Impossible d'activer les mises a jour windowsRésolu/Fermé

Question

Bonjour,

Je commence a desesperer completement. Je vous explique le souci : jai ete infectee par les virus Netbooster et downloader.fakealert.bu. (javais donc un ecran de veille avec des cafards qui me mangeaient mes icones, des pop up a repetition, un wallpaper inchangeable etc...) Jai suivi pas mal de procedures trouvees sur internet, ca a resolu 2/3 soucis provoques par ces 2 virus, mais jai franchement le sentiment que soit je nai pas reussi a les eradiquer completement, soit jen ai encore 1 autre . Je men remets donc a vous :
Jai en permanence lalerte du centre de securite windows dans le tray me disant que les mises a jour automatiques sont desactivees. Lorsque je clique sur "activer les mises a jour automatiques", il me dit qu'il faut que je passe par panneau de config/systeme/etc... pour l'activer et bien sur meme en faisant cette manip, ca ne marche pas. Y aurait-il une bonne ame qui pourrait me venir en aide SVP car la je craque et jen ai marre de passer des heures sur des forum pour au final voir les symptomes reapparaitre...

Merci !!!!

Juju

Voici mon rapport hijack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:29, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32svp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Multimedia\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [0884de20] rundll32.exe "C:\WINDOWS\system32\egnejmnj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1547161642-1788223648-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

fiat500 · Answer

bonjour et bienvenu

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

fiat500 · Answer

oui c'est normale

mes ignore (clic sur ignorer)

juju · Answer

Bon allez, cest parti, jai decide de te faire confiance a fond...

Voila donc le rapport navilog :

Search Navipromo version 3.5.7 commencé le 01/06/2008 à 12:00:25,09

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "juju" 

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\juju\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\IUSR_N~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\juju\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\IUSR_N~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\juju\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\IUSR_N~1\menudm~1\progra~1" *** 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\juju\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\IUSR_N~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\juju\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\IUSR_N~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\eeOnWvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 01/06/2008 à 12:15:28,90 ***

fiat500 · Answer

ok

telecharge vundofix ici:

http://www.atribune.org/ccount/click.php?id=4

mettez-le sur votre bureau
Après le téléchargement. Cliquez sur VundoFix.exe 
L'outil va s'ouvrir. Cliquez sur Scan for Vundo
Si une infection est détecté. Cliquez sur Remove Vundo cela va éliminer les fichiers infectés trouvés par l’outil, confirmez la suppression des fichiers.
Dans certains cas un redémarrage est requis donc acceptez-le.
Après l'utilisation de VundoFix, un rapport est automatiquement généré. Son emplacement se situe dans la racine de votre Windows C:/ vundofix backups/vundofix
Ouvrez le fichier texte VundoFix puis copier/coller le rapport sur le forum
Supprimez le dossier de sauvgarde VundoFix Backups

puis

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

juju · Answer

Vundo ne ma trouve aucun fichier infecte donc il na pas genere de rapport...

Pour le 2eme logiciel, voici son rapport :


[06/01/2008, 12:47:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\juju\Bureau\VirtumundoBeGone.exe" )
[06/01/2008, 12:47:23] - Detected System Information:
[06/01/2008, 12:47:23] -  Windows Version: 5.1.2600, Service Pack 2
[06/01/2008, 12:47:23] -  Current Username: Volland (Admin)
[06/01/2008, 12:47:23] -  Windows is in NORMAL mode.
[06/01/2008, 12:47:23] - Searching for Browser Helper Objects:
[06/01/2008, 12:47:23] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/01/2008, 12:47:23] -  BHO 2: {070169CD-5E86-46F3-B8B3-AE64DCDB6840} ()
[06/01/2008, 12:47:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 12:47:23] -  Checking for HKLM\...\Winlogon\Notify	uvWnOee
[06/01/2008, 12:47:23] -  Key not found: HKLM\...\Winlogon\Notify	uvWnOee, continuing.
[06/01/2008, 12:47:23] -  BHO 3: {569D4F46-FAF4-4040-87AF-A01091DFE816} (QXK Olive)
[06/01/2008, 12:47:23] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/01/2008, 12:47:23] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/01/2008, 12:47:23] -  BHO 6: {BC53E890-2693-4906-B6BD-BC2E293079F0} ()
[06/01/2008, 12:47:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 12:47:23] -  Checking for HKLM\...\Winlogon\Notify\vtUnnKaA
[06/01/2008, 12:47:23] -  Found: HKLM\...\Winlogon\Notify\vtUnnKaA - This is probably Virtumundo.
[06/01/2008, 12:47:23] -  Assigning {BC53E890-2693-4906-B6BD-BC2E293079F0} MSEvents Object
[06/01/2008, 12:47:23] - BHO list has been changed! Starting over...
[06/01/2008, 12:47:23] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/01/2008, 12:47:23] -  BHO 2: {070169CD-5E86-46F3-B8B3-AE64DCDB6840} ()
[06/01/2008, 12:47:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 12:47:23] -  Checking for HKLM\...\Winlogon\Notify	uvWnOee
[06/01/2008, 12:47:23] -  Key not found: HKLM\...\Winlogon\Notify	uvWnOee, continuing.
[06/01/2008, 12:47:23] -  BHO 3: {569D4F46-FAF4-4040-87AF-A01091DFE816} (QXK Olive)
[06/01/2008, 12:47:23] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/01/2008, 12:47:23] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/01/2008, 12:47:23] -  BHO 6: {BC53E890-2693-4906-B6BD-BC2E293079F0} (MSEvents Object)
[06/01/2008, 12:47:23] - ALERT: Found MSEvents Object!
[06/01/2008, 12:47:23] - Finished Searching Browser Helper Objects
[06/01/2008, 12:47:23] - *** Detected MSEvents Object
[06/01/2008, 12:47:23] - Trying to remove MSEvents Object...
[06/01/2008, 12:47:24] -    Terminating Process: IEXPLORE.EXE
[06/01/2008, 12:47:24] -    Terminating Process: RUNDLL32.EXE
[06/01/2008, 12:47:25] -    Disabling Automatic Shell Restart
[06/01/2008, 12:47:25] -    Terminating Process: EXPLORER.EXE
[06/01/2008, 12:47:25] -    Suspending the NT Session Manager System Service
[06/01/2008, 12:47:25] -    Terminating Windows NT Logon/Logoff Manager
[06/01/2008, 12:47:26] -    Re-enabling Automatic Shell Restart
[06/01/2008, 12:47:26] -   File to disable: C:\WINDOWS\system32\vtUnnKaA.dll
[06/01/2008, 12:47:26] -  Renaming C:\WINDOWS\system32\vtUnnKaA.dll -> C:\WINDOWS\system32\vtUnnKaA.dll.vir
[06/01/2008, 12:47:26] -  File successfully renamed!
[06/01/2008, 12:47:26] -   Removing HKLM\...\Browser Helper Objects\{BC53E890-2693-4906-B6BD-BC2E293079F0}
[06/01/2008, 12:47:26] -   Removing HKCR\CLSID\{BC53E890-2693-4906-B6BD-BC2E293079F0}
[06/01/2008, 12:47:27] -   Adding Kill Bit for ActiveX for GUID: {BC53E890-2693-4906-B6BD-BC2E293079F0}
[06/01/2008, 12:47:27] -   Deleting ATLEvents/MSEvents Registry entries
[06/01/2008, 12:47:27] -   Removing HKLM\...\Winlogon\Notify\vtUnnKaA
[06/01/2008, 12:47:27] - Searching for Browser Helper Objects:
[06/01/2008, 12:47:27] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/01/2008, 12:47:27] -  BHO 2: {070169CD-5E86-46F3-B8B3-AE64DCDB6840} ()
[06/01/2008, 12:47:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 12:47:27] -  Checking for HKLM\...\Winlogon\Notify	uvWnOee
[06/01/2008, 12:47:27] -  Key not found: HKLM\...\Winlogon\Notify	uvWnOee, continuing.
[06/01/2008, 12:47:27] -  BHO 3: {569D4F46-FAF4-4040-87AF-A01091DFE816} (QXK Olive)
[06/01/2008, 12:47:27] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/01/2008, 12:47:27] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/01/2008, 12:47:27] - Finished Searching Browser Helper Objects
[06/01/2008, 12:47:27] - Finishing up...
[06/01/2008, 12:47:27] - A restart is needed.
[06/01/2008, 12:47:36] - Attempting to Restart via STOP error (Blue Screen!)

fiat500 · Answer

reposte moi un nouveau log hijackthis

juju · Answer

Voila voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:48, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32svp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Multimedia\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [0884de20] rundll32.exe "C:\WINDOWS\system32\egnejmnj.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1547161642-1788223648-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

fiat500 · Answer

fais ca :

https://www.zebulon.fr/dossiers/tutoriaux/66-smitfraudfix.html

juju · Answer

Dac, je lavais deja fait auparavant, avant de poster le 1er message, mais je vais le re-lancer

fiat500 · Answer

ok

juju · Answer

Alors voila le resultat (apres 1.recherche + mode sans echec + 2.fix) :

SmitFraudFix v2.323

Rapport fait à 13:03:39,03, 01/06/2008
Executé à partir de C:\Documents and Settings\juju\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3325ED84-91AF-486F-8F9B-EBC472860DD6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3325ED84-91AF-486F-8F9B-EBC472860DD6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3325ED84-91AF-486F-8F9B-EBC472860DD6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

fiat500 · Answer

Option 2 - Nettoyage :
Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage ou tuto Symantec).
Double cliquer sur smitfraudfix.cmd
Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
Redémarrer en mode normal et poster le rapport sur le forum sécurité.

juju · Answer

en fait ce rapport que je tai poste cest apres avoir redemarre en mode sans echec et avoir tape loption 2.
Veux-tu que je le refasse une 2eme fois ?

fiat500 · Answer

non pas la penne

reposte moi un nouveau log hijackthis

juju · Answer

dac !

et voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:06, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32svp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Multimedia\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [0884de20] rundll32.exe "C:\WINDOWS\system32\egnejmnj.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1547161642-1788223648-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

fiat500 · Answer

coche la case la en mode sans echec:

O4 - HKLM\..\Run: [0884de20] rundll32.exe "C:\WINDOWS\system32\egnejmnj.dll",b

puis:
* Télécharger Combifix (by Subs) sur cette page :
    * http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Enregistrez le sur le bureau
    * Déconnectez vous d'internet et fermez toutes tes applications et programmes
    * Double-cliquez sur combo-fix.exe
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée sous la racine: C:\Combofix.txt 

Remarque : combo se charge de supprimer un certain nombre de fichiers infectés liés à bagle.
 Il est impératif de télécharger combo par le lien donné précédemment ( version renommée ) ou alors de renommer vous même combo ( clic droit sur le fichier < renommer ), car sinon Combo sera totalement inefficace face à Bagle !
(vous pouver renomer combofix en n'importe quoi comme killer ou tuer etc...)

vous me poster le rapport

juju · Answer

Merde !
y'a mes beaux-parents qui viennent de debarquer ! je vais pas pouvoir continuer tout de suite...
je fais ca des que je peux et poste le rapport

en tout cas merci, merci et encore merci !

a tout a lheure !

juju

fiat500 · Answer

ok derien a+

juju · Answer

Ca y est ! Me revoila enfin ! Et jai limpression que ca a bien marche car je nai plus lavertissement du centre de securite... Confirmes-tu que cest bon a partir du log ou bien risque-t-il de revenir au prochain redemarrage Voila le resultat du log combofix : ComboFix 08-05-29.1 - juju 2008-06-01 17:54:34.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.640 [GMT 2:00] Endroit: C:\Documents and Settings\juju\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\eeOnWvut.ini C:\WINDOWS\system32\eeOnWvut.ini2 C:\WINDOWS\system32\egnejmnj.dll C:\WINDOWS\system32\jnmjenge.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))))))) . 2008-06-01 11:56 . 2008-06-01 12:25 d-------- C:\Program Files\Navilog1 2008-06-01 11:50 . 2008-06-01 11:50 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-01 11:50 . 2008-06-01 11:50 d-------- C:\Documents and Settings\juju\Application Data\Malwarebytes 2008-06-01 11:50 . 2008-06-01 11:50 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-01 11:50 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-01 11:50 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-01 11:47 . 2008-06-01 03:11 d-------- C:\SDFix 2008-05-31 19:11 . 2008-05-31 19:11 324,864 --a------ C:\WINDOWS\system32\tuvWnOee.dll 2008-05-31 18:23 . 2008-05-31 18:24 d-------- C:\Program Files\Ad-Aware 2008-05-31 18:23 . 2008-05-31 18:24 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-31 18:22 . 2008-05-31 18:22 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-31 16:31 . 2008-05-31 16:31 4,608 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-05-31 15:56 . 2008-05-31 16:11 d-------- C:\fixwareout 2008-05-29 20:31 . 2008-06-01 13:03 2,704 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-29 19:28 . 2008-05-29 19:28 d-------- C:\Documents and Settings\juju\Application Data\Grisoft 2008-05-29 19:28 . 2008-05-29 19:28 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-05-29 19:28 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-05-29 19:03 . 2008-05-29 19:03 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-29 18:45 . 2008-02-07 17:10 d--h----- C:\ckis 2008-05-29 18:44 . 2008-05-29 17:59 163,840 --a------ C:\WINDOWS\egtf.exe 2008-05-29 18:44 . 2008-05-29 18:44 33,408 --a------ C:\WINDOWS\system32\vtUnnKaA.dll.vir 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 16:01 413,216 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-01 16:01 12,764,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-01 16:00 42,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-01 16:00 175,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-01 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-01 13:48 --------- d-----w C:\Documents and Settings\juju\Application Data\Azureus 2008-05-29 17:28 --------- d-----w C:\Program Files\utilitaires 2008-05-29 16:48 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-29 16:43 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-28 17:46 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-28 17:45 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-18 12:02 --------- d-----w C:\Program Files\MaxiCompte 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-26 06:57 --------- d-----w C:\Program Files\Azureus 2008-04-08 16:58 --------- d-----w C:\Documents and Settings\juju\Application Data\OpenOffice.org2 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-31_18.42.45.04 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-26 11:49:32 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll - 2008-05-31 16:38:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-01 16:01:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2006-03-24 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll + 2008-02-26 12:00:31 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll - 2006-03-24 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll + 2008-02-26 12:00:31 294,912 ----a-w C:\WINDOWS\system32\msctf.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{569D4F46-FAF4-4040-87AF-A01091DFE816}] C:\WINDOWS\boqnrwdmmpa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7327D738-732D-4084-87DD-2C08FD909E1F}] 2008-05-31 19:11 324864 --a------ C:\WINDOWS\system32\tuvWnOee.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512] "CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 22:48 303104] "NMSSupport"="C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 20:10 375296] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 21:00 8523776] "nwiz"="nwiz.exe" [2007-11-06 21:00 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 21:00 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 10:28 72192] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "QuickTime Task"="C:\Program Files\Multimedia\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "!AVG Anti-Spyware"="C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 01:43 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]884de20] C:\WINDOWS\system32\lftoroud.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32] C:\DOCUME~1\juju\LOCALS~1\Temp\rbnpsrv.exe/r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelayLoad] C:\DOCUME~1\juju\LOCALS~1\Temp\msprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-05-18 15:27 16207872 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\French\setup.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24] R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 03:15] R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 16:34] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28] R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 17:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3432f0f2-de4c-11dc-9fd6-5050506f4531}] \Shell\AutoRun\command - J:\wd_windows_tools\setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-03-29 14:52:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 18:02:09 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Ad-Aware\aawservice.exe C:\Program Files\Intel\IntelDH\CCU\AlertService.exe C:\Program Files\utilitaires\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rsvp.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-01 18:06:10 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-01 16:06:07 ComboFix2.txt 2008-05-31 17:03:00 ComboFix3.txt 2008-05-31 16:45:26 Pre-Run: 148,487,561,216 octets libres Post-Run: 148,480,192,512 octets libres 187 --- E O F --- 2008-05-31 16:42:20

fiat500 · Answer

oui

fais un scan en ligne avec Internet Explorer stp:

BitDefender en ligne: http://www.bitdefender.fr/scan_fr/scan8/ie.html
Tutoriel BitDefender en ligne: http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm

juju · Answer

Et voila (ca ma lair plutot positif comme rapport, non ?):

D:\Documents\David\Emulation\Nintendo_64_1964.exe
	
Infecté par: Trojan.Generic.79287

D:\Documents\David\Emulation\Nintendo_64_1964.exe

Supprimé

D:\System Volume Information\_restore{0F219434-CC7E-4DBE-BE8A-A11AF16C4658}\RP13\A0007556.exe
	
Infecté par: Trojan.Generic.79287

D:\System Volume Information\_restore{0F219434-CC7E-4DBE-BE8A-A11AF16C4658}\RP13\A0007556.exe
	
Supprimé

fiat500 · Answer

ben voila c'est bon tu na plus rien 
tu peut mettre resolue

juju · Answer

franchement, merci enormement, t'assures grave. ca mepate les gens comme ca qui rendent service aux autres et qui depannent les pas doues comme moi.
Encore merci et bravo !

Julie

fiat500 · Answer

derien
et merci a+ bonne fin de soirée

juju · Answer

Help !!!! le probleme est revenu ce soir au redemarrage de mon ordi !!!! j'ai essaye de relance combofix qui avait resolu le souci : combofix fait redemarrer l'ordi et tout, tout va bien et la je fais une autre fois un re-demarrage moi-meme, le souci revient : impossible d'activer les mises a jour windows !!!!
SVP aidez-moi car le probleme n'est finalement pas resolu, c'est deseperant !
merci,

juju

fiat500 · Answer

va ne mode sans echec et relance combofix

juju · Answer

Je l'ai fait (ci-joint le rapport) mais malheureusement ca finit tjs par revenir au bout de 2,3,4 ou X demarrages ! ComboFix 08-05-29.1 - juju 2008-06-04 19:41:40.7 - NTFSx86 MINIMAL Endroit: C:\Documents and Settings\juju\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\eeOnWvut.ini C:\WINDOWS\system32\eeOnWvut.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\wehutbge.ini C:\WINDOWS\system32\yxuatsqh.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))))))) . 2008-06-04 19:50 . 2008-06-04 19:50 294 ---hs---- C:\WINDOWS\system32\wehutbge.ini 2008-06-04 18:14 . 2008-06-04 18:14 95,232 --a------ C:\WINDOWS\system32\egbtuhew.dll 2008-06-03 19:49 . 2008-06-03 19:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-03 19:49 . 2008-06-03 19:49 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-03 18:43 . 2008-06-03 18:43 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-03 18:39 . 2008-06-03 18:39 d-------- C:\Program Files\Apple Software Update 2008-06-03 18:39 . 2008-06-03 18:39 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-03 12:04 . 2008-06-03 12:04 d-------- C:\WINDOWS\system32\fr 2008-06-03 12:04 . 2008-06-03 12:04 d-------- C:\WINDOWS\system32\bits 2008-06-03 12:04 . 2008-06-03 12:04 d-------- C:\WINDOWS\l2schemas 2008-06-03 12:02 . 2008-06-03 12:02 d-------- C:\WINDOWS\ServicePackFiles 2008-06-03 11:51 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-06-03 11:51 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys 2008-06-03 11:51 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys 2008-06-03 11:51 . 2008-04-13 20:43 14,208 --------- C:\WINDOWS\system32\drivers\wacompen.sys 2008-06-03 11:51 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys 2008-06-03 11:51 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys 2008-06-03 11:51 . 2004-08-03 22:29 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys 2008-06-03 11:51 . 2004-08-03 22:29 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys 2008-06-03 11:49 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-06-02 20:22 . 2008-06-02 20:26 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-06-02 20:22 . 2008-06-02 20:26 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-06-02 20:21 . 2008-06-02 20:21 d-------- C:\Program Files\Kaspersky Lab 2008-06-02 20:21 . 2008-06-04 19:50 6,641,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-02 20:21 . 2008-06-04 19:51 98,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-02 20:21 . 2008-06-04 19:38 93,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-02 20:21 . 2008-06-04 19:38 11,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-01 18:18 . 2008-06-01 18:40 d-------- C:\WINDOWS\BDOSCAN8 2008-06-01 11:56 . 2008-06-01 12:25 d-------- C:\Program Files\Navilog1 2008-06-01 11:50 . 2008-06-01 11:50 d-------- C:\Documents and Settings\juju\Application Data\Malwarebytes 2008-06-01 11:50 . 2008-06-01 11:50 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-01 11:47 . 2008-06-01 03:11 d-------- C:\SDFix 2008-05-31 19:11 . 2008-05-31 19:11 324,864 --a------ C:\WINDOWS\system32\tuvWnOee.dll 2008-05-31 18:23 . 2008-05-31 18:24 d-------- C:\Program Files\Ad-Aware 2008-05-31 18:23 . 2008-05-31 18:24 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-31 18:22 . 2008-05-31 18:22 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-31 16:31 . 2008-05-31 16:31 4,608 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-05-31 15:56 . 2008-05-31 16:11 d-------- C:\fixwareout 2008-05-29 20:31 . 2008-06-01 13:03 2,704 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-29 20:31 . 2008-06-01 13:03 0 --a------ C:\WINDOWS\system32\tmp.MSNFix 2008-05-29 19:28 . 2008-05-29 19:28 d-------- C:\Documents and Settings\juju\Application Data\Grisoft 2008-05-29 19:28 . 2008-05-29 19:28 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-05-29 19:28 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-05-29 19:03 . 2008-05-29 19:03 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-29 18:45 . 2008-02-07 17:10 d--h----- C:\ckis 2008-05-29 18:44 . 2008-05-29 18:44 33,408 --a------ C:\WINDOWS\system32\vtUnnKaA.dll.vir 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-03 16:43 --------- d-----w C:\Program Files\Multimedia 2008-06-02 18:26 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-06-02 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-01 20:51 --------- d-----w C:\Documents and Settings\juju\Application Data\Azureus 2008-05-29 17:28 --------- d-----w C:\Program Files\utilitaires 2008-05-18 12:02 --------- d-----w C:\Program Files\MaxiCompte 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-26 06:57 --------- d-----w C:\Program Files\Azureus 2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll 2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll 2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll 2008-04-14 02:32 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys 2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys . ((((((((((((((((((((((((((((( snapshot_2008-06-03_11.06.44.18 ))))))))))))))))))))))))))))))))))))))))) . - 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll + 2008-04-14 02:33:18 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll - 2006-03-24 12:00:00 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll + 2008-04-14 02:33:18 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll - 2006-03-24 12:00:00 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll + 2008-04-14 02:33:18 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll - 2006-03-24 12:00:00 137,728 ----a-w C:\WINDOWS\AppPatch\AcLua.dll + 2008-04-14 02:33:18 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll - 2006-03-24 12:00:00 244,736 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll + 2008-04-14 02:33:18 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll - 2006-03-24 12:00:00 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll + 2008-04-14 02:33:18 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll - 2008-02-13 10:18:44 8,704 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll + 2008-06-03 10:06:59 8,704 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll - 2008-02-13 10:37:34 117,248 ----a-w C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll + 2008-06-03 11:17:35 117,248 ----a-w C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll - 2008-02-13 10:18:44 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll + 2008-06-03 10:06:57 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll - 2008-02-13 10:18:44 34,816 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2008-06-03 10:06:59 34,816 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2008-02-13 10:37:34 102,400 ----a-w C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll + 2008-06-03 11:17:35 102,400 ----a-w C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll - 2008-02-14 18:30:13 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll + 2008-06-03 11:17:35 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll - 2008-02-13 10:37:34 192,512 ----a-w C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll + 2008-06-03 11:17:35 192,512 ----a-w C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll - 2008-02-14 18:30:14 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll + 2008-06-03 11:17:35 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll - 2008-02-13 10:37:34 126,976 ----a-w C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll + 2008-06-03 11:17:35 126,976 ----a-w C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll - 2008-02-13 10:37:35 110,592 ----a-w C:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll + 2008-06-03 11:17:35 110,592 ----a-w C:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll - 2008-02-13 10:37:34 8,192 ----a-w C:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll + 2008-06-03 11:17:35 8,192 ----a-w C:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll - 2008-02-13 10:37:34 73,728 ----a-w C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll + 2008-06-03 11:17:35 73,728 ----a-w C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll - 2008-02-13 10:37:34 167,936 ----a-w C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll + 2008-06-03 11:17:35 167,936 ----a-w C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll - 2008-02-14 18:30:14 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll + 2008-06-03 11:17:35 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll - 2008-02-13 10:37:34 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll + 2008-06-03 11:17:35 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll - 2008-02-13 10:37:34 18,944 ----a-w C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll + 2008-06-03 11:17:35 18,944 ----a-w C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll - 2008-02-13 10:37:34 278,528 ----a-w C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll + 2008-06-03 11:17:35 278,528 ----a-w C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll - 2008-02-13 10:37:34 122,880 ----a-w C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll + 2008-06-03 11:17:35 122,880 ----a-w C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll - 2008-02-13 10:37:35 53,248 ----a-w C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll + 2008-06-03 11:17:35 53,248 ----a-w C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll - 2008-02-13 10:37:34 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll + 2008-06-03 11:17:35 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll - 2008-02-13 10:18:44 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2008-06-03 10:07:04 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2008-02-13 10:18:44 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll + 2008-06-03 10:07:04 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll - 2008-02-13 10:18:44 4,096 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll + 2008-06-03 10:07:04 4,096 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll - 2008-02-13 10:18:44 27,136 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2008-06-03 10:07:04 27,136 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2008-02-13 10:18:44 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2008-06-03 10:06:57 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2008-02-13 10:37:35 45,056 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll + 2008-06-03 11:17:35 45,056 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll - 2008-02-13 10:18:44 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2008-06-03 10:06:57 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2008-02-13 10:18:44 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2008-06-03 10:06:57 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2008-02-13 10:18:44 5,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll + 2008-06-03 10:06:58 5,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll - 2008-02-13 10:18:44 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2008-06-03 10:06:56 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2008-02-13 10:18:44 18,944 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2008-06-03 10:06:56 18,944 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2008-02-13 10:18:44 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2008-06-03 10:06:56 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2008-02-13 10:18:44 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll + 2008-06-03 10:07:05 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll - 2008-02-13 10:18:44 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll + 2008-06-03 10:06:58 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll - 2008-02-13 10:37:35 77,824 ----a-w C:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\[u]0[/u].9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll + 2008-06-03 11:17:35 77,824 ----a-w C:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\[u]0[/u].9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll - 2008-02-13 10:18:44 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2008-06-03 10:06:59 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2008-02-13 10:18:44 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll + 2008-06-03 10:07:02 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll - 2008-02-13 10:18:44 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll + 2008-06-03 10:07:03 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll - 2008-02-13 10:18:44 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2008-06-03 10:07:00 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2008-02-13 10:18:44 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2008-06-03 10:07:00 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2008-02-13 10:18:44 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll + 2008-06-03 10:07:03 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll - 2008-02-13 10:18:44 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2008-06-03 10:06:58 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2008-02-13 10:18:44 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll + 2008-06-03 10:06:58 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll - 2008-02-13 10:18:44 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll + 2008-06-03 10:07:05 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll - 2008-02-13 10:18:44 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll + 2008-06-03 10:07:03 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll - 2008-02-13 10:18:44 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2008-06-03 10:07:05 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2008-02-13 10:18:44 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2008-06-03 10:07:06 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2008-02-13 10:18:44 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll + 2008-06-03 10:06:59 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll - 2008-02-13 10:18:44 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2008-06-03 10:07:00 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2008-02-13 10:18:44 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2008-06-03 10:07:01 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2008-02-13 10:18:44 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2008-06-03 10:07:01 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2008-02-13 13:27:40 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll + 2008-06-03 10:07:01 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll - 2008-02-13 10:18:44 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll + 2008-06-03 10:07:02 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll - 2008-02-13 10:18:44 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll + 2008-06-03 10:07:02 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll - 2008-02-13 10:18:44 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll + 2008-06-03 10:07:03 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll + 2008-06-03 10:05:18 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_7a2004a7\System.dll + 2008-06-03 11:16:51 258,048 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\6.0.3000.0__31bf3856ad364e35_02380938\BDATunePIA.dll + 2008-06-03 11:16:31 159,744 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\6.0.3000.0__31bf3856ad364e35_fecfb220\ehCIR.dll + 2008-06-03 11:16:46 2,326,528 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\6.0.3000.0__31bf3856ad364e35_b32eadfc\EhCM.dll + 2008-06-03 11:16:50 299,008 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\6.0.3000.0__31bf3856ad364e35_7451ee46\ehcommon.dll + 2008-06-03 11:16:40 1,306,624 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\6.0.3000.0__31bf3856ad364e35_cf640d6c\ehepg.dll + 2008-06-03 11:16:32 167,936 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\6.0.3000.0__31bf3856ad364e35_7a88aabe\ehepgdat.dll + 2008-06-03 11:17:14 167,936 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\6.0.3000.0__31bf3856ad364e35_121e0ab3\ehExtCOM.dll + 2008-06-03 11:17:34 155,648 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\6.0.3000.0__31bf3856ad364e35_dd46278e\ehExtHost.exe + 2008-06-03 11:16:04 10,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\6.0.3000.0__31bf3856ad364e35_9ac14dca\ehiExtCOM.dll + 2008-06-03 11:16:05 102,400 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\6.0.3000.0__31bf3856ad364e35_555dc6a1\ehiExtens.dll + 2008-06-03 11:16:36 266,240 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\6.0.3000.0__31bf3856ad364e35_cbc2f129\ehiMsgr.dll + 2008-06-03 11:16:33 380,928 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\6.0.3000.0__31bf3856ad364e35_1afbf133\ehiPlay.dll + 2008-06-03 11:16:34 565,248 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\6.0.3000.0__31bf3856ad364e35_c14e5752\ehiProxy.dll + 2008-06-03 11:16:34 40,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\6.0.3000.0__31bf3856ad364e35_4b04f102\ehiUserXp.dll + 2008-06-03 11:16:35 458,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\6.0.3000.0__31bf3856ad364e35_9ec0c4e3\ehiVidCtl.dll + 2008-06-03 11:16:03 180,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\6.0.3000.0__31bf3856ad364e35_5b22182c\ehiwmp.dll + 2008-06-03 11:16:51 69,632 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\6.0.3000.0__31bf3856ad364e35_bfbac2f5\ehiWUapi.dll + 2008-06-03 11:16:17 684,032 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\6.0.3000.0__31bf3856ad364e35_00d88083\ehRecObj.dll + 2008-06-03 11:17:33 6,336,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\6.0.3000.0__31bf3856ad364e35_886e0f69\ehshell.exe + 2008-06-03 11:16:52 65,536 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35_c341169f\Microsoft.MediaCenter.dll + 2008-06-03 11:17:18 20,480 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\SonicMCEBurnEngine\[u]0[/u].9.0.0__17c52700e9a64fd0_fc93e30b\SonicMCEBurnEngine.dll - 2008-06-03 09:02:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-04 17:49:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe + 2008-04-14 02:34:03 1,037,824 ----a-w C:\WINDOWS\explorer.exe - 2006-03-24 12:00:00 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll + 2008-04-14 02:33:41 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll - 2006-03-24 12:00:00 33,280 ----a-w C:\WINDOWS\Help\sstub.dll + 2008-04-14 02:33:46 33,280 ----a-w C:\WINDOWS\Help\sstub.dll - 2006-03-24 12:00:00 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll + 2008-04-14 02:33:46 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll - 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe + 2008-04-14 02:34:06 10,752 ----a-w C:\WINDOWS\hh.exe - 2006-03-24 12:00:00 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll + 2008-04-14 02:33:30 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll - 2006-03-24 12:00:00 130,048 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL + 2008-04-14 02:33:41 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll - 2006-03-24 12:00:00 62,976 ----a-w C:\WINDOWS\ime\SPGRMR.dll + 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll - 2006-03-24 12:00:00 272,384 ----a-w C:\WINDOWS\ime\SPTIP.dll + 2008-04-14 02:33:46 272,384 ----a-w C:\WINDOWS\ime\sptip.dll + 2008-06-03 16:39:30 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-01-18 15:13:09 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat + 2007-12-12 10:33:51 18,917 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs + 2007-10-30 10:06:46 13,801 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs + 2008-04-14 02:33:06 25,600 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscupdc.dll - 2002-06-21 16:31:20 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll + 2008-04-13 16:09:58 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll - 2007-01-02 15:34:04 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll + 2008-04-13 16:09:59 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll - 2004-08-03 21:11:06 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe + 2008-04-13 16:10:01 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe - 2002-06-21 16:31:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe + 2008-04-13 16:10:01 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe - 2007-01-02 15:34:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe + 2008-04-13 16:10:01 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe - 2007-01-15 15:10:00 61,440 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe + 2008-04-13 16:10:32 61,440 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe - 2007-01-02 15:28:28 2,273,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll + 2007-12-17 11:58:53 2,273,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll - 2007-01-02 15:28:46 2,281,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll + 2007-12-17 11:59:26 2,281,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll - 2007-01-15 15:11:26 73,728 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe + 2007-12-17 11:59:53 82,976 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe - 2007-01-15 15:11:30 57,344 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe + 2007-12-17 11:59:54 66,592 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\setregni.exe - 2004-07-19 17:54:18 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll + 2007-12-17 11:59:56 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\system.dll - 2007-01-15 15:11:30 57,344 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe + 2007-12-17 12:00:05 66,592 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\togac.exe - 2006-03-24 12:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll + 2008-04-14 02:33:18 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll - 2006-03-24 12:00:00 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll + 2008-04-14 02:33:18 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll - 2006-10-12 13:55:58 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll + 2008-04-14 02:33:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll - 2007-03-09 14:00:38 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll + 2008-04-14 02:33:18 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll - 2006-03-24 12:00:00 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll + 2008-04-14 02:33:18 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll - 2006-03-24 12:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll + 2008-04-14 02:33:18 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll - 2006-03-24 12:00:00 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll + 2008-04-14 02:33:18 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll - 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe + 2008-04-14 02:33:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe - 2006-03-24 12:00:00 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll + 2008-04-14 02:33:19 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll - 2006-03-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll + 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll - 2006-03-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll + 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll - 2006-03-24 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll + 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll - 2006-03-24 12:00:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll + 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll - 2006-03-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll + 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll - 2006-03-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll + 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll - 2006-03-24 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll + 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll - 2006-03-24 12:00:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll + 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll - 2006-03-24 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll + 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll - 2006-03-24 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll + 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll - 2006-03-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll - 2006-03-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll - 2006-03-24 12:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll + 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll - 2006-03-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll - 2006-03-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll - 2006-03-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll - 2006-03-24 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll + 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll - 2006-03-24 12:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll + 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll - 2006-03-24 12:00:00 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll + 2008-04-14 02:33:32 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll - 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll + 2008-04-14 02:33:22 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll - 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe + 2008-04-13 18:53:32 558,080 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe - 2006-03-24 12:00:00 70,656 ----a-w C:\WINDOWS\NOTEPAD.EXE + 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\notepad.exe - 2006-03-24 12:00:00 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe + 2008-04-14 02:34:06 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe - 2006-03-24 12:00:00 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe + 2008-04-14 02:34:06 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe - 2006-03-24 12:00:00 18,944 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe + 2008-04-14 02:34:06 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe - 2006-03-24 12:00:00 160,768 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe + 2008-04-14 02:34:12 172,544 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe - 2006-03-24 12:00:00 381,952 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll + 2008-04-14 02:33:32 382,464 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll - 2006-03-24 12:00:00 102,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll + 2008-04-14 02:33:38 102,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll - 2006-03-24 12:00:00 38,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll + 2008-04-14 02:33:38 38,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - 2008-02-13 10:36:43 86,815 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat + 2008-06-03 10:06:55 86,815 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat - 2008-02-13 10:36:43 2,674 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin + 2008-06-03 10:06:55 2,988 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin - 2006-03-24 12:00:00 151,040 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe + 2008-04-14 02:34:26 151,040 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe - 2006-03-24 12:00:00 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll + 2008-04-14 02:33:46 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll - 2006-03-24 12:00:00 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll + 2008-04-14 02:33:46 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll - 2006-03-24 12:00:00 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll + 2008-04-14 02:33:46 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll - 2006-03-24 12:00:00 153,088 ----a-w C:\WINDOWS\regedit.exe + 2008-04-14 02:34:19 153,088 ----a-w C:\WINDOWS\regedit.exe + 2008-04-13 18:46:18 53,376 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys + 2008-04-13 18:40:50 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys + 2008-04-13 18:46:20 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys + 2008-04-14 02:33:18 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll + 2008-04-14 02:33:18 136,192 ------w C:\WINDOWS\ServicePackFiles\i386\aaclient.dll + 2004-08-03 20:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys + 2004-08-03 20:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys + 2008-04-14 02:33:18 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\acadproc.dll + 2008-04-14 02:33:53 190,464 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe + 2008-04-14 02:33:18 1,852,928 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll + 2008-04-14 02:33:18 451,072 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll + 2008-04-14 02:33:18 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll + 2008-04-14 02:33:18 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll + 2008-04-14 01:52:42 188,672 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys + 2008-04-14 02:33:18 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll + 2008-04-14 02:33:18 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll + 2008-04-14 02:33:53 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe + 2008-04-14 02:33:18 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll + 2008-04-14 02:33:18 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll + 2008-04-14 02:33:18 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\admexs.dll + 2008-04-14 02:33:18 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll + 2008-04-14 02:33:53 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe + 2004-08-03 20:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys + 2008-04-14 02:33:18 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll + 2008-04-14 02:33:18 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\admwprox.dll + 2008-04-14 02:33:18 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsiis51.dll + 2008-04-14 02:33:18 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll + 2008-04-14 02:33:18 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll + 2008-04-14 02:33:18 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll + 2008-04-14 02:33:18 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll + 2008-04-14 02:33:18 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\adsnw.dll + 2007-04-02 13:10:44 85,813 ------w C:\WINDOWS\ServicePackFiles\i386\adsutil.vbs + 2008-04-14 02:33:18 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll + 2008-04-14 02:33:18 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll + 2008-04-14 02:33:18 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll + 2008-04-14 02:33:18 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll + 2008-04-14 02:33:18 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll + 2008-04-14 02:33:18 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll + 2008-04-14 02:33:18 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll + 2008-04-14 02:33:18 685,568 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll + 2008-04-14 02:33:18 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll + 2008-04-13 16:39:23 142,592 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys + 2008-04-13 19:19:23 138,112 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys + 2008-04-14 02:33:18 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll + 2008-04-14 02:33:18 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll + 2008-04-14 02:33:18 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll + 2008-04-14 02:33:18 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll + 2008-04-14 02:33:18 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll + 2008-04-14 02:33:18 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll + 2008-04-14 02:33:18 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll + 2008-04-14 02:33:53 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe + 2008-04-13 18:36:38 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys + 2008-04-13 18:36:39 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0401.dll + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0404.dll + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0405.dll + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0406.dll + 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt0407.dll + 2007-04-02 18:26:00 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\agt0408.dll + 2008-04-13 17:32:28 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt0409.dll + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040b.dll + 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt040c.dll + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040d.dll + 2007-04-02 18:26:00 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt040e.dll + 2007-04-02 18:26:00 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0410.dll + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0411.dll + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0412.dll + 2007-04-02 18:26:01 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0413.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0414.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0415.dll + 2007-04-02 18:26:01 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0416.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0419.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041d.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041f.dll + 2007-04-02 18:26:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0804.dll + 2007-04-02 18:26:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0816.dll + 2007-04-02 18:26:02 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0c0a.dll + 2008-04-14 02:33:19 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll + 2008-04-14 02:33:53 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe + 2008-04-14 02:33:53 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe + 2008-04-13 18:36:38 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys + 2008-04-14 02:33:19 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll + 2008-04-13 18:36:39 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys + 2008-04-14 01:54:28 41,472 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys + 2008-04-14 01:54:29 41,856 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys + 2008-04-14 02:33:19 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll + 2004-08-03 20:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys + 2008-04-14 02:33:19 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\appconf.dll + 2008-04-14 02:33:19 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll + 2008-04-14 02:33:19 176,640 ------w C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll + 2008-04-14 02:33:19 302,592 ------w C:\WINDOWS\ServicePackFiles\i386\appmgr.dll + 2008-04-14 02:33:19 334,336 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll + 2008-04-13 18:51:25 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys + 2008-04-14 02:33:19 377,344 ------w C:\WINDOWS\ServicePackFiles\i386\asp51.dll + 2008-04-13 16:09:58 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_filter.dll + 2008-04-13 16:09:59 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll + 2008-04-13 16:10:01 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe + 2008-04-13 16:10:01 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_state.exe + 2008-04-13 16:10:01 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe + 2008-04-14 02:33:53 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe + 2008-04-14 02:33:53 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe + 2008-04-14 02:33:19 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll + 2008-04-13 18:57:27 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys + 2008-04-14 02:33:53 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe + 2008-04-13 18:40:30 96,512 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys + 2004-08-03 20:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys + 2004-08-03 20:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys + 2004-08-03 20:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys + 2004-08-03 20:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys + 2004-08-03 20:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys + 2004-08-03 20:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys + 2004-08-03 20:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys + 2004-08-03 20:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys + 2004-08-03 20:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys + 2004-08-03 20:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys + 2008-04-14 02:33:19 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll + 2008-04-14 02:33:19 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll + 2008-04-14 02:33:19 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll + 2004-08-03 22:38:42 327,168 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys + 2004-08-03 22:38:44 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys + 2008-04-14 02:33:19 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll + 2008-04-14 02:33:19 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll + 2008-04-14 02:33:19 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll + 2004-08-03 20:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys + 2004-08-03 20:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys + 2004-08-03 20:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys + 2004-08-03 20:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys + 2004-08-03 20:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys + 2004-08-03 20:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys + 2004-08-03 20:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys + 2004-08-03 20:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys + 2004-08-03 20:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys + 2004-08-03 20:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys + 2008-04-14 02:33:19 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll + 2008-04-14 02:33:19 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll + 2008-04-14 02:33:19 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll + 2008-04-14 02:33:53 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe + 2008-04-13 18:51:25 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys + 2008-04-14 02:31:00 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll + 2008-04-13 18:51:30 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys + 2008-04-14 02:33:19 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll + 2008-04-14 02:33:53 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\attrib.exe + 2008-04-14 02:33:19 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll + 2008-04-14 02:33:19 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll + 2008-04-14 02:33:19 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll + 2008-04-14 02:33:19 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll + 2008-04-14 02:33:19 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll + 2008-04-14 02:33:19 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll + 2008-04-14 02:33:53 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe + 2008-04-14 02:33:19 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll + 2008-04-14 02:33:53 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe + 2008-04-14 02:33:19 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll + 2008-04-14 02:33:53 625,152 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe + 2008-04-14 02:33:53 638,976 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe + 2008-04-14 02:33:54 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe + 2008-04-14 02:33:54 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe + 2008-04-13 18:46:20 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys + 2008-04-13 18:46:07 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys + 2008-04-14 02:33:19 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll + 2008-04-14 02:33:19 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\azroles.dll + 2008-04-14 02:33:19 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll + 2008-04-14 02:33:19 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll + 2008-04-14 02:33:19 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll + 2008-04-13 18:36:32 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\battc.sys + 2008-04-13 18:46:21 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys + 2008-04-14 02:33:19 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll + 2008-04-14 02:33:19 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll + 2008-04-14 02:33:19 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll + 2008-04-14 02:33:19 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx4.dll + 2008-04-14 02:33:55 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe + 2008-04-14 02:33:55 158,208 ------w C:\WINDOWS\ServicePackFiles\i386\bootcfg.exe + 2008-04-13 18:53:23 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys + 2008-04-14 01:57:48 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll + 2008-04-14 02:33:20 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll + 2008-04-14 02:33:20 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll + 2008-04-14 02:33:20 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll + 2008-04-14 02:33:20 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll + 2008-04-13 18:46:33 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys + 2008-04-13 18:46:33 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys + 2008-04-13 18:51:34 101,120 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys + 2008-04-14 01:58:00 273,664 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys + 2008-04-13 18:46:31 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys + 2008-04-14 02:33:20 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll + 2008-04-13 18:46:29 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys + 2008-04-14 02:33:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll + 2008-04-14 02:33:20 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\c_g18030.dll + 2008-04-14 02:33:20 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll + 2008-04-14 02:33:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll + 2008-04-14 02:33:55 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\cacls.exe + 2008-04-14 02:33:20 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll + 2008-04-14 02:33:20 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\camext30.dll + 2008-04-14 02:33:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll + 2008-04-14 02:33:20 153,600 ------w C:\WINDOWS\ServicePackFiles\i386\capesnpn.dll + 2004-07-19 17:54:04 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe + 2008-04-14 02:33:20 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll + 2008-04-14 02:33:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll + 2008-04-14 02:33:20 625,664 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll + 2008-04-13 18:46:23 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys + 2008-04-13 19:14:21 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys + 2008-04-14 02:33:20 152,064 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll + 2008-04-14 02:33:20 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll + 2008-04-14 02:33:20 2,091,520 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll + 2008-04-13 18:40:46 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys + 2008-04-14 02:33:20 200,192 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll + 2008-04-14 02:33:20 467,968 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll + 2008-04-14 02:33:20 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll + 2008-04-14 02:31:03 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll + 2008-04-14 02:33:56 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe + 2008-04-14 02:33:20 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll + 2008-04-13 18:40:58 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys + 2008-04-14 02:33:20 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\cic.dll + 2008-04-14 02:33:20 1,359,360 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll + 2008-04-14 02:33:20 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll + 2008-04-14 02:33:57 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe + 2008-04-14 02:33:57 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe + 2008-04-13 19:16:22 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys + 2008-04-14 02:33:21 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll + 2008-04-14 02:33:21 498,688 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll + 2008-04-14 02:33:57 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe + 2008-04-14 02:33:21 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll + 2008-04-14 02:33:57 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe + 2008-04-14 02:33:57 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe + 2008-04-14 02:33:57 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe + 2008-04-14 02:33:21 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll + 2008-04-13 18:36:37 13,952 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys + 2008-04-14 02:33:21 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll + 2008-04-14 02:33:57 401,408 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe + 2008-04-14 02:33:21 353,280 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll + 2008-04-14 02:33:57 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe + 2008-04-14 02:33:57 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe + 2008-04-14 02:33:21 191,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll + 2008-04-14 02:33:21 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll + 2008-04-14 02:33:57 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe + 2008-04-14 02:33:21 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll + 2008-04-14 02:33:21 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll + 2008-04-14 02:33:21 83,968 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll + 2008-04-14 02:33:21 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\coadmin.dll + 2008-04-13 16:44:16 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\cobramsg.dll + 2008-04-14 02:33:21 60,416 -

fiat500 · Answer

toujours pas de mise a jour?

juju · Answer

eh non, malheureusement, jai toujours cette maudite croix rouge qui apparait et impossible de les activer dans le centre de securite windows ou ailleurs !
au demarrage, aujourdhui, ya kaspersky qui ma trouve le virus win32.viirtumonde.yeb dans tous mes elements de demarrage, jai nettoye ca mais ca a peut etre un lien ?

merci

fiat500 · Answer

oui

fais ca:

telecharge malwarebytes mes le a jour puis lance un scan complet et supprime tous se qu'il trouve:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Impossible d'activer les mises a jour windows

30 réponses

Newsletters