Sujet Précédent Sujet Suivant

Malware indetectable

Résolu/Fermé
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 - 19 mai 2008 à 11:29
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 - 20 mai 2008 à 23:31
Bonjour,

J'ai un problème de malware particulièrement pénible que je n'arrive pas a supprimer malgré les multiples scans effectués par mes multiples antispyware :-( J'aimerais qu'un pro du hijack this et cie me donne un coup de main please.

Voilà ce que donne le scan :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:14, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.insa-rennes.fr/proxy2.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wcache1.insa-rennes.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BM0f3a7b47] Rundll32.exe "C:\WINDOWS\system32\wpcafijv.dll",s
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CBDA9D-7870-4161-A402-D8D5A8C50E71}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2008 à 11:32
slt,

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 2 / 22
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
19 mai 2008 à 11:35
Salut,

ton Windows n'est pas légitime

et ton antivirus n'est pas activé.
0
Réponse 3 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
19 mai 2008 à 21:13
Voila le log du scan combofix.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\Documents and Settings\Erwan\Application Data\macromedia\Flash Player\#SharedObjects\9WMNYD52\www.inter-focus.cn
C:\Documents and Settings\Erwan\Application Data\macromedia\Flash Player\#SharedObjects\9WMNYD52\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\Documents and Settings\Erwan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\Erwan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aHNWwvut.ini
C:\WINDOWS\system32\aHNWwvut.ini2
C:\WINDOWS\system32\gevvqgav.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\QBbefMoq.ini
C:\WINDOWS\system32\QBbefMoq.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
.

2008-05-19 20:59 . 2004-08-19 18:09 43,520 --a--c--- C:\WINDOWS\system32\dllcache\OLDF.tmp
2008-05-19 20:59 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\OLDC.tmp
2008-05-19 20:58 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\OLD8.tmp
2008-05-19 20:57 . 2008-05-19 21:00 <REP> d-------- C:\WINDOWS\LastGood
2008-05-19 20:38 . 2008-05-19 20:38 2,560 --a------ C:\WINDOWS\system32\iitynjeo.exe
2008-05-19 20:33 . 2008-05-19 20:33 124,928 --a------ C:\WINDOWS\system32\cvntpkli.dll
2008-05-19 20:33 . 2008-05-19 20:33 114,688 --a------ C:\WINDOWS\system32\vagqvveg.dll
2008-05-19 20:23 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-19 20:23 . 2001-08-23 17:47 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-19 20:23 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-19 20:23 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-19 20:23 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-19 20:23 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-19 20:23 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-19 20:23 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-19 20:23 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-19 20:21 . 2001-08-23 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-19 20:20 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-19 20:19 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-19 20:18 . 2004-08-19 16:09 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-05-19 20:17 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-19 20:16 . 2001-08-23 17:47 242,688 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-19 20:15 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-19 20:14 . 2001-08-23 17:13 634,166 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-19 20:13 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-19 20:12 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-19 20:11 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-19 17:23 . 2004-08-19 16:09 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-05-19 17:21 . 2001-08-17 22:07 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2008-05-19 17:20 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-19 17:19 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-19 11:27 . 2008-05-19 11:27 <REP> d-------- C:\Program Files\Trend Micro
2008-05-19 10:53 . 2008-05-19 10:53 132,608 --a------ C:\WINDOWS\system32\lxeebgsw.dll
2008-05-19 10:51 . 2008-05-19 10:51 124,928 --a------ C:\WINDOWS\system32\wpcafijv.dll
2008-05-19 10:51 . 2008-05-19 10:51 114,688 --a------ C:\WINDOWS\system32\ytyamqmp.dll
2008-05-19 10:51 . 2008-05-19 17:15 1,734 ---hs---- C:\WINDOWS\system32\pmqmayty.ini
2008-05-19 09:37 . 2008-05-19 09:37 133,120 --a------ C:\WINDOWS\system32\bqjdebvi.dll
2008-05-19 09:28 . 2008-05-19 10:50 1,494 ---hs---- C:\WINDOWS\system32\tlmpdfjx.ini
2008-05-19 09:26 . 2008-05-19 09:26 124,928 --a------ C:\WINDOWS\system32\ayohunfa.dll
2008-05-17 11:15 . 2008-05-17 11:15 93 --a------ C:\WINDOWS\wininit.ini
2008-05-17 10:48 . 2008-05-17 10:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 10:48 . 2008-05-17 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 21:42 . 2008-05-15 21:42 125,952 --a------ C:\WINDOWS\system32\enjmtose.dll
2008-05-14 08:37 . 2008-05-14 09:34 <REP> d-------- C:\Program Files\Navilog1
2008-05-13 20:00 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-13 20:00 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-13 20:00 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-13 20:00 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-13 20:00 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-13 20:00 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-13 19:23 . 2008-05-13 19:23 133,632 --a------ C:\WINDOWS\system32\armvrqed.dll
2008-05-13 19:17 . 2008-05-13 19:17 114,176 --------- C:\WINDOWS\system32\qekjqcdp.dll
2008-05-13 19:17 . 2008-05-18 23:04 1,374 ---hs---- C:\WINDOWS\system32\pdcqjkeq.ini
2008-05-13 19:14 . 2008-05-13 19:14 123,392 --a------ C:\WINDOWS\system32\ctqtjfnm.dll
2008-05-13 14:58 . 2008-05-13 14:58 1,497,079 ---hs---- C:\WINDOWS\system32\mponolkq.tmp
2008-05-13 07:57 . 2008-05-13 07:57 132,096 --a------ C:\WINDOWS\system32\wiprieme.dll
2008-05-13 07:51 . 2008-05-13 07:51 115,712 --------- C:\WINDOWS\system32\qklonopm.dll
2008-05-13 07:49 . 2008-05-13 07:49 125,952 --a------ C:\WINDOWS\system32\anrmfclq.dll
2008-05-13 07:49 . 2008-05-19 17:15 109,803 --a------ C:\WINDOWS\BM0f3a7b47.xml
2008-05-11 18:51 . 2008-05-11 18:51 <REP> d-------- C:\Program Files\Marsu-Fix
2008-05-11 18:51 . 2008-05-11 18:51 159,841 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-05-11 18:51 . 2008-05-11 18:51 57,344 --a------ C:\WINDOWS\system32\jkkIYpPg.dll
2008-05-11 18:46 . 2008-05-11 18:46 57,344 --a------ C:\WINDOWS\system32\tuvWnOih.dll
2008-05-11 18:45 . 2008-05-11 18:45 57,344 --a------ C:\WINDOWS\system32\ssqNFuuU.dll
2008-05-11 18:40 . 2008-05-11 18:40 57,344 --a------ C:\WINDOWS\system32\ddcCUmLb.dll
2008-05-01 12:09 . 2005-02-17 23:07 5,632 --a------ C:\WINDOWS\system32\drivers\ATKACPI.sys
2008-04-29 17:51 . 2008-05-01 16:18 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\VoipDiscount
2008-04-29 17:48 . 2008-04-29 17:48 <REP> d-------- C:\Program Files\VoipDiscount.com
2008-04-29 17:40 . 2008-04-29 17:40 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\VoipBuster
2008-04-27 11:02 . 2008-04-27 11:02 <REP> d-------- C:\Program Files\MSECache
2008-04-26 14:40 . 2008-04-26 14:40 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Sony Corporation
2008-04-26 10:45 . 2006-11-02 16:57 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
2008-04-26 10:45 . 2006-10-18 19:43 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
2008-04-26 10:39 . 2008-04-26 10:39 <REP> d-------- C:\Program Files\Sony
2008-04-26 10:39 . 2008-04-26 10:39 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\InstallShield
2008-04-25 18:00 . 2008-04-25 18:05 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Creative
2008-04-25 17:27 . 2008-04-25 17:27 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2008-04-25 17:27 . 2006-10-06 00:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-04-25 17:26 . 2008-04-25 18:17 <REP> d-------- C:\Program Files\Audible
2008-04-25 17:26 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-04-25 17:25 . 2008-04-25 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-04-25 17:24 . 2008-04-25 17:24 <REP> d-------- C:\Program Files\Fichiers communs\Creative
2008-04-25 17:24 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-04-25 17:24 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-04-25 17:23 . 2008-04-25 17:25 <REP> d--h----- C:\Program Files\Creative Installation Information
2008-04-25 17:23 . 2008-04-25 17:27 <REP> d-------- C:\Program Files\Creative
2008-04-22 13:11 . 2008-04-22 13:11 <REP> d-------- C:\Program Files\Virtualis

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 18:40 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Skype
2008-05-19 15:17 --------- d-----w C:\Documents and Settings\Erwan\Application Data\skypePM
2008-05-19 15:01 --------- d-----w C:\Program Files\DC++
2008-05-19 13:44 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-18 09:58 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Azureus
2008-05-18 08:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-08 15:53 258 ----a-w C:\ffmpeg_debug.bat
2008-05-08 15:53 251 ----a-w C:\ffmpeg.bat
2008-05-02 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-28 10:16 --------- d-----w C:\Program Files\Ripp-it_AM
2008-04-26 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-16 18:10 --------- d-----w C:\Program Files\TmNationsForever
2008-04-07 15:41 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Image Zone Express
2008-04-06 07:52 --------- d-----w C:\Program Files\Java
2008-04-05 17:52 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-05 12:45 --------- d-----w C:\Program Files\Ubisoft
2008-04-01 23:07 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-03-30 21:52 --------- d-----w C:\Documents and Settings\Erwan\Application Data\AdobeUM
2008-03-27 13:32 --------- d-----w C:\Program Files\iTunes
2008-03-27 13:32 --------- d-----w C:\Program Files\iPod
2008-03-27 13:32 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Apple Computer
2008-03-27 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-27 13:31 --------- d-----w C:\Program Files\Bonjour
2008-03-27 13:27 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-27 13:27 --------- d-----w C:\Program Files\Apple Software Update
2008-03-27 13:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-03-27 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-24 11:14 --------- d-----w C:\Program Files\OpenVPN
2008-03-04 07:55 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-21 23:05 22,328 ----a-w C:\Documents and Settings\Erwan\Application Data\PnkBstrK.sys
2007-08-30 10:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-08-30 10:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-08-30 10:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007083020070831\index.dat
2007-08-30 10:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-19_17.20.51.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 15:11:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 18:47:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-03 23:10:07 53,248 -c--a-w C:\WINDOWS\system32\dllcache\1394bus.sys
+ 2001-08-17 20:06:48 11,264 -c--a-w C:\WINDOWS\system32\dllcache\1394vdbg.sys
+ 2001-08-23 15:46:44 689,216 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvs.dll
+ 2001-08-17 18:48:32 148,352 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvsm.sys
+ 2004-08-03 21:00:04 12,288 -c--a-w C:\WINDOWS\system32\dllcache\4mmdat.sys
+ 2004-08-03 21:10:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\61883.sys
+ 2001-08-23 15:46:44 38,400 -c--a-w C:\WINDOWS\system32\dllcache\8514a.dll
+ 2001-08-23 15:46:58 98,304 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-08-23 15:46:58 462,848 -c--a-w C:\WINDOWS\system32\dllcache\a3dapi.dll
+ 2001-08-17 19:52:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\abp480n5.sys
+ 2004-08-03 20:32:22 231,552 -c--a-w C:\WINDOWS\system32\dllcache\ac97ali.sys
+ 2001-08-17 18:20:04 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ac97intc.sys
+ 2001-08-17 18:20:16 297,728 -c--a-w C:\WINDOWS\system32\dllcache\ac97sis.sys
+ 2004-08-03 20:32:32 84,480 -c--a-w C:\WINDOWS\system32\dllcache\ac97via.sys
+ 2001-08-23 15:46:58 61,952 -c--a-w C:\WINDOWS\system32\dllcache\acerscad.dll
+ 2004-08-19 15:51:55 188,672 -c--a-w C:\WINDOWS\system32\dllcache\acpi.sys
+ 2002-09-06 19:59:59 12,032 -c--a-w C:\WINDOWS\system32\dllcache\acpiec.sys
+ 2001-08-17 19:53:02 7,424 -c--a-w C:\WINDOWS\system32\dllcache\adicvls.sys
+ 2001-08-17 18:11:18 20,160 -c--a-w C:\WINDOWS\system32\dllcache\adm8511.sys
+ 2001-08-17 18:19:10 584,448 -c--a-w C:\WINDOWS\system32\dllcache\adm8810.sys
+ 2001-08-17 18:19:14 553,984 -c--a-w C:\WINDOWS\system32\dllcache\adm8820.sys
+ 2001-08-17 18:19:14 747,392 -c--a-w C:\WINDOWS\system32\dllcache\adm8830.sys
+ 2004-08-03 20:32:24 10,880 -c--a-w C:\WINDOWS\system32\dllcache\admjoy.sys
- 2002-09-06 19:59:59 6,144 -c--a-w C:\WINDOWS\system32\dllcache\admxprox.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\admxprox.dll
+ 2001-08-17 18:11:16 46,112 -c--a-w C:\WINDOWS\system32\dllcache\adptsf50.sys
- 2002-09-06 19:59:59 50,176 -c--a-w C:\WINDOWS\system32\dllcache\adrot.dll
+ 2004-08-05 12:00:00 50,176 -c--a-w C:\WINDOWS\system32\dllcache\adrot.dll
+ 2004-08-19 14:09:20 4,255 -c--a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
+ 2004-08-19 14:09:20 3,967 -c--a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
+ 2004-08-19 14:09:20 3,615 -c--a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
+ 2004-08-19 14:09:20 3,647 -c--a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
+ 2004-08-19 14:09:20 3,135 -c--a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
+ 2004-08-19 14:09:20 3,711 -c--a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
+ 2004-08-19 14:09:20 3,775 -c--a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
+ 2006-02-14 23:22:26 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2004-08-03 21:07:42 42,368 -c--a-w C:\WINDOWS\system32\dllcache\agp440.sys
+ 2004-08-03 21:07:44 44,928 -c--a-w C:\WINDOWS\system32\dllcache\agpcpq.sys
+ 2001-08-17 19:52:02 12,800 -c--a-w C:\WINDOWS\system32\dllcache\aha154x.sys
+ 2001-08-17 20:07:36 55,168 -c--a-w C:\WINDOWS\system32\dllcache\aic78u2.sys
+ 2001-08-17 20:07:38 56,960 -c--a-w C:\WINDOWS\system32\dllcache\aic78xx.sys
+ 2001-08-17 18:11:18 27,678 -c--a-w C:\WINDOWS\system32\dllcache\ali5261.sys
+ 2001-08-17 19:49:02 26,624 -c--a-w C:\WINDOWS\system32\dllcache\alifir.sys
+ 2001-08-17 19:51:56 5,248 -c--a-w C:\WINDOWS\system32\dllcache\aliide.sys
+ 2004-08-03 21:07:42 42,752 -c--a-w C:\WINDOWS\system32\dllcache\alim1541.sys
+ 2001-08-17 18:11:20 16,969 -c--a-w C:\WINDOWS\system32\dllcache\amb8002.sys
+ 2004-08-03 21:07:44 43,008 -c--a-w C:\WINDOWS\system32\dllcache\amdagp.sys
+ 2006-12-13 12:05:59 41,216 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2006-12-13 12:05:59 41,600 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2001-08-17 19:52:04 12,032 -c--a-w C:\WINDOWS\system32\dllcache\amsint.sys
+ 2004-08-03 20:31:20 36,224 -c--a-w C:\WINDOWS\system32\dllcache\an983.sys
+ 2001-08-17 19:47:22 6,272 -c--a-w C:\WINDOWS\system32\dllcache\apmbatt.sys
+ 2006-12-13 12:05:59 60,800 -c--a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2001-08-17 19:52:00 26,496 -c--a-w C:\WINDOWS\system32\dllcache\asc.sys
+ 2001-08-17 19:52:04 22,400 -c--a-w C:\WINDOWS\system32\dllcache\asc3350p.sys
+ 2001-08-17 19:51:58 14,848 -c--a-w C:\WINDOWS\system32\dllcache\asc3550.sys
+ 2001-08-17 18:12:34 97,354 -c--a-w C:\WINDOWS\system32\dllcache\aspndis3.sys
- 2002-09-06 19:59:59 10,240 -c--a-w C:\WINDOWS\system32\dllcache\aspperf.dll
+ 2004-08-05 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\aspperf.dll
- 2002-09-06 19:59:59 29,184 -c--a-w C:\WINDOWS\system32\dllcache\asptxn.dll
+ 2004-08-05 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\asptxn.dll
+ 2004-08-03 20:59:44 95,360 -c--a-w C:\WINDOWS\system32\dllcache\atapi.sys
+ 2001-08-23 15:46:44 96,128 -c--a-w C:\WINDOWS\system32\dllcache\ati.dll
+ 2001-08-23 14:59:32 77,824 -c--a-w C:\WINDOWS\system32\dllcache\ati.sys
+ 2004-08-03 20:29:30 56,623 -c--a-w C:\WINDOWS\system32\dllcache\ati1btxx.sys
+ 2004-08-03 20:29:30 11,615 -c--a-w C:\WINDOWS\system32\dllcache\ati1mdxx.sys
+ 2004-08-03 20:29:30 12,047 -c--a-w C:\WINDOWS\system32\dllcache\ati1pdxx.sys
+ 2004-08-03 20:29:32 30,671 -c--a-w C:\WINDOWS\system32\dllcache\ati1raxx.sys
+ 2004-08-03 20:29:32 63,663 -c--a-w C:\WINDOWS\system32\dllcache\ati1rvxx.sys
+ 2004-08-03 20:29:32 26,367 -c--a-w C:\WINDOWS\system32\dllcache\ati1snxx.sys
+ 2004-08-03 20:29:32 21,343 -c--a-w C:\WINDOWS\system32\dllcache\ati1ttxx.sys
+ 2004-08-03 20:29:32 36,463 -c--a-w C:\WINDOWS\system32\dllcache\ati1tuxx.sys
+ 2004-08-03 20:29:32 29,455 -c--a-w C:\WINDOWS\system32\dllcache\ati1xbxx.sys
+ 2004-08-03 20:29:32 34,735 -c--a-w C:\WINDOWS\system32\dllcache\ati1xsxx.sys
+ 2006-02-21 20:04:50 258,048 -c--a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
+ 2004-08-19 14:09:20 377,984 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvaa.dll
+ 2006-02-21 20:46:48 256,512 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
+ 2004-08-19 13:53:40 327,168 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtaa.sys
+ 2006-02-21 20:46:26 1,505,792 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2006-02-21 20:30:46 2,636,672 -c--a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
+ 2001-08-17 18:49:04 46,464 -c--a-w C:\WINDOWS\system32\dllcache\atibt829.sys
+ 2001-08-23 15:46:44 382,592 -c--a-w C:\WINDOWS\system32\dllcache\atidrab.dll
+ 2001-08-23 15:46:44 137,216 -c--a-w C:\WINDOWS\system32\dllcache\atidrae.dll
+ 2001-08-23 15:46:44 268,160 -c--a-w C:\WINDOWS\system32\dllcache\atidvai.dll
+ 2001-08-23 15:47:26 37,376 -c--a-w C:\WINDOWS\system32\dllcache\atievxx.exe
+ 2001-08-23 14:59:36 289,920 -c--a-w C:\WINDOWS\system32\dllcache\atimpab.sys
+ 2001-08-23 14:59:36 75,392 -c--a-w C:\WINDOWS\system32\dllcache\atimpae.sys
+ 2001-08-23 14:59:38 281,728 -c--a-w C:\WINDOWS\system32\dllcache\atimtai.sys
+ 2004-08-03 20:29:28 57,856 -c--a-w C:\WINDOWS\system32\dllcache\atinbtxx.sys
+ 2004-08-03 20:29:30 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinmdxx.sys
+ 2004-08-03 20:29:30 14,336 -c--a-w C:\WINDOWS\system32\dllcache\atinpdxx.sys
+ 2004-08-03 20:29:30 52,224 -c--a-w C:\WINDOWS\system32\dllcache\atinraxx.sys
+ 2004-08-03 20:29:32 104,960 -c--a-w C:\WINDOWS\system32\dllcache\atinrvxx.sys
+ 2004-08-03 20:29:32 28,672 -c--a-w C:\WINDOWS\system32\dllcache\atinsnxx.sys
+ 2004-08-03 20:29:32 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinttxx.sys
+ 2004-08-03 20:29:32 73,216 -c--a-w C:\WINDOWS\system32\dllcache\atintuxx.sys
+ 2004-08-03 20:29:32 31,744 -c--a-w C:\WINDOWS\system32\dllcache\atinxbxx.sys
+ 2004-08-03 20:29:32 63,488 -c--a-w C:\WINDOWS\system32\dllcache\atinxsxx.sys
+ 2001-08-17 18:49:36 10,240 -c--a-w C:\WINDOWS\system32\dllcache\atipcxxx.sys
+ 2001-08-23 15:46:44 104,832 -c--a-w C:\WINDOWS\system32\dllcache\atiraged.dll
+ 2001-08-23 14:59:40 70,784 -c--a-w C:\WINDOWS\system32\dllcache\atiragem.sys
+ 2001-08-17 18:49:12 49,920 -c--a-w C:\WINDOWS\system32\dllcache\atirtcap.sys
+ 2001-08-17 18:49:18 26,880 -c--a-w C:\WINDOWS\system32\dllcache\atirtsnd.sys
+ 2001-08-17 18:49:22 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitunep.sys
+ 2001-08-17 18:49:28 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitvsnd.sys
+ 2001-08-17 18:49:38 9,472 -c--a-w C:\WINDOWS\system32\dllcache\ativmdcd.sys
+ 2004-08-19 14:09:20 32,768 -c--a-w C:\WINDOWS\system32\dllcache\ativtmxx.dll
+ 2001-08-17 18:49:44 19,456 -c--a-w C:\WINDOWS\system32\dllcache\ativttxx.sys
+ 2006-02-21 20:24:30 860,480 -c--a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
+ 2001-08-17 18:49:48 26,624 -c--a-w C:\WINDOWS\system32\dllcache\ativxbar.sys
+ 2001-08-17 18:49:34 23,552 -c--a-w C:\WINDOWS\system32\dllcache\atixbar.sys
+ 2004-08-19 14:09:22 21,183 -c--a-w C:\WINDOWS\system32\dllcache\atv01nt5.dll
+ 2004-08-19 14:09:22 11,359 -c--a-w C:\WINDOWS\system32\dllcache\atv02nt5.dll
+ 2004-08-19 14:09:22 25,471 -c--a-w C:\WINDOWS\system32\dllcache\atv04nt5.dll
+ 2004-08-19 14:09:22 14,143 -c--a-w C:\WINDOWS\system32\dllcache\atv06nt5.dll
+ 2004-08-19 14:09:22 17,279 -c--a-w C:\WINDOWS\system32\dllcache\atv10nt5.dll
+ 2001-08-17 21:59:44 3,072 -c--a-w C:\WINDOWS\system32\dllcache\audstub.sys
- 2002-09-06 19:59:59 9,216 -c--a-w C:\WINDOWS\system32\dllcache\authfilt.dll
+ 2004-08-05 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\authfilt.dll
+ 2004-08-03 21:10:12 38,912 -c--a-w C:\WINDOWS\system32\dllcache\avc.sys
+ 2001-08-17 20:01:12 36,096 -c--a-w C:\WINDOWS\system32\dllcache\avcaudio.sys
+ 2004-08-03 21:10:00 13,696 -c--a-w C:\WINDOWS\system32\dllcache\avcstrm.sys
+ 2001-08-23 15:46:58 87,552 -c--a-w C:\WINDOWS\system32\dllcache\avmcoxp.dll
+ 2001-08-23 15:46:58 144,384 -c--a-w C:\WINDOWS\system32\dllcache\avmenum.dll
+ 2001-08-17 18:13:48 37,568 -c--a-w C:\WINDOWS\system32\dllcache\avmwan.sys
+ 2001-08-17 18:19:16 36,992 -c--a-w C:\WINDOWS\system32\dllcache\aztw2320.sys
+ 2001-08-17 18:13:56 89,952 -c--a-w C:\WINDOWS\system32\dllcache\b1cbase.sys
+ 2001-08-23 15:00:08 97,248 -c--a-w C:\WINDOWS\system32\dllcache\b57xp32.sys
+ 2001-08-23 15:46:44 342,336 -c--a-w C:\WINDOWS\system32\dllcache\banshee.dll
+ 2001-08-17 18:48:28 36,128 -c--a-w C:\WINDOWS\system32\dllcache\banshee.sys
+ 2001-08-17 21:57:54 14,080 -c--a-w C:\WINDOWS\system32\dllcache\battc.sys
+ 2001-08-17 18:11:28 66,557 -c--a-w C:\WINDOWS\system32\dllcache\bcm42u.sys
+ 2001-08-17 18:11:26 54,271 -c--a-w C:\WINDOWS\system32\dllcache\bcm42xx5.sys
+ 2001-08-17 18:11:30 26,568 -c--a-w C:\WINDOWS\system32\dllcache\bcm4e5.sys
+ 2004-08-03 22:10:14 11,776 -c--a-w C:\WINDOWS\system32\dllcache\bdasup.sys
+ 2001-08-23 15:46:58 105,472 -c--a-w C:\WINDOWS\system32\dllcache\binlsvc.dll
+ 2001-08-23 15:46:58 19,456 -c--a-w C:\WINDOWS\system32\dllcache\brbidiif.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brcoinst.dll
+ 2001-08-23 15:46:58 12,800 -c--a-w C:\WINDOWS\system32\dllcache\brevif.dll
+ 2001-08-17 19:12:12 2,944 -c--a-w C:\WINDOWS\system32\dllcache\brfilt.sys
+ 2001-08-17 19:12:22 12,160 -c--a-w C:\WINDOWS\system32\dllcache\brfiltlo.sys
+ 2001-08-17 19:12:24 3,968 -c--a-w C:\WINDOWS\system32\dllcache\brfiltup.sys
+ 2001-08-23 15:46:58 15,360 -c--a-w C:\WINDOWS\system32\dllcache\brmfbidi.dll
+ 2001-08-23 15:46:58 81,920 -c--a-w C:\WINDOWS\system32\dllcache\brmfcwia.dll
+ 2001-08-23 15:46:58 29,696 -c--a-w C:\WINDOWS\system32\dllcache\brmflpt.dll
+ 2001-08-23 15:47:30 32,256 -c--a-w C:\WINDOWS\system32\dllcache\brmfrsmg.exe
+ 2001-08-23 15:46:58 41,472 -c--a-w C:\WINDOWS\system32\dllcache\brmfusb.dll
- 2002-09-06 19:59:59 45,568 -c--a-w C:\WINDOWS\system32\dllcache\browscap.dll
+ 2004-08-05 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\browscap.dll
+ 2001-08-17 19:12:24 3,168 -c--a-w C:\WINDOWS\system32\dllcache\brparimg.sys
+ 2001-08-23 15:01:54 39,808 -c--a-w C:\WINDOWS\system32\dllcache\brparwdm.sys
+ 2001-08-23 15:46:58 5,120 -c--a-w C:\WINDOWS\system32\dllcache\brscnrsm.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brserif.dll
+ 2001-08-17 19:12:20 60,416 -c--a-w C:\WINDOWS\system32\dllcache\brserwdm.sys
+ 2001-08-17 19:12:20 11,008 -c--a-w C:\WINDOWS\system32\dllcache\brusbmdm.sys
+ 2001-08-17 19:12:22 10,368 -c--a-w C:\WINDOWS\system32\dllcache\brusbscn.sys
+ 2001-08-17 18:11:24 31,529 -c--a-w C:\WINDOWS\system32\dllcache\brzwlan.sys
+ 2004-08-19 16:09:22 20,992 -c--a-w C:\WINDOWS\system32\dllcache\bthci.dll
+ 2004-08-03 21:10:40 17,024 -c--a-w C:\WINDOWS\system32\dllcache\bthenum.sys
+ 2004-08-03 21:10:40 38,016 -c--a-w C:\WINDOWS\system32\dllcache\bthmodem.sys
+ 2004-08-03 20:58:40 100,992 -c--a-w C:\WINDOWS\system32\dllcache\bthpan.sys
+ 2004-08-19 13:55:32 274,944 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2004-08-03 21:10:38 35,456 -c--a-w C:\WINDOWS\system32\dllcache\bthprint.sys
+ 2004-08-19 16:09:22 30,208 -c--a-w C:\WINDOWS\system32\dllcache\bthserv.dll
+ 2004-08-03 21:10:36 18,944 -c--a-w C:\WINDOWS\system32\dllcache\bthusb.sys
+ 2001-08-23 15:02:02 14,080 -c--a-w C:\WINDOWS\system32\dllcache\bulltlp3.sys
- 2002-09-06 19:59:59 218,112 -c--a-w C:\WINDOWS\system32\dllcache\c_g18030.dll
+ 2004-08-05 12:00:00 218,112 -c--a-w C:\WINDOWS\system32\dllcache\c_g18030.dll
- 2002-09-06 19:59:59 6,656 -c--a-w C:\WINDOWS\system32\dllcache\c_is2022.dll
+ 2004-08-05 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\c_is2022.dll
- 2002-09-06 19:59:59 10,752 -c--a-w C:\WINDOWS\system32\dllcache\c_iscii.dll
+ 2004-08-05 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\c_iscii.dll
+ 2001-08-17 20:05:48 314,752 -c--a-w C:\WINDOWS\system32\dllcache\camdro21.sys
+ 2001-08-17 20:04:46 223,232 -c--a-w C:\WINDOWS\system32\dllcache\camdrv21.sys
+ 2001-08-17 20:04:48 171,264 -c--a-w C:\WINDOWS\system32\dllcache\camdrv30.sys
+ 2001-08-23 15:47:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\camexo20.dll
+ 2001-08-23 15:47:00 236,032 -c--a-w C:\WINDOWS\system32\dllcache\camext20.dll
+ 2001-08-23 15:47:00 119,296 -c--a-w C:\WINDOWS\system32\dllcache\camext30.dll
- 2002-09-06 19:59:59 54,528 -c--a-w C:\WINDOWS\system32\dllcache\cap7146.sys
+ 2004-08-05 12:00:00 54,528 -c--a-w C:\WINDOWS\system32\dllcache\cap7146.sys
+ 2001-08-17 18:12:16 37,916 -c--a-w C:\WINDOWS\system32\dllcache\cb102.sys
+ 2001-08-17 18:12:42 39,680 -c--a-w C:\WINDOWS\system32\dllcache\cb325.sys
+ 2001-08-17 18:13:14 46,108 -c--a-w C:\WINDOWS\system32\dllcache\cben5.sys
+ 2002-09-06 19:59:59 13,952 -c--a-w C:\WINDOWS\system32\dllcache\cbidf2k.sys
+ 2001-08-23 15:03:10 715,466 -c--a-w C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
+ 2004-08-03 21:10:18 17,024 -c--a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
+ 2001-08-17 19:52:06 7,680 -c--a-w C:\WINDOWS\system32\dllcache\cd20xrnt.sys
+ 2006-12-13 12:04:13 18,688 -c--a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
- 2006-10-29 17:28:52 75,736 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2004-08-03 22:59:53 49,536 -c--a-w C:\WINDOWS\system32\dllcache\cdrom.sys
+ 2001-08-23 15:03:18 21,530 -c--a-w C:\WINDOWS\system32\dllcache\ce2n5.sys
+ 2001-08-23 15:03:18 27,164 -c--a-w C:\WINDOWS\system32\dllcache\ce3n5.sys
+ 2001-08-23 15:03:18 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem28n5.sys
+ 2001-08-23 15:03:20 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem33n5.sys
+ 2001-08-23 15:03:20 49,182 -c--a-w C:\WINDOWS\system32\dllcache\cem56n5.sys
+ 2004-08-19 14:09:22 15,423 -c--a-w C:\WINDOWS\system32\dllcache\ch7xxnt5.dll
- 2002-09-06 19:59:59 10,240 -c--a-w C:\WINDOWS\system32\dllcache\change.exe
+ 2004-08-05 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\change.exe
+ 2004-08-03 21:00:14 8,192 -c--a-w C:\WINDOWS\system32\dllcache\changer.sys
- 2002-09-06 19:59:59 13,824 -c--a-w C:\WINDOWS\system32\dllcache\chglogon.exe
+ 2004-08-05 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\chglogon.exe
- 2002-09-06 19:59:59 15,872 -c--a-w C:\WINDOWS\system32\dllcache\chgport.exe
+ 2004-08-05 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\chgport.exe
- 2002-09-06 19:59:59 14,848 -c--a-w C:\WINDOWS\system32\dllcache\chgusr.exe
+ 2004-08-05 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\chgusr.exe
- 2002-09-06 19:59:59 1,677,824 -c--a-w C:\WINDOWS\system32\dllcache\chsbrkr.dll
+ 2004-08-05 12:00:00 1,677,824 -c--a-w C:\WINDOWS\system32\dllcache\chsbrkr.dll
- 2002-09-06 19:59:59 838,144 -c--a-w C:\WINDOWS\system32\dllcache\chtbrkr.dll
+ 2004-08-05 12:00:00 838,144 -c--a-w C:\WINDOWS\system32\dllcache\chtbrkr.dll
+ 2001-08-23 15:04:06 272,640 -c--a-w C:\WINDOWS\system32\dllcache\cinemclc.sys
+ 2006-12-13 12:04:13 262,528 -c--a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2001-08-23 15:46:44 91,264 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.dll
+ 2001-08-17 19:57:16 45,696 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.sys
+ 2001-08-23 15:46:44 111,232 -c--a-w C:\WINDOWS\system32\dllcache\cl5465.dll
+ 2001-08-23 15:46:44 170,880 -c--a-w C:\WINDOWS\system32\dllcache\cl546x.dll
+ 2001-08-17 19:57:36 248,064 -c--a-w C:\WINDOWS\system32\dllcache\cl546xm.sys
+ 2004-08-03 23:07:40 14,080 -c--a-w C:\WINDOWS\system32\dllcache\cmbatt.sys
+ 2001-08-23 15:04:40 20,864 -c--a-w C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
+ 2001-08-23 15:04:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\cmdide.sys
+ 2006-12-13 12:05:59 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cnbjmon.dll
+ 2001-08-23 15:47:00 44,544 -c--a-w C:\WINDOWS\system32\dllcache\cnusd.dll
+ 2001-08-17 18:11:42 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cnxt1803.sys
+ 2001-08-17 21:58:00 9,344 -c--a-w C:\WINDOWS\system32\dllcache\compbatt.sys
- 2002-09-06 19:59:59 33,792 -c--a-w C:\WINDOWS\system32\dllcache\controt.dll
+ 2004-08-05 12:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\controt.dll
- 2002-09-06 19:59:59 56,832 -c--a-w C:\WINDOWS\system32\dllcache\convlog.exe
+ 2004-08-05 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\convlog.exe
- 2002-09-06 19:59:59 20,480 -c--a-w C:\WINDOWS\system32\dllcache\counters.dll
+ 2004-08-05 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\counters.dll
+ 2001-08-17 19:52:06 14,976 -c--a-w C:\WINDOWS\system32\dllcache\cpqarray.sys
+ 2006-12-13 12:04:13 11,776 -c--a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
+ 2001-08-23 15:07:28 21,533 -c--a-w C:\WINDOWS\system32\dllcache\cpqndis5.sys
+ 2001-08-23 15:07:28 61,194 -c--a-w C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
- 2002-09-06 19:59:59 19,456 -c--a-w C:\WINDOWS\system32\dllcache\cprofile.exe
+ 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\cprofile.exe
+ 2001-08-23 15:47:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\cpscan.dll
+ 2001-08-17 18:19:18 42,112 -c--a-w C:\WINDOWS\system32\dllcache\crtaud.sys
+ 2006-12-13 12:05:59 40,704 -c--a-w C:\WINDOWS\system32\dllcache\crusoe.sys
+ 2001-08-23 15:47:00 175,104 -c--a-w C:\WINDOWS\system32\dllcache\csamsp.dll
+ 2001-08-17 18:19:28 6,912 -c--a-w C:\WINDOWS\system32\dllcache\ctlfacem.sys
+ 2001-08-17 18:19:20 3,712 -c--a-w C:\WINDOWS\system32\dllcache\ctljystk.sys
+ 2001-08-17 18:19:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ctlsb16.sys
+ 2004-08-19 14:09:22 252,416 -c--a-w C:\WINDOWS\system32\dllcache\ctmasetp.dll
+ 2001-08-23 15:47:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ctwdm32.dll
+ 2001-08-17 18:19:24 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbase.sys
+ 2001-08-17 18:19:26 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbmidi.sys
+ 2001-08-17 18:19:28 72,832 -c--a-w C:\WINDOWS\system32\dllcache\cwbwdm.sys
+ 2001-08-17 18:19:30 3,584 -c--a-w C:\WINDOWS\system32\dllcache\cwcosnt5.sys
+ 2001-08-17 18:19:36 111,872 -c--a-w C:\WINDOWS\system32\dllcache\cwcspud.sys
+ 2001-08-17 18:19:48 93,952 -c--a-w C:\WINDOWS\system32\dllcache\cwcwdm.sys
+ 2004-08-03 20:32:26 48,640 -c--a-w C:\WINDOWS\system32\dllcache\cwrwdm.sys
+ 2001-08-23 15:08:38 17,536 -c--a-w C:\WINDOWS\system32\dllcache\cyclad-z.sys
+ 2001-08-23 15:08:38 15,104 -c--a-w C:\WINDOWS\system32\dllcache\cyclom-y.sys
+ 2001-08-23 15:47:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\cyycoins.dll
+ 2001-08-23 15:08:40 50,944 -c--a-w C:\WINDOWS\system32\dllcache\cyyport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyyports.dll
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzcoins.dll
+ 2001-08-23 15:08:42 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cyzport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzports.dll
+ 2001-08-23 15:08:44 117,760 -c--a-w C:\WINDOWS\system32\dllcache\d100ib5.sys
+ 2001-08-17 19:52:16 179,584 -c--a-w C:\WINDOWS\system32\dllcache\dac2w2k.sys
+ 2001-08-17 19:52:16 14,720 -c--a-w C:\WINDOWS\system32\dllcache\dac960nt.sys
+ 2001-08-23 15:47:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\dc210_32.dll
+ 2001-08-23 15:47:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\dc210usd.dll
+ 2001-08-17 18:12:02 63,208 -c--a-w C:\WINDOWS\system32\dllcache\dc21x4.sys
+ 2001-08-23 15:47:00 87,552 -c--a-w C:\WINDOWS\system32\dllcache\dc240usd.dll
+ 2001-08-23 15:47:00 112,128 -c--a-w C:\WINDOWS\system32\dllcache\dc260usd.dll
+ 2001-08-17 19:52:58 7,424 -c--a-w C:\WINDOWS\system32\dllcache\ddsmc.sys
+ 2001-08-17 18:11:44 20,928 -c--a-w C:\WINDOWS\system32\dllcache\defpa.sys
+ 2001-08-23 15:47:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\devcon32.dll
+ 2001-08-23 15:47:34 24,064 -c--a-w C:\WINDOWS\system32\dllcache\devldr32.exe
+ 2001-08-17 18:11:48 24,648 -c--a-w C:\WINDOWS\system32\dllcache\dfe650.sys
+ 2001-08-17 18:11:48 24,649 -c--a-w C:\WINDOWS\system32\dllcache\dfe650d.sys
+ 2001-08-23 15:09:48 29,691 -c--a-w C:\WINDOWS\system32\dllcache\dgapci.sys
+ 2001-08-23 15:47:00 422,429 -c--a-w C:\WINDOWS\system32\dllcache\dgconfig.dll
+ 2001-08-17 18:13:48 164,923 -c--a-w C:\WINDOWS\system32\dllcache\diapi2.sys
+ 2001-08-23 15:47:02 32,256 -c--a-w C:\WINDOWS\system32\dllcache\diapi2NT.dll
+ 2001-08-23 15:47:02 65,622 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.dll
+ 2001-08-23 15:10:10 37,927 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.sys
+ 2001-08-23 15:47:02 135,252 -c--a-w C:\WINDOWS\system32\dllcache\digidbp.dll
+ 2001-08-23 15:10:10 103,492 -c--a-w C:\WINDOWS\system32\dllcache\digidxb.sys
+ 2001-08-23 15:10:12 90,685 -c--a-w C:\WINDOWS\system32\dllcache\digifep5.sys
+ 2001-08-23 15:47:02 229,462 -c--a-w C:\WINDOWS\system32\dllcache\digifwrk.dll
+ 2001-08-23 15:47:02 159,828 -c--a-w C:\WINDOWS\system32\dllcache\digihlc.dll
+ 2001-08-23 15:47:02 102,484 -c--a-w C:\WINDOWS\system32\dllcache\digiinf.dll
+ 2001-08-23 15:47:02 41,046 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.dll
+ 2001-08-17 18:14:44 21,606 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.sys
+ 2001-08-23 15:47:02 110,621 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.dll
+ 2001-08-23 15:10:16 42,656 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.sys
+ 2001-08-23 15:47:34 622,621 -c--a-w C:\WINDOWS\system32\dllcache\digiview.exe
+ 2001-08-17 18:13:52 91,305 -c--a-w C:\WINDOWS\system32\dllcache\dimaint.sys
+ 2004-08-03 22:59:55 36,352 -c--a-w C:\WINDOWS\system32\dllcache\disk.sys
+ 2001-08-23 15:47:02 6,729 -c--a-w C:\WINDOWS\system32\dllcache\disrvci.dll
+ 2001-08-23 15:47:02 31,817 -c--a-w C:\WINDOWS\system32\dllcache\disrvpp.dll
+ 2001-08-23 15:47:02 38,985 -c--a-w C:\WINDOWS\system32\dllcache\disrvsu.dll
+ 2001-08-23 15:47:34 236,060 -c--a-w C:\WINDOWS\system32\dllcache\ditrace.exe
+ 2001-08-23 15:47:02 6,216 -c--a-w C:\WINDOWS\system32\dllcache\divaci.dll
+ 2001-08-23 15:47:02 37,962 -c--a-w C:\WINDOWS\system32\dllcache\divaprop.dll
+ 2001-08-23 15:47:02 29,768 -c--a-w C:\WINDOWS\system32\dllcache\divasu.dll
+ 2001-08-17 18:11:44 26,698 -c--a-w C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
+ 2004-08-03 21:00:06 8,320 -c--a-w C:\WINDOWS\system32\dllcache\dlttape.sys
+ 2001-08-17 18:11:42 29,696 -c--a-w C:\WINDOWS\system32\dllcache\dm9pci5.sys
+ 2004-08-03 21:07:40 52,864 -c--a-w C:\WINDOWS\system32\dllcache\dmusic.sys
+ 2006-12-13 12:05:59 58,880 -c--a-w C:\WINDOWS\system32\dllcache\dmutil.dll
+ 2004-08-03 20:58:30 207,360 -c--a-w C:\WINDOWS\system32\dllcache\dot4.sys
+ 2001-08-17 19:47:32 12,928 -c--a-w C:\WINDOWS\system32\dllcache\dot4prt.sys
+ 2001-08-17 19:47:32 8,704 -c--a-w C:\WINDOWS\system32\dllcache\dot4scan.sys
+ 2001-08-23 15:11:02 24,064 -c--a-w C:\WINDOWS\system32\dllcache\dot4usb.sys
+ 2001-08-17 18:12:32 28,062 -c--a-w C:\WINDOWS\system32\dllcache\dp83820.sys
+ 2001-08-17 20:07:44 20,192 -c--a-w C:\WINDOWS\system32\dllcache\dpti2o.sys
+ 2004-08-03 22:08:00 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-03 21:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2001-08-17 18:20:18 334,208 -c--a-w C:\WINDOWS\system32\dllcache\ds1wdm.sys
+ 2006-12-13 12:04:13 59,392 -c--a-w C:\WINDOWS\system32\dllcache\dvdplay.exe
+ 2004-08-03 23:00:55 71,040 -c--a-w C:\WINDOWS\system32\dllcache\dxg.sys
+ 2001-08-23 15:12:50 51,743 -c--a-w C:\WINDOWS\system32\dllcache\e1000nt5.sys
+ 2001-08-23 15:12:50 117,760 -c--a-w C:\WINDOWS\system32\dllcache\e100b325.sys
+ 2001-08-17 18:12:12 19,594 -c--a-w C:\WINDOWS\system32\dllcache\e100isa4.sys
- 2002-09-06 19:59:59 514,587 -c--a-w C:\WINDOWS\system32\dllcache\edb500.dll
+ 2004-08-05 12:00:00 514,587 -c--a-w C:\WINDOWS\system32\dllcache\edb500.dll
+ 2001-08-23 15:13:26 44,615 -c--a-w C:\WINDOWS\system32\dllcache\el515.sys
+ 2001-08-17 18:10:56 55,999 -c--a-w C:\WINDOWS\system32\dllcache\el556nd5.sys
+ 2001-08-17 18:10:56 24,653 -c--a-w C:\WINDOWS\system32\dllcache\el574nd4.sys
+ 2001-08-17 18:10:58 69,692 -c--a-w C:\WINDOWS\system32\dllcache\el575nd5.sys
+ 2001-08-17 18:10:52 26,141 -c--a-w C:\WINDOWS\system32\dllcache\el589nd5.sys
+ 2001-08-17 18:11:00 69,194 -c--a-w C:\WINDOWS\system32\dllcache\el656cd5.sys
+ 2001-08-17 18:11:00 77,386 -c--a-w C:\WINDOWS\system32\dllcache\el656nd5.sys
+ 2001-08-23 15:13:30 241,238 -c--a-w C:\WINDOWS\system32\dllcache\el656se5.sys
+ 2001-08-17 18:11:06 66,591 -c--a-w C:\WINDOWS\system32\dllcache\el90xbc5.sys
+ 2001-08-23 15:13:30 153,631 -c--a-w C:\WINDOWS\system32\dllcache\el90xnd5.sys
+ 2001-08-23 15:13:30 455,711 -c--a-w C:\WINDOWS\system32\dllcache\el985n51.sys
+ 2001-08-17 18:11:04 70,174 -c--a-w C:\WINDOWS\system32\dllcache\el98xn5.sys
+ 2001-08-23 15:13:32 175,104 -c--a-w C:\WINDOWS\system32\dllcache\el99xn51.sys
+ 2001-08-17 19:53:02 7,296 -c--a-w C:\WINDOWS\system32\dllcache\elmsmc.sys
+ 2001-08-17 18:10:52 25,159 -c--a-w C:\WINDOWS\system32\dllcache\elnk3.sys
+ 2001-08-17 18:10:54 19,996 -c--a-w C:\WINDOWS\system32\dllcache\em556n4.sys
+ 2001-08-17 18:19:26 283,904 -c--a-w C:\WINDOWS\system32\dllcache\emu10k1m.sys
+ 2001-08-17 21:46:40 6,400 -c--a-w C:\WINDOWS\system32\dllcache\enum1394.sys
+ 2001-08-17 19:50:20 144,896 -c--a-w C:\WINDOWS\system32\dllcache\epcfw2k.sys
+ 2001-08-17 18:12:08 18,503 -c--a-w C:\WINDOWS\system32\dllcache\epro4.sys
+ 2001-08-17 19:50:20 114,944 -c--a-w C:\WINDOWS\system32\dllcache\epstw2k.sys
+ 2001-08-23 15:16:00 630,016 -c--a-w C:\WINDOWS\system32\dllcache\eqn.sys
+ 2001-08-23 15:47:34 53,760 -c--a-w C:\WINDOWS\system32\dllcache\eqndiag.exe
+ 2001-08-23 15:47:34 51,712 -c--a-w C:\WINDOWS\system32\dllcache\eqnlogr.exe
+ 2001-08-23 15:47:34 62,464 -c--a-w C:\WINDOWS\system32\dllcache\eqnloop.exe
+ 2001-08-17 18:19:38 37,120 -c--a-w C:\WINDOWS\system32\dllcache\es1370mp.sys
+ 2001-08-17 18:19:34 40,704 -c--a-w C:\WINDOWS\system32\dllcache\es1371mp.sys
+ 2001-08-17 18:19:58 72,192 -c--a-w C:\WINDOWS\system32\dllcache\es1969.sys
+ 2001-08-17 18:19:48 174,464 -c--a-w C:\WINDOWS\system32\dllcache\es198x.sys
+ 2001-08-23 15:16:04 596,319 -c--a-w C:\WINDOWS\system32\dllcache\es56cvmp.sys
+ 2001-08-23 15:16:06 594,910 -c--a-w C:\WINDOWS\system32\dllcache\es56hpi.sys
+ 2001-08-23 15:16:06 348,222 -c--a-w C:\WINDOWS\system32\dllcache\es56tpi.sys
+ 2001-08-17 18:19:56 63,360 -c--a-w C:\WINDOWS\system32\dllcache\ess.sys
+ 2004-08-03 20:32:28 137,088 -c--a-w C:\WINDOWS\system32\dllcache\essm2e.sys
+ 2001-08-23 15:47:04 43,008 -c--a-w C:\WINDOWS\system32\dllcache\esucm.dll
- 2002-09-06 19:59:59 31,744 -c--a-w C:\WINDOWS\system32\dllcache\esucmd.dll
+ 2004-08-05 12:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\esucmd.dll
+ 2001-08-23 15:47:04 34,816 -c--a-w C:\WINDOWS\system32\dllcache\esuimg.dll
- 2002-09-06 19:59:59 57,856 -c--a-w C:\WINDOWS\system32\dllcache\esuimgd.dll
+ 2004-08-05 12:00:00 57,856 -c--a-w C:\WINDOWS\system32\dllcache\esuimgd.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esuni.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esunib.dll
- 2002-09-06 19:59:59 45,568 -c--a-w C:\WINDOWS\system32\dllcache\esunid.dll
+ 2004-08-05 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\esunid.dll
- 2002-09-06 19:59:59 25,856 -c--a-w C:\WINDOWS\system32\dllcache\et4000.sys
+ 2004-08-05 12:00:00 25,856 -c--a-w C:\WINDOWS\system32\dllcache\et4000.sys
+ 2001-08-17 18:12:08 16,998 -c--a-w C:\WINDOWS\system32\dllcache\ex10.sys
+ 2001-08-17 19:52:48 7,040 -c--a-w C:\WINDOWS\system32\dllcache\exabyte2.sys
+ 2001-08-17 18:11:54 12,362 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xi.sys
+ 2001-08-17 18:11:56 11,850 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xj.sys
- 2002-09-06 19:59:59 7,168 -c--a-w C:\WINDOWS\system32\dllcache\f3ahvoas.dll
+ 2004-08-05 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\f3ahvoas.dll
+ 2001-08-17 18:12:32 16,074 -c--a-w C:\WINDOWS\system32\dllcache\fa312nd5.sys
+ 2001-08-17 18:12:32 24,618 -c--a-w C:\WINDOWS\system32\dllcache\fa410nd5.sys
+ 2004-08-03 22:59:27 27,392 -c--a-w C:\WINDOWS\system32\dllcache\fdc.sys
+ 2001-08-17 18:10:54 22,090 -c--a-w C:\WINDOWS\system32\dllcache\fem556n5.sys
+ 2001-08-17 18:13:08 27,165 -c--a-w C:\WINDOWS\system32\dllcache\fetnd5.sys
- 2002-09-06 19:59:59 15,360 -c--a-w C:\WINDOWS\system32\dllcache\flattemp.exe
+ 2004-08-05 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\flattemp.exe
+ 2004-08-03 22:59:27 20,480 -c--a-w C:\WINDOWS\system32\dllcache\flpydisk.sys
+ 2001-08-23 15:47:04 72,192 -c--a-w C:\WINDOWS\system32\dllcache\fnfilter.dll
+ 2004-08-03 20:31:24 34,173 -c--a-w C:\WINDOWS\system32\dllcache\forehe.sys
+ 2001-08-17 18:14:24 444,416 -c--a-w C:\WINDOWS\system32\dllcache\fpcibase.sys
+ 2001-08-17 18:14:44 441,728 -c--a-w C:\WINDOWS\system32\dllcache\fpcmbase.sys
+ 2001-08-17 18:15:02 442,240 -c--a-w C:\WINDOWS\system32\dllcache\fpnpbase.sys
+ 2004-08-19 16:09:55 193,024 -c--a-w C:\WINDOWS\system32\dllcache\fsquirt.exe
+ 2006-12-13 12:04:13 12,416 -c--a-w C:\WINDOWS\system32\dllcache\fsvga.sys
+ 2002-09-06 19:59:59 126,080 -c--a-w C:\WINDOWS\system32\dllcache\ftdisk.sys
- 2002-09-06 19:59:59 6,144 -c--a-w C:\WINDOWS\system32\dllcache\ftlx041e.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\ftlx041e.dll
- 2002-09-06 19:59:59 7,680 -c--a-w C:\WINDOWS\system32\dllcache\ftpctrs2.dll
+ 2004-08-05 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\ftpctrs2.dll
- 2002-09-06 19:59:59 6,144 -c--a-w C:\WINDOWS\system32\dllcache\ftpsapi2.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\ftpsapi2.dll
+ 2001-08-17 18:15:22 455,680 -c--a-w C:\WINDOWS\system32\dllcache\fus2base.sys
+ 2001-08-17 18:15:38 455,296 -c--a-w C:\WINDOWS\system32\dllcache\fusbbase.sys
+ 2001-08-23 15:47:04 92,672 -c--a-w C:\WINDOWS\system32\dllcache\fuusd.dll
- 2002-09-06 19:59:59 113,664 -c--a-w C:\WINDOWS\system32\dllcache\fxscfgwz.dll
+ 2004-08-05 12:00:00 113,664 -c--a-w C:\WINDOWS\system32\dllcache\fxscfgwz.dll
- 2002-09-06 19:59:59 141,312 -c--a-w C:\WINDOWS\system32\dllcache\fxsclntr.dll
+ 2004-08-05 12:00:00 141,312 -c--a-w C:\WINDOWS\system32\dllcache\fxsclntr.dll
- 2002-09-06 19:59:59 31,744 -c--a-w C:\WINDOWS\system32\dllcache\fxsroute.dll
+ 2004-08-05 12:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\fxsroute.dll
- 2002-09-06 19:59:59 11,776 -c--a-w C:\WINDOWS\system32\dllcache\fxssend.exe
+ 2004-08-05 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\fxssend.exe
+ 2001-08-17 18:15:56 454,912 -c--a-w C:\WINDOWS\system32\dllcache\fxusbase.sys
+ 2001-08-23 15:46:44 470,144 -c--a-w C:\WINDOWS\system32\dllcache\g200d.dll
+ 2001-08-23 15:18:04 320,512 -c--a-w C:\WINDOWS\system32\dllcache\g200m.sys
+ 2001-08-23 15:18:06 322,560 -c--a-w C:\WINDOWS\system32\dllcache\g400m.sys
+ 2004-08-03 21:07:44 46,464 -c--a-w C:\WINDOWS\system32\dllcache\gagp30kx.sys
+ 2004-08-03 21:08:22 10,624 -c--a-w C:\WINDOWS\system32\dllcache\gameenum.sys
+ 2004-08-03 21:08:30 59,136 -c--a-w C:\WINDOWS\system32\dllcache\gckernel.sys
+ 2001-08-23 15:18:36 17,664 -c--a-w C:\WINDOWS\system32\dllcache\gpr400.sys
+ 2001-08-23 15:18:40 82,560 -c--a-w C:\WINDOWS\system32\dllcache\grclass.sys
+ 2004-08-19 13:55:22 28,672 -c--a-w C:\WINDOWS\system32\dllcache\grserial.sys
- 2002-09-06 19:59:59 36,864 -c--a-w C:\WINDOWS\system32\dllcache\hanjadic.dll
+ 2004-08-05 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\hanjadic.dll
+ 2004-08-19 16:09:27 7,168 -c--a-w C:\WINDOWS\system32\dllcache\hccoin.dll
+ 2001-08-23 15:19:04 908,000 -c--a-w C:\WINDOWS\system32\dllcache\hcf_msft.sys
+ 2006-12-13 12:05:59 20,992 -c--a-w C:\WINDOWS\system32\dllcache\hid.dll
+ 2001-08-17 19:58:00 19,200 -c--a-w C:\WINDOWS\system32\dllcache\hidbatt.sys
+ 2004-08-19 13:55:52 25,856 -c--a-w C:\WINDOWS\system32\dllcache\hidbth.sys
+ 2004-08-03 23:08:19 36,224 -c--a-w C:\WINDOWS\system32\dllcache\hidclass.sys
+ 2001-08-17 20:02:32 8,576 -c--a-w C:\WINDOWS\system32\dllcache\hidgame.sys
+ 2004-08-03 21:08:20 15,104 -c--a-w C:\WINDOWS\system32\dllcache\hidir.sys
+ 2004-08-03 23:08:17 24,960 -c--a-w C:\WINDOWS\system32\dllcache\hidparse.sys
+ 2004-08-19 16:09:28 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2001-08-17 20:02:50 2,688 -c--a-w C:\WINDOWS\system32\dllcache\hidswvd.sys
+ 2002-09-06 19:59:59 9,600 -c--a-w C:\WINDOWS\system32\dllcache\hidusb.sys
+ 2001-08-23 15:47:04 119,296 -c--a-w C:\WINDOWS\system32\dllcache\hpdigwia.dll
+ 2001-08-23 15:47:04 83,968 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21.dll
+ 2001-08-23 15:47:04 123,392 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21tk.dll
+ 2001-08-23 15:47:04 89,088 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33.dll
+ 2001-08-23 15:47:04 48,128 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33tk.dll
+ 2001-08-23 15:47:04 101,376 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34.dll
+ 2001-08-23 15:47:04 126,976 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34tk.dll
+ 2001-08-23 15:47:04 93,696 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42.dll
+ 2001-08-23 15:47:04 31,232 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42tk.dll
+ 2001-08-23 15:47:04 165,888 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53.dll
+ 2001-08-23 15:47:04 68,608 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53tk.dll
+ 2001-08-23 15:47:04 32,768 -c--a-w C:\WINDOWS\system32\dllcache\hpgtmcro.dll
+ 2001-08-17 20:07:44 25,952 -c--a-w C:\WINDOWS\system32\dllcache\hpn.sys
+ 2001-08-23 15:47:04 324,608 -c--a-w C:\WINDOWS\system32\dllcache\hpojwia.dll
+ 2001-08-23 15:47:04 13,312 -c--a-w C:\WINDOWS\system32\dllcache\hpsjmcro.dll
+ 2001-08-17 19:52:50 5,760 -c--a-w C:\WINDOWS\system32\dllcache\hpt4qic.sys
+ 2001-08-23 15:47:04 19,456 -c--a-w C:\WINDOWS\system32\dllcache\hr1w.dll
+ 2001-08-17 19:28:04 150,239 -c--a-w C:\WINDOWS\system32\dllcache\hsf_amos.sys
+ 2001-08-17 19:28:04 67,167 -c--a-w C:\WINDOWS\system32\dllcache\hsf_bsc2.sys
+ 2001-08-17 19:28:06 289,887 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fall.sys
+ 2001-08-17 19:28:06 199,711 -c--a-w C:\WINDOWS\system32\dllcache\hsf_faxx.sys
+ 2001-08-17 19:28:06 115,807 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fsks.sys
+ 2001-08-23 15:47:04 9,759 -c--a-w C:\WINDOWS\system32\dllcache\hsf_inst.dll
+ 2001-08-17 19:28:08 391,199 -c--a-w C:\WINDOWS\system32\dllcache\hsf_k56k.sys
+ 2001-08-17 19:28:10 542,879 -c--a-w C:\WINDOWS\system32\dllcache\hsf_msft.sys
+ 2001-08-17 19:28:10 57,471 -c--a-w C:\WINDOWS\system32\dllcache\hsf_samp.sys
+ 2001-08-17 19:28:10 44,863 -c--a-w C:\WINDOWS\system32\dllcache\hsf_soar.sys
+ 2001-08-17 19:28:10 73,279 -c--a-w C:\WINDOWS\system32\dllcache\hsf_spkp.sys
+ 2001-08-17 19:28:12 50,751 -c--a-w C:\WINDOWS\system32\dllcache\hsf_tone.sys
+ 2001-08-17 19:28:12 488,383 -c--a-w C:\WINDOWS\system32\dllcache\hsf_v124.sys
+ 2004-08-03 20:41:48 220,032 -c--a-w C:\WINDOWS\system32\dllcache\hsfbs2s2.sys
+ 2004-08-19 14:09:28 32,285 -c--a-w C:\WINDOWS\system32\dllcache\hsfcisp2.dll
+ 2004-08-03 20:41:50 685,056 -c--a-w C:\WINDOWS\system32\dllcache\hsfcxts2.sys
+ 2004-08-03 20:41:56 1,041,536 -c--a-w C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
+ 2006-12-13 11:52:32 262,656 -c--a-w C:\WINDOWS\system32\dllcache\http.sys
- 2002-09-06 19:59:59 10,096,640 -c--a-w C:\WINDOWS\system32\dllcache\hwxcht.dll
+ 2004-08-05 12:00:00 10,096,640 -c--a-w C:\WINDOWS\system32\dllcache\hwxcht.dll
- 2002-09-06 19:59:59 13,463,552 -c--a-w C:\WINDOWS\system32\dllcache\hwxjpn.dll
+ 2004-08-05 12:00:00 13,463,552 -c--a-w C:\WINDOWS\system32\dllcache\hwxjpn.dll
- 2002-09-06 19:59:59 10,129,408 -c--a-w C:\WINDOWS\system32\dllcache\hwxkor.dll
+ 2004-08-05 12:00:00 10,129,408 -c--a-w C:\WINDOWS\system32\dllcache\hwxkor.dll
+ 2004-08-03 21:00:52 8,192 -c--a-w C:\WINDOWS\system32\dllcache\i2omgmt.sys
+ 2004-08-03 21:00:52 18,560 -c--a-w C:\WINDOWS\system32\dllcache\i2omp.sys
+ 2001-08-23 15:46:46 353,184 -c--a-w C:\WINDOWS\system32\dllcache\i740dnt5.dll
+ 2001-08-17 18:49:06 58,592 -c--a-w C:\WINDOWS\system32\dllcache\i740nt5.sys
+ 2004-08-19 15:56:39 54,400 -c--a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
+ 2004-08-19 14:09:28 702,845 -c--a-w C:\WINDOWS\system32\dllcache\i81xdnt5.dll
+ 2004-08-03 20:29:38 161,020 -c--a-w C:\WINDOWS\system32\dllcache\i81xnt5.sys
+ 2001-08-17 18:11:58 28,700 -c--a-w C:\WINDOWS\system32\dllcache\ibmexmp.sys
+ 2001-08-23 15:45:26 10,240 -c--a-w C:\WINDOWS\system32\dllcache\ibmsgnet.dll
+ 2001-08-17 18:12:00 100,936 -c--a-w C:\WINDOWS\system32\dllcache\ibmtok.sys
+ 2001-08-17 18:12:02 109,085 -c--a-w C:\WINDOWS\system32\dllcache\ibmtrp.sys
+ 2001-08-17 20:06:46 38,528 -c--a-w C:\WINDOWS\system32\dllcache\ibmvcap.sys
+ 2001-08-17 20:05:44 141,056 -c--a-w C:\WINDOWS\system32\dllcache\icam3.sys
+ 2001-08-23 15:47:04 27,136 -c--a-w C:\WINDOWS\system32\dllcache\icam3ext.dll
+ 2001-08-23 15:47:04 92,160 -c--a-w C:\WINDOWS\system32\dllcache\icam4com.dll
+ 2001-08-23 15:47:04 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icam4ext.dll
+ 2001-08-17 20:06:02 154,496 -c--a-w C:\WINDOWS\system32\dllcache\icam4usb.sys
+ 2001-08-23 15:47:04 45,056 -c--a-w C:\WINDOWS\system32\dllcache\icam5com.dll
+ 2001-08-23 15:47:04 20,992 -c--a-w C:\WINDOWS\system32\dllcache\icam5ext.dll
+ 2001-08-17 20:06:20 100,992 -c--a-w C:\WINDOWS\system32\dllcache\icam5usb.sys
+ 2001-08-23 15:47:04 372,824 -c--a-w C:\WINDOWS\system32\dllcache\iconf32.dll
- 2002-09-06 19:59:59 60,928 -c--a-w C:\WINDOWS\system32\dllcache\iisclex4.dll
+ 2004-08-05 12:00:00 60,928 -c--a-w C:\WINDOWS\system32\dllcache\iisclex4.dll
- 2002-09-06 19:59:59 19,456 -c--a-w C:\WINDOWS\system32\dllcache\iiscrmap.dll
+ 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\iiscrmap.dll
- 2002-09-06 19:59:59 3,584 -c--a-w C:\WINDOWS\system32\dllcache\iismui.dll
+ 2004-08-05 12:00:00 3,584 -c--a-w C:\WINDOWS\system32\dllcache\iismui.dll
- 2002-09-06 19:59:59 14,848 -c--a-w C:\WINDOWS\system32\dllcache\iisreset.exe
+ 2004-08-05 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\iisreset.exe
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\iisrstap.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\iisrstap.dll
- 2002-09-06 19:59:59 6,656 -c--a-w C:\WINDOWS\system32\dllcache\iissync.exe
+ 2004-08-05 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\iissync.exe
- 2002-09-06 19:59:59 173,056 -c--a-w C:\WINDOWS\system32\dllcache\iisui.dll
+ 2004-08-05 12:00:00 173,056 -c--a-w C:\WINDOWS\system32\dllcache\iisui.dll
+ 2004-08-03 23:00:15 41,856 -c--a-w C:\WINDOWS\system32\dllcache\imapi.sys
- 2002-09-06 19:59:59 44,032 -c--a-w C:\WINDOWS\system32\dllcache\imekrmig.exe
+ 2004-08-05 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\imekrmig.exe
- 2002-09-06 19:59:59 102,463 -c--a-w C:\WINDOWS\system32\dllcache\imepadsm.dll
+ 2004-08-05 12:00:00 102,463 -c--a-w C:\WINDOWS\system32\dllcache\imepadsm.dll
- 2002-09-06 19:59:59 311,359 -c--a-w C:\WINDOWS\system32\dllcache\imepadsv.exe
+ 2004-08-05 12:00:00 311,359 -c--a-w C:\WINDOWS\system32\dllcache\imepadsv.exe
- 2002-09-06 19:59:59 57,398 -c--a-w C:\WINDOWS\system32\dllcache\imjpdadm.exe
+ 2004-08-05 12:00:00 57,398 -c--a-w C:\WINDOWS\system32\dllcache\imjpdadm.exe
- 2002-09-06 19:59:59 45,109 -c--a-w C:\WINDOWS\system32\dllcache\imjpuex.exe
+ 2004-08-05 12:00:00 45,109 -c--a-w C:\WINDOWS\system32\dllcache\imjpuex.exe
- 2002-09-06 19:59:59 59,904 -c--a-w C:\WINDOWS\system32\dllcache\imkrinst.exe
+ 2004-08-05 12:00:00 59,904 -c--a-w C:\WINDOWS\system32\dllcache\imkrinst.exe
- 2002-09-06 19:59:59 471,102 -c--a-w C:\WINDOWS\system32\dllcache\imskdic.dll
+ 2004-08-05 12:00:00 471,102 -c--a-w C:\WINDOWS\system32\dllcache\imskdic.dll
- 2002-09-06 19:59:59 315,452 -c--a-w C:\WINDOWS\system32\dllcache\imskf.dll
+ 2004-08-05 12:00:00 315,452 -c--a-w C:\WINDOWS\system32\dllcache\imskf.dll
- 2002-09-06 19:59:59 7,680 -c--a-w C:\WINDOWS\system32\dllcache\inetmgr.exe
+ 2004-08-05 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\inetmgr.exe
- 2002-09-06 19:59:59 19,968 -c--a-w C:\WINDOWS\system32\dllcache\inetsloc.dll
+ 2004-08-05 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\inetsloc.dll
- 2002-09-06 19:59:59 8,704 -c--a-w C:\WINDOWS\system32\dllcache\infoctrs.dll
+ 2004-08-05 12:00:00 8,704 -c--a-w C:\WINDOWS\system32\dllcache\infoctrs.dll
+ 2001-08-17 19:52:08 16,000 -c--a-w C:\WINDOWS\system32\dllcache\ini910u.sys
+ 2001-08-23 14:57:12 13,824 -c--a-w C:\WINDOWS\system32\dllcache\inport.sys
+ 2004-08-19 13:59:08 5,504 -c--a-w C:\WINDOWS\system32\dllcache\intelide.sys
+ 2004-08-19 15:59:09 40,320 -c--a-w C:\WINDOWS\system32\dllcache\intelppm.sys
+ 2001-08-17 19:50:56 38,784 -c--a-w C:\WINDOWS\system32\dllcache\io8.sys
+ 2001-08-23 15:47:04 90,200 -c--a-w C:\WINDOWS\system32\dllcache\io8ports.dll
+ 2001-08-17 18:12:12 45,632 -c--a-w C:\WINDOWS\system32\dllcache\ip5515.sys
+ 2004-08-03 21:08:34 40,832 -c--a-w C:\WINDOWS\system32\dllcache\irbus.sys
+ 2004-08-03 21:00:54 87,424 -c--a-w C:\WINDOWS\system32\dllcache\irda.sys
+ 2004-08-19 14:09:56 154,112 -c--a-w C:\WINDOWS\system32\dllcache\irftp.exe
+ 2001-08-17 19:49:04 23,552 -c--a-w C:\WINDOWS\system32\dllcache\irmk7.sys
+ 2004-08-19 14:09:32 28,160 -c--a-w C:\WINDOWS\system32\dllcache\irmon.dll
+ 2001-08-17 19:51:32 18,688 -c--a-w C:\WINDOWS\system32\dllcache\irsir.sys
+ 2001-08-17 19:49:10 26,624 -c--a-w C:\WINDOWS\system32\dllcache\irstusb.sys
- 2002-09-06 19:59:59 7,168 -c--a-w C:\WINDOWS\system32\dllcache\isapips.dll
+ 2004-08-05 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\isapips.dll
+ 2001-08-23 14:58:06 36,224 -c--a-w C:\WINDOWS\system32\dllcache\isapnp.sys
- 2002-09-06 19:59:59 9,216 -c--a-w C:\WINDOWS\system32\dllcache\iwrps.dll
+ 2004-08-05 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\iwrps.dll
+ 2004-08-19 15:09:32 47,616 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll
- 2002-09-06 19:59:59 18,432 -c--a-w C:\WINDOWS\system32\dllcache\jupiw.dll
+ 2004-08-05 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\jupiw.dll
- 2002-09-06 19:59:59 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101.dll
- 2002-09-06 19:59:59 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101a.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101a.dll
+ 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101b.dll
+ 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101c.dll
+ 2001-08-17 21:55:56 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbd103.dll
+ 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106.dll
- 2002-09-06 19:59:59 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106n.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106n.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbda1.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbda1.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbda2.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbda2.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbda3.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbda3.dll
- 2002-09-06 19:59:59 5,120 -c--a-w C:\WINDOWS\system32\dllcache\kbdarme.dll
+ 2004-08-05 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\kbdarme.dll
- 2002-09-06 19:59:59 5,120 -c--a-w C:\WINDOWS\system32\dllcache\kbdarmw.dll
+ 2004-08-05 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\kbdarmw.dll
- 2002-09-06 19:59:59 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbdax2.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbdax2.dll
+ 2004-08-19 16:00:33 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbddiv1.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbddiv1.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbddiv2.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbddiv2.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdfa.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdfa.dll
- 2002-09-06 19:59:59 5,120 -c--a-w C:\WINDOWS\system32\dllcache\kbdgeo.dll
+ 2004-08-05 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\kbdgeo.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdheb.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdheb.dll
+ 2004-08-19 14:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
- 2002-09-06 19:59:59 7,168 -c--a-w C:\WINDOWS\system32\dllcache\kbdibm02.dll
+ 2004-08-05 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\kbdibm02.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdindev.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdindev.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinguj.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinguj.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinhin.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinhin.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinkan.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinkan.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinmar.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinmar.dll
- 2002-09-06 19:59:59 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbdinpun.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbdinpun.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdintam.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdintam.dll
- 2002-09-06 19:59:59 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdintel.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdintel.dll
+ 2001-08-23 16:47:06 8,704 -c--a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll
+ 2001-08-23 16:47:06 8,192 -c--a-w C:\WINDOWS\system32\dllcache\kbdkor.dll
- 2002-09-06 19:59:59 6,656 -c--a-w C:\WINDOWS\system32\dllcache\kbdlk41a.dll
+ 2004-08-05 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\kbdlk41a.dll
- 2002-09-06 19:59:59 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbdlk41j.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbdlk41j.dll
- 2002-09-06 19:59:59 7,168 -c--a-w C:\WINDOWS\system32\dllcache\kbdnec95.dll
+ 2004-08-05 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\kbdnec95.dll
- 2002-09-06 19:59:59 9,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdnecat.dll
+ 2004-08-05 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdnecat.dll
- 2002-09-0
0
Réponse 4 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2008 à 21:57
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/


______
recolle un nouveau combofix complet cette fois
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
20 mai 2008 à 10:31
résultats du scan :

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 768

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 214213
Temps écoulé: 1 hour(s), 1 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jkkKayXp.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vagqvveg.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcCUmLb.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef168978-ec1a-4f66-a907-1452cb22420c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ef168978-ec1a-4f66-a907-1452cb22420c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6c23ab0c-0244-4b01-8253-bee724d0d2ec} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c23ab0c-0244-4b01-8253-bee724d0d2ec} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccumlb (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0c0948db (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0f3a7b47 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c23ab0c-0244-4b01-8253-bee724d0d2ec} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkkayxp -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkkayxp
0
Réponse 6 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 mai 2008 à 10:33
recolle un nouveau combofix complet cette fois
0
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
20 mai 2008 à 10:45
Bonjour,

le rapport de MBAM non plus n'était pas complet.

Pour celui de ComboFix, il faut peut être le copier en 2 morceaux car il est long.
0
Réponse 7 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
20 mai 2008 à 11:23
désolé j'avais pas vu pour les logs pas complets. Si vous les revoulez dites le moi.

Voilà le nouveau log combofix


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\pXyaKkkj.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.

2008-05-20 11:11 . 2008-05-20 11:12 <REP> d-------- C:\WINDOWS\LastGood
2008-05-20 10:49 . 2008-05-20 10:49 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-05-20 08:58 . 2008-05-20 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 08:58 . 2008-05-20 08:58 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Malwarebytes
2008-05-20 08:58 . 2008-05-20 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-20 08:58 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-20 08:58 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-19 21:48 . 2008-05-19 21:48 134,656 --a------ C:\WINDOWS\system32\gkmylrqp.dll
2008-05-19 21:48 . 2008-05-19 21:48 2,560 --a------ C:\WINDOWS\system32\qwmhiqrp.exe
2008-05-19 20:38 . 2008-05-19 20:38 2,560 --a------ C:\WINDOWS\system32\iitynjeo.exe
2008-05-19 20:33 . 2008-05-19 20:33 124,928 --a------ C:\WINDOWS\system32\cvntpkli.dll
2008-05-19 20:23 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-19 20:23 . 2001-08-23 17:47 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-19 20:23 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-19 20:23 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-19 20:23 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-19 20:23 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-19 20:23 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-19 20:23 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-19 20:23 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-19 20:21 . 2001-08-23 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-19 20:20 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-19 20:19 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-19 20:18 . 2004-08-19 16:09 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-05-19 20:17 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-19 20:16 . 2001-08-23 17:47 242,688 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-19 20:15 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-19 20:14 . 2001-08-23 17:13 634,166 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-19 20:13 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-19 20:12 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-19 20:11 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-19 17:23 . 2004-08-19 16:09 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-05-19 17:21 . 2001-08-17 22:07 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2008-05-19 17:20 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-19 17:19 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-19 11:27 . 2008-05-19 11:27 <REP> d-------- C:\Program Files\Trend Micro
2008-05-19 10:53 . 2008-05-19 10:53 132,608 --a------ C:\WINDOWS\system32\lxeebgsw.dll
2008-05-19 10:51 . 2008-05-19 10:51 124,928 --a------ C:\WINDOWS\system32\wpcafijv.dll
2008-05-19 09:37 . 2008-05-19 09:37 133,120 --a------ C:\WINDOWS\system32\bqjdebvi.dll
2008-05-19 09:28 . 2008-05-19 10:50 1,494 ---hs---- C:\WINDOWS\system32\tlmpdfjx.ini
2008-05-19 09:26 . 2008-05-19 09:26 124,928 --a------ C:\WINDOWS\system32\ayohunfa.dll
2008-05-17 11:15 . 2008-05-17 11:15 93 --a------ C:\WINDOWS\wininit.ini
2008-05-17 10:48 . 2008-05-17 10:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 10:48 . 2008-05-17 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 21:42 . 2008-05-15 21:42 125,952 --a------ C:\WINDOWS\system32\enjmtose.dll
2008-05-14 08:37 . 2008-05-14 09:34 <REP> d-------- C:\Program Files\Navilog1
2008-05-13 20:00 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-13 20:00 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-13 20:00 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-13 20:00 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-13 20:00 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-13 20:00 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-13 19:23 . 2008-05-13 19:23 133,632 --a------ C:\WINDOWS\system32\armvrqed.dll
2008-05-13 19:14 . 2008-05-13 19:14 123,392 --a------ C:\WINDOWS\system32\ctqtjfnm.dll
2008-05-13 14:58 . 2008-05-13 14:58 1,497,079 ---hs---- C:\WINDOWS\system32\mponolkq.tmp
2008-05-13 07:57 . 2008-05-13 07:57 132,096 --a------ C:\WINDOWS\system32\wiprieme.dll
2008-05-13 07:51 . 2008-05-13 07:51 115,712 --------- C:\WINDOWS\system32\qklonopm.dll
2008-05-13 07:49 . 2008-05-13 07:49 125,952 --a------ C:\WINDOWS\system32\anrmfclq.dll
2008-05-13 07:49 . 2008-05-19 21:28 109,878 --a------ C:\WINDOWS\BM0f3a7b47.xml
2008-05-11 18:51 . 2008-05-11 18:51 <REP> d-------- C:\Program Files\Marsu-Fix
2008-05-11 18:51 . 2008-05-11 18:51 159,841 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-05-01 12:09 . 2005-02-17 23:07 5,632 --a------ C:\WINDOWS\system32\drivers\ATKACPI.sys
2008-04-29 17:51 . 2008-05-01 16:18 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\VoipDiscount
2008-04-29 17:48 . 2008-04-29 17:48 <REP> d-------- C:\Program Files\VoipDiscount.com
2008-04-29 17:40 . 2008-04-29 17:40 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\VoipBuster
2008-04-27 11:02 . 2008-04-27 11:02 <REP> d-------- C:\Program Files\MSECache
2008-04-26 14:40 . 2008-04-26 14:40 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Sony Corporation
2008-04-26 10:45 . 2006-11-02 16:57 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
2008-04-26 10:45 . 2006-10-18 19:43 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
2008-04-26 10:39 . 2008-04-26 10:39 <REP> d-------- C:\Program Files\Sony
2008-04-26 10:39 . 2008-04-26 10:39 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\InstallShield
2008-04-25 18:00 . 2008-04-25 18:05 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Creative
2008-04-25 17:27 . 2008-04-25 17:27 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2008-04-25 17:27 . 2006-10-06 00:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-04-25 17:26 . 2008-04-25 18:17 <REP> d-------- C:\Program Files\Audible
2008-04-25 17:26 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-04-25 17:25 . 2008-04-25 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-04-25 17:24 . 2008-04-25 17:24 <REP> d-------- C:\Program Files\Fichiers communs\Creative
2008-04-25 17:24 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-04-25 17:24 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-04-25 17:23 . 2008-04-25 17:25 <REP> d--h----- C:\Program Files\Creative Installation Information
2008-04-25 17:23 . 2008-04-25 17:27 <REP> d-------- C:\Program Files\Creative
2008-04-22 13:11 . 2008-04-22 13:11 <REP> d-------- C:\Program Files\Virtualis

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 09:07 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Skype
2008-05-20 08:48 --------- d-----w C:\Program Files\Native Instruments
2008-05-20 08:37 --------- d-----w C:\Documents and Settings\Erwan\Application Data\skypePM
2008-05-19 15:01 --------- d-----w C:\Program Files\DC++
2008-05-19 13:44 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-18 09:58 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Azureus
2008-05-18 08:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-08 15:53 258 ----a-w C:\ffmpeg_debug.bat
2008-05-08 15:53 251 ----a-w C:\ffmpeg.bat
2008-05-02 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-28 10:16 --------- d-----w C:\Program Files\Ripp-it_AM
2008-04-26 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-16 18:10 --------- d-----w C:\Program Files\TmNationsForever
2008-04-07 15:41 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Image Zone Express
2008-04-06 07:52 --------- d-----w C:\Program Files\Java
2008-04-05 17:52 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-05 12:45 --------- d-----w C:\Program Files\Ubisoft
2008-04-01 23:07 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-03-30 21:52 --------- d-----w C:\Documents and Settings\Erwan\Application Data\AdobeUM
2008-03-27 13:32 --------- d-----w C:\Program Files\iTunes
2008-03-27 13:32 --------- d-----w C:\Program Files\iPod
2008-03-27 13:32 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Apple Computer
2008-03-27 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-27 13:31 --------- d-----w C:\Program Files\Bonjour
2008-03-27 13:27 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-27 13:27 --------- d-----w C:\Program Files\Apple Software Update
2008-03-27 13:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-03-27 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-24 11:14 --------- d-----w C:\Program Files\OpenVPN
2008-03-04 07:55 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-21 23:05 22,328 ----a-w C:\Documents and Settings\Erwan\Application Data\PnkBstrK.sys
2007-08-30 10:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-08-30 10:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-08-30 10:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007083020070831\index.dat
2007-08-30 10:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-05-19_21.06.26.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 18:47:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 09:09:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03BF372A-F579-4AD0-B0BC-4FF62788072C}]
C:\WINDOWS\system32\tuvwWNHa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC85CDA-7D1E-4215-BCF4-0FD9B605F1E5}]
C:\WINDOWS\system32\qoMfebBQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{530adb3e-8430-47fc-ad5f-29effee4e871}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5461682f-fb91-4156-b4e8-f0a4f7924452}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2d06cc3-5487-4dbe-966a-0ffed225aa7c}]
2008-05-19 21:48 134656 --a------ C:\WINDOWS\system32\gkmylrqp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-08-21 10:27 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"VoipDiscount"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 14:26 761945]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [2007-11-11 11:52 6731312]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-09-30 21:49 376900]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 14:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 00:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:32 455168]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-28 15:30 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 15:31 16857600 C:\WINDOWS\RTHDCPL.exe]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-07-28 22:04 110592]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCUmLb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= DivXa32.acm
"msacm.imc"= imc32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.fvfw"= ffvfw.dll
"msacm.avis"= ffvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwan^Menu Démarrer^Programmes^Démarrage^IcoSauve.lnk]
path=C:\Documents and Settings\Erwan\Menu Démarrer\Programmes\Démarrage\IcoSauve.lnk
backup=C:\WINDOWS\pss\IcoSauve.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwan^Menu Démarrer^Programmes^Démarrage^Tencent QQ.lnk]
path=C:\Documents and Settings\Erwan\Menu Démarrer\Programmes\Démarrage\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0/uc0948db]
C:\WINDOWS\system32\qekjqcdp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 21:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f3a7b47]
--a------ 2008-05-13 19:14 123392 C:\WINDOWS\system32\ctqtjfnm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BT Softphone 2]
--a------ 2008-01-29 07:43 13791232 C:\Program Files\BT Softphone 2\BTSoftphone2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 18:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
--a------ 2006-07-28 22:04 110592 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HCWemmon]
--a------ 2007-03-29 22:22 61440 C:\WINDOWS\HCWemmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
--a------ 2008-02-09 12:16 299260 C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--------- 2003-11-10 16:06 406016 C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2006-01-04 16:18 81920 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QQDownload]
C:\Program Files\Tencent\QQDownload\QQDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime Alternative\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-05-27 07:12 544768 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-28 15:30 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-09-30 21:49]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\WINDOWS\system32\Drivers\BUSB2902.sys [2006-07-03 15:34]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 14:37]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-30 02:20]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-30 02:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23ec3946-ae57-11dc-9f04-0017313caf79}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c4e4a7c-56e8-11dc-adea-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{133C767F-6EBA-484D-0405-010506060608}]
C:\WINDOWS\system32\Winddl.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 11:10:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Erwan\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-20 11:20:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 09:19:42
ComboFix2.txt 2008-05-19 19:07:43

Pre-Run: 2,898,919,424 octets libres
Post-Run: 2,732,314,624 octets libres

361 --- E O F --- 2008-03-24 10:00:25
0
Réponse 8 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 mai 2008 à 11:31
analyse ces fichiers sur virus total et dis lesquels sont inféctés:
https://www.virustotal.com/gui/


C:\WINDOWS\system32\gkmylrqp.dll
C:\WINDOWS\system32\qwmhiqrp.exe
C:\WINDOWS\system32\iitynjeo.exe
C:\WINDOWS\system32\cvntpkli.dll
C:\WINDOWS\system32\lxeebgsw.dll
C:\WINDOWS\system32\wpcafijv.dll
C:\WINDOWS\system32\bqjdebvi.dll
C:\WINDOWS\system32\tlmpdfjx.ini
C:\WINDOWS\system32\ayohunfa.dll
C:\WINDOWS\system32\enjmtose.dll
C:\WINDOWS\system32\armvrqed.dll
C:\WINDOWS\system32\ctqtjfnm.dll
C:\WINDOWS\system32\mponolkq.tmp
C:\WINDOWS\system32\wiprieme.dll
C:\WINDOWS\system32\qklonopm.dll
C:\WINDOWS\system32\anrmfclq.dll
0
Réponse 9 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
20 mai 2008 à 12:16
C:\WINDOWS\system32\gkmylrqp.dll
AntiVir - - TR/Crypt.XPACK.Gen
eSafe - - Suspicious File
F-Secure - - Vundo.gen179
Norman - - Vundo.gen179
Panda - - Suspicious file
Prevx1 - - Malicious Software
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen

C:\WINDOWS\system32\qwmhiqrp.exe
Prevx1 V2 2008.05.20 Malicious Software

C:\WINDOWS\system32\iitynjeo.exe
Prevx1 V2 2008.05.20 Malicious Software

C:\WINDOWS\system32\cvntpkli.dll
Avast 4.8.1195.0 2008.05.19 Win32:Vundo@dll
F-Secure 6.70.13260.0 2008.05.20 Vundo.gen179
GData 2.0.7306.1023 2008.05.20 Win32:Vundo
Ikarus T3.1.1.26.0 2008.05.20 Trojan.Win32.Vundo.H
Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.AF
Norman 5.80.02 2008.05.19 Vundo.gen179
Prevx1 V2 2008.05.20 Cloaked Malware
Webwasher-Gateway 6.6.2 2008.05.19 Win32.Malware.gen!80 (suspicious)

C:\WINDOWS\system32\lxeebgsw.dll
AntiVir - - TR/Crypt.XPACK.Gen
eSafe - - Suspicious File
F-Secure - - Vundo.gen179
Norman - - Vundo.gen179
Prevx1 - - Cloaked Malware
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen

C:\WINDOWS\system32\wpcafijv.dll
Avast 4.8.1195.0 2008.05.19 Win32:Vundo@dll
F-Secure 6.70.13260.0 2008.05.20 Vundo.gen179
GData 2.0.7306.1023 2008.05.20 Win32:Vundo
Ikarus T3.1.1.26.0 2008.05.20 Trojan.Win32.Vundo.H
Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.AF
Norman 5.80.02 2008.05.19 Vundo.gen179
Prevx1 V2 2008.05.20 Cloaked Malware
Webwasher-Gateway 6.6.2 2008.05.19 Win32.Malware.gen!80 (suspicious)

C:\WINDOWS\system32\bqjdebvi.dll
Avast 4.8.1195.0 2008.05.19 Win32:Vundo@dll
AVG 7.5.0.516 2008.05.19 Generic10.AACP
F-Secure 6.70.13260.0 2008.05.19 Vundo.gen179
Fortinet 3.14.0.0 2008.05.19 Virtum!tr
GData 2.0.7306.1023 2008.05.19 Win32:Vundo
Ikarus T3.1.1.26.0 2008.05.19 Trojan.Win32.Vundo.H
Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.AF
Norman 5.80.02 2008.05.19 Vundo.gen179
Panda 9.0.0.4 2008.05.19 Spyware/Virtumonde
Prevx1 V2 2008.05.19 Cloaked Malware
Sophos 4.29.0 2008.05.19 Troj/Virtum-Gen
Webwasher-Gateway 6.6.2 2008.05.19 Win32.Malware.gen (suspicious)

C:\WINDOWS\system32\tlmpdfjx.ini
RIEN

C:\WINDOWS\system32\ayohunfa.dll
ntivirus Version Dernière mise à jour Résultat
eSafe - - Suspicious File
F-Secure - - Vundo.gen179
Fortinet - - Virtum!tr
Ikarus - - Trojan.Win32.Vundo.H
Kaspersky - - not-a-virus:AdWare.Win32.Virtumonde.sby
Norman - - Vundo.gen179
Prevx1 - - Cloaked Malware
Sophos - - Troj/Virtum-Gen
Webwasher-Gateway - - Ad-Spyware.Virtumonde.sby

C:\WINDOWS\system32\enjmtose.dll
ntivirus Version Dernière mise à jour Résultat
AVG 7.5.0.516 2008.05.16 Generic10.YPV
F-Secure 6.70.13260.0 2008.05.16 Vundo.gen179
Norman 5.80.02 2008.05.16 Vundo.gen179
Prevx1 V2 2008.05.16 Cloaked Malware
Sophos 4.29.0 2008.05.16 Troj/Virtum-Gen
Webwasher-Gateway 6.6.2 2008.05.16 Win32.Malware.gen!80 (suspicious)

C:\WINDOWS\system32\armvrqed.dll
Safe - - Suspicious File
Microsoft - - Trojan:Win32/Vundo.AF
Panda - - Suspicious file
Prevx1 - - Cloaked Malware
Webwasher-Gateway - - Win32.Malware.gen!80 (suspicious)

C:\WINDOWS\system32\ctqtjfnm.dll
AVG 7.5.0.516 2008.05.15 Generic10.XQM
Ikarus T3.1.1.26.0 2008.05.15 Trojan.Win32.Vundo.H
Norman 5.80.02 2008.05.14 W32/Virtumonde.VKD
Panda 9.0.0.4 2008.05.14 Suspicious file
Prevx1 V2 2008.05.15 Cloaked Malware
Sophos 4.29.0 2008.05.15 Troj/Virtum-Gen
Webwasher-Gateway 6.6.2 2008.05.15 Win32.Malware.gen (suspicious)

C:\WINDOWS\system32\mponolkq.tmp
RIEN

C:\WINDOWS\system32\wiprieme.dll
Ikarus T3.1.1.26.0 2008.05.15 Trojan.Win32.Vundo.AF
Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.AF
Panda 9.0.0.4 2008.05.15 Suspicious file
Prevx1 V2 2008.05.16 Cloaked Malware
Symantec 10 2008.05.16 Trojan.Metajuan
Webwasher-Gateway 6.6.2 2008.05.15 Win32.Malware.gen!80 (suspicious)

C:\WINDOWS\system32\qklonopm.dll
AntiVir 7.8.0.19 2008.05.17 TR/Vundo.ELT
AVG 7.5.0.516 2008.05.16 Generic10.XQE
BitDefender 7.2 2008.05.17 Trojan.Vundo.ELT
F-Secure 6.70.13260.0 2008.05.17 Vundo.gen179
Norman 5.80.02 2008.05.16 W32/Virtumonde.VJL
Panda 9.0.0.4 2008.05.17 Spyware/Virtumonde
Prevx1 V2 2008.05.17 Cloaked Malware
Sophos 4.29.0 2008.05.17 Troj/Virtum-Gen
Symantec 10 2008.05.17 Trojan.Vundo
Webwasher-Gateway 6.6.2 2008.05.17 Trojan.Vundo.ELT

C:\WINDOWS\system32\anrmfclq.dll
DrWeb 4.44.0.09170 2008.05.16 Trojan.BannerModif
Ikarus T3.1.1.26.0 2008.05.15 Trojan.Win32.Vundo.AF
Kaspersky 7.0.0.125 2008.05.15 not-a-virus:AdWare.Win32.Virtumonde.rkn
Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.AF
Norman 5.80.02 2008.05.14 W32/Virtumonde.VJU
Panda 9.0.0.4 2008.05.15 Suspicious file
Prevx1 V2 2008.05.16 Cloaked Malware
Sophos 4.29.0 2008.05.15 Troj/Virtum-Gen
Symantec 10 2008.05.16 Trojan.Vundo
Webwasher-Gateway 6.6.2 2008.05.15 Win32.Malware.gen!80 (suspicious)
0
Réponse 10 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 mai 2008 à 12:32
pour fusionner: regarde ce lien:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_____________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






File::
C:\WINDOWS\system32\qoMfebBQ.dll
C:\WINDOWS\system32\tuvwWNHa.dll
C:\WINDOWS\system32\ctqtjfnm.dll
C:\WINDOWS\system32\qekjqcdp.dll
C:\WINDOWS\system32\gkmylrqp.dll
C:\WINDOWS\system32\qwmhiqrp.exe
C:\WINDOWS\system32\iitynjeo.exe
C:\WINDOWS\system32\cvntpkli.dll
C:\WINDOWS\system32\lxeebgsw.dll
C:\WINDOWS\system32\wpcafijv.dll
C:\WINDOWS\system32\bqjdebvi.dll
C:\WINDOWS\system32\ayohunfa.dll
C:\WINDOWS\system32\enjmtose.dll
C:\WINDOWS\system32\armvrqed.dll
C:\WINDOWS\system32\ctqtjfnm.dll
C:\WINDOWS\system32\wiprieme.dll
C:\WINDOWS\system32\qklonopm.dll
C:\WINDOWS\system32\anrmfclq.dll


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03BF372A-F579-4AD0-B0BC-4FF62788072C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC85CDA-7D1E-4215-BCF4-0FD9B605F1E5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{530adb3e-8430-47fc-ad5f-29effee4e871}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5461682f-fb91-4156-b4e8-f0a4f7924452}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2d06cc3-5487-4dbe-966a-0ffed225aa7c}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0/uc0948db]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f3a7b47]





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis tes soucis actuels


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 11 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
20 mai 2008 à 12:43
FILE ::
C:\WINDOWS\system32\anrmfclq.dll
C:\WINDOWS\system32\armvrqed.dll
C:\WINDOWS\system32\ayohunfa.dll
C:\WINDOWS\system32\bqjdebvi.dll
C:\WINDOWS\system32\ctqtjfnm.dll
C:\WINDOWS\system32\cvntpkli.dll
C:\WINDOWS\system32\enjmtose.dll
C:\WINDOWS\system32\gkmylrqp.dll
C:\WINDOWS\system32\iitynjeo.exe
C:\WINDOWS\system32\lxeebgsw.dll
C:\WINDOWS\system32\qekjqcdp.dll
C:\WINDOWS\system32\qklonopm.dll
C:\WINDOWS\system32\qoMfebBQ.dll
C:\WINDOWS\system32\qwmhiqrp.exe
C:\WINDOWS\system32\tuvwWNHa.dll
C:\WINDOWS\system32\wiprieme.dll
C:\WINDOWS\system32\wpcafijv.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\anrmfclq.dll
C:\WINDOWS\system32\armvrqed.dll
C:\WINDOWS\system32\ayohunfa.dll
C:\WINDOWS\system32\bqjdebvi.dll
C:\WINDOWS\system32\ctqtjfnm.dll
C:\WINDOWS\system32\cvntpkli.dll
C:\WINDOWS\system32\enjmtose.dll
C:\WINDOWS\system32\gkmylrqp.dll
C:\WINDOWS\system32\iitynjeo.exe
C:\WINDOWS\system32\lxeebgsw.dll
C:\WINDOWS\system32\qklonopm.dll
C:\WINDOWS\system32\qwmhiqrp.exe
C:\WINDOWS\system32\wiprieme.dll
C:\WINDOWS\system32\wpcafijv.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.

2008-05-20 11:18 . 2004-08-19 18:09 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\OLDAA.tmp
2008-05-20 11:18 . 2004-08-19 18:09 189,440 --a--c--- C:\WINDOWS\system32\dllcache\OLDA7.tmp
2008-05-20 11:18 . 2003-03-24 15:52 32,827 --a--c--- C:\WINDOWS\system32\dllcache\OLDB1.tmp
2008-05-20 11:18 . 2003-03-24 15:52 20,536 --a--c--- C:\WINDOWS\system32\dllcache\OLDA0.tmp
2008-05-20 11:18 . 2003-03-24 15:52 16,437 --a--c--- C:\WINDOWS\system32\dllcache\OLDA4.tmp
2008-05-20 11:18 . 2003-04-14 20:29 16,384 --a--c--- C:\WINDOWS\system32\dllcache\OLDB5.tmp
2008-05-20 11:18 . 2004-08-19 18:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\OLDAD.tmp
2008-05-20 11:18 . 2004-08-05 14:00 7,168 --a--c--- C:\WINDOWS\system32\dllcache\OLDB8.tmp
2008-05-20 11:17 . 2007-02-28 18:08 2,184,192 --a--c--- C:\WINDOWS\system32\dllcache\OLD98.tmp
2008-05-20 11:17 . 2004-08-19 18:01 78,336 --a--c--- C:\WINDOWS\system32\dllcache\OLD95.tmp
2008-05-20 11:17 . 2004-08-19 18:09 68,608 --a--c--- C:\WINDOWS\system32\dllcache\OLD92.tmp
2008-05-20 11:17 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\OLD9C.tmp
2008-05-20 11:17 . 2004-08-05 14:00 19,968 --a--c--- C:\WINDOWS\system32\dllcache\OLD8C.tmp
2008-05-20 11:17 . 2004-08-19 18:09 13,312 --a--c--- C:\WINDOWS\system32\dllcache\OLD8F.tmp
2008-05-20 11:17 . 2004-08-05 14:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\OLD89.tmp
2008-05-20 11:15 . 2004-08-19 17:56 281,600 --a--c--- C:\WINDOWS\system32\dllcache\OLD21.tmp
2008-05-20 11:15 . 2003-03-24 15:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\OLD25.tmp
2008-05-20 11:15 . 2004-08-05 14:00 96,768 --a--c--- C:\WINDOWS\system32\dllcache\OLD1E.tmp
2008-05-20 11:15 . 2004-08-19 17:58 77,824 --a--c--- C:\WINDOWS\system32\dllcache\OLD28.tmp
2008-05-20 11:15 . 2004-08-19 18:09 47,104 --a--c--- C:\WINDOWS\system32\dllcache\OLD2B.tmp
2008-05-20 11:14 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\OLD17.tmp
2008-05-20 11:14 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\OLD1B.tmp
2008-05-20 11:13 . 2004-08-19 18:09 290,816 --a--c--- C:\WINDOWS\system32\dllcache\OLD13.tmp
2008-05-20 11:13 . 2004-08-19 18:09 43,520 --a--c--- C:\WINDOWS\system32\dllcache\OLD10.tmp
2008-05-20 11:13 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\OLD9.tmp
2008-05-20 11:13 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\OLDD.tmp
2008-05-20 11:11 . 2008-05-20 11:19 <REP> d-------- C:\WINDOWS\LastGood
2008-05-20 10:49 . 2008-05-20 10:49 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-05-20 08:58 . 2008-05-20 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 08:58 . 2008-05-20 08:58 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Malwarebytes
2008-05-20 08:58 . 2008-05-20 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-20 08:58 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-20 08:58 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-19 20:23 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-19 20:23 . 2001-08-23 17:47 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-19 20:23 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-19 20:23 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-19 20:23 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-19 20:23 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-19 20:23 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-19 20:23 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-19 20:23 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-19 20:21 . 2001-08-23 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-19 20:20 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-19 20:19 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-19 20:18 . 2004-08-19 16:09 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-05-19 20:17 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-19 20:16 . 2001-08-23 17:47 242,688 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-19 20:15 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-19 20:14 . 2001-08-23 17:13 634,166 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-19 20:13 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-19 20:12 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-19 20:11 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-19 17:23 . 2004-08-19 16:09 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-05-19 17:21 . 2001-08-17 22:07 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2008-05-19 17:20 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-19 17:19 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-19 11:27 . 2008-05-19 11:27 <REP> d-------- C:\Program Files\Trend Micro
2008-05-19 09:28 . 2008-05-19 10:50 1,494 ---hs---- C:\WINDOWS\system32\tlmpdfjx.ini
2008-05-17 11:15 . 2008-05-17 11:15 93 --a------ C:\WINDOWS\wininit.ini
2008-05-17 10:48 . 2008-05-17 10:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 10:48 . 2008-05-17 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 08:37 . 2008-05-14 09:34 <REP> d-------- C:\Program Files\Navilog1
2008-05-13 20:00 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-13 20:00 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-13 20:00 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-13 20:00 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-13 20:00 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-13 20:00 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-13 14:58 . 2008-05-13 14:58 1,497,079 ---hs---- C:\WINDOWS\system32\mponolkq.tmp
2008-05-13 07:49 . 2008-05-19 21:28 109,878 --a------ C:\WINDOWS\BM0f3a7b47.xml
2008-05-11 18:51 . 2008-05-11 18:51 <REP> d-------- C:\Program Files\Marsu-Fix
2008-05-11 18:51 . 2008-05-11 18:51 159,841 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-05-01 12:09 . 2005-02-17 23:07 5,632 --a------ C:\WINDOWS\system32\drivers\ATKACPI.sys
2008-04-29 17:51 . 2008-05-01 16:18 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\VoipDiscount
2008-04-29 17:48 . 2008-04-29 17:48 <REP> d-------- C:\Program Files\VoipDiscount.com
2008-04-29 17:40 . 2008-04-29 17:40 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\VoipBuster
2008-04-27 11:02 . 2008-04-27 11:02 <REP> d-------- C:\Program Files\MSECache
2008-04-26 14:40 . 2008-04-26 14:40 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Sony Corporation
2008-04-26 10:45 . 2006-11-02 16:57 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
2008-04-26 10:45 . 2006-10-18 19:43 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
2008-04-26 10:39 . 2008-04-26 10:39 <REP> d-------- C:\Program Files\Sony
2008-04-26 10:39 . 2008-04-26 10:39 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\InstallShield
2008-04-25 18:00 . 2008-04-25 18:05 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Creative
2008-04-25 17:27 . 2008-04-25 17:27 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2008-04-25 17:27 . 2006-10-06 00:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-04-25 17:26 . 2008-04-25 18:17 <REP> d-------- C:\Program Files\Audible
2008-04-25 17:26 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-04-25 17:25 . 2008-04-25 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-04-25 17:24 . 2008-04-25 17:24 <REP> d-------- C:\Program Files\Fichiers communs\Creative
2008-04-25 17:24 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-04-25 17:24 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-04-25 17:23 . 2008-04-25 17:25 <REP> d--h----- C:\Program Files\Creative Installation Information
2008-04-25 17:23 . 2008-04-25 17:27 <REP> d-------- C:\Program Files\Creative
2008-04-22 13:11 . 2008-04-22 13:11 <REP> d-------- C:\Program Files\Virtualis

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 10:13 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Skype
2008-05-20 08:48 --------- d-----w C:\Program Files\Native Instruments
2008-05-20 08:37 --------- d-----w C:\Documents and Settings\Erwan\Application Data\skypePM
2008-05-19 15:01 --------- d-----w C:\Program Files\DC++
2008-05-19 13:44 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-18 09:58 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Azureus
2008-05-18 08:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-08 15:53 258 ----a-w C:\ffmpeg_debug.bat
2008-05-08 15:53 251 ----a-w C:\ffmpeg.bat
2008-05-02 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-28 10:16 --------- d-----w C:\Program Files\Ripp-it_AM
2008-04-26 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-16 18:10 --------- d-----w C:\Program Files\TmNationsForever
2008-04-07 15:41 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Image Zone Express
2008-04-06 07:52 --------- d-----w C:\Program Files\Java
2008-04-05 17:52 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-05 12:45 --------- d-----w C:\Program Files\Ubisoft
2008-04-01 23:07 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-03-30 21:52 --------- d-----w C:\Documents and Settings\Erwan\Application Data\AdobeUM
2008-03-27 13:32 --------- d-----w C:\Program Files\iTunes
2008-03-27 13:32 --------- d-----w C:\Program Files\iPod
2008-03-27 13:32 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Apple Computer
2008-03-27 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-27 13:31 --------- d-----w C:\Program Files\Bonjour
2008-03-27 13:27 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-27 13:27 --------- d-----w C:\Program Files\Apple Software Update
2008-03-27 13:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-03-27 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-24 11:14 --------- d-----w C:\Program Files\OpenVPN
2008-03-04 07:55 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-21 23:05 22,328 ----a-w C:\Documents and Settings\Erwan\Application Data\PnkBstrK.sys
2007-08-30 10:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-08-30 10:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-08-30 10:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007083020070831\index.dat
2007-08-30 10:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-05-19_21.06.26.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 18:47:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 09:09:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-08-17 20:06:48 11,264 ----a-w C:\WINDOWS\LastGood\system32\dllcache\1394vdbg.sys
+ 2001-08-17 19:28:00 762,780 ----a-w C:\WINDOWS\LastGood\system32\dllcache\3cwmcru.sys
+ 2001-08-23 15:46:44 689,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\3dfxvs.dll
+ 2001-08-17 18:48:32 148,352 ----a-w C:\WINDOWS\LastGood\system32\dllcache\3dfxvsm.sys
+ 2004-08-03 21:00:04 12,288 ----a-w C:\WINDOWS\LastGood\system32\dllcache\4mmdat.sys
+ 2004-08-03 21:10:12 48,128 ----a-w C:\WINDOWS\LastGood\system32\dllcache\61883.sys
+ 2001-08-23 15:46:44 38,400 ----a-w C:\WINDOWS\LastGood\system32\dllcache\8514a.dll
+ 2001-08-23 15:46:58 98,304 ----a-w C:\WINDOWS\LastGood\system32\dllcache\a3d.dll
+ 2001-08-23 15:46:58 462,848 ----a-w C:\WINDOWS\LastGood\system32\dllcache\a3dapi.dll
+ 2001-08-17 19:52:00 23,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\abp480n5.sys
+ 2004-08-03 20:32:22 231,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ac97ali.sys
+ 2001-08-17 18:20:04 96,256 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ac97intc.sys
+ 2001-08-17 18:20:16 297,728 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ac97sis.sys
+ 2004-08-03 20:32:32 84,480 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ac97via.sys
+ 2001-08-23 15:46:58 61,952 ----a-w C:\WINDOWS\LastGood\system32\dllcache\acerscad.dll
+ 2001-08-17 19:53:02 7,424 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adicvls.sys
+ 2001-08-17 18:11:18 20,160 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adm8511.sys
+ 2001-08-17 18:19:10 584,448 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adm8810.sys
+ 2001-08-17 18:19:14 553,984 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adm8820.sys
+ 2001-08-17 18:19:14 747,392 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adm8830.sys
+ 2004-08-19 16:09:19 29,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admexs.dll
+ 2003-03-24 13:52:04 20,540 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admin.dll
+ 2003-03-24 13:52:04 16,439 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admin.exe
+ 2004-08-03 20:32:24 10,880 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admjoy.sys
+ 2004-08-19 16:09:19 43,520 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admwprox.dll
+ 2004-08-05 12:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admxprox.dll
+ 2001-08-17 18:11:16 46,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adptsf50.sys
+ 2001-08-17 20:07:32 101,888 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adpu160m.sys
+ 2004-08-05 12:00:00 50,176 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adrot.dll
+ 2004-08-19 16:09:19 290,816 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adsiis51.dll
+ 2003-03-24 13:52:04 20,540 ----a-w C:\WINDOWS\LastGood\system32\dllcache\author.dll
+ 2003-03-24 13:52:04 16,439 ----a-w C:\WINDOWS\LastGood\system32\dllcache\author.exe
+ 2003-03-24 13:52:04 188,480 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cfgwiz.exe
+ 2004-08-19 16:09:21 47,104 ----a-w C:\WINDOWS\LastGood\system32\dllcache\coadmin.dll
+ 2004-05-12 22:39:48 184,435 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4amsft.dll
+ 2003-03-24 13:52:04 82,035 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4anscp.dll
+ 2003-03-24 13:52:04 147,513 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4apws.dll
+ 2003-03-24 13:52:04 49,210 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4areg.dll
+ 2003-03-24 13:52:04 102,509 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4atxt.dll
+ 2003-03-24 13:52:04 41,020 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4avnb.dll
+ 2003-03-24 13:52:04 32,826 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4avss.dll
+ 2003-03-24 13:52:04 49,212 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4awebs.dll
+ 2004-05-12 22:39:48 876,653 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4awel.dll
+ 2002-05-14 11:08:54 14,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp98sadm.exe
+ 2002-05-14 11:08:54 109,328 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp98swin.exe
+ 2003-03-24 13:52:04 188,494 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpcount.exe
+ 2003-03-24 13:52:04 20,541 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpexedll.dll
+ 2004-05-12 22:39:48 598,071 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpmmc.dll
+ 2003-04-14 18:29:34 217,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpmmcsat.dll
+ 2003-03-24 13:52:04 20,538 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpremadm.exe
+ 2004-08-05 12:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpsapi2.dll
+ 2004-08-19 16:09:27 68,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisext51.dll
+ 2004-08-19 16:09:27 64,512 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iismap.dll
+ 2004-08-05 12:00:00 14,848 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisreset.exe
+ 2004-08-05 12:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrstap.dll
+ 2004-08-19 16:09:55 31,232 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrstas.exe
+ 2004-08-19 16:09:27 133,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrtl.dll
+ 2004-08-05 12:00:00 173,056 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisui.dll
+ 2004-08-19 16:09:29 842,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetmgr.dll
+ 2004-08-05 12:00:00 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetmgr.exe
+ 2004-08-05 12:00:00 19,968 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetsloc.dll
+ 2004-08-19 16:09:29 13,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\infoadmn.dll
+ 2004-08-19 16:09:31 68,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\isatq.dll
+ 2007-02-28 16:08:21 2,184,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ntoskrnl.exe
+ 2001-08-23 15:46:46 66,048 ----a-w C:\WINDOWS\LastGood\system32\dllcache\s3legacy.dll
+ 2003-03-24 13:52:04 20,536 ----a-w C:\WINDOWS\LastGood\system32\dllcache\shtml.dll
+ 2003-03-24 13:52:04 16,437 ----a-w C:\WINDOWS\LastGood\system32\dllcache\shtml.exe
+ 2004-08-19 16:09:41 189,440 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpadm.dll
+ 2004-08-19 16:09:43 2,134,528 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpsnap.dll
+ 2004-08-19 16:09:45 8,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\staxmem.dll
+ 2003-03-24 13:52:04 32,827 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tcptest.exe
+ 2003-04-14 18:29:34 16,384 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tcptsat.dll
+ 2004-08-05 12:00:00 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wamregps.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-08-21 10:27 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"VoipDiscount"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 14:26 761945]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [2007-11-11 11:52 6731312]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-09-30 21:49 376900]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 14:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 00:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:32 455168]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-28 15:30 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 15:31 16857600 C:\WINDOWS\RTHDCPL.exe]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-07-28 22:04 110592]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

C:\Documents and Settings\Erwan\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-26 10:40:36 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCUmLb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= DivXa32.acm
"msacm.imc"= imc32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.fvfw"= ffvfw.dll
"msacm.avis"= ffvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwan^Menu Démarrer^Programmes^Démarrage^IcoSauve.lnk]
path=C:\Documents and Settings\Erwan\Menu Démarrer\Programmes\Démarrage\IcoSauve.lnk
backup=C:\WINDOWS\pss\IcoSauve.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwan^Menu Démarrer^Programmes^Démarrage^Tencent QQ.lnk]
path=C:\Documents and Settings\Erwan\Menu Démarrer\Programmes\Démarrage\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0/uc0948db]
C:\WINDOWS\system32\qekjqcdp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 21:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f3a7b47]
C:\WINDOWS\system32\ctqtjfnm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BT Softphone 2]
--a------ 2008-01-29 07:43 13791232 C:\Program Files\BT Softphone 2\BTSoftphone2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 18:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
--a------ 2006-07-28 22:04 110592 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HCWemmon]
--a------ 2007-03-29 22:22 61440 C:\WINDOWS\HCWemmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
--a------ 2008-02-09 12:16 299260 C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--------- 2003-11-10 16:06 406016 C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2006-01-04 16:18 81920 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QQDownload]
C:\Program Files\Tencent\QQDownload\QQDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime Alternative\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-05-27 07:12 544768 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-28 15:30 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0/uc0948db]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-09-30 21:49]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\WINDOWS\system32\Drivers\BUSB2902.sys [2006-07-03 15:34]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 14:37]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-30 02:20]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-30 02:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23ec3946-ae57-11dc-9f04-0017313caf79}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{133C767F-6EBA-484D-0405-010506060608}]
C:\WINDOWS\system32\Winddl.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 12:41:16
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Erwan\LOCALS~1\Temp\mc22.tmp"
.
Temps d'accomplissement: 2008-05-20 12:41:56
ComboFix-quarantined-files.txt 2008-05-20 10:41:52
ComboFix2.txt 2008-05-20 09:20:03
ComboFix3.txt 2008-05-19 19:07:43

Pre-Run: 2,728,476,672 octets libres
Post-Run: 2,711,875,584 octets libres

447 --- E O F --- 2008-03-24 10:00:25
0
Réponse 12 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
20 mai 2008 à 12:45
Et pour le rapport Hijack This

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.insa-rennes.fr/proxy2.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wcache1.insa-rennes.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {03BF372A-F579-4AD0-B0BC-4FF62788072C} - (no file)
O2 - BHO: (no name) - {0BC85CDA-7D1E-4215-BCF4-0FD9B605F1E5} - (no file)
O2 - BHO: (no name) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {530adb3e-8430-47fc-ad5f-29effee4e871} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5461682f-fb91-4156-b4e8-f0a4f7924452} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {f2d06cc3-5487-4dbe-966a-0ffed225aa7c} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CBDA9D-7870-4161-A402-D8D5A8C50E71}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcCUmLb - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing)
0
Réponse 13 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 mai 2008 à 12:57
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {03BF372A-F579-4AD0-B0BC-4FF62788072C} - (no file)
O2 - BHO: (no name) - {0BC85CDA-7D1E-4215-BCF4-0FD9B605F1E5} - (no file)
O2 - BHO: (no name) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
O2 - BHO: (no name) - {530adb3e-8430-47fc-ad5f-29effee4e871} - (no file)

O2 - BHO: (no name) - {5461682f-fb91-4156-b4e8-f0a4f7924452} - (no file)

O2 - BHO: (no name) - {f2d06cc3-5487-4dbe-966a-0ffed225aa7c} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

________________


utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

manuel:
https://www.malekal.com/tutoriel-ccleaner/

_________________


colle le rapport d'un scan en ligne
avec un des suivants: et dis tes problèmes actules


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 14 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
20 mai 2008 à 14:17
L'analyse Bitdefender donne :


Fichier analysé

Statut
C:\Documents and Settings\Erwan\Bureau\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Infecté par: Backdoor.Generic.46598

C:\Documents and Settings\Erwan\Bureau\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Supprimé

C:\Documents and Settings\Erwan\Bureau\ComboFix.exe=>(RAR Sfx o)
Echec de la mise à jour

C:\Program Files\DAEMON Tools\SetupDTSB.exe
Détecté avec: Application.Adware.Savenow.G

C:\Program Files\DAEMON Tools\SetupDTSB.exe
Echec de la désinfection

C:\Program Files\DAEMON Tools\SetupDTSB.exe
Supprimé

C:\System Volume Information\_restore{45C825D4-F686-4DB6-B0A3-6FF8E3E5611D}\RP5\A0007869.dll
Infecté par: Trojan.Vundo.ELT

C:\System Volume Information\_restore{45C825D4-F686-4DB6-B0A3-6FF8E3E5611D}\RP5\A0007869.dll
Supprimé

C:\System Volume Information\_restore{45C825D4-F686-4DB6-B0A3-6FF8E3E5611D}\RP5\A0008149.exe
Détecté avec: Application.Adware.Savenow.G

C:\System Volume Information\_restore{45C825D4-F686-4DB6-B0A3-6FF8E3E5611D}\RP5\A0008149.exe
Echec de la désinfection

C:\System Volume Information\_restore{45C825D4-F686-4DB6-B0A3-6FF8E3E5611D}\RP5\A0008149.exe
Supprimé


Combofix infecté c'est un comble quand même !

Autrement depuis la première utilisation de Combofix, j'ai un message a chaque démarrage du pc :
Protection des fichiers windows : Veuillez patienter pendant que windows vérifie que tous les fichiers windows protégés sont intacts et dans leur version originale.

Il me demande d'insérer le cd d'installation de windows Xp pro plusieurs fois.

J'ai mené 2 fois cette opération jusqu'à son terme mais j'ai toujours le même message au redémarrage de windows.
0
Réponse 15 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 mai 2008 à 14:50
pour combofix c'est un faux positif pas de souci!

_____________


# Allez dans ajout/suppression de programmes du panneau de configuration, désinstallez si présents :

* search for Save!
* SaveNow
* WhenUShop
* New.Net

# Si pour une raison indéterminée, vous n'arrivez pas à désinstaller NewDotNet :

* Téléchargez et executez : http://www.new.net/support/uninstall7_22.exe

# Redémarrez l'ordinateur

# Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
# Supprimez les dossiers :

* C:\PROGRAM Files\NewDOTNet\
* C:\PROGRAM Files\uninstallX_XX.exe où X est un chiffre entre 1 et 9
* C:\Windows\NDNuninstallX_XX.exe où X est un chiffre entre 1 et 9


_______________

repare windows:

https://www.pcastuces.com/pratique/windows/xp/default.htm

__________________

dis moi si encore des soucis au demarrage
0
Réponse 16 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
20 mai 2008 à 20:26
J'ai toujours le même problème au démarrage de windows.

Une fenêtre s'affiche avec :
Protection des fichiers windows : Veuillez patienter pendant que windows vérifie que tous les fichiers windows protégés sont intacts et dans leur version originale.

Exactement la même fenêtre que dans le tuto en lien avec le sfc /scannow .

Sauf que une fois l'opération effectuée j'ai toujours le même message.
0
Réponse 17 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 mai 2008 à 21:10
comme dis dans le message 2 si ton windows n'est pas legitime c'est pas gagné...
c'est le cas?


tu avais désactiver la mise a jour automatique de windows? car si non legitime et mise a jour auto windows finit par le savoir en se mettant a jour!

__________

essaye de reparer windows

http://www.informatruc.com/reparer-windows-xp/


___________
sinon restaure ton ordi avant l'utilisation de combofix meme si certaines infections seront remises
http://www.infoprat.net/astuces/windows2k_xp/astuces/divers_004.php

puis recolle un malwarebyte's et un bitdefender en ligne et un hijakchtis
0
Réponse 18 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
20 mai 2008 à 22:04
Non la mise à jour est activée.

En fait j'ai une version Xp coccinelle, à l'heure actuelle sans clé légitime mais je peux y remédier car j'ai une version xp pro tout à fait légale à coté. C'est juste que xp coccinelle était installée avant et que ça marchait super bien, je n'ai pas voulu changer.
Du côté des mises à jour, j'évite tout simplement d'installer windows genuine.

C'est tout de même dommage. Enfin dans le pire des cas je l'annulerai a chaque démarrage.

En tout cas merci beaucoup de t'être occupé de la désinfection de mon pc, c'est super simpa.
0
Réponse 19 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 mai 2008 à 22:06
désactive via ton panneau de configuration la mise a jour automatique de windows si activée


et ne surf plus avec internet explorer vu que tu ne peux pas le mettre a jours mais firefox ou opera ou safari
0
Réponse 20 / 22
airlogan Messages postés 24 Date d'inscription mercredi 16 mai 2007 Statut Membre Dernière intervention 13 avril 2009 2
20 mai 2008 à 22:22
Pour mon problème au démarrage j'ai trouvé la solution sur le forum :

http://www.commentcamarche.net/forum/affich 5900561 protection de fichier windows

"1/ Utiliser Démarrer --> Exécuter --> cmd
Par la suite utiliser la commande sfc /scanonce (Vérifie tous les fichiers système protégés une fois au prochain démarrage)
2/ Redémarrer l’ordi, il affichera " ''veuillez patienter pendant que Windows vérifie que tous les fichiers protégés sont intacts et dans leur version original''. Cliqué sur Annuler pour fermer la fenêtre puis Redémarrer l'ordi et c'est terminer."

Je surfe jamais avec iexplorer toujours avec firefox, et en plus je pensais être bien protégé avec Nod32, Look & Stop et AVG antispyware. Ca faisait plus d'un an que j'avais rien attrapé de sérieux comme ce trojan.

En tout cas merci beaucoup, ça fonctionne tout de suite mieux.
0

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
Win64:Malware-gen
ptb35 -
MisteryBean -

3 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Problème de malware
jbijp -
MisteryBean -

1 réponse
Pc infecté ? Analyse de Gridinsoft
slimocb -
bazfile -

7 réponses