
2008-05-15 01:15 . 2008-05-15 01:15 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\OD2
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\WINDOWS\naevius
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\Program Files\Multimediafeed 3GP Mobile Video Converter
2008-05-15 00:54 . 2008-05-15 00:54 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}
2008-05-15 00:54 . 2008-05-15 21:32 <REP> d-------- C:\Program Files\dbar
2008-05-15 00:47 . 2005-05-27 09:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-05-15 00:47 . 2008-05-15 00:47 401,974 --a------ C:\WINDOWS\system32\g9.exe
2008-05-15 00:47 . 2008-05-15 00:47 63,902 --a------ C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll-uninst.exe
2008-05-15 00:47 . 2008-05-15 00:47 49,176 --a------ C:\WINDOWS\system32\jlwnw64k.exe
2008-05-15 00:41 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-05-15 00:40 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Logitech
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\ma-config.com
2008-05-15 00:28 . 2008-05-15 00:28 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Leadertech
2008-05-15 00:25 . 2008-05-15 00:25 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-05-15 00:25 . 2008-05-15 00:31 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-14 23:55 . 2008-05-14 23:55 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._
2008-05-14 23:55 . 2008-05-14 23:55 687,592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-05-14 23:55 . 2008-05-14 23:55 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\Temp\tmpvc14
2008-05-14 23:54 . 2008-05-15 14:54 <REP> d-------- C:\Program Files\winvi
2008-05-14 23:54 . 2008-05-14 23:54 40,960 --a------ D:\Documents and Settings\Benoit.PANNETIER\services.exe
2008-05-14 23:53 . 2008-05-09 20:14 86,016 ---hs---- D:\Documents and Settings\Benoit.PANNETIER\lsass.exe
2008-05-14 23:49 . 2008-05-15 19:44 <REP> d-------- C:\Program Files\CCleaner
2008-05-14 23:44 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-14 23:39 . 2008-05-14 23:39 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 23:36 . 2008-05-14 23:36 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:35 . 2008-05-14 23:35 1,169 --a------ C:\WINDOWS\mozver.dat
2008-05-14 23:33 . 2008-05-14 23:52 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Contacts
2008-05-14 23:33 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-14 23:32 . 2008-05-15 00:27 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-14 23:32 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-14 23:32 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-14 23:31 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\PhotoFiltre
2008-05-14 23:24 . 2008-05-14 23:24 <REP> d---s---- D:\Documents and Settings\Benoit.PANNETIER\UserData
2008-05-14 23:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\Windows Live
2008-05-14 23:23 . 2008-05-14 23:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage r‚seau
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage d'impression
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\ModŠles
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Mes documents
2008-05-14 22:37 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Menu D‚marrer
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Favoris
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Bureau
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:37 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\Symantec
2008-05-14 22:37 . 2008-05-15 17:15 <REP> d-------- D:\Documents and Settings\DP.PANNETIER
2008-05-14 22:37 . 2008-05-15 21:34 1,024 --ah----- D:\Documents and Settings\DP.PANNETIER\ntuser.dat.LOG
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage r‚seau
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage d'impression
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\ModŠles
2008-05-14 22:34 . 2008-05-15 15:49 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Mes documents
2008-05-14 22:34 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Menu D‚marrer
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Favoris
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Bureau
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:34 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\Symantec
2008-05-14 22:34 . 2008-05-15 17:19 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER
2008-05-14 22:34 . 2008-05-15 21:34 1,024 --ah----- D:\Documents and Settings\Martine.PANNETIER\ntuser.dat.LOG
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage r‚seau
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage d'impression
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\ModŠles
2008-05-14 22:25 . 2008-05-15 19:48 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Mes documents
2008-05-14 22:25 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Menu D‚marrer
2008-05-14 22:25 . 2008-05-14 22:26 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Favoris
2008-05-14 22:25 . 2008-05-15 21:33 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Bureau
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:25 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Symantec
2008-05-14 22:25 . 2008-05-15 19:44 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER
2008-05-14 22:25 . 2008-05-15 21:35 131,072 --ah----- D:\Documents and Settings\Benoit.PANNETIER\ntuser.dat.LOG
2008-05-14 22:21 . 2008-05-14 22:21 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-14 21:19 . 2008-05-14 21:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-10 14:15 . 2008-05-10 14:15 86,016 ---hs---- D:\Documents and Settings\DP\lsass.exe
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage r‚seau
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage d'impression
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d--h----- D:\Documents and Settings\DP\ModŠles
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Mes documents
2008-05-10 14:11 . 2008-03-31 03:58 <REP> dr------- D:\Documents and Settings\DP\Menu D‚marrer
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Favoris
2008-05-10 14:11 . 2008-05-14 11:43 <REP> dr------- D:\Documents and Settings\DP\Bureau
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d-------- D:\Documents and Settings\DP\Application Data\You've Got Pictures Screensaver
2008-05-10 14:11 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP\Application Data\Symantec
2008-05-10 14:11 . 2008-05-10 14:15 <REP> d-------- D:\Documents and Settings\DP
2008-05-10 14:11 . 2008-05-15 19:49 1,024 --ah----- D:\Documents and Settings\DP\ntuser.dat.LOG
2008-05-09 20:50 . 2008-05-09 20:50 <REP> d-------- D:\Documents and Settings\MARTINE.106638040316.000\Incomplete
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:16 37,376 ----a-w C:\WINDOWS\mrofinu1188.exe
2008-05-15 05:19 --------- d-----w C:\Program Files\AOL 9.0
2008-05-15 05:15 --------- d-----w C:\Program Files\Services en ligne
2008-05-15 05:14 --------- d-----w C:\Program Files\QuickTime
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-05-15 05:12 --------- d-----w C:\Program Files\AOL Compagnon
2008-05-14 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 21:54 37,376 ----a-w C:\WINDOWS\mrofinu1188.exe.tmp
2008-05-14 21:44 --------- d-----w C:\Program Files\Java
2008-05-14 21:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-11 21:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-10 15:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-05-10 14:58 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 14:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\fssg
2008-05-10 12:20 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\LimeWire
2008-05-10 07:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2008-05-01 16:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-05-01 15:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-03 10:16 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\OD2
2008-04-02 18:29 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\AdobeUM
2008-03-31 20:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\AutoClic
2008-03-31 16:57 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\Symantec
2008-03-31 01:58 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\You've Got Pictures Screensaver
2007-11-21 19:25 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_19.58.50.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-15 18:17:08 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\44c7c0ec439c8b4faed699995de53ae9\Accessibility.ni.dll
+ 2008-05-15 18:17:11 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\86a73b4539dde04daf13ae4da52db3fe\AspNetMMCExt.ni.dll
+ 2008-05-15 18:17:12 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8df7533672843846be7f80f26a1abc0d\CustomMarshalers.ni.dll
+ 2008-05-15 18:17:11 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\20c3189ec0523941a11c4755f292a715\dfsvc.ni.exe
+ 2008-05-15 18:17:14 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a59d0cf578b639469926b3f95f969351\Microsoft.Build.Engine.ni.dll
+ 2008-05-15 18:17:14 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\867c8786328e9244aa86976ba9522dbc\Microsoft.Build.Framework.ni.dll
+ 2008-05-15 18:17:18 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\[u]0/uba34621f4d25b4d9f22048bd2a7b244\Microsoft.Build.Tasks.ni.dll
+ 2008-05-15 18:17:19 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\be5efae088fad0418929daf188db0a75\Microsoft.Build.Utilities.ni.dll
+ 2008-05-15 18:17:22 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\580d046d624b084da8f0217ea63c885e\Microsoft.VisualBasic.ni.dll
+ 2008-05-15 18:17:24 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8455581dc83dc4194210afac7e25669\System.Configuration.ni.dll
+ 2008-05-15 18:17:25 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\6dff6f44f64cee47809aed27fb8c373b\System.Deployment.ni.dll
+ 2008-05-15 18:17:29 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44099fd87e579a4d85f1293484ef86c2\System.DirectoryServices.Protocols.ni.dll
+ 2008-05-15 18:17:28 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\aefdfc7ba4a92a48ac35308981df6d9f\System.DirectoryServices.ni.dll
+ 2008-05-15 18:17:30 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\39c57c406b00dd4f9374950617af31de\System.EnterpriseServices.ni.dll
+ 2008-05-15 18:17:30 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\39c57c406b00dd4f9374950617af31de\System.EnterpriseServices.Wrapper.dll
+ 2008-05-15 18:17:32 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\d1c62e172b97f8498917cf1cd2fe2439\System.Security.ni.dll
+ 2008-05-15 18:17:33 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e4687798a0fd7342a257b9a4277b8957\System.Transactions.ni.dll
+ 2008-05-15 18:17:56 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\b7a9468b40797c4dbc720af144976140\System.Web.Mobile.ni.dll
+ 2008-05-15 18:17:57 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\c4cd0d8be712084fb7bc9c77145ddb6b\System.Web.RegularExpressions.ni.dll
+ 2008-05-15 18:18:00 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51420c7f6857fe4db3b018a125927118\System.Web.Services.ni.dll
+ 2008-05-15 18:17:51 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e6a49757f4f48241aeeb0fa0da72ac93\System.Web.ni.dll
- 2008-05-15 17:56:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 19:34:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-27 15:35:26 333,824 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66166953-5afb-46d1-af58-a83a67aad98f}]
2008-05-15 21:12 116224 --a------ C:\WINDOWS\system32\cdfkijsg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9506910A-0F94-4ea1-B567-7070428B8B2B}]
2008-03-27 17:35 333824 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{F6-63-31-1E-DW}"="C:\windows\system32\rwwnw64d.exe" [2008-05-14 23:54 49163]
"602f63b1"="C:\WINDOWS\system32\svjyyigh.dll" [2008-05-15 21:06 94208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpMcCT]
urqpMcCT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 21:19]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41085d1-21ff-11dd-8467-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edeeaa1e-21f3-11dd-8465-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-15 16:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2008-05-14 20:23:24 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 21:35:15
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\hgiyyjvs.ini
Scan termin‚ avec succŠs
Les fichiers cach‚s: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\svjyyigh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 21:36:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 19:36:22
ComboFix2.txt 2008-05-15 17:59:44
Pre-Run: 26,065,940,480 octets libres
Post-Run: 26,052,009,984 octets libres
309 --- E O F --- 2008-05-14 21:44:18
____________________________________________________________________________________________________________
RAPPORT MalwareByte's Anti-Malware
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 722
Type de recherche: Examen rapide
Eléments examinés: 48849
Temps écoulé: 3 minute(s), 34 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 59
Processus mémoire infecté(s):
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\svjyyigh.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysidesearchsearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\602f63b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F6-63-31-1E-DW} (Adware.Zenosearch) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\temp (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33} (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\svjyyigh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgiyyjvs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\temp\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1188.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvWpNdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNDtTk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtnpgrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwuvWm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iiffDvUO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\BENOIT\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Martine.PANNETIER\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\MARTINE.106638040316.000\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\DP.PANNETIER\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\DP\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Benoit.PANNETIER\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\BENOIT\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
____________________________________________________________________________________________________________
RAPPORT ANTIVIR
Avira AntiVir Personal
Report file date: jeudi 15 mai 2008 22:07
Scanning for 1165085 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Benoit
Computer name: PANNETIER
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: BootSectorTest
Configuration file...............: D:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVCENTER_482c9806\8467db3d.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 15 mai 2008 22:07
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
End of the scan: jeudi 15 mai 2008 22:07
Used time: 00:02 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
4 Warnings
0 Notes
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 mai 2008 à 22:13
15 mai 2008 à 22:13
recolle un rapport combofix et hijakchtis
__________
dis moi si
tu avais fais ceci????
analyse ces fichiers sur virus total et si inféctés tu les rajoutes dans la procedure suivant au niveau de files
https://www.virustotal.com/gui/
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\kgygyrdq.exe
C:\WINDOWS\system32\awtnpgrs.dll
C:\WINDOWS\system32\iiffDvUO.dll
C:\WINDOWS\system32\hgGwuvWm.dll
D:\Documents and Settings\DP.PANNETIER\lsass.exe
C:\WINDOWS\system32\cbXNDtTk.dll
C:\WINDOWS\system32\oodbs.lor
C:\WINDOWS\oodcnt.INI
C:\WINDOWS\system32\oodag
C:\Program Files\OO Software
C:\WINDOWS\system32\jmplqpsv.dll
C:\WINDOWS\system32\limdpxes.exe
C:\WINDOWS\system32\djitfbcx.dll
C:\WINDOWS\system32\wvfchaio.dll
C:\WINDOWS\system32\wmjpbbqk.exe
C:\WINDOWS\system32\rcpsrxda.dll
C:\WINDOWS\system32\fijkyiox.dll
C:\WINDOWS\system32\tuvWpNdc.dll
C:\WINDOWS\system32\ihunfsml.dll
C:\WINDOWS\system32\oiqetgta.exe
C:\WINDOWS\BM631c502d.xml
C:\WINDOWS\system32\yrtxqvrr.dll
C:\WINDOWS\system32\drivers\lvsvf2.sys
C:\WINDOWS\system32\g9.exe
C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll-uninst.exe
C:\WINDOWS\system32\jlwnw64k.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\mrofinu1000106.exe
C:\Temp\tmpvc14
C:\Program Files\winvi
__________
dis moi si
tu avais fais ceci????
analyse ces fichiers sur virus total et si inféctés tu les rajoutes dans la procedure suivant au niveau de files
https://www.virustotal.com/gui/
C:\WINDOWS\system32\kmgjmcof.dll
C:\WINDOWS\system32\kgygyrdq.exe
C:\WINDOWS\system32\awtnpgrs.dll
C:\WINDOWS\system32\iiffDvUO.dll
C:\WINDOWS\system32\hgGwuvWm.dll
D:\Documents and Settings\DP.PANNETIER\lsass.exe
C:\WINDOWS\system32\cbXNDtTk.dll
C:\WINDOWS\system32\oodbs.lor
C:\WINDOWS\oodcnt.INI
C:\WINDOWS\system32\oodag
C:\Program Files\OO Software
C:\WINDOWS\system32\jmplqpsv.dll
C:\WINDOWS\system32\limdpxes.exe
C:\WINDOWS\system32\djitfbcx.dll
C:\WINDOWS\system32\wvfchaio.dll
C:\WINDOWS\system32\wmjpbbqk.exe
C:\WINDOWS\system32\rcpsrxda.dll
C:\WINDOWS\system32\fijkyiox.dll
C:\WINDOWS\system32\tuvWpNdc.dll
C:\WINDOWS\system32\ihunfsml.dll
C:\WINDOWS\system32\oiqetgta.exe
C:\WINDOWS\BM631c502d.xml
C:\WINDOWS\system32\yrtxqvrr.dll
C:\WINDOWS\system32\drivers\lvsvf2.sys
C:\WINDOWS\system32\g9.exe
C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll-uninst.exe
C:\WINDOWS\system32\jlwnw64k.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\mrofinu1000106.exe
C:\Temp\tmpvc14
C:\Program Files\winvi
chooxy
Messages postés
12
Date d'inscription
lundi 12 mai 2008
Statut
Membre
Dernière intervention
5 juin 2008
15 mai 2008 à 22:27
15 mai 2008 à 22:27
Non :$
Je n'ai pas compris le fonctionnement du site, comment il faut faire.. .
__________
ComboFix 08-05-12.1 - Benoit 2008-05-15 22:22:50.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.92 [GMT 2:00]
Endroit: D:\Documents and Settings\Benoit.PANNETIER\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.
2008-05-15 22:03 . 2008-05-15 22:03 <REP> d-------- C:\Program Files\Avira
2008-05-15 21:58 . 2008-05-15 21:58 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-15 21:50 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-15 21:50 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-15 21:50 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-15 21:50 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-15 21:50 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-15 21:50 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-15 21:50 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-15 21:50 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-15 21:50 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-15 21:39 . 2008-05-15 21:39 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Malwarebytes
2008-05-15 21:39 . 2008-05-15 21:39 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 21:39 . 2008-05-15 21:39 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 21:39 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-15 21:39 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-15 21:39 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-15 21:39 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 21:39 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 21:37 . 2008-05-15 21:58 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-15 21:09 . 2008-05-15 21:09 2,048 --a------ C:\WINDOWS\system32\tygpjbbl.exe
2008-05-15 21:04 . 2008-05-15 21:04 116,224 --a------ C:\WINDOWS\system32\qagrucit.dll
2008-05-15 21:03 . 2008-05-15 21:03 108,544 --a------ C:\WINDOWS\system32\qcngaevj.dll
2008-05-15 21:03 . 2008-05-15 21:03 94,208 --a------ C:\WINDOWS\system32\nengoavy.dll
2008-05-15 18:27 . 2008-05-15 18:27 2,232 --a------ C:\WINDOWS\Dernière session.ini
2008-05-15 18:27 . 2008-05-15 18:27 824 --a------ C:\WINDOWS\Dernière session_u.ini
2008-05-15 18:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\nLite
2008-05-15 17:31 . 2008-05-15 17:31 <REP> d-------- C:\WINDOWS\Sun
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-15 17:13 . 2008-05-15 22:05 10,216 --a------ C:\WINDOWS\system32\oodbs.lor
2008-05-15 17:11 . 2008-05-15 17:11 0 --a------ C:\WINDOWS\oodcnt.INI
2008-05-15 16:47 . 2008-05-15 16:47 <REP> d-------- C:\WINDOWS\system32\oodag
2008-05-15 16:43 . 2008-05-15 16:43 <REP> d-------- C:\Program Files\OO Software
2008-05-15 16:37 . 2008-05-15 16:37 116,224 --a------ C:\WINDOWS\system32\jmplqpsv.dll
2008-05-15 16:27 . 2008-05-15 16:27 94,208 --a------ C:\WINDOWS\system32\djitfbcx.dll
2008-05-15 16:18 . 2008-05-15 16:18 108,544 --a------ C:\WINDOWS\system32\wvfchaio.dll
2008-05-15 16:15 . 2008-05-15 16:15 2,048 --a------ C:\WINDOWS\system32\wmjpbbqk.exe
2008-05-15 16:12 . 2008-05-15 16:12 116,224 --a------ C:\WINDOWS\system32\rcpsrxda.dll
2008-05-15 16:10 . 2008-05-15 16:10 108,544 --a------ C:\WINDOWS\system32\fijkyiox.dll
2008-05-15 15:31 . 2008-05-15 15:47 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\LimeWire
2008-05-15 15:03 . 2008-05-15 15:03 116,224 --a------ C:\WINDOWS\system32\ihunfsml.dll
2008-05-15 15:00 . 2008-05-15 15:00 2,048 --a------ C:\WINDOWS\system32\oiqetgta.exe
2008-05-15 14:55 . 2008-05-15 20:08 109,861 --a------ C:\WINDOWS\BM631c502d.xml
2008-05-15 14:55 . 2008-05-15 14:55 108,544 --a------ C:\WINDOWS\system32\yrtxqvrr.dll
2008-05-15 01:15 . 2008-05-15 01:15 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\OD2
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\WINDOWS\naevius
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\Program Files\Multimediafeed 3GP Mobile Video Converter
2008-05-15 00:47 . 2005-05-27 09:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-05-15 00:47 . 2008-05-15 00:47 401,974 --a------ C:\WINDOWS\system32\g9.exe
2008-05-15 00:41 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-05-15 00:40 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Logitech
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\ma-config.com
2008-05-15 00:28 . 2008-05-15 00:28 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Leadertech
2008-05-15 00:25 . 2008-05-15 00:25 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-05-15 00:25 . 2008-05-15 00:31 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\WINDOWS\system32\rDA
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\WINDOWS\system32\emL1
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\WINDOWS\system32\dFrnx18
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\WINDOWS\system32\3056v
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\Temp\tmpvc14
2008-05-14 23:54 . 2008-05-15 19:49 <REP> d-------- C:\Temp
2008-05-14 23:54 . 2008-05-14 23:54 298,317 --a------ C:\WINDOWS\system32\gside.exe
2008-05-14 23:54 . 2008-05-14 23:54 200,775 --a------ C:\WINDOWS\system32\ncntmkdm.exe
2008-05-14 23:54 . 2008-05-14 23:54 37,376 --a------ C:\WINDOWS\mrofinu1188.exe.tmp
2008-05-14 23:54 . 2008-05-15 21:03 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-14 23:49 . 2008-05-15 19:44 <REP> d-------- C:\Program Files\CCleaner
2008-05-14 23:44 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-14 23:39 . 2008-05-14 23:39 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 23:36 . 2008-05-14 23:36 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:35 . 2008-05-14 23:35 1,169 --a------ C:\WINDOWS\mozver.dat
2008-05-14 23:33 . 2008-05-14 23:52 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Contacts
2008-05-14 23:33 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-14 23:32 . 2008-05-15 00:27 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-14 23:32 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-14 23:32 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-14 23:31 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\PhotoFiltre
2008-05-14 23:24 . 2008-05-14 23:24 <REP> d--hs---- D:\Documents and Settings\Benoit.PANNETIER\UserData
2008-05-14 23:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\Windows Live
2008-05-14 23:23 . 2008-05-14 23:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage réseau
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage d'impression
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Modèles
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Mes documents
2008-05-14 22:37 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Menu Démarrer
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Favoris
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Bureau
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:37 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\Symantec
2008-05-14 22:37 . 2008-05-15 21:44 <REP> d-------- D:\Documents and Settings\DP.PANNETIER
2008-05-14 22:37 . 2008-05-15 22:05 1,024 --ah----- D:\Documents and Settings\DP.PANNETIER\ntuser.dat.LOG
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage réseau
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage d'impression
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Modèles
2008-05-14 22:34 . 2008-05-15 15:49 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Mes documents
2008-05-14 22:34 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Menu Démarrer
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Favoris
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Bureau
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:34 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\Symantec
2008-05-14 22:34 . 2008-05-15 21:44 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER
2008-05-14 22:34 . 2008-05-15 22:05 1,024 --ah----- D:\Documents and Settings\Martine.PANNETIER\ntuser.dat.LOG
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage réseau
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage d'impression
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Modèles
2008-05-14 22:25 . 2008-05-15 22:06 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Mes documents
2008-05-14 22:25 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Menu Démarrer
2008-05-14 22:25 . 2008-05-15 22:06 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Favoris
2008-05-14 22:25 . 2008-05-15 22:12 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Bureau
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:25 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Symantec
2008-05-14 22:25 . 2008-05-15 21:44 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER
2008-05-14 22:25 . 2008-05-15 22:24 86,016 --ah----- D:\Documents and Settings\Benoit.PANNETIER\ntuser.dat.LOG
2008-05-14 22:21 . 2008-05-14 22:21 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-14 21:19 . 2008-05-14 21:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage réseau
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage d'impression
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d--h----- D:\Documents and Settings\DP\Modèles
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Mes documents
2008-05-10 14:11 . 2008-03-31 03:58 <REP> dr------- D:\Documents and Settings\DP\Menu Démarrer
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Favoris
2008-05-10 14:11 . 2008-05-14 11:43 <REP> dr------- D:\Documents and Settings\DP\Bureau
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d-------- D:\Documents and Settings\DP\Application Data\You've Got Pictures Screensaver
2008-05-10 14:11 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP\Application Data\Symantec
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 05:19 --------- d-----w C:\Program Files\AOL 9.0
2008-05-15 05:15 --------- d-----w C:\Program Files\Services en ligne
2008-05-15 05:14 --------- d-----w C:\Program Files\QuickTime
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-05-15 05:12 --------- d-----w C:\Program Files\AOL Compagnon
2008-05-14 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 21:44 --------- d-----w C:\Program Files\Java
2008-05-14 21:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-11 21:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-10 15:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-05-10 14:58 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 14:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\fssg
2008-05-10 12:20 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\LimeWire
2008-05-10 07:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2008-05-01 16:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-05-01 15:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-03 10:16 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\OD2
2008-04-02 18:29 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\AdobeUM
2008-03-31 20:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\AutoClic
2008-03-31 16:57 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\Symantec
2008-03-31 01:58 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\You've Got Pictures Screensaver
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-16 09:02 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:02 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:02 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:02 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:02 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-11-21 19:25 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_19.58.50.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
+ 2005-05-27 02:11:03 41,472 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
+ 2005-05-27 02:11:03 155,136 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
+ 2005-05-27 02:11:03 137,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
+ 2005-02-24 18:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
+ 2005-02-24 18:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
+ 2005-02-24 18:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
+ 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
+ 2005-02-24 18:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-16 09:31:57 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:31:59 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:00 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:00 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\spru040c.dll
+ 2008-02-16 09:32:00 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:00 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-05-15 18:17:08 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\44c7c0ec439c8b4faed699995de53ae9\Accessibility.ni.dll
+ 2008-05-15 18:17:11 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\86a73b4539dde04daf13ae4da52db3fe\AspNetMMCExt.ni.dll
+ 2008-05-15 18:17:12 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8df7533672843846be7f80f26a1abc0d\CustomMarshalers.ni.dll
+ 2008-05-15 18:17:11 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\20c3189ec0523941a11c4755f292a715\dfsvc.ni.exe
+ 2008-05-15 18:17:14 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a59d0cf578b639469926b3f95f969351\Microsoft.Build.Engine.ni.dll
+ 2008-05-15 18:17:14 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\867c8786328e9244aa86976ba9522dbc\Microsoft.Build.Framework.ni.dll
+ 2008-05-15 18:17:18 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\[u]0/uba34621f4d25b4d9f22048bd2a7b244\Microsoft.Build.Tasks.ni.dll
+ 2008-05-15 18:17:19 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\be5efae088fad0418929daf188db0a75\Microsoft.Build.Utilities.ni.dll
+ 2008-05-15 18:17:22 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\580d046d624b084da8f0217ea63c885e\Microsoft.VisualBasic.ni.dll
+ 2008-05-15 18:17:24 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8455581dc83dc4194210afac7e25669\System.Configuration.ni.dll
+ 2008-05-15 18:17:25 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\6dff6f44f64cee47809aed27fb8c373b\System.Deployment.ni.dll
+ 2008-05-15 18:17:29 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44099fd87e579a4d85f1293484ef86c2\System.DirectoryServices.Protocols.ni.dll
+ 2008-05-15 18:17:28 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\aefdfc7ba4a92a48ac35308981df6d9f\System.DirectoryServices.ni.dll
+ 2008-05-15 18:17:30 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\39c57c406b00dd4f9374950617af31de\System.EnterpriseServices.ni.dll
+ 2008-05-15 18:17:30 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\39c57c406b00dd4f9374950617af31de\System.EnterpriseServices.Wrapper.dll
+ 2008-05-15 18:17:32 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\d1c62e172b97f8498917cf1cd2fe2439\System.Security.ni.dll
+ 2008-05-15 18:17:33 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e4687798a0fd7342a257b9a4277b8957\System.Transactions.ni.dll
+ 2008-05-15 18:17:56 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\b7a9468b40797c4dbc720af144976140\System.Web.Mobile.ni.dll
+ 2008-05-15 18:17:57 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\c4cd0d8be712084fb7bc9c77145ddb6b\System.Web.RegularExpressions.ni.dll
+ 2008-05-15 18:18:00 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51420c7f6857fe4db3b018a125927118\System.Web.Services.ni.dll
+ 2008-05-15 18:17:51 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e6a49757f4f48241aeeb0fa0da72ac93\System.Web.ni.dll
- 2008-05-15 17:56:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 20:05:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-05 12:00:00 1,036,288 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-05 12:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2004-08-05 12:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-05 12:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-05 12:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2008-02-16 09:02:34 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-02-16 09:02:35 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-02-16 09:02:35 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-05 12:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-05 12:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-05 12:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-05 12:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-05 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-05 12:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-05 12:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-05 12:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-05 12:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-05 12:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-05 12:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2004-08-05 12:00:00 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2008-02-16 09:02:35 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-05 12:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-05 12:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2008-02-16 22:32:38 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2008-02-16 09:02:36 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-05 12:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-05 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2008-02-16 09:02:37 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2008-02-16 09:02:37 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-05 12:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2008-02-16 09:02:37 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2006-10-27 17:20:20 32,368 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2006-10-27 17:18:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 15:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 15:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-05 12:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2008-02-16 09:02:39 617,984 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-05 12:00:00 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2004-08-05 12:00:00 848,384 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-05 12:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2008-02-16 09:02:39 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2006-10-27 00:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2006-10-27 00:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
+ 2006-10-17 10:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2006-10-17 10:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2006-10-27 13:09:58 131,584 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2006-10-17 10:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2006-10-27 00:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2006-10-27 00:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe.000
+ 2006-10-27 00:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2006-10-27 00:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll.000
+ 2006-10-27 00:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2006-10-27 00:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll.000
+ 2006-10-27 00:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2006-10-27 00:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll.000
+ 2006-09-05 22:01:26 2,451,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2006-10-17 10:27:56 380,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2006-10-27 00:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2006-10-27 00:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll.000
+ 2006-10-27 13:09:58 6,049,280 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2006-10-27 00:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2006-10-27 00:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll.000
+ 2006-10-17 10:57:20 266,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2006-10-27 00:44:12 13,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2006-10-17 11:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2006-10-17 11:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
+ 2006-10-27 13:09:58 27,136 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2006-10-27 13:09:58 458,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2006-10-27 13:09:58 50,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2006-10-27 13:09:58 3,577,856 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2006-10-27 13:09:58 475,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2006-10-17 11:05:10 192,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2006-10-27 13:09:58 670,720 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2006-10-17 11:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2006-10-17 11:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll.000
+ 2006-10-17 10:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2006-10-17 11:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2006-10-17 11:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
+ 2006-10-27 13:09:58 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2006-10-27 13:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2006-10-27 13:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
+ 2006-10-27 13:09:58 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000
+ 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
+ 2008-05-15 19:59:21 1,500 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{946F9CF0-78D4-49BF-9018-49EAC89DF64E}.bin
- 2004-08-05 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2006-10-27 00:44:26 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-05 12:00:00 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2005-03-10 08:04:12 1,017,344 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2005-03-10 08:04:12 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-05 12:00:00 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2006-10-27 00:44:26 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-03-01 12:58:06 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-10-17 11:03:56 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-05-11 22:18:58 28,672 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2006-10-27 13:09:58 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2008-03-01 12:58:06 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 12:58:06 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-06-13 13:22:28 1,037,312 ------w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2008-03-01 12:58:06 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-10-17 10:44:36 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2006-10-17 11:04:50 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2006-10-17 11:06:00 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2006-10-27 13:09:58 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2006-10-27 00:44:26 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2006-10-17 10:57:58 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2006-10-27 00:44:08 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2006-10-17 11:00:00 491,520 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-03-01 12:58:08 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2006-10-17 11:05:10 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2006-08-17 12:29:49 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2006-10-17 10:56:10 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2008-03-01 12:58:09 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2006-10-17 10:28:56 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2006-10-27 13:09:58 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2008-03-01 12:58:10 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 12:58:10 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-06-26 06:09:14 1,104,896 ------w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2006-08-17 12:29:49 332,288 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 12:58:10 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 12:58:10 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 12:58:10 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2006-10-27 13:09:58 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2006-10-27 13:09:58 765,952 ------w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2008-03-01 12:58:11 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 12:58:11 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2006-08-17 12:29:49 132,096 ------w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2004-08-05 12:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-05 12:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-05 12:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-05-14 22:45:51 198,552 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-15 19:47:05 198,552 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-05 12:00:00 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 02:08:06 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 06:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-05 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-05 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-05 12:00:00 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-05 12:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-05 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-05 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2006-10-17 11:06:00 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2005-03-10 08:04:12 250,880 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2006-10-27 13:09:58 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-05 12:00:00 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-05 12:00:00 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2006-10-27 00:44:26 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-10-27 13:09:58 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-05 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2006-10-17 10:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2005-03-10 08:04:12 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2006-10-27 00:44:08 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-05 12:00:00 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 02:08:06 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
- 2004-08-05 12:00:00 134,144 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 02:08:06 137,216 ----a-w C:\WINDOWS\system32\itss.dll
- 2004-08-05 12:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2006-10-17 11:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-05 12:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-05 12:00:00 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2006-10-17 11:05:10 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2004-10-28 01:24:00 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2008-05-09 12:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2006-10-17 10:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-05 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2006-10-17 10:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2005-03-10 08:04:12 3,010,560 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-05 12:00:00 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-05 12:00:00 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2006-10-17 10:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-05 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2006-10-27 13:09:58 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2005-03-10 08:04:12 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2004-08-05 12:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2004-08-05 12:00:00 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-05 12:00:00 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:29:49 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-06-28 15:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 06:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-05 12:00:00 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2004-08-05 12:00:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2005-03-10 08:04:12 1,483,776 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2005-03-10 08:04:12 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-05 12:00:00 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-08-05 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2005-03-10 08:04:14 605,696 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-05 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-10-27 13:09:58 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-05 12:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-05 12:00:00 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-10-17 11:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2005-03-10 08:04:14 660,992 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-05 12:00:00 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:29:49 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-02-15 23:03:14 370,176 ------w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpMcCT]
urqpMcCT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 21:19]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41085d1-21ff-11dd-8467-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edeeaa1e-21f3-11dd-8465-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-15 16:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2008-05-14 20:23:24 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 22:24:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
Temps d'accomplissement: 2008-05-15 22:25:15
ComboFix-quarantined-files.txt 2008-05-15 20:25:12
ComboFix2.txt 2008-05-15 19:36:27
ComboFix3.txt 2008-05-15 17:59:44
Pre-Run: 25,213,825,024 octets libres
Post-Run: 25,202,757,632 octets libres
604 --- E O F --- 2008-05-15 19:38:44
______
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:44, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\Eden.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O20 - Winlogon Notify: urqpMcCT - urqpMcCT.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Je n'ai pas compris le fonctionnement du site, comment il faut faire.. .
__________
ComboFix 08-05-12.1 - Benoit 2008-05-15 22:22:50.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.92 [GMT 2:00]
Endroit: D:\Documents and Settings\Benoit.PANNETIER\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.
2008-05-15 22:03 . 2008-05-15 22:03 <REP> d-------- C:\Program Files\Avira
2008-05-15 21:58 . 2008-05-15 21:58 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-15 21:50 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-15 21:50 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-15 21:50 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-15 21:50 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-15 21:50 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-15 21:50 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-15 21:50 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-15 21:50 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-15 21:50 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-15 21:39 . 2008-05-15 21:39 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Malwarebytes
2008-05-15 21:39 . 2008-05-15 21:39 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 21:39 . 2008-05-15 21:39 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 21:39 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-15 21:39 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-15 21:39 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-15 21:39 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 21:39 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 21:37 . 2008-05-15 21:58 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-15 21:09 . 2008-05-15 21:09 2,048 --a------ C:\WINDOWS\system32\tygpjbbl.exe
2008-05-15 21:04 . 2008-05-15 21:04 116,224 --a------ C:\WINDOWS\system32\qagrucit.dll
2008-05-15 21:03 . 2008-05-15 21:03 108,544 --a------ C:\WINDOWS\system32\qcngaevj.dll
2008-05-15 21:03 . 2008-05-15 21:03 94,208 --a------ C:\WINDOWS\system32\nengoavy.dll
2008-05-15 18:27 . 2008-05-15 18:27 2,232 --a------ C:\WINDOWS\Dernière session.ini
2008-05-15 18:27 . 2008-05-15 18:27 824 --a------ C:\WINDOWS\Dernière session_u.ini
2008-05-15 18:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\nLite
2008-05-15 17:31 . 2008-05-15 17:31 <REP> d-------- C:\WINDOWS\Sun
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-15 17:13 . 2008-05-15 22:05 10,216 --a------ C:\WINDOWS\system32\oodbs.lor
2008-05-15 17:11 . 2008-05-15 17:11 0 --a------ C:\WINDOWS\oodcnt.INI
2008-05-15 16:47 . 2008-05-15 16:47 <REP> d-------- C:\WINDOWS\system32\oodag
2008-05-15 16:43 . 2008-05-15 16:43 <REP> d-------- C:\Program Files\OO Software
2008-05-15 16:37 . 2008-05-15 16:37 116,224 --a------ C:\WINDOWS\system32\jmplqpsv.dll
2008-05-15 16:27 . 2008-05-15 16:27 94,208 --a------ C:\WINDOWS\system32\djitfbcx.dll
2008-05-15 16:18 . 2008-05-15 16:18 108,544 --a------ C:\WINDOWS\system32\wvfchaio.dll
2008-05-15 16:15 . 2008-05-15 16:15 2,048 --a------ C:\WINDOWS\system32\wmjpbbqk.exe
2008-05-15 16:12 . 2008-05-15 16:12 116,224 --a------ C:\WINDOWS\system32\rcpsrxda.dll
2008-05-15 16:10 . 2008-05-15 16:10 108,544 --a------ C:\WINDOWS\system32\fijkyiox.dll
2008-05-15 15:31 . 2008-05-15 15:47 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\LimeWire
2008-05-15 15:03 . 2008-05-15 15:03 116,224 --a------ C:\WINDOWS\system32\ihunfsml.dll
2008-05-15 15:00 . 2008-05-15 15:00 2,048 --a------ C:\WINDOWS\system32\oiqetgta.exe
2008-05-15 14:55 . 2008-05-15 20:08 109,861 --a------ C:\WINDOWS\BM631c502d.xml
2008-05-15 14:55 . 2008-05-15 14:55 108,544 --a------ C:\WINDOWS\system32\yrtxqvrr.dll
2008-05-15 01:15 . 2008-05-15 01:15 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\OD2
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\WINDOWS\naevius
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\Program Files\Multimediafeed 3GP Mobile Video Converter
2008-05-15 00:47 . 2005-05-27 09:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-05-15 00:47 . 2008-05-15 00:47 401,974 --a------ C:\WINDOWS\system32\g9.exe
2008-05-15 00:41 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-05-15 00:40 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Logitech
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\ma-config.com
2008-05-15 00:28 . 2008-05-15 00:28 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Leadertech
2008-05-15 00:25 . 2008-05-15 00:25 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-05-15 00:25 . 2008-05-15 00:31 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\WINDOWS\system32\rDA
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\WINDOWS\system32\emL1
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\WINDOWS\system32\dFrnx18
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\WINDOWS\system32\3056v
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\Temp\tmpvc14
2008-05-14 23:54 . 2008-05-15 19:49 <REP> d-------- C:\Temp
2008-05-14 23:54 . 2008-05-14 23:54 298,317 --a------ C:\WINDOWS\system32\gside.exe
2008-05-14 23:54 . 2008-05-14 23:54 200,775 --a------ C:\WINDOWS\system32\ncntmkdm.exe
2008-05-14 23:54 . 2008-05-14 23:54 37,376 --a------ C:\WINDOWS\mrofinu1188.exe.tmp
2008-05-14 23:54 . 2008-05-15 21:03 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-14 23:49 . 2008-05-15 19:44 <REP> d-------- C:\Program Files\CCleaner
2008-05-14 23:44 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-14 23:39 . 2008-05-14 23:39 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 23:36 . 2008-05-14 23:36 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:35 . 2008-05-14 23:35 1,169 --a------ C:\WINDOWS\mozver.dat
2008-05-14 23:33 . 2008-05-14 23:52 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Contacts
2008-05-14 23:33 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-14 23:32 . 2008-05-15 00:27 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-14 23:32 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-14 23:32 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-14 23:31 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\PhotoFiltre
2008-05-14 23:24 . 2008-05-14 23:24 <REP> d--hs---- D:\Documents and Settings\Benoit.PANNETIER\UserData
2008-05-14 23:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\Windows Live
2008-05-14 23:23 . 2008-05-14 23:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage réseau
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage d'impression
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Modèles
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Mes documents
2008-05-14 22:37 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Menu Démarrer
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Favoris
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Bureau
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:37 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\Symantec
2008-05-14 22:37 . 2008-05-15 21:44 <REP> d-------- D:\Documents and Settings\DP.PANNETIER
2008-05-14 22:37 . 2008-05-15 22:05 1,024 --ah----- D:\Documents and Settings\DP.PANNETIER\ntuser.dat.LOG
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage réseau
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage d'impression
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Modèles
2008-05-14 22:34 . 2008-05-15 15:49 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Mes documents
2008-05-14 22:34 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Menu Démarrer
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Favoris
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Bureau
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:34 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\Symantec
2008-05-14 22:34 . 2008-05-15 21:44 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER
2008-05-14 22:34 . 2008-05-15 22:05 1,024 --ah----- D:\Documents and Settings\Martine.PANNETIER\ntuser.dat.LOG
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage réseau
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage d'impression
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Modèles
2008-05-14 22:25 . 2008-05-15 22:06 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Mes documents
2008-05-14 22:25 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Menu Démarrer
2008-05-14 22:25 . 2008-05-15 22:06 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Favoris
2008-05-14 22:25 . 2008-05-15 22:12 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Bureau
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:25 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Symantec
2008-05-14 22:25 . 2008-05-15 21:44 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER
2008-05-14 22:25 . 2008-05-15 22:24 86,016 --ah----- D:\Documents and Settings\Benoit.PANNETIER\ntuser.dat.LOG
2008-05-14 22:21 . 2008-05-14 22:21 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-14 21:19 . 2008-05-14 21:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage réseau
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage d'impression
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d--h----- D:\Documents and Settings\DP\Modèles
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Mes documents
2008-05-10 14:11 . 2008-03-31 03:58 <REP> dr------- D:\Documents and Settings\DP\Menu Démarrer
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Favoris
2008-05-10 14:11 . 2008-05-14 11:43 <REP> dr------- D:\Documents and Settings\DP\Bureau
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d-------- D:\Documents and Settings\DP\Application Data\You've Got Pictures Screensaver
2008-05-10 14:11 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP\Application Data\Symantec
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 05:19 --------- d-----w C:\Program Files\AOL 9.0
2008-05-15 05:15 --------- d-----w C:\Program Files\Services en ligne
2008-05-15 05:14 --------- d-----w C:\Program Files\QuickTime
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-05-15 05:12 --------- d-----w C:\Program Files\AOL Compagnon
2008-05-14 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 21:44 --------- d-----w C:\Program Files\Java
2008-05-14 21:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-11 21:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-10 15:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-05-10 14:58 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 14:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\fssg
2008-05-10 12:20 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\LimeWire
2008-05-10 07:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2008-05-01 16:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-05-01 15:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-03 10:16 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\OD2
2008-04-02 18:29 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\AdobeUM
2008-03-31 20:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\AutoClic
2008-03-31 16:57 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\Symantec
2008-03-31 01:58 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\You've Got Pictures Screensaver
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-16 09:02 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:02 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:02 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:02 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:02 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-11-21 19:25 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_19.58.50.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
+ 2005-05-27 02:11:03 41,472 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
+ 2005-05-27 02:11:03 155,136 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
+ 2005-05-27 02:11:03 137,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
+ 2005-02-24 18:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
+ 2005-02-24 18:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
+ 2005-02-24 18:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
+ 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
+ 2005-02-24 18:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-16 09:31:57 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:31:59 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:00 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:00 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\spru040c.dll
+ 2008-02-16 09:32:00 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:00 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-05-15 18:17:08 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\44c7c0ec439c8b4faed699995de53ae9\Accessibility.ni.dll
+ 2008-05-15 18:17:11 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\86a73b4539dde04daf13ae4da52db3fe\AspNetMMCExt.ni.dll
+ 2008-05-15 18:17:12 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8df7533672843846be7f80f26a1abc0d\CustomMarshalers.ni.dll
+ 2008-05-15 18:17:11 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\20c3189ec0523941a11c4755f292a715\dfsvc.ni.exe
+ 2008-05-15 18:17:14 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a59d0cf578b639469926b3f95f969351\Microsoft.Build.Engine.ni.dll
+ 2008-05-15 18:17:14 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\867c8786328e9244aa86976ba9522dbc\Microsoft.Build.Framework.ni.dll
+ 2008-05-15 18:17:18 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\[u]0/uba34621f4d25b4d9f22048bd2a7b244\Microsoft.Build.Tasks.ni.dll
+ 2008-05-15 18:17:19 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\be5efae088fad0418929daf188db0a75\Microsoft.Build.Utilities.ni.dll
+ 2008-05-15 18:17:22 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\580d046d624b084da8f0217ea63c885e\Microsoft.VisualBasic.ni.dll
+ 2008-05-15 18:17:24 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8455581dc83dc4194210afac7e25669\System.Configuration.ni.dll
+ 2008-05-15 18:17:25 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\6dff6f44f64cee47809aed27fb8c373b\System.Deployment.ni.dll
+ 2008-05-15 18:17:29 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44099fd87e579a4d85f1293484ef86c2\System.DirectoryServices.Protocols.ni.dll
+ 2008-05-15 18:17:28 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\aefdfc7ba4a92a48ac35308981df6d9f\System.DirectoryServices.ni.dll
+ 2008-05-15 18:17:30 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\39c57c406b00dd4f9374950617af31de\System.EnterpriseServices.ni.dll
+ 2008-05-15 18:17:30 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\39c57c406b00dd4f9374950617af31de\System.EnterpriseServices.Wrapper.dll
+ 2008-05-15 18:17:32 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\d1c62e172b97f8498917cf1cd2fe2439\System.Security.ni.dll
+ 2008-05-15 18:17:33 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e4687798a0fd7342a257b9a4277b8957\System.Transactions.ni.dll
+ 2008-05-15 18:17:56 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\b7a9468b40797c4dbc720af144976140\System.Web.Mobile.ni.dll
+ 2008-05-15 18:17:57 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\c4cd0d8be712084fb7bc9c77145ddb6b\System.Web.RegularExpressions.ni.dll
+ 2008-05-15 18:18:00 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51420c7f6857fe4db3b018a125927118\System.Web.Services.ni.dll
+ 2008-05-15 18:17:51 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e6a49757f4f48241aeeb0fa0da72ac93\System.Web.ni.dll
- 2008-05-15 17:56:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 20:05:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-05 12:00:00 1,036,288 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-05 12:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2004-08-05 12:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-05 12:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-05 12:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2008-02-16 09:02:34 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-02-16 09:02:35 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-02-16 09:02:35 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-05 12:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-05 12:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-05 12:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-05 12:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-05 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-05 12:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-05 12:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-05 12:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-05 12:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-05 12:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-05 12:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2004-08-05 12:00:00 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2008-02-16 09:02:35 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-05 12:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-05 12:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2008-02-16 22:32:38 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2008-02-16 09:02:36 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-05 12:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-05 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2008-02-16 09:02:37 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2008-02-16 09:02:37 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-05 12:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2008-02-16 09:02:37 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2006-10-27 17:20:20 32,368 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2006-10-27 17:18:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 15:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 15:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-05 12:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2008-02-16 09:02:39 617,984 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-05 12:00:00 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2004-08-05 12:00:00 848,384 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-05 12:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2008-02-16 09:02:39 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2006-10-27 00:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2006-10-27 00:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
+ 2006-10-17 10:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2006-10-17 10:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2006-10-27 13:09:58 131,584 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2006-10-17 10:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2006-10-27 00:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2006-10-27 00:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe.000
+ 2006-10-27 00:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2006-10-27 00:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll.000
+ 2006-10-27 00:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2006-10-27 00:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll.000
+ 2006-10-27 00:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2006-10-27 00:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll.000
+ 2006-09-05 22:01:26 2,451,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2006-10-17 10:27:56 380,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2006-10-27 00:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2006-10-27 00:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll.000
+ 2006-10-27 13:09:58 6,049,280 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2006-10-27 00:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2006-10-27 00:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll.000
+ 2006-10-17 10:57:20 266,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2006-10-27 00:44:12 13,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2006-10-17 11:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2006-10-17 11:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
+ 2006-10-27 13:09:58 27,136 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2006-10-27 13:09:58 458,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2006-10-27 13:09:58 50,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2006-10-27 13:09:58 3,577,856 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2006-10-27 13:09:58 475,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2006-10-17 11:05:10 192,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2006-10-27 13:09:58 670,720 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2006-10-17 11:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2006-10-17 11:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll.000
+ 2006-10-17 10:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2006-10-17 11:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2006-10-17 11:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
+ 2006-10-27 13:09:58 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2006-10-27 13:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2006-10-27 13:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
+ 2006-10-27 13:09:58 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000
+ 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
+ 2008-05-15 19:59:21 1,500 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{946F9CF0-78D4-49BF-9018-49EAC89DF64E}.bin
- 2004-08-05 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2006-10-27 00:44:26 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-05 12:00:00 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2005-03-10 08:04:12 1,017,344 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2005-03-10 08:04:12 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-05 12:00:00 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2006-10-27 00:44:26 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-03-01 12:58:06 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-10-17 11:03:56 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-05-11 22:18:58 28,672 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2006-10-27 13:09:58 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2008-03-01 12:58:06 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 12:58:06 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-06-13 13:22:28 1,037,312 ------w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2008-03-01 12:58:06 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-10-17 10:44:36 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2006-10-17 11:04:50 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2006-10-17 11:06:00 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2006-10-27 13:09:58 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2006-10-27 00:44:26 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2006-10-17 10:57:58 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2006-10-27 00:44:08 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2006-10-17 11:00:00 491,520 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-03-01 12:58:08 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2006-10-17 11:05:10 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2006-08-17 12:29:49 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2006-10-17 10:56:10 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2008-03-01 12:58:09 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2006-10-17 10:28:56 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2006-10-27 13:09:58 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2008-03-01 12:58:10 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 12:58:10 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-06-26 06:09:14 1,104,896 ------w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2006-08-17 12:29:49 332,288 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 12:58:10 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 12:58:10 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 12:58:10 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2006-10-27 13:09:58 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2006-10-27 13:09:58 765,952 ------w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2008-03-01 12:58:11 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 12:58:11 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2006-08-17 12:29:49 132,096 ------w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2004-08-05 12:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-05 12:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-05 12:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-05-14 22:45:51 198,552 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-15 19:47:05 198,552 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-05 12:00:00 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 02:08:06 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 06:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-05 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-05 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-05 12:00:00 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-05 12:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-05 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-05 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2006-10-17 11:06:00 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2005-03-10 08:04:12 250,880 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2006-10-27 13:09:58 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-05 12:00:00 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-05 12:00:00 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2006-10-27 00:44:26 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-10-27 13:09:58 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-05 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2006-10-17 10:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2005-03-10 08:04:12 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2006-10-27 00:44:08 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-05 12:00:00 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 02:08:06 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
- 2004-08-05 12:00:00 134,144 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 02:08:06 137,216 ----a-w C:\WINDOWS\system32\itss.dll
- 2004-08-05 12:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2006-10-17 11:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-05 12:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-05 12:00:00 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2006-10-17 11:05:10 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2004-10-28 01:24:00 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2008-05-09 12:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2006-10-17 10:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-05 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2006-10-17 10:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2005-03-10 08:04:12 3,010,560 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-05 12:00:00 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-05 12:00:00 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2006-10-17 10:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-05 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2006-10-27 13:09:58 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2005-03-10 08:04:12 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2004-08-05 12:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2004-08-05 12:00:00 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-05 12:00:00 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:29:49 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-06-28 15:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 06:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-05 12:00:00 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2004-08-05 12:00:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2005-03-10 08:04:12 1,483,776 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2005-03-10 08:04:12 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-05 12:00:00 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-08-05 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2005-03-10 08:04:14 605,696 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-05 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-10-27 13:09:58 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-05 12:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-05 12:00:00 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-10-17 11:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2005-03-10 08:04:14 660,992 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-05 12:00:00 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:29:49 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-02-15 23:03:14 370,176 ------w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpMcCT]
urqpMcCT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 21:19]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41085d1-21ff-11dd-8467-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edeeaa1e-21f3-11dd-8465-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-15 16:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2008-05-14 20:23:24 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 22:24:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
Temps d'accomplissement: 2008-05-15 22:25:15
ComboFix-quarantined-files.txt 2008-05-15 20:25:12
ComboFix2.txt 2008-05-15 19:36:27
ComboFix3.txt 2008-05-15 17:59:44
Pre-Run: 25,213,825,024 octets libres
Post-Run: 25,202,757,632 octets libres
604 --- E O F --- 2008-05-15 19:38:44
______
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:44, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\Eden.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O20 - Winlogon Notify: urqpMcCT - urqpMcCT.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 mai 2008 à 22:29
15 mai 2008 à 22:29
tu vas ici (lien suivant)et tu analyse les fichiers et tu me dira lesquels sont inféctés
https://www.virustotal.com/gui/
____________
ensuite:
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr pour faire evoluer msnfix
https://www.virustotal.com/gui/
____________
ensuite:
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr pour faire evoluer msnfix
chooxy
Messages postés
12
Date d'inscription
lundi 12 mai 2008
Statut
Membre
Dernière intervention
5 juin 2008
15 mai 2008 à 23:15
15 mai 2008 à 23:15
Fichier Iffectés
C:\WINDOWS\system32\jmplqpsv.dll
C:\WINDOWS\system32\djitfbcx.dll
C:\WINDOWS\system32\wvfchaio.dll
C:\WINDOWS\system32\rcpsrxda.dll
C:\WINDOWS\system32\fijkyiox.dll
C:\WINDOWS\system32\ihunfsml.dll
C:\WINDOWS\system32\yrtxqvrr.dll
C:\WINDOWS\system32\g9.exe
Rapport MSNFix
MSNFix 1.716
D:\Documents and Settings\Benoit.PANNETIER\Bureau\MSNFix\MSNFix
Fix exécuté le 15/05/2008 - 23:07:33,32 By Benoit
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 15052008_23112365.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
C:\WINDOWS\system32\jmplqpsv.dll
C:\WINDOWS\system32\djitfbcx.dll
C:\WINDOWS\system32\wvfchaio.dll
C:\WINDOWS\system32\rcpsrxda.dll
C:\WINDOWS\system32\fijkyiox.dll
C:\WINDOWS\system32\ihunfsml.dll
C:\WINDOWS\system32\yrtxqvrr.dll
C:\WINDOWS\system32\g9.exe
Rapport MSNFix
MSNFix 1.716
D:\Documents and Settings\Benoit.PANNETIER\Bureau\MSNFix\MSNFix
Fix exécuté le 15/05/2008 - 23:07:33,32 By Benoit
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 15052008_23112365.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mai 2008 à 11:48
16 mai 2008 à 11:48
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\jmplqpsv.dll
C:\WINDOWS\system32\djitfbcx.dll
C:\WINDOWS\system32\wvfchaio.dll
C:\WINDOWS\system32\rcpsrxda.dll
C:\WINDOWS\system32\fijkyiox.dll
C:\WINDOWS\system32\ihunfsml.dll
C:\WINDOWS\system32\yrtxqvrr.dll
C:\WINDOWS\system32\g9.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________
vire ce qui est dans MOVED FILES en allant dans poste de travail puis C puis OTMOVIT
______________
refais un
RAPPORT MalwareByte's Anti-Malware pour verifer qu'il reste rien
_______________
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
________________
recolle un rapport hijackhtis et dis tes soucis actuels
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\jmplqpsv.dll
C:\WINDOWS\system32\djitfbcx.dll
C:\WINDOWS\system32\wvfchaio.dll
C:\WINDOWS\system32\rcpsrxda.dll
C:\WINDOWS\system32\fijkyiox.dll
C:\WINDOWS\system32\ihunfsml.dll
C:\WINDOWS\system32\yrtxqvrr.dll
C:\WINDOWS\system32\g9.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________
vire ce qui est dans MOVED FILES en allant dans poste de travail puis C puis OTMOVIT
______________
refais un
RAPPORT MalwareByte's Anti-Malware pour verifer qu'il reste rien
_______________
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
________________
recolle un rapport hijackhtis et dis tes soucis actuels
chooxy
Messages postés
12
Date d'inscription
lundi 12 mai 2008
Statut
Membre
Dernière intervention
5 juin 2008
16 mai 2008 à 18:24
16 mai 2008 à 18:24
Pour l'instant tout a l'air de fonctionner correctement.
Je te remercie de ton aide .
Voici un rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:22, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Benoit.PANNETIER\Bureau\Eden.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O20 - Winlogon Notify: urqpMcCT - urqpMcCT.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Je te remercie de ton aide .
Voici un rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:22, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Benoit.PANNETIER\Bureau\Eden.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O20 - Winlogon Notify: urqpMcCT - urqpMcCT.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mai 2008 à 18:26
16 mai 2008 à 18:26
ok le rapport est bon
installe spybot en complement d'antivir au minimum et scan avec tous les mois
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
installe spybot en complement d'antivir au minimum et scan avec tous les mois
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
chooxy
Messages postés
12
Date d'inscription
lundi 12 mai 2008
Statut
Membre
Dernière intervention
5 juin 2008
16 mai 2008 à 19:02
16 mai 2008 à 19:02
Ok merci pour toutes les infos
Si il y a un problème, je reviendrais ici.
Merci, à bientot;
Chooxy
Si il y a un problème, je reviendrais ici.
Merci, à bientot;
Chooxy
15 mai 2008 à 20:10
J'ai fais tout ce que tu m'as dit .
Voici le Rapport ComboFix :
ComboFix 08-05-12.1 - Benoit 2008-05-15 19:49:27.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.89 [GMT 2:00]
Endroit: D:\Documents and Settings\Benoit.PANNETIER\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\QmVub2l0\
C:\WINDOWS\QmVub2l0\\asappsrv.dll
C:\WINDOWS\QmVub2l0\\command.exe
C:\WINDOWS\QmVub2l0\\kApRvZ5X.vbs
C:\WINDOWS\QmVub2l0\command.exe
C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll
C:\WINDOWS\system32\dMopYJlm.ini
C:\WINDOWS\system32\dMopYJlm.ini2
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\npiofwdb.ini
C:\WINDOWS\system32\ogjhwkmg.ini
C:\WINDOWS\system32\OUvDffii.ini
C:\WINDOWS\system32\OUvDffii.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\xcbftijd.ini
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Autorun.inf
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.
2008-05-15 19:57 . 2008-05-15 19:57 22 --a------ C:\WINDOWS\pskt.ini
2008-05-15 18:27 . 2008-05-15 18:27 2,232 --a------ C:\WINDOWS\DerniŠre session.ini
2008-05-15 18:27 . 2008-05-15 18:27 824 --a------ C:\WINDOWS\DerniŠre session_u.ini
2008-05-15 18:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\nLite
2008-05-15 17:31 . 2008-05-15 17:31 <REP> d-------- C:\WINDOWS\Sun
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-15 17:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-15 17:28 . 2008-05-15 17:28 116,224 --a------ C:\WINDOWS\system32\kmgjmcof.dll
2008-05-15 17:25 . 2008-05-15 17:25 2,048 --a------ C:\WINDOWS\system32\kgygyrdq.exe
2008-05-15 17:23 . 2008-05-15 17:23 108,544 --a------ C:\WINDOWS\system32\awtnpgrs.dll
2008-05-15 17:22 . 2008-05-15 17:22 373,248 --a------ C:\WINDOWS\system32\iiffDvUO.dll
2008-05-15 17:19 . 2008-05-15 17:19 28,672 --a------ C:\WINDOWS\system32\hgGwuvWm.dll
2008-05-15 17:15 . 2008-05-09 20:14 86,016 ---hs---- D:\Documents and Settings\DP.PANNETIER\lsass.exe
2008-05-15 17:15 . 2008-05-15 17:15 28,672 --a------ C:\WINDOWS\system32\cbXNDtTk.dll
2008-05-15 17:13 . 2008-05-15 19:56 6,385 --a------ C:\WINDOWS\system32\oodbs.lor
2008-05-15 17:11 . 2008-05-15 17:11 0 --a------ C:\WINDOWS\oodcnt.INI
2008-05-15 16:47 . 2008-05-15 16:47 <REP> d-------- C:\WINDOWS\system32\oodag
2008-05-15 16:43 . 2008-05-15 16:43 <REP> d-------- C:\Program Files\OO Software
2008-05-15 16:37 . 2008-05-15 16:37 116,224 --a------ C:\WINDOWS\system32\jmplqpsv.dll
2008-05-15 16:30 . 2008-05-15 16:30 2,048 --a------ C:\WINDOWS\system32\limdpxes.exe
2008-05-15 16:27 . 2008-05-15 16:27 94,208 --a------ C:\WINDOWS\system32\djitfbcx.dll
2008-05-15 16:25 . 2008-05-15 16:25 108,544 --a------ C:\WINDOWS\system32\soahexcm.dll
2008-05-15 16:18 . 2008-05-15 16:18 108,544 --a------ C:\WINDOWS\system32\wvfchaio.dll
2008-05-15 16:15 . 2008-05-15 16:15 2,048 --a------ C:\WINDOWS\system32\wmjpbbqk.exe
2008-05-15 16:12 . 2008-05-15 16:12 116,224 --a------ C:\WINDOWS\system32\rcpsrxda.dll
2008-05-15 16:10 . 2008-05-15 16:10 108,544 --a------ C:\WINDOWS\system32\fijkyiox.dll
2008-05-15 16:05 . 2008-05-15 16:05 28,672 --a------ C:\WINDOWS\system32\tuvWpNdc.dll
2008-05-15 16:04 . 2008-05-09 20:14 86,016 ---hs---- D:\Documents and Settings\Martine.PANNETIER\lsass.exe
2008-05-15 15:31 . 2008-05-15 15:47 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\LimeWire
2008-05-15 15:03 . 2008-05-15 15:03 116,224 --a------ C:\WINDOWS\system32\ihunfsml.dll
2008-05-15 15:00 . 2008-05-15 15:00 2,048 --a------ C:\WINDOWS\system32\oiqetgta.exe
2008-05-15 14:55 . 2008-05-15 19:57 109,871 --a------ C:\WINDOWS\BM631c502d.xml
2008-05-15 14:55 . 2008-05-15 14:55 108,544 --a------ C:\WINDOWS\system32\yrtxqvrr.dll
2008-05-15 01:15 . 2008-05-15 01:15 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\OD2
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\WINDOWS\naevius
2008-05-15 01:14 . 2008-05-15 01:14 <REP> d-------- C:\Program Files\Multimediafeed 3GP Mobile Video Converter
2008-05-15 00:54 . 2008-05-15 00:54 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Deskbar_{78BB182F-A7F9-4bab-A083-39AF72FBBA33}
2008-05-15 00:54 . 2008-05-15 00:54 <REP> d-------- C:\Program Files\dbar
2008-05-15 00:47 . 2005-05-27 09:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-05-15 00:47 . 2008-05-15 00:47 401,974 --a------ C:\WINDOWS\system32\g9.exe
2008-05-15 00:47 . 2008-05-15 00:47 63,902 --a------ C:\WINDOWS\system32\{28b5a59b-2caf-cf15-d6be-97c61f957c7e}.dll-uninst.exe
2008-05-15 00:47 . 2008-05-15 00:47 49,176 --a------ C:\WINDOWS\system32\jlwnw64k.exe
2008-05-15 00:41 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-05-15 00:40 . 2008-05-15 00:41 <REP> d-------- C:\Program Files\Logitech
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-15 00:38 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\ma-config.com
2008-05-15 00:28 . 2008-05-15 00:28 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Leadertech
2008-05-15 00:25 . 2008-05-15 00:25 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-05-15 00:25 . 2008-05-15 00:31 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-14 23:59 . 2008-05-14 23:59 374,272 --a------ C:\WINDOWS\system32\mlJYpoMd.dll
2008-05-14 23:55 . 2008-05-14 23:55 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._
2008-05-14 23:55 . 2008-05-14 23:55 687,592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-05-14 23:55 . 2008-05-14 23:55 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-05-14 23:54 . 2008-05-14 23:54 <REP> d-------- C:\Temp\tmpvc14
2008-05-14 23:54 . 2008-05-15 14:54 <REP> d-------- C:\Program Files\winvi
2008-05-14 23:54 . 2008-05-14 23:54 40,960 --a------ D:\Documents and Settings\Benoit.PANNETIER\services.exe
2008-05-14 23:53 . 2008-05-09 20:14 86,016 ---hs---- D:\Documents and Settings\Benoit.PANNETIER\lsass.exe
2008-05-14 23:49 . 2008-05-15 19:44 <REP> d-------- C:\Program Files\CCleaner
2008-05-14 23:44 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-14 23:39 . 2008-05-14 23:39 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 23:36 . 2008-05-14 23:36 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:35 . 2008-05-14 23:35 1,169 --a------ C:\WINDOWS\mozver.dat
2008-05-14 23:33 . 2008-05-14 23:52 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Contacts
2008-05-14 23:33 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-14 23:32 . 2008-05-15 00:27 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-14 23:32 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-14 23:32 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-14 23:31 . 2008-05-14 23:32 <REP> d-------- C:\Program Files\PhotoFiltre
2008-05-14 23:24 . 2008-05-14 23:24 <REP> d---s---- D:\Documents and Settings\Benoit.PANNETIER\UserData
2008-05-14 23:23 . 2008-05-15 18:29 <REP> d-------- C:\Program Files\Windows Live
2008-05-14 23:23 . 2008-05-14 23:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage r‚seau
2008-05-14 22:37 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\Voisinage d'impression
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\DP.PANNETIER\ModŠles
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Mes documents
2008-05-14 22:37 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Menu D‚marrer
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Favoris
2008-05-14 22:37 . 2008-05-14 22:37 <REP> dr------- D:\Documents and Settings\DP.PANNETIER\Bureau
2008-05-14 22:37 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:37 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP.PANNETIER\Application Data\Symantec
2008-05-14 22:37 . 2008-05-15 17:15 <REP> d-------- D:\Documents and Settings\DP.PANNETIER
2008-05-14 22:37 . 2008-05-15 19:56 1,024 --ah----- D:\Documents and Settings\DP.PANNETIER\ntuser.dat.LOG
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage r‚seau
2008-05-14 22:34 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\Voisinage d'impression
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Martine.PANNETIER\ModŠles
2008-05-14 22:34 . 2008-05-15 15:49 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Mes documents
2008-05-14 22:34 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Menu D‚marrer
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Favoris
2008-05-14 22:34 . 2008-05-14 22:34 <REP> dr------- D:\Documents and Settings\Martine.PANNETIER\Bureau
2008-05-14 22:34 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:34 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER\Application Data\Symantec
2008-05-14 22:34 . 2008-05-15 17:19 <REP> d-------- D:\Documents and Settings\Martine.PANNETIER
2008-05-14 22:34 . 2008-05-15 19:56 1,024 --ah----- D:\Documents and Settings\Martine.PANNETIER\ntuser.dat.LOG
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage r‚seau
2008-05-14 22:25 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\Voisinage d'impression
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d--h----- D:\Documents and Settings\Benoit.PANNETIER\ModŠles
2008-05-14 22:25 . 2008-05-15 19:48 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Mes documents
2008-05-14 22:25 . 2008-05-15 07:17 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Menu D‚marrer
2008-05-14 22:25 . 2008-05-14 22:26 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Favoris
2008-05-14 22:25 . 2008-05-15 19:45 <REP> dr------- D:\Documents and Settings\Benoit.PANNETIER\Bureau
2008-05-14 22:25 . 2008-05-15 07:17 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\You've Got Pictures Screensaver
2008-05-14 22:25 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER\Application Data\Symantec
2008-05-14 22:25 . 2008-05-15 19:44 <REP> d-------- D:\Documents and Settings\Benoit.PANNETIER
2008-05-14 22:25 . 2008-05-15 19:57 118,784 --ah----- D:\Documents and Settings\Benoit.PANNETIER\ntuser.dat.LOG
2008-05-14 22:21 . 2008-05-14 22:21 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-14 21:19 . 2008-05-14 21:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-10 14:15 . 2008-05-10 14:15 86,016 ---hs---- D:\Documents and Settings\DP\lsass.exe
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage r‚seau
2008-05-10 14:11 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\DP\Voisinage d'impression
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d--h----- D:\Documents and Settings\DP\ModŠles
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Mes documents
2008-05-10 14:11 . 2008-03-31 03:58 <REP> dr------- D:\Documents and Settings\DP\Menu D‚marrer
2008-05-10 14:11 . 2008-05-10 14:11 <REP> dr------- D:\Documents and Settings\DP\Favoris
2008-05-10 14:11 . 2008-05-14 11:43 <REP> dr------- D:\Documents and Settings\DP\Bureau
2008-05-10 14:11 . 2008-03-31 03:58 <REP> d-------- D:\Documents and Settings\DP\Application Data\You've Got Pictures Screensaver
2008-05-10 14:11 . 2005-10-28 12:37 <REP> d-------- D:\Documents and Settings\DP\Application Data\Symantec
2008-05-10 14:11 . 2008-05-10 14:15 <REP> d-------- D:\Documents and Settings\DP
2008-05-10 14:11 . 2008-05-15 19:49 1,024 --ah----- D:\Documents and Settings\DP\ntuser.dat.LOG
2008-05-09 20:50 . 2008-05-09 20:50 <REP> d-------- D:\Documents and Settings\MARTINE.106638040316.000\Incomplete
2008-05-09 20:24 . 2008-05-09 20:24 86,016 ---hs---- D:\Documents and Settings\MARTINE.106638040316.000\lsass.exe
2008-05-08 16:01 . 2008-05-08 23:35 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
2008-05-04 22:20 . 2008-05-08 15:16 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ESTsoft
2008-05-01 17:29 . 2008-05-14 21:13 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 19:54 . 2008-05-08 15:17 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Software rule flag owns
2008-04-20 23:04 . 2008-04-20 23:04 <REP> d-------- D:\Documents and Settings\All Users\Application Data\AVS4YOU
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:16 37,376 ----a-w C:\WINDOWS\mrofinu1188.exe
2008-05-15 05:19 --------- d-----w C:\Program Files\AOL 9.0
2008-05-15 05:15 --------- d-----w C:\Program Files\Services en ligne
2008-05-15 05:14 --------- d-----w C:\Program Files\QuickTime
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-05-15 05:13 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-05-15 05:12 --------- d-----w C:\Program Files\AOL Compagnon
2008-05-14 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 21:54 37,376 ----a-w C:\WINDOWS\mrofinu1188.exe.tmp
2008-05-14 21:44 --------- d-----w C:\Program Files\Java
2008-05-14 21:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-11 21:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-10 15:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-05-10 14:58 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 14:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\fssg
2008-05-10 12:20 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\LimeWire
2008-05-10 07:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2008-05-01 16:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-05-01 15:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-03 10:16 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\OD2
2008-04-02 18:29 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\AdobeUM
2008-03-31 20:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\AutoClic
2008-03-31 16:57 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\Symantec
2008-03-31 01:58 --------- d-----w D:\Documents and Settings\MARTINE.106638040316.000\Application Data\You've Got Pictures Screensaver
2007-11-21 19:25 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}]
2008-05-14 23:54 28672 --a------ C:\WINDOWS\system32\urqpMcCT.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7AFE75A-7224-43C2-9980-907BF74790E4}]
2008-05-14 23:59 374272 --a------ C:\WINDOWS\system32\mlJYpoMd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
2007-11-14 15:36 1486848 --a------ C:\Program Files\dbar\Deskbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e402aaed-bd39-49df-a844-9856d1a4d172}]
2008-05-15 17:28 116224 --a------ C:\WINDOWS\system32\kmgjmcof.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM631c502d"="C:\WINDOWS\system32\soahexcm.dll" [2008-05-15 16:25 108544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}"= C:\WINDOWS\system32\urqpMcCT.dll [2008-05-14 23:54 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpMcCT]
urqpMcCT.dll 2008-05-14 23:54 28672 C:\WINDOWS\system32\urqpMcCT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 21:19]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41085d1-21ff-11dd-8467-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edeeaa1e-21f3-11dd-8465-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-15 16:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2008-05-14 20:23:24 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-14 20:23:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 19:57:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\urqpMcCT.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\soahexcm.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SoftwareDistribution\Download\c7252101c6bfc3a9ec39993f473a03be\update\update.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 19:59:41 - machine was rebooted [Benoit]
ComboFix-quarantined-files.txt 2008-05-15 17:59:26
Pre-Run: 25,972,629,504 octets libres
Post-Run: 25,876,762,624 octets libres
299 --- E O F --- 2008-05-14 21:44:18
Et Le Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:03, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\Eden.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {50F72FED-5223-44B0-8F6F-BAE7CBB229E7} - C:\WINDOWS\system32\mlJYpoMd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - C:\WINDOWS\system32\urqpMcCT.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O2 - BHO: {271d4a1d-6589-448a-fd94-93dbdeaa204e} - {e402aaed-bd39-49df-a844-9856d1a4d172} - C:\WINDOWS\system32\kmgjmcof.dll
O4 - HKLM\..\Run: [BM631c502d] Rundll32.exe "C:\WINDOWS\system32\soahexcm.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O20 - Winlogon Notify: urqpMcCT - C:\WINDOWS\SYSTEM32\urqpMcCT.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe