Windows xp déréglé... :(((
Résolu
fabe75
Messages postés
22
Statut
Membre
-
fabe75 Messages postés 22 Statut Membre -
fabe75 Messages postés 22 Statut Membre -
Bonjour,
Bonjour,
Mon père a de gros pb avec son ordinateur : depuis hier soir ordi très ralenti, plus la barre demarrer et impossible de se connecter à Internet. Apparence différente des fenêtres....
j’ai fait hijack this et j’ai obtenu cela:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:26, on 04/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\serge75\Bureau\prbl virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.252.22.70:110
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1409082233-1532298954-839522115-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1409082233-1532298954-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O20 - Winlogon Notify: awtrsrs - awtrsrs.dll (file missing)
O20 - Winlogon Notify: byxuutu - byxuutu.dll (file missing)
O20 - Winlogon Notify: efcyxuu - efcyxuu.dll (file missing)
O20 - Winlogon Notify: fccbcyy - fccbcyy.dll (file missing)
O20 - Winlogon Notify: fccbxxu - fccbxxu.dll (file missing)
O20 - Winlogon Notify: gebccby - gebccby.dll (file missing)
O20 - Winlogon Notify: hggdbyv - hggdbyv.dll (file missing)
O20 - Winlogon Notify: jkkhiff - jkkhiff.dll (file missing)
O20 - Winlogon Notify: ljjijkl - ljjijkl.dll (file missing)
O20 - Winlogon Notify: pmnljkh - pmnljkh.dll (file missing)
O20 - Winlogon Notify: rqrolml - rqrolml.dll (file missing)
O20 - Winlogon Notify: vtusstq - vtusstq.dll (file missing)
O20 - Winlogon Notify: vtuvvur - vtuvvur.dll (file missing)
O20 - Winlogon Notify: wvuvusr - wvuvusr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
End of file - 7287 bytes
Pourriez vous nous aider svp?
Est ce un virus? Est ce windows xp qui s est planté et qu il faut réinstaller?
VOus en pensez quoi?
Merci d avance ;-)
Bonjour,
Mon père a de gros pb avec son ordinateur : depuis hier soir ordi très ralenti, plus la barre demarrer et impossible de se connecter à Internet. Apparence différente des fenêtres....
j’ai fait hijack this et j’ai obtenu cela:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:26, on 04/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\serge75\Bureau\prbl virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.252.22.70:110
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1409082233-1532298954-839522115-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1409082233-1532298954-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O20 - Winlogon Notify: awtrsrs - awtrsrs.dll (file missing)
O20 - Winlogon Notify: byxuutu - byxuutu.dll (file missing)
O20 - Winlogon Notify: efcyxuu - efcyxuu.dll (file missing)
O20 - Winlogon Notify: fccbcyy - fccbcyy.dll (file missing)
O20 - Winlogon Notify: fccbxxu - fccbxxu.dll (file missing)
O20 - Winlogon Notify: gebccby - gebccby.dll (file missing)
O20 - Winlogon Notify: hggdbyv - hggdbyv.dll (file missing)
O20 - Winlogon Notify: jkkhiff - jkkhiff.dll (file missing)
O20 - Winlogon Notify: ljjijkl - ljjijkl.dll (file missing)
O20 - Winlogon Notify: pmnljkh - pmnljkh.dll (file missing)
O20 - Winlogon Notify: rqrolml - rqrolml.dll (file missing)
O20 - Winlogon Notify: vtusstq - vtusstq.dll (file missing)
O20 - Winlogon Notify: vtuvvur - vtuvvur.dll (file missing)
O20 - Winlogon Notify: wvuvusr - wvuvusr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
End of file - 7287 bytes
Pourriez vous nous aider svp?
Est ce un virus? Est ce windows xp qui s est planté et qu il faut réinstaller?
VOus en pensez quoi?
Merci d avance ;-)
A voir également:
- Windows xp déréglé... :(((
- Cle windows xp - Guide
- Montage video gratuit windows - Guide
- Telecharger windows xp - Télécharger - Systèmes d'exploitation
- Windows ne démarre pas - Guide
- Windows movie maker - Télécharger - Montage & Édition
15 réponses
Salut Fabe, Raphy
On dirait bien qu'il y a un grand absent dans tous les rapports : C:\WINDOWS\System32\svchost.exe :-)
Surement shooté par Avast ces derniers jours, d'ou les divers problèmes qui en découlent.
http://www.commentcamarche.net/forum/affich 6757939 faux positif avast win32 rootkit gen rtk
Bonne continuation.
On dirait bien qu'il y a un grand absent dans tous les rapports : C:\WINDOWS\System32\svchost.exe :-)
Surement shooté par Avast ces derniers jours, d'ou les divers problèmes qui en découlent.
http://www.commentcamarche.net/forum/affich 6757939 faux positif avast win32 rootkit gen rtk
Bonne continuation.
Salut,
Oui, c'est joli !
As tu renommé hijackthis en eden.exe par exmple ?
Poste un nouveau rapport quand ce sera fait.
Et coche ces lignes puis clique sur fix checked:
O20 - Winlogon Notify: awtrsrs - awtrsrs.dll (file missing)
O20 - Winlogon Notify: byxuutu - byxuutu.dll (file missing)
O20 - Winlogon Notify: efcyxuu - efcyxuu.dll (file missing)
O20 - Winlogon Notify: fccbcyy - fccbcyy.dll (file missing)
O20 - Winlogon Notify: fccbxxu - fccbxxu.dll (file missing)
O20 - Winlogon Notify: gebccby - gebccby.dll (file missing)
O20 - Winlogon Notify: hggdbyv - hggdbyv.dll (file missing)
O20 - Winlogon Notify: jkkhiff - jkkhiff.dll (file missing)
O20 - Winlogon Notify: ljjijkl - ljjijkl.dll (file missing)
O20 - Winlogon Notify: pmnljkh - pmnljkh.dll (file missing)
O20 - Winlogon Notify: rqrolml - rqrolml.dll (file missing)
O20 - Winlogon Notify: vtusstq - vtusstq.dll (file missing)
O20 - Winlogon Notify: vtuvvur - vtuvvur.dll (file missing)
O20 - Winlogon Notify: wvuvusr - wvuvusr.dll (file missing)
Oui, c'est joli !
As tu renommé hijackthis en eden.exe par exmple ?
Poste un nouveau rapport quand ce sera fait.
Et coche ces lignes puis clique sur fix checked:
O20 - Winlogon Notify: awtrsrs - awtrsrs.dll (file missing)
O20 - Winlogon Notify: byxuutu - byxuutu.dll (file missing)
O20 - Winlogon Notify: efcyxuu - efcyxuu.dll (file missing)
O20 - Winlogon Notify: fccbcyy - fccbcyy.dll (file missing)
O20 - Winlogon Notify: fccbxxu - fccbxxu.dll (file missing)
O20 - Winlogon Notify: gebccby - gebccby.dll (file missing)
O20 - Winlogon Notify: hggdbyv - hggdbyv.dll (file missing)
O20 - Winlogon Notify: jkkhiff - jkkhiff.dll (file missing)
O20 - Winlogon Notify: ljjijkl - ljjijkl.dll (file missing)
O20 - Winlogon Notify: pmnljkh - pmnljkh.dll (file missing)
O20 - Winlogon Notify: rqrolml - rqrolml.dll (file missing)
O20 - Winlogon Notify: vtusstq - vtusstq.dll (file missing)
O20 - Winlogon Notify: vtuvvur - vtuvvur.dll (file missing)
O20 - Winlogon Notify: wvuvusr - wvuvusr.dll (file missing)
Bonjour
Merci de ta réponse rapide. Mais je ne comprends pas ta phrase:
"As tu renommé hijackthis en eden.exe par exmple ?"
Que dois je faire?
Sinon quand tu dis oui c est joli, c est qu il s est attrapé un virus?
fab
ps: j espere bien qu il y a une solution a tout, et notamment a ce souci ;-)
Merci de ta réponse rapide. Mais je ne comprends pas ta phrase:
"As tu renommé hijackthis en eden.exe par exmple ?"
Que dois je faire?
Sinon quand tu dis oui c est joli, c est qu il s est attrapé un virus?
fab
ps: j espere bien qu il y a une solution a tout, et notamment a ce souci ;-)
Re,
Ne t'inquiete pas on va y arriver.
Je te demande de renommer hijackthis.exe en eden.exe.
Toutes les lignes que je te demande de cocher sont des virus morts.
Ne t'inquiete pas on va y arriver.
Je te demande de renommer hijackthis.exe en eden.exe.
Toutes les lignes que je te demande de cocher sont des virus morts.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
Donc tout simplement clic droit/ renommer et j écris eden.exe?
je relance le programme appelé maintenant eden et je fixe les lignes que tu as noté.
C est bien ca? (désolé mais c est pour etre bien sur parce que si j abime l ordi de mon pere, il me désérite ou il engage un tueur a gages...lol)
fab
Donc tout simplement clic droit/ renommer et j écris eden.exe?
je relance le programme appelé maintenant eden et je fixe les lignes que tu as noté.
C est bien ca? (désolé mais c est pour etre bien sur parce que si j abime l ordi de mon pere, il me désérite ou il engage un tueur a gages...lol)
fab
j'ai bien fait ce que tu m'as dit raphy; ci dessous le rapport, désolé pour le retard
fab
-----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:06, on 05/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\serge75\Bureau\prbl virus\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.252.22.70:110
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1409082233-1532298954-839522115-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1409082233-1532298954-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
fab
-----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:06, on 05/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\serge75\Bureau\prbl virus\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.252.22.70:110
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1409082233-1532298954-839522115-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1409082233-1532298954-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Oui mais il y a un souci c est que l ordi n est plus connecté a internet, donc pas de scan en ligne possible.
Si on installe bitdefender (est il gratuit?) et qu on lance le scan c est pareil? Y a t il une autre soluce?
fab
Si on installe bitdefender (est il gratuit?) et qu on lance le scan c est pareil? Y a t il une autre soluce?
fab
Re,
As tu programmé une interdiction de modification des options ou de la page d'accueil d'Internet Explorer ?
As tu programmé une interdiction de modification des options ou de la page d'accueil d'Internet Explorer ?
Bonsoir raphy,
j'ai téléchargé bit defender anti virus avec un autre ordi et je l'ai mis sur une clé sur l'ordi malade mais je n'arrive pas à lancer l'installation car il demande une nouvelle version de windows installer (je peux même pas copier le fichier d ela clé vers le disque dur)
comment je peux verifier si j'aiprogrammé une interdiction de modification des options ou de la page d'accueil d'Internet Explorer ??
merci de ton aide
fab
j'ai téléchargé bit defender anti virus avec un autre ordi et je l'ai mis sur une clé sur l'ordi malade mais je n'arrive pas à lancer l'installation car il demande une nouvelle version de windows installer (je peux même pas copier le fichier d ela clé vers le disque dur)
comment je peux verifier si j'aiprogrammé une interdiction de modification des options ou de la page d'accueil d'Internet Explorer ??
merci de ton aide
fab
Bon,
Fais ce qui est indiqué et postes le rapport :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Fais ce qui est indiqué et postes le rapport :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
bonjour,
j'ai appliqué combofix; voila le log
fab
ComboFix 08-06-10.2 - serge75 2008-06-11 10:20:14.2 - NTFSx86
Endroit: G:\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NOTEPAD
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-02 08:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-05-02 08:46 --------- d-----w C:\Program Files\SlySoft
2008-04-27 15:04 --------- d-----w C:\Program Files\CuttingEdge Intermediate CD-ROM
2008-04-12 16:19 --------- d-----w C:\Program Files\Google
2008-01-26 19:13 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( snapshot@2007-10-12_19.03.11.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-17 20:01:16 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2001-09-28 06:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2001-09-28 06:00:00 286,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2001-09-28 06:00:00 132,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
- 2005-09-09 14:39:08 212,992 ------w C:\WINDOWS\alcrmv.exe
+ 2006-07-31 10:27:30 217,088 ----a-w C:\WINDOWS\Alcrmv.exe
- 2005-08-12 16:40:54 307,200 ------w C:\WINDOWS\alcupd.exe
+ 2006-07-31 10:19:00 315,392 ----a-w C:\WINDOWS\alcupd.exe
+ 2008-06-11 08:49:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2002-08-28 19:39:08 175,104 ----a-w C:\WINDOWS\ime\chsime\applets\PINTLCSA.DLL
+ 2002-08-28 19:39:08 53,760 ----a-w C:\WINDOWS\ime\chsime\applets\PINTLCSD.DLL
+ 2002-08-28 19:39:42 97,792 ----a-w C:\WINDOWS\ime\CHTIME\Applets\CHTMBX.DLL
+ 2002-08-28 19:39:42 56,320 ----a-w C:\WINDOWS\ime\CHTIME\Applets\CHTSKDIC.DLL
+ 2002-08-28 19:39:42 173,568 ----a-w C:\WINDOWS\ime\CHTIME\Applets\CHTSKF.DLL
+ 2002-08-28 19:39:06 426,042 ----a-w C:\WINDOWS\ime\imjp8_1\applets\voicepad.dll
+ 2002-08-28 19:39:08 86,074 ----a-w C:\WINDOWS\ime\imjp8_1\applets\voicesub.dll
+ 2002-08-28 19:38:26 57,400 ----a-w C:\WINDOWS\ime\imjp8_1\cplexe.exe
+ 2002-08-07 17:35:54 360,494 ----a-w C:\WINDOWS\ime\imjp8_1\imjpcic.dll
+ 2002-08-28 19:38:40 716,857 ----a-w C:\WINDOWS\ime\imjp8_1\imjpcus.dll
+ 2002-08-28 19:38:40 81,977 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdct.dll
+ 2002-08-28 19:38:40 307,258 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdct.exe
+ 2002-08-28 19:38:40 155,706 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdsvr.exe
+ 2002-08-28 19:38:42 196,666 ----a-w C:\WINDOWS\ime\imjp8_1\imjpinst.exe
+ 2002-08-28 19:38:42 208,953 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
+ 2002-08-28 19:38:46 233,528 ----a-w C:\WINDOWS\ime\imjp8_1\imjprw.exe
+ 2002-08-28 19:38:52 262,201 ----a-w C:\WINDOWS\ime\imjp8_1\imjputy.exe
+ 2002-08-28 19:38:54 274,490 ----a-w C:\WINDOWS\ime\imjp8_1\imjputyc.dll
+ 2002-08-28 23:12:30 99,328 ----a-w C:\WINDOWS\ime\imkr6_1\imekrcic.dll
+ 2002-08-28 19:39:02 102,456 ----a-w C:\WINDOWS\ime\shared\imlang.dll
+ 2002-08-28 19:39:46 15,872 ----a-w C:\WINDOWS\ime\shared\res\PADRS404.DLL
+ 2002-08-28 19:39:08 15,360 ----a-w C:\WINDOWS\ime\shared\res\padrs804.dll
+ 2008-04-12 16:19:21 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
+ 2008-04-12 16:19:21 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-12 16:19:21 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-12 16:19:21 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-12 16:19:21 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-12 16:19:21 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
+ 2008-02-11 20:12:16 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
+ 2008-02-02 17:46:36 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2008-02-02 17:46:36 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-02-02 17:46:36 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
- 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2006-06-01 08:53:06 2,410 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2002-08-29 10:18:54 1,740 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2002-08-28 23:32:34 2,816 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2002-08-29 09:45:20 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2002-08-29 09:45:20 286,720 ------w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2002-08-29 09:45:20 132,608 ------w C:\WINDOWS\ServicePackFiles\i386\winspool.drv
- 2005-10-04 12:12:52 90,112 ------w C:\WINDOWS\soundman.exe
+ 2007-04-16 14:28:22 577,536 ----a-w C:\WINDOWS\soundman.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-09-28 06:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-09-28 06:00:00 73,680 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2001-09-28 06:00:00 25,280 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2001-09-28 06:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-09-28 06:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-09-28 06:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-09-28 06:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2001-09-28 06:00:00 4,096 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2001-09-28 06:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2001-09-28 06:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2002-08-29 09:45:20 132,608 ----a-w C:\WINDOWS\system\winspool.drv
+ 2002-09-09 18:54:06 16,269 ----a-w C:\WINDOWS\system32\ASNDIS5.sys
+ 2002-09-09 20:01:08 61,440 ----a-w C:\WINDOWS\system32\ASUSW32N50.dll
- 2007-09-06 10:09:49 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2006-07-25 20:20:20 537,600 ----a-w C:\WINDOWS\system32\ASWL2K.exe
+ 2004-05-06 11:21:04 496,640 ----a-w C:\WINDOWS\system32\ASWLSVC.exe
- 2007-09-06 10:00:07 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2005-07-15 14:48:46 40,960 ------w C:\WINDOWS\system32\ChCfg.exe
+ 2006-08-01 14:02:00 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe
+ 2001-09-28 06:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2007-09-30 13:56:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-04 02:07:38 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-09-30 13:56:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-04 02:07:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-09-30 13:56:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-04 02:07:38 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-08-29 10:18:54 1,740 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2002-08-28 19:39:42 97,792 -c--a-w C:\WINDOWS\system32\dllcache\chtmbx.dll
+ 2002-08-28 19:39:42 56,320 -c--a-w C:\WINDOWS\system32\dllcache\chtskdic.dll
+ 2002-08-28 19:39:42 173,568 -c--a-w C:\WINDOWS\system32\dllcache\chtskf.dll
+ 2002-08-28 19:39:42 201,216 -c--a-w C:\WINDOWS\system32\dllcache\cintime.dll
+ 2002-08-28 19:39:44 480,256 -c--a-w C:\WINDOWS\system32\dllcache\cintsetp.exe
+ 2002-08-28 19:38:26 57,400 -c--a-w C:\WINDOWS\system32\dllcache\cplexe.exe
+ 2002-08-29 00:32:34 57,856 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2002-08-28 23:12:30 99,328 -c--a-w C:\WINDOWS\system32\dllcache\imekrcic.dll
+ 2002-06-12 17:14:46 827,438 -c--a-w C:\WINDOWS\system32\dllcache\imjp81k.dll
+ 2002-08-07 17:35:54 360,494 -c--a-w C:\WINDOWS\system32\dllcache\imjpcic.dll
+ 2002-08-28 19:38:40 716,857 -c--a-w C:\WINDOWS\system32\dllcache\imjpcus.dll
+ 2002-08-28 19:38:40 81,977 -c--a-w C:\WINDOWS\system32\dllcache\imjpdct.dll
+ 2002-08-28 19:38:40 307,258 -c--a-w C:\WINDOWS\system32\dllcache\imjpdct.exe
+ 2002-08-28 19:38:40 155,706 -c--a-w C:\WINDOWS\system32\dllcache\imjpdsvr.exe
+ 2002-08-28 19:38:42 196,666 -c--a-w C:\WINDOWS\system32\dllcache\imjpinst.exe
+ 2002-08-28 19:38:42 208,953 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe
+ 2002-08-28 19:38:46 233,528 -c--a-w C:\WINDOWS\system32\dllcache\imjprw.exe
+ 2002-08-28 19:38:52 262,201 -c--a-w C:\WINDOWS\system32\dllcache\imjputy.exe
+ 2002-08-28 19:38:54 274,490 -c--a-w C:\WINDOWS\system32\dllcache\imjputyc.dll
+ 2002-08-28 19:39:02 102,456 -c--a-w C:\WINDOWS\system32\dllcache\imlang.dll
+ 2002-08-28 19:39:06 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe
+ 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101b.dll
+ 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101c.dll
+ 2001-08-17 21:55:56 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbd103.dll
+ 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106.dll
+ 2001-08-23 16:47:06 8,704 -c--a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll
+ 2001-08-23 16:47:06 8,192 -c--a-w C:\WINDOWS\system32\dllcache\kbdkor.dll
+ 2001-09-28 06:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-09-28 06:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-09-28 06:00:00 73,680 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-09-28 06:00:00 25,280 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-09-28 06:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-09-28 06:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-09-28 06:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2002-08-28 19:39:46 15,872 -c--a-w C:\WINDOWS\system32\dllcache\padrs404.dll
+ 2002-08-28 19:39:08 15,360 -c--a-w C:\WINDOWS\system32\dllcache\padrs804.dll
+ 2002-08-28 19:39:08 175,104 -c--a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
+ 2002-08-28 19:39:08 53,760 -c--a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
+ 2002-08-28 19:39:06 70,144 -c--a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
+ 2002-08-28 19:39:08 67,584 -c--a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
+ 2002-08-29 01:01:00 134,272 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2001-09-28 06:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-09-28 06:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
+ 2001-09-28 06:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
+ 2002-08-28 19:39:50 44,032 -c--a-w C:\WINDOWS\system32\dllcache\tintlphr.exe
+ 2002-08-28 19:39:50 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
+ 2002-08-28 19:39:48 10,240 -c--a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
+ 2002-08-28 23:12:18 72,192 -c--a-w C:\WINDOWS\system32\dllcache\uniime.dll
+ 2001-09-28 06:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2002-08-28 19:39:06 426,042 -c--a-w C:\WINDOWS\system32\dllcache\voicepad.dll
+ 2002-08-28 19:39:08 86,074 -c--a-w C:\WINDOWS\system32\dllcache\voicesub.dll
+ 2001-09-28 06:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
+ 2001-09-28 06:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2001-09-28 06:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-09-28 06:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
- 2007-09-06 10:00:53 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-01-26 18:02:32 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
- 2005-10-04 15:39:58 3,797,632 ------w C:\WINDOWS\system32\drivers\alcxwdm.sys
+ 2007-08-07 17:33:12 4,108,992 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
+ 2007-12-19 20:05:12 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
- 2007-09-06 10:05:25 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
- 2007-09-06 10:05:10 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2007-09-06 10:03:02 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2007-09-06 10:02:20 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2002-08-28 23:32:34 57,856 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2002-08-29 00:32:34 57,856 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2002-08-28 23:32:34 2,816 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2006-04-22 01:44:39 8,064 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
+ 2007-08-07 19:48:33 25,160 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2001-09-28 06:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2002-08-29 00:01:00 134,272 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2002-08-29 01:01:00 134,272 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2007-02-16 00:56:49 11,984 ----a-w C:\WINDOWS\system32\drivers\RegKill.sys
+ 2003-04-24 11:03:54 74,828 ----a-w C:\WINDOWS\system32\drivers\RESC_DWB.SYS
+ 2005-10-17 18:50:06 245,376 ----a-w C:\WINDOWS\system32\drivers\rt2500usb.sys
+ 2006-06-08 09:49:50 344,064 ----a-w C:\WINDOWS\system32\drivers\rt73.sys
- 2006-05-01 19:24:47 81,920 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
+ 2007-08-10 19:56:53 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
- 2007-04-12 17:44:21 190,592 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-02-11 21:31:56 209,696 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2002-08-28 19:39:42 201,216 ----a-w C:\WINDOWS\system32\IME\CINTLGNT\CINTIME.DLL
+ 2002-08-28 19:39:44 480,256 ----a-w C:\WINDOWS\system32\IME\CINTLGNT\CINTSETP.EXE
+ 2002-08-28 19:39:06 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
+ 2002-08-28 19:39:06 70,144 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2002-08-28 19:39:08 67,584 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\PMIGRATE.DLL
+ 2002-08-28 19:39:50 44,032 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2002-08-28 19:39:50 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
+ 2002-08-28 19:39:48 10,240 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TMIGRATE.DLL
+ 2002-06-12 17:14:46 827,438 ----a-w C:\WINDOWS\system32\imjp81k.dll
+ 2001-08-17 21:55:56 6,144 ----a-w C:\WINDOWS\system32\kbd101b.dll
+ 2001-08-17 21:55:56 6,144 ----a-w C:\WINDOWS\system32\kbd101c.dll
+ 2001-08-17 21:55:56 5,632 ----a-w C:\WINDOWS\system32\kbd103.dll
+ 2001-08-17 21:55:56 6,144 ----a-w C:\WINDOWS\system32\kbd106.dll
+ 2001-08-23 16:47:06 8,704 ----a-w C:\WINDOWS\system32\kbdjpn.dll
+ 2001-08-23 16:47:06 8,192 ----a-w C:\WINDOWS\system32\kbdkor.dll
+ 2001-09-28 06:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
- 2006-08-21 14:40:01 11,622 ----a-w C:\WINDOWS\system32\Lang\Arabic.bin
+ 2007-11-15 21:22:09 11,842 ----a-w C:\WINDOWS\system32\Lang\Arabic.bin
- 2006-08-21 14:40:01 13,611 ----a-w C:\WINDOWS\system32\Lang\Danish.bin
+ 2007-11-15 21:22:09 13,831 ----a-w C:\WINDOWS\system32\Lang\Danish.bin
- 2006-08-21 14:40:01 14,250 ----a-w C:\WINDOWS\system32\Lang\Dutch.bin
+ 2007-11-15 21:22:09 14,470 ----a-w C:\WINDOWS\system32\Lang\Dutch.bin
- 2006-08-21 14:40:01 11,812 ----a-w C:\WINDOWS\system32\Lang\English.bin
+ 2007-11-15 21:22:09 12,032 ----a-w C:\WINDOWS\system32\Lang\English.bin
- 2006-08-21 14:40:01 15,106 ----a-w C:\WINDOWS\system32\Lang\French.bin
+ 2007-11-15 21:22:09 15,325 ----a-w C:\WINDOWS\system32\Lang\French.bin
- 2006-08-21 14:40:01 14,653 ----a-w C:\WINDOWS\system32\Lang\German.bin
+ 2007-11-15 21:22:09 14,873 ----a-w C:\WINDOWS\system32\Lang\German.bin
- 2006-08-21 14:40:01 13,746 ----a-w C:\WINDOWS\system32\Lang\Greek.bin
+ 2007-11-15 21:22:09 13,966 ----a-w C:\WINDOWS\system32\Lang\Greek.bin
- 2006-08-21 14:40:01 15,498 ----a-w C:\WINDOWS\system32\Lang\Italian.bin
+ 2007-11-15 21:22:09 15,718 ----a-w C:\WINDOWS\system32\Lang\Italian.bin
- 2006-08-21 14:40:01 13,125 ----a-w C:\WINDOWS\system32\Lang\Japanese.bin
+ 2007-11-15 21:22:09 13,345 ----a-w C:\WINDOWS\system32\Lang\Japanese.bin
- 2006-08-21 14:40:01 11,279 ----a-w C:\WINDOWS\system32\Lang\Korean.bin
+ 2007-11-15 21:22:09 11,498 ----a-w C:\WINDOWS\system32\Lang\Korean.bin
- 2006-08-21 14:40:01 13,211 ----a-w C:\WINDOWS\system32\Lang\Polish.bin
+ 2007-11-15 21:22:09 13,431 ----a-w C:\WINDOWS\system32\Lang\Polish.bin
- 2006-08-21 14:40:01 13,526 ----a-w C:\WINDOWS\system32\Lang\Portuguese_Brazilian.bin
+ 2007-11-15 21:22:09 13,746 ----a-w C:\WINDOWS\system32\Lang\Portuguese_Brazilian.bin
- 2006-08-21 14:40:01 14,414 ----a-w C:\WINDOWS\system32\Lang\Portuguese_Default.bin
+ 2007-11-15 21:22:09 14,634 ----a-w C:\WINDOWS\system32\Lang\Portuguese_Default.bin
- 2006-08-21 14:40:01 14,831 ----a-w C:\WINDOWS\system32\Lang\Russian.bin
+ 2007-11-15 21:22:09 15,050 ----a-w C:\WINDOWS\system32\Lang\Russian.bin
- 2006-08-21 14:40:01 9,265 ----a-w C:\WINDOWS\system32\Lang\SimChin.bin
+ 2007-11-15 21:22:09 9,484 ----a-w C:\WINDOWS\system32\Lang\SimChin.bin
- 2006-08-21 14:40:01 15,189 ----a-w C:\WINDOWS\system32\Lang\Spanish.bin
+ 2007-11-15 21:22:09 15,409 ----a-w C:\WINDOWS\system32\Lang\Spanish.bin
- 2006-08-21 14:40:01 13,340 ----a-w C:\WINDOWS\system32\Lang\SWEDISH.bin
+ 2007-11-15 21:22:09 13,560 ----a-w C:\WINDOWS\system32\Lang\SWEDISH.bin
- 2006-08-21 14:40:01 12,027 ----a-w C:\WINDOWS\system32\Lang\Thai.bin
+ 2007-11-15 21:22:09 12,247 ----a-w C:\WINDOWS\system32\Lang\Thai.bin
- 2006-08-21 14:40:01 9,956 ----a-w C:\WINDOWS\system32\Lang\TradChin.bin
+ 2007-11-15 21:22:09 10,111 ----a-w C:\WINDOWS\system32\Lang\TradChin.bin
+ 2001-09-28 06:00:00 224,448 ----a-w C:\WINDOWS\system32\lanman.drv
+ 2001-09-28 06:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2005-08-27 12:38:58 128,648 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
+ 2001-09-28 06:00:00 73,680 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2001-09-28 06:00:00 25,280 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2001-09-28 06:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2001-09-28 06:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2001-09-28 06:00:00 20,992 ----a-w C:\WINDOWS\system32\msacm32.drv
+ 2002-08-29 09:45:20 184,320 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2002-08-29 09:45:20 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2001-09-28 06:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2003-08-04 12:22:44 16,128 ------w C:\WINDOWS\system32\PCANDIS5.SYS
- 2007-03-25 09:19:16 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 08:05:34 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-03-25 09:19:16 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-03-30 08:05:34 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-03-25 09:19:16 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 08:05:34 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-03-25 09:19:16 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-03-30 08:05:34 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2005-10-04 15:39:58 3,797,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\ALCXWDM.SYS
+ 2002-08-28 23:32:34 57,856 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\drmk.sys
+ 2002-12-11 22:14:32 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\ksuser.dll
+ 2002-08-29 00:01:00 134,272 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\portcls.sys
+ 2004-07-09 02:27:28 48,512 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\stream.sys
+ 2001-08-23 15:47:52 22,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\wdmaud.drv
+ 2005-09-16 12:14:36 157,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\RTLCPAPI.dll
+ 2005-10-04 14:27:32 10,459,648 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\RTLCPL.EXE
+ 2005-10-04 12:12:52 90,112 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\SOUNDMAN.EXE
+ 2004-05-07 17:57:18 159,827 ----a-w C:\WINDOWS\system32\RemSvc.exe
- 2005-09-16 12:14:36 157,184 ------w C:\WINDOWS\system32\RtlCPAPI.dll
+ 2006-10-18 01:53:26 147,456 ----a-w C:\WINDOWS\system32\RtlCPAPI.dll
- 2005-10-04 14:27:32 10,459,648 ------w C:\WINDOWS\system32\RTLCPL.exe
+ 2006-12-08 14:20:14 10,528,768 ----a-w C:\WINDOWS\system32\RTLCPL.exe
+ 2001-09-28 06:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2001-09-28 06:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2001-09-28 06:00:00 4,096 ----a-w C:\WINDOWS\system32\timer.drv
+ 2002-08-28 23:12:18 72,192 ----a-w C:\WINDOWS\system32\uniime.dll
+ 2001-09-28 06:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2003-08-04 12:22:44 94,208 ----a-w C:\WINDOWS\system32\W32n50.dll
+ 2001-08-23 15:47:52 22,016 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2001-09-28 06:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
+ 2001-09-28 06:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2002-08-29 09:45:20 132,608 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2001-09-28 06:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2002-12-20 13:22:00 49,152 ----a-w C:\WINDOWS\system32\WooDial2000.dll
+ 2004-08-23 12:50:02 32,768 ----a-w C:\WINDOWS\system32\WooDial2000.dll
+ 2001-09-28 06:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
- 2007-10-12 16:43:20 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-02-02 17:29:22 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2006-10-26 12:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-10-26 12:40:36 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2006-10-26 12:40:36 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 12:40:36 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 12:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 12:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 12:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 12:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 12:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 12:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 19:49 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-10-17 04:31 7307264]
"nwiz"="nwiz.exe" [2005-10-17 04:31 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-10-17 04:31 86016]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 11:20 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 11:45 13312]
"WinMedia"="C:\WINDOWS\TEMP\1963875.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^serge75^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\serge75\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-05-10 18:49 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
--a------ 2006-08-15 16:48 1696256 C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2002-08-29 11:45 1511453 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-08-09 14:28 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 14:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 01:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-05 19:49 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-06-01 11:20 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-22 11:17:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 10:50:50
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-11 10:55:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 08:55:29
ComboFix2.txt 2007-10-12 17:04:17
Pre-Run: 59,964,223,488 octets libres
Post-Run: 66,787,729,408 octets libres
426
j'ai appliqué combofix; voila le log
fab
ComboFix 08-06-10.2 - serge75 2008-06-11 10:20:14.2 - NTFSx86
Endroit: G:\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NOTEPAD
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-02 08:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-05-02 08:46 --------- d-----w C:\Program Files\SlySoft
2008-04-27 15:04 --------- d-----w C:\Program Files\CuttingEdge Intermediate CD-ROM
2008-04-12 16:19 --------- d-----w C:\Program Files\Google
2008-01-26 19:13 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( snapshot@2007-10-12_19.03.11.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-17 20:01:16 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2001-09-28 06:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2001-09-28 06:00:00 286,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2001-09-28 06:00:00 132,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
- 2005-09-09 14:39:08 212,992 ------w C:\WINDOWS\alcrmv.exe
+ 2006-07-31 10:27:30 217,088 ----a-w C:\WINDOWS\Alcrmv.exe
- 2005-08-12 16:40:54 307,200 ------w C:\WINDOWS\alcupd.exe
+ 2006-07-31 10:19:00 315,392 ----a-w C:\WINDOWS\alcupd.exe
+ 2008-06-11 08:49:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2002-08-28 19:39:08 175,104 ----a-w C:\WINDOWS\ime\chsime\applets\PINTLCSA.DLL
+ 2002-08-28 19:39:08 53,760 ----a-w C:\WINDOWS\ime\chsime\applets\PINTLCSD.DLL
+ 2002-08-28 19:39:42 97,792 ----a-w C:\WINDOWS\ime\CHTIME\Applets\CHTMBX.DLL
+ 2002-08-28 19:39:42 56,320 ----a-w C:\WINDOWS\ime\CHTIME\Applets\CHTSKDIC.DLL
+ 2002-08-28 19:39:42 173,568 ----a-w C:\WINDOWS\ime\CHTIME\Applets\CHTSKF.DLL
+ 2002-08-28 19:39:06 426,042 ----a-w C:\WINDOWS\ime\imjp8_1\applets\voicepad.dll
+ 2002-08-28 19:39:08 86,074 ----a-w C:\WINDOWS\ime\imjp8_1\applets\voicesub.dll
+ 2002-08-28 19:38:26 57,400 ----a-w C:\WINDOWS\ime\imjp8_1\cplexe.exe
+ 2002-08-07 17:35:54 360,494 ----a-w C:\WINDOWS\ime\imjp8_1\imjpcic.dll
+ 2002-08-28 19:38:40 716,857 ----a-w C:\WINDOWS\ime\imjp8_1\imjpcus.dll
+ 2002-08-28 19:38:40 81,977 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdct.dll
+ 2002-08-28 19:38:40 307,258 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdct.exe
+ 2002-08-28 19:38:40 155,706 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdsvr.exe
+ 2002-08-28 19:38:42 196,666 ----a-w C:\WINDOWS\ime\imjp8_1\imjpinst.exe
+ 2002-08-28 19:38:42 208,953 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
+ 2002-08-28 19:38:46 233,528 ----a-w C:\WINDOWS\ime\imjp8_1\imjprw.exe
+ 2002-08-28 19:38:52 262,201 ----a-w C:\WINDOWS\ime\imjp8_1\imjputy.exe
+ 2002-08-28 19:38:54 274,490 ----a-w C:\WINDOWS\ime\imjp8_1\imjputyc.dll
+ 2002-08-28 23:12:30 99,328 ----a-w C:\WINDOWS\ime\imkr6_1\imekrcic.dll
+ 2002-08-28 19:39:02 102,456 ----a-w C:\WINDOWS\ime\shared\imlang.dll
+ 2002-08-28 19:39:46 15,872 ----a-w C:\WINDOWS\ime\shared\res\PADRS404.DLL
+ 2002-08-28 19:39:08 15,360 ----a-w C:\WINDOWS\ime\shared\res\padrs804.dll
+ 2008-04-12 16:19:21 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
+ 2008-04-12 16:19:21 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-12 16:19:21 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-12 16:19:21 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-12 16:19:21 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-12 16:19:21 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
+ 2008-02-11 20:12:16 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
+ 2008-02-02 17:46:36 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2008-02-02 17:46:36 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-02-02 17:46:36 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
- 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2006-06-01 08:53:06 2,410 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2002-08-29 10:18:54 1,740 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2002-08-28 23:32:34 2,816 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2002-08-29 09:45:20 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2002-08-29 09:45:20 286,720 ------w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2002-08-29 09:45:20 132,608 ------w C:\WINDOWS\ServicePackFiles\i386\winspool.drv
- 2005-10-04 12:12:52 90,112 ------w C:\WINDOWS\soundman.exe
+ 2007-04-16 14:28:22 577,536 ----a-w C:\WINDOWS\soundman.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-09-28 06:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-09-28 06:00:00 73,680 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2001-09-28 06:00:00 25,280 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2001-09-28 06:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-09-28 06:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-09-28 06:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-09-28 06:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2001-09-28 06:00:00 4,096 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2001-09-28 06:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2001-09-28 06:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2002-08-29 09:45:20 132,608 ----a-w C:\WINDOWS\system\winspool.drv
+ 2002-09-09 18:54:06 16,269 ----a-w C:\WINDOWS\system32\ASNDIS5.sys
+ 2002-09-09 20:01:08 61,440 ----a-w C:\WINDOWS\system32\ASUSW32N50.dll
- 2007-09-06 10:09:49 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2006-07-25 20:20:20 537,600 ----a-w C:\WINDOWS\system32\ASWL2K.exe
+ 2004-05-06 11:21:04 496,640 ----a-w C:\WINDOWS\system32\ASWLSVC.exe
- 2007-09-06 10:00:07 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2005-07-15 14:48:46 40,960 ------w C:\WINDOWS\system32\ChCfg.exe
+ 2006-08-01 14:02:00 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe
+ 2001-09-28 06:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2007-09-30 13:56:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-04 02:07:38 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-09-30 13:56:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-04 02:07:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-09-30 13:56:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-04 02:07:38 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-08-29 10:18:54 1,740 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2002-08-28 19:39:42 97,792 -c--a-w C:\WINDOWS\system32\dllcache\chtmbx.dll
+ 2002-08-28 19:39:42 56,320 -c--a-w C:\WINDOWS\system32\dllcache\chtskdic.dll
+ 2002-08-28 19:39:42 173,568 -c--a-w C:\WINDOWS\system32\dllcache\chtskf.dll
+ 2002-08-28 19:39:42 201,216 -c--a-w C:\WINDOWS\system32\dllcache\cintime.dll
+ 2002-08-28 19:39:44 480,256 -c--a-w C:\WINDOWS\system32\dllcache\cintsetp.exe
+ 2002-08-28 19:38:26 57,400 -c--a-w C:\WINDOWS\system32\dllcache\cplexe.exe
+ 2002-08-29 00:32:34 57,856 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2002-08-28 23:12:30 99,328 -c--a-w C:\WINDOWS\system32\dllcache\imekrcic.dll
+ 2002-06-12 17:14:46 827,438 -c--a-w C:\WINDOWS\system32\dllcache\imjp81k.dll
+ 2002-08-07 17:35:54 360,494 -c--a-w C:\WINDOWS\system32\dllcache\imjpcic.dll
+ 2002-08-28 19:38:40 716,857 -c--a-w C:\WINDOWS\system32\dllcache\imjpcus.dll
+ 2002-08-28 19:38:40 81,977 -c--a-w C:\WINDOWS\system32\dllcache\imjpdct.dll
+ 2002-08-28 19:38:40 307,258 -c--a-w C:\WINDOWS\system32\dllcache\imjpdct.exe
+ 2002-08-28 19:38:40 155,706 -c--a-w C:\WINDOWS\system32\dllcache\imjpdsvr.exe
+ 2002-08-28 19:38:42 196,666 -c--a-w C:\WINDOWS\system32\dllcache\imjpinst.exe
+ 2002-08-28 19:38:42 208,953 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe
+ 2002-08-28 19:38:46 233,528 -c--a-w C:\WINDOWS\system32\dllcache\imjprw.exe
+ 2002-08-28 19:38:52 262,201 -c--a-w C:\WINDOWS\system32\dllcache\imjputy.exe
+ 2002-08-28 19:38:54 274,490 -c--a-w C:\WINDOWS\system32\dllcache\imjputyc.dll
+ 2002-08-28 19:39:02 102,456 -c--a-w C:\WINDOWS\system32\dllcache\imlang.dll
+ 2002-08-28 19:39:06 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe
+ 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101b.dll
+ 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101c.dll
+ 2001-08-17 21:55:56 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbd103.dll
+ 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106.dll
+ 2001-08-23 16:47:06 8,704 -c--a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll
+ 2001-08-23 16:47:06 8,192 -c--a-w C:\WINDOWS\system32\dllcache\kbdkor.dll
+ 2001-09-28 06:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-09-28 06:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-09-28 06:00:00 73,680 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-09-28 06:00:00 25,280 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-09-28 06:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-09-28 06:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-09-28 06:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2002-08-28 19:39:46 15,872 -c--a-w C:\WINDOWS\system32\dllcache\padrs404.dll
+ 2002-08-28 19:39:08 15,360 -c--a-w C:\WINDOWS\system32\dllcache\padrs804.dll
+ 2002-08-28 19:39:08 175,104 -c--a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
+ 2002-08-28 19:39:08 53,760 -c--a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
+ 2002-08-28 19:39:06 70,144 -c--a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
+ 2002-08-28 19:39:08 67,584 -c--a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
+ 2002-08-29 01:01:00 134,272 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2001-09-28 06:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-09-28 06:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
+ 2001-09-28 06:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
+ 2002-08-28 19:39:50 44,032 -c--a-w C:\WINDOWS\system32\dllcache\tintlphr.exe
+ 2002-08-28 19:39:50 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
+ 2002-08-28 19:39:48 10,240 -c--a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
+ 2002-08-28 23:12:18 72,192 -c--a-w C:\WINDOWS\system32\dllcache\uniime.dll
+ 2001-09-28 06:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2002-08-28 19:39:06 426,042 -c--a-w C:\WINDOWS\system32\dllcache\voicepad.dll
+ 2002-08-28 19:39:08 86,074 -c--a-w C:\WINDOWS\system32\dllcache\voicesub.dll
+ 2001-09-28 06:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
+ 2001-09-28 06:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2001-09-28 06:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-09-28 06:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
- 2007-09-06 10:00:53 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-01-26 18:02:32 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
- 2005-10-04 15:39:58 3,797,632 ------w C:\WINDOWS\system32\drivers\alcxwdm.sys
+ 2007-08-07 17:33:12 4,108,992 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
+ 2007-12-19 20:05:12 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
- 2007-09-06 10:05:25 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
- 2007-09-06 10:05:10 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2007-09-06 10:03:02 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2007-09-06 10:02:20 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2002-08-28 23:32:34 57,856 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2002-08-29 00:32:34 57,856 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2002-08-28 23:32:34 2,816 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2006-04-22 01:44:39 8,064 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
+ 2007-08-07 19:48:33 25,160 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2001-09-28 06:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2002-08-29 00:01:00 134,272 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2002-08-29 01:01:00 134,272 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2007-02-16 00:56:49 11,984 ----a-w C:\WINDOWS\system32\drivers\RegKill.sys
+ 2003-04-24 11:03:54 74,828 ----a-w C:\WINDOWS\system32\drivers\RESC_DWB.SYS
+ 2005-10-17 18:50:06 245,376 ----a-w C:\WINDOWS\system32\drivers\rt2500usb.sys
+ 2006-06-08 09:49:50 344,064 ----a-w C:\WINDOWS\system32\drivers\rt73.sys
- 2006-05-01 19:24:47 81,920 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
+ 2007-08-10 19:56:53 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
- 2007-04-12 17:44:21 190,592 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-02-11 21:31:56 209,696 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2002-08-28 19:39:42 201,216 ----a-w C:\WINDOWS\system32\IME\CINTLGNT\CINTIME.DLL
+ 2002-08-28 19:39:44 480,256 ----a-w C:\WINDOWS\system32\IME\CINTLGNT\CINTSETP.EXE
+ 2002-08-28 19:39:06 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
+ 2002-08-28 19:39:06 70,144 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2002-08-28 19:39:08 67,584 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\PMIGRATE.DLL
+ 2002-08-28 19:39:50 44,032 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2002-08-28 19:39:50 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
+ 2002-08-28 19:39:48 10,240 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TMIGRATE.DLL
+ 2002-06-12 17:14:46 827,438 ----a-w C:\WINDOWS\system32\imjp81k.dll
+ 2001-08-17 21:55:56 6,144 ----a-w C:\WINDOWS\system32\kbd101b.dll
+ 2001-08-17 21:55:56 6,144 ----a-w C:\WINDOWS\system32\kbd101c.dll
+ 2001-08-17 21:55:56 5,632 ----a-w C:\WINDOWS\system32\kbd103.dll
+ 2001-08-17 21:55:56 6,144 ----a-w C:\WINDOWS\system32\kbd106.dll
+ 2001-08-23 16:47:06 8,704 ----a-w C:\WINDOWS\system32\kbdjpn.dll
+ 2001-08-23 16:47:06 8,192 ----a-w C:\WINDOWS\system32\kbdkor.dll
+ 2001-09-28 06:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
- 2006-08-21 14:40:01 11,622 ----a-w C:\WINDOWS\system32\Lang\Arabic.bin
+ 2007-11-15 21:22:09 11,842 ----a-w C:\WINDOWS\system32\Lang\Arabic.bin
- 2006-08-21 14:40:01 13,611 ----a-w C:\WINDOWS\system32\Lang\Danish.bin
+ 2007-11-15 21:22:09 13,831 ----a-w C:\WINDOWS\system32\Lang\Danish.bin
- 2006-08-21 14:40:01 14,250 ----a-w C:\WINDOWS\system32\Lang\Dutch.bin
+ 2007-11-15 21:22:09 14,470 ----a-w C:\WINDOWS\system32\Lang\Dutch.bin
- 2006-08-21 14:40:01 11,812 ----a-w C:\WINDOWS\system32\Lang\English.bin
+ 2007-11-15 21:22:09 12,032 ----a-w C:\WINDOWS\system32\Lang\English.bin
- 2006-08-21 14:40:01 15,106 ----a-w C:\WINDOWS\system32\Lang\French.bin
+ 2007-11-15 21:22:09 15,325 ----a-w C:\WINDOWS\system32\Lang\French.bin
- 2006-08-21 14:40:01 14,653 ----a-w C:\WINDOWS\system32\Lang\German.bin
+ 2007-11-15 21:22:09 14,873 ----a-w C:\WINDOWS\system32\Lang\German.bin
- 2006-08-21 14:40:01 13,746 ----a-w C:\WINDOWS\system32\Lang\Greek.bin
+ 2007-11-15 21:22:09 13,966 ----a-w C:\WINDOWS\system32\Lang\Greek.bin
- 2006-08-21 14:40:01 15,498 ----a-w C:\WINDOWS\system32\Lang\Italian.bin
+ 2007-11-15 21:22:09 15,718 ----a-w C:\WINDOWS\system32\Lang\Italian.bin
- 2006-08-21 14:40:01 13,125 ----a-w C:\WINDOWS\system32\Lang\Japanese.bin
+ 2007-11-15 21:22:09 13,345 ----a-w C:\WINDOWS\system32\Lang\Japanese.bin
- 2006-08-21 14:40:01 11,279 ----a-w C:\WINDOWS\system32\Lang\Korean.bin
+ 2007-11-15 21:22:09 11,498 ----a-w C:\WINDOWS\system32\Lang\Korean.bin
- 2006-08-21 14:40:01 13,211 ----a-w C:\WINDOWS\system32\Lang\Polish.bin
+ 2007-11-15 21:22:09 13,431 ----a-w C:\WINDOWS\system32\Lang\Polish.bin
- 2006-08-21 14:40:01 13,526 ----a-w C:\WINDOWS\system32\Lang\Portuguese_Brazilian.bin
+ 2007-11-15 21:22:09 13,746 ----a-w C:\WINDOWS\system32\Lang\Portuguese_Brazilian.bin
- 2006-08-21 14:40:01 14,414 ----a-w C:\WINDOWS\system32\Lang\Portuguese_Default.bin
+ 2007-11-15 21:22:09 14,634 ----a-w C:\WINDOWS\system32\Lang\Portuguese_Default.bin
- 2006-08-21 14:40:01 14,831 ----a-w C:\WINDOWS\system32\Lang\Russian.bin
+ 2007-11-15 21:22:09 15,050 ----a-w C:\WINDOWS\system32\Lang\Russian.bin
- 2006-08-21 14:40:01 9,265 ----a-w C:\WINDOWS\system32\Lang\SimChin.bin
+ 2007-11-15 21:22:09 9,484 ----a-w C:\WINDOWS\system32\Lang\SimChin.bin
- 2006-08-21 14:40:01 15,189 ----a-w C:\WINDOWS\system32\Lang\Spanish.bin
+ 2007-11-15 21:22:09 15,409 ----a-w C:\WINDOWS\system32\Lang\Spanish.bin
- 2006-08-21 14:40:01 13,340 ----a-w C:\WINDOWS\system32\Lang\SWEDISH.bin
+ 2007-11-15 21:22:09 13,560 ----a-w C:\WINDOWS\system32\Lang\SWEDISH.bin
- 2006-08-21 14:40:01 12,027 ----a-w C:\WINDOWS\system32\Lang\Thai.bin
+ 2007-11-15 21:22:09 12,247 ----a-w C:\WINDOWS\system32\Lang\Thai.bin
- 2006-08-21 14:40:01 9,956 ----a-w C:\WINDOWS\system32\Lang\TradChin.bin
+ 2007-11-15 21:22:09 10,111 ----a-w C:\WINDOWS\system32\Lang\TradChin.bin
+ 2001-09-28 06:00:00 224,448 ----a-w C:\WINDOWS\system32\lanman.drv
+ 2001-09-28 06:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2005-08-27 12:38:58 128,648 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
+ 2001-09-28 06:00:00 73,680 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2001-09-28 06:00:00 25,280 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2001-09-28 06:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2001-09-28 06:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2001-09-28 06:00:00 20,992 ----a-w C:\WINDOWS\system32\msacm32.drv
+ 2002-08-29 09:45:20 184,320 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2002-08-29 09:45:20 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2001-09-28 06:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2003-08-04 12:22:44 16,128 ------w C:\WINDOWS\system32\PCANDIS5.SYS
- 2007-03-25 09:19:16 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 08:05:34 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-03-25 09:19:16 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-03-30 08:05:34 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-03-25 09:19:16 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 08:05:34 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-03-25 09:19:16 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-03-30 08:05:34 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2005-10-04 15:39:58 3,797,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\ALCXWDM.SYS
+ 2002-08-28 23:32:34 57,856 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\drmk.sys
+ 2002-12-11 22:14:32 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\ksuser.dll
+ 2002-08-29 00:01:00 134,272 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\portcls.sys
+ 2004-07-09 02:27:28 48,512 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\stream.sys
+ 2001-08-23 15:47:52 22,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\i386\wdmaud.drv
+ 2005-09-16 12:14:36 157,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\RTLCPAPI.dll
+ 2005-10-04 14:27:32 10,459,648 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\RTLCPL.EXE
+ 2005-10-04 12:12:52 90,112 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]011\DriverFiles\SOUNDMAN.EXE
+ 2004-05-07 17:57:18 159,827 ----a-w C:\WINDOWS\system32\RemSvc.exe
- 2005-09-16 12:14:36 157,184 ------w C:\WINDOWS\system32\RtlCPAPI.dll
+ 2006-10-18 01:53:26 147,456 ----a-w C:\WINDOWS\system32\RtlCPAPI.dll
- 2005-10-04 14:27:32 10,459,648 ------w C:\WINDOWS\system32\RTLCPL.exe
+ 2006-12-08 14:20:14 10,528,768 ----a-w C:\WINDOWS\system32\RTLCPL.exe
+ 2001-09-28 06:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2001-09-28 06:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2001-09-28 06:00:00 4,096 ----a-w C:\WINDOWS\system32\timer.drv
+ 2002-08-28 23:12:18 72,192 ----a-w C:\WINDOWS\system32\uniime.dll
+ 2001-09-28 06:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2003-08-04 12:22:44 94,208 ----a-w C:\WINDOWS\system32\W32n50.dll
+ 2001-08-23 15:47:52 22,016 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2001-09-28 06:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
+ 2001-09-28 06:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2002-08-29 09:45:20 132,608 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2001-09-28 06:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2002-12-20 13:22:00 49,152 ----a-w C:\WINDOWS\system32\WooDial2000.dll
+ 2004-08-23 12:50:02 32,768 ----a-w C:\WINDOWS\system32\WooDial2000.dll
+ 2001-09-28 06:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
- 2007-10-12 16:43:20 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-02-02 17:29:22 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2006-10-26 12:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-10-26 12:40:36 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2006-10-26 12:40:36 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 12:40:36 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 12:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 12:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 12:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 12:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 12:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 12:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 19:49 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-10-17 04:31 7307264]
"nwiz"="nwiz.exe" [2005-10-17 04:31 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-10-17 04:31 86016]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 11:20 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 11:45 13312]
"WinMedia"="C:\WINDOWS\TEMP\1963875.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^serge75^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\serge75\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-05-10 18:49 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
--a------ 2006-08-15 16:48 1696256 C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2002-08-29 11:45 1511453 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-08-09 14:28 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 14:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 01:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-05 19:49 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-06-01 11:20 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-22 11:17:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 10:50:50
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-11 10:55:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 08:55:29
ComboFix2.txt 2007-10-12 17:04:17
Pre-Run: 59,964,223,488 octets libres
Post-Run: 66,787,729,408 octets libres
426
