Grosse infection

Résolu/Fermé

proxad - 14 nov. 2008 à 20:31
Utilisateur anonyme - 15 nov. 2008 à 04:36

Bonjour,

une grosse infection en cours, plus de reseau sauf sur internet explorer qui etait installé avant, plus de mises a jours de logiciels de securité

merci du coup de main
j ai pour vous differents rapports, y a qu a demander

A voir également:

Grosse infection
[Pnkbstra]infection ✓ - Forum Virus
Infection: URL:Mal !!!???? - Forum Virus
Infection virus ✓ - Forum Virus
Infection Bloom ? ✓ - Forum Virus
Techscam...infection ✓ - Forum Virus

25 réponses

Réponse 21 / 25

pproxad
15 nov. 2008 à 00:08

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrateur at 2008-11-15 00:05:46
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 182 GB (79%) free of 231 GB
Total RAM: 959 MB (65% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
C:\WINDOWS\tasks\Scheduled scanning task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776]
"nwiz"=nwiz.exe /install []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-06 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
C:\WINDOWS\system32\ftutil2.dll [2004-06-07 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-01-22 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-12-04 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-06 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
C:\WINDOWS\vVX1000.exe [2006-12-06 707360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\fspex.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BackWeb Plug-in - 6588780"=2
"ARSVC"=2
"LightScribeService"=2
"IDriverT"=3
"FSMA"=2
"FSDFWD"=3
"fsbwsys"=2
"F-Secure Gatekeeper Handler Starter"=2
"FTRTSVC"=2
"lxcr_device"=3
"usnjsvc"=3
"MSCamSvc"=2
"gusvc"=2
"GoogleDesktopManager"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"_NoDriveTypeAutoRun"=149
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-15 00:05:46 ----D---- C:\rsit
2008-11-15 00:04:08 ----D---- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla
2008-11-15 00:04:03 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 00:02:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-14 23:58:13 ----D---- C:\WINDOWS\LastGood
2008-11-14 23:53:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-14 23:43:20 ----SHD---- C:\RECYCLER
2008-11-14 23:39:55 ----D---- C:\Program Files\CCleaner
2008-11-14 23:17:26 ----D---- C:\WINDOWS\temp
2008-11-14 23:17:25 ----A---- C:\ComboFix.txt
2008-11-14 23:14:38 ----D---- C:\prout
2008-11-14 22:45:21 ----D---- C:\Program Files\jv16 PowerTools 2008
2008-11-14 22:34:08 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-14 21:11:35 ----D---- C:\WINDOWS\ERUNT
2008-11-14 21:09:04 ----D---- C:\SDFix
2008-11-14 21:02:24 ----A---- C:\UsbFix.txt
2008-11-14 20:59:59 ----D---- C:\Program Files\UsbFix
2008-11-14 20:45:01 ----A---- C:\TB.txt
2008-11-14 20:44:46 ----D---- C:\ToolBar SD
2008-11-14 19:05:35 ----A---- C:\WINDOWS\zip.exe
2008-11-14 19:05:35 ----A---- C:\WINDOWS\VFIND.exe
2008-11-14 19:05:35 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-14 19:05:35 ----A---- C:\WINDOWS\SWSC.exe
2008-11-14 19:05:35 ----A---- C:\WINDOWS\SWREG.exe
2008-11-14 19:05:35 ----A---- C:\WINDOWS\sed.exe
2008-11-14 19:05:35 ----A---- C:\WINDOWS\grep.exe
2008-11-14 19:05:35 ----A---- C:\WINDOWS\fdsv.exe
2008-11-14 19:05:33 ----D---- C:\WINDOWS\ERDNT
2008-11-14 19:05:32 ----D---- C:\Qoobox
2008-11-14 18:56:13 ----A---- C:\GenProc[1].txt
2008-11-07 20:15:48 ----A---- C:\TCleaner.txt
2008-11-07 19:50:37 ----A---- C:\rapport.txt
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\Process.exe
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-11-07 19:50:23 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-07 19:29:10 ----D---- C:\WINDOWS\Prefetch
2008-11-07 19:27:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-07 19:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-07 19:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-07 19:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-07 19:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-07 19:26:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-07 19:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-07 19:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-07 19:26:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-07 19:26:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-07 19:26:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-07 19:26:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-07 19:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-07 19:26:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-07 19:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-07 19:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-07 19:21:39 ----D---- C:\Program Files\Messenger
2008-11-07 19:21:22 ----D---- C:\WINDOWS\system32\fr
2008-11-07 19:21:22 ----D---- C:\WINDOWS\system32\bits
2008-11-07 19:21:22 ----D---- C:\WINDOWS\l2schemas
2008-11-07 19:21:22 ----D---- C:\Program Files\msn
2008-11-07 19:19:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-07 19:16:58 ----D---- C:\WINDOWS\network diagnostic
2008-11-07 19:06:43 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-07 18:55:08 ----D---- C:\Program Files\Trend Micro
2008-11-07 18:53:45 ----D---- C:\Documents and Settings\HP_Administrateur\Application Data\WinRAR
2008-11-07 18:53:31 ----D---- C:\Program Files\WinRAR
2008-11-07 18:05:36 ----D---- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
2008-11-07 18:03:13 ----A---- C:\mbam-log-2008-11-07 (18-03-03).txt
2008-11-07 17:48:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-07 17:23:53 ----D---- C:\WINDOWS\NV23163980.TMP
2008-11-07 17:17:02 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-31 21:59:35 ----D---- C:\Program Files\Kaspersky Lab
2008-10-31 21:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-24 20:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$

======List of files/folders modified in the last 1 months======

2008-11-15 00:05:45 ----HD---- C:\WINDOWS\inf
2008-11-15 00:05:45 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-15 00:05:45 ----AD---- C:\WINDOWS
2008-11-15 00:04:03 ----RD---- C:\Program Files
2008-11-15 00:02:11 ----D---- C:\WINDOWS\system32\drivers
2008-11-14 23:55:58 ----D---- C:\WINDOWS\system32
2008-11-14 23:54:30 ----D---- C:\WINDOWS\Registration
2008-11-14 23:54:20 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-14 23:43:20 ----D---- C:\WINDOWS\Minidump
2008-11-14 23:43:20 ----D---- C:\WINDOWS\Debug
2008-11-14 23:15:26 ----A---- C:\WINDOWS\system.ini
2008-11-14 23:15:10 ----D---- C:\WINDOWS\AppPatch
2008-11-14 23:15:10 ----D---- C:\Program Files\Fichiers communs
2008-11-14 22:34:36 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-14 19:08:34 ----D---- C:\WINDOWS\system32\config
2008-11-07 20:15:17 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-07 19:40:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-07 19:33:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-07 19:32:08 ----D---- C:\Program Files\Windows Media Player
2008-11-07 19:28:44 ----D---- C:\WINDOWS\system32\Setup
2008-11-07 19:28:43 ----D---- C:\WINDOWS\system32\wbem
2008-11-07 19:28:42 ----RSD---- C:\WINDOWS\Fonts
2008-11-07 19:28:37 ----HD---- C:\Config.Msi
2008-11-07 19:27:47 ----D---- C:\WINDOWS\security
2008-11-07 19:27:10 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-07 19:21:45 ----D---- C:\WINDOWS\WinSxS
2008-11-07 19:21:36 ----D---- C:\WINDOWS\ime
2008-11-07 19:21:36 ----D---- C:\WINDOWS\Help
2008-11-07 19:21:24 ----D---- C:\WINDOWS\system32\usmt
2008-11-07 19:21:24 ----D---- C:\WINDOWS\system32\fr-fr
2008-11-07 19:21:22 ----SHD---- C:\WINDOWS\Installer
2008-11-07 19:21:22 ----D---- C:\WINDOWS\PeerNet
2008-11-07 19:21:21 ----D---- C:\Program Files\Movie Maker
2008-11-07 19:19:07 ----D---- C:\WINDOWS\system32\Restore
2008-11-07 19:19:07 ----D---- C:\WINDOWS\system32\npp
2008-11-07 19:19:05 ----D---- C:\WINDOWS\msagent
2008-11-07 19:19:04 ----D---- C:\WINDOWS\srchasst
2008-11-07 19:19:03 ----D---- C:\Program Files\NetMeeting
2008-11-07 19:19:02 ----D---- C:\WINDOWS\system32\Com
2008-11-07 19:18:59 ----D---- C:\Program Files\Windows NT
2008-11-07 19:18:59 ----D---- C:\Program Files\Outlook Express
2008-11-07 19:18:55 ----D---- C:\Program Files\Fichiers communs\System
2008-11-07 19:18:40 ----D---- C:\WINDOWS\system32\oobe
2008-11-07 19:18:38 ----D---- C:\WINDOWS\system
2008-11-07 19:11:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-07 19:06:42 ----AD---- C:\WINDOWS\ehome
2008-11-07 18:58:31 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom
2008-11-07 18:14:32 ----D---- C:\Program Files\Wanadoo
2008-11-07 17:30:30 ----RASH---- C:\boot.ini
2008-11-07 17:30:30 ----A---- C:\WINDOWS\win.ini
2008-11-07 17:27:18 ----D---- C:\WINDOWS\nview
2008-11-02 15:37:42 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-11-02 11:48:08 ----D---- C:\Program Files\Adobe
2008-10-31 20:10:25 ----D---- C:\WINDOWS\pss
2008-10-30 19:02:23 ----D---- C:\WINDOWS\system32\Lang
2008-10-29 19:36:53 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-29 13:35:56 ----D---- C:\Program Files\Yahoo!
2008-10-29 13:35:56 ----D---- C:\Program Files\Windows Plus
2008-10-29 13:35:44 ----D---- C:\Program Files\Services en ligne
2008-10-29 13:35:43 ----D---- C:\Program Files\QuickTime
2008-10-29 13:35:30 ----D---- C:\Program Files\Microsoft Works
2008-10-29 13:35:29 ----D---- C:\Program Files\Microsoft Office
2008-10-29 13:35:27 ----D---- C:\Program Files\Microsoft LifeCam
2008-10-29 13:35:23 ----D---- C:\Program Files\Internet Explorer
2008-10-29 13:35:18 ----D---- C:\Program Files\MainConcept
2008-10-29 13:35:18 ----D---- C:\Program Files\Lexmark Fax Solutions
2008-10-29 13:35:18 ----D---- C:\Program Files\Lexmark 2400 Series
2008-10-29 13:35:16 ----D---- C:\Program Files\HP
2008-10-29 13:35:05 ----D---- C:\Program Files\Hewlett-Packard
2008-10-29 13:34:59 ----D---- C:\Program Files\Google
2008-10-29 13:34:30 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-10-29 13:34:30 ----AD---- C:\Program Files\Fichiers communs\LightScribe
2008-10-29 13:34:25 ----D---- C:\Program Files\EA GAMES
2008-10-29 13:33:35 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-10-29 11:18:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:08:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:32 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-02-15 2825088]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-04 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-13 19072]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys []
S2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys []
S2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys []
S3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver; C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 1963680]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS []
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2006-01-18 17664]
S3 ZSMC301b;Philips SPC210NC Webcam; C:\WINDOWS\System32\Drivers\usbVM31b.sys []
S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-04 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
S4 BackWeb Plug-in - 6588780;Antivirus Firewall; C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE []
S4 fsbwsys;fsbwsys; C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe []
S4 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe []
S4 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe []
S4 FSMA;F-Secure Management Agent; C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE []
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-23 168432]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-03-24 73728]
S4 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-03 495616]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe []

-----------------EOF-----------------

Réponse 22 / 25

Utilisateur anonyme
15 nov. 2008 à 02:52

Re,
Alors on fait sauter les restes de F-secure

Alors,
nouveau CFScript :

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]     

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] 
"BackWeb Plug-in - 6588780"=- 
"FSMA"=-
"FSDFWD"=-
"fsbwsys"=-
"F-Secure Gatekeeper Handler Starter"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] 
"C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"=-

File::
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\fspex.exe
C:\TB.txt     
C:\UsbFix.txt     
C:\WINDOWS\fdsv.exe     
C:\Qoobox     
C:\GenProc[1].txt     
C:\rapport.txt     
C:\WINDOWS\NV23163980.TMP 



Folder::
"C:\Program Files\AntivirusFirewall

Driver::
FTRTSVC


DirLook::
C:\prout     
C:\WINDOWS\system32\Setup
C:\WINDOWS\system32\inetsrv     
C:\WINDOWS\system32\ReinstallBackups     
C:\WINDOWS\system32\oobe     
C:\WINDOWS\system32\appmgmt

Courage !-)

Réponse 23 / 25

proxad
15 nov. 2008 à 03:01

ComboFix 08-11-12.02 - HP_Administrateur 2008-11-15 2:56:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.609 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\prout.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\GenProc[1].txt
c:\progra~1\ANTIVI~1\backweb\6588780\Program\fspex.exe
C:\rapport.txt
C:\TB.txt
C:\UsbFix.txt
c:\windows\fdsv.exe
c:\windows\NV23163980.TMP
C:\Qoobox :#:
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\GenProc[1].txt
C:\rapport.txt
C:\TB.txt
C:\UsbFix.txt
c:\windows\fdsv.exe
c:\windows\system32\bdf9_z.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))
.

2008-11-15 01:46 . 2008-11-15 01:46 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-15 01:46 . 2008-11-15 01:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-15 01:35 . 2008-11-15 01:35 268 --ah----- C:\sqmdata01.sqm
2008-11-15 01:35 . 2008-11-15 01:35 268 --ah----- C:\sqmdata00.sqm
2008-11-15 01:35 . 2008-11-15 01:35 244 --ah----- C:\sqmnoopt01.sqm
2008-11-15 01:35 . 2008-11-15 01:35 244 --ah----- C:\sqmnoopt00.sqm
2008-11-15 01:34 . 2008-11-15 01:34 <REP> d-------- c:\program files\MSN Messenger
2008-11-15 01:23 . 2008-11-15 01:23 <REP> d-------- c:\windows\system32\Adobe
2008-11-15 01:21 . 2008-11-15 01:21 <REP> d-------- c:\windows\LastGood
2008-11-15 00:40 . 2008-11-15 00:40 1,393 --a------ c:\windows\imsins.BAK
2008-11-15 00:39 . 2008-11-15 00:39 <REP> d-------- c:\program files\MSXML 4.0
2008-11-15 00:09 . 2008-11-15 00:45 206 --a------ c:\windows\system32\acafaebb_z.ocx
2008-11-15 00:05 . 2008-11-15 00:05 <REP> d-------- C:\rsit
2008-11-15 00:03 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-15 00:02 . 2008-11-15 00:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 00:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 00:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-14 23:57 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-14 23:39 . 2008-11-14 23:46 <REP> d-------- c:\program files\CCleaner
2008-11-14 22:45 . 2008-11-15 00:51 <REP> d-------- c:\program files\jv16 PowerTools 2008
2008-11-14 21:13 . 2008-11-14 21:13 579,584 --a------ c:\windows\system32\dllcache\user32.dll
2008-11-14 21:11 . 2008-11-14 21:11 <REP> d-------- c:\windows\ERUNT
2008-11-14 21:09 . 2008-11-14 21:22 <REP> d-------- C:\SDFix
2008-11-14 20:59 . 2008-11-14 21:03 <REP> d-------- c:\program files\UsbFix
2008-11-14 20:44 . 2008-11-14 20:51 <REP> d-------- C:\ToolBar SD
2008-11-07 19:50 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-07 19:50 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-07 19:50 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-07 19:50 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-07 19:50 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-07 19:50 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-07 19:50 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-07 19:50 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-07 19:50 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-07 19:50 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-07 19:21 . 2008-11-07 19:21 <REP> d-------- c:\windows\system32\fr
2008-11-07 19:21 . 2008-11-07 19:21 <REP> d-------- c:\windows\system32\bits
2008-11-07 19:21 . 2008-11-07 19:21 <REP> d-------- c:\windows\l2schemas
2008-11-07 19:19 . 2008-11-07 19:19 <REP> d-------- c:\windows\ServicePackFiles
2008-11-07 18:55 . 2008-11-14 18:50 <REP> d-------- c:\program files\Trend Micro
2008-11-07 18:05 . 2008-11-07 18:05 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
2008-11-07 17:48 . 2008-11-07 17:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-07 17:48 . 2008-11-07 17:48 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-07 17:23 . 2008-11-07 17:27 <REP> d-------- c:\windows\NV23163980.TMP
2008-11-07 17:17 . 2008-04-14 03:33 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-07 17:16 . 2001-08-23 17:04 12,288 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-07 17:16 . 2001-08-23 17:04 12,288 --a------ c:\windows\system32\dllcache\mouhid.sys
2008-10-31 21:59 . 2008-10-31 21:59 <REP> d-------- c:\program files\Kaspersky Lab
2008-10-31 21:56 . 2008-10-31 21:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-15 12:32 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 12:31 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 12:30 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 12:30 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 12:30 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 12:30 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 00:46 --------- d-----w c:\program files\Java
2008-11-07 17:58 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2008-11-07 17:14 --------- d-----w c:\program files\Wanadoo
2008-10-29 12:35 --------- d-----w c:\program files\Yahoo!
2008-10-29 12:35 --------- d-----w c:\program files\Windows Plus
2008-10-29 12:35 --------- d-----w c:\program files\Services en ligne
2008-10-29 12:35 --------- d-----w c:\program files\QuickTime
2008-10-29 12:35 --------- d-----w c:\program files\Microsoft Works
2008-10-29 12:35 --------- d-----w c:\program files\Microsoft LifeCam
2008-10-29 12:35 --------- d-----w c:\program files\MainConcept
2008-10-29 12:35 --------- d-----w c:\program files\Lexmark Fax Solutions
2008-10-29 12:35 --------- d-----w c:\program files\Lexmark 2400 Series
2008-10-29 12:35 --------- d-----w c:\program files\HP
2008-10-29 12:35 --------- d-----w c:\program files\Hewlett-Packard
2008-10-29 12:34 --------- d---a-w c:\program files\Fichiers communs\LightScribe
2008-10-29 12:34 --------- d-----w c:\program files\Google
2008-10-29 12:34 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-29 12:34 --------- d-----w c:\program files\EA GAMES
2008-10-29 12:33 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-10-29 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-05 12:43 --------- d-----w c:\program files\InterActual
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 09:11 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2006-09-01 19:21 22 --sha-w c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\prout ----

2008-11-15 02:56 8192 --a------ c:\prout\cfdummy
2008-11-15 02:56 802 --a------ c:\prout\pend.txt
2008-11-15 02:56 78 --a------ c:\prout\OsId.txt
2008-11-15 02:56 718 --a------ c:\prout\miscfile.dat
2008-11-15 02:56 708 --a------ c:\prout\borlander_file.dat
2008-11-15 02:56 7 --a------ c:\prout\RcVer00
2008-11-15 02:56 638 --a------ c:\prout\Env.sed
2008-11-15 02:56 606 --a------ c:\prout\N_\8575
2008-11-15 02:56 593 --a------ c:\prout\temp00
2008-11-15 02:56 581 --a------ c:\prout\unhand.dat
2008-11-15 02:56 4559 --a------ c:\prout\SysPath.dat
2008-11-15 02:56 4316 --a------ c:\prout\cfscriptDirLook03
2008-11-15 02:56 414801 --a------ c:\prout\Cfiles.dat
2008-11-15 02:56 41 --a------ c:\prout\PreDIR
2008-11-15 02:56 39082 --a------ c:\prout\v_wht.dat
2008-11-15 02:56 35683 --a------ c:\prout\Cfolders.dat
2008-11-15 02:56 33 --a------ c:\prout\N_\26192
2008-11-15 02:56 33 --a------ c:\prout\N_\13975
2008-11-15 02:56 32 --a------ c:\prout\restore_pt.dat
2008-11-15 02:56 3193 --a------ c:\prout\dll_whitelist.dat
2008-11-15 02:56 318 --a------ c:\prout\N_\21742
2008-11-15 02:56 30893 --a------ c:\prout\zhsvc.dat
2008-11-15 02:56 279 --a------ c:\prout\N_\841
2008-11-15 02:56 234 --a------ c:\prout\borlander_folder.dat
2008-11-15 02:56 2 --a------ c:\prout\RcRdy
2008-11-15 02:56 19628 --a------ c:\prout\dnd.dat
2008-11-15 02:56 180 --a------ c:\prout\FileCFScript.dat
2008-11-15 02:56 176 --a------ c:\prout\notifykeys.dat
2008-11-15 02:56 17010 --a------ c:\prout\whitedir.dat
2008-11-15 02:56 166 --a------ c:\prout\N_\2932
2008-11-15 02:56 159 --a------ c:\prout\cfscriptDirLook02
2008-11-15 02:56 159 --a------ c:\prout\cfscriptDirLook01
2008-11-15 02:56 159 --a------ c:\prout\cfscriptDirLook00
2008-11-15 02:56 155 --a------ c:\prout\Look.dat
2008-11-15 02:56 15 --a------ c:\prout\Gateway
2008-11-15 02:56 13213 --a------ c:\prout\attr.dat
2008-11-15 02:56 1227 --a------ c:\prout\CregC.dat
2008-11-15 02:56 12181 --a------ c:\prout\vundonames.dat
2008-11-15 02:56 11841 --a------ c:\prout\SetPath.bat
2008-11-15 02:56 117 --a------ c:\prout\N_\1047
2008-11-15 02:56 115 --a------ c:\prout\N_\24510
2008-11-15 02:56 1148 --a------ c:\prout\run.sed
2008-11-15 02:56 1119 --a------ c:\prout\whitedirCreated.dat
2008-11-15 02:56 1118 --a------ c:\prout\Do.dat
2008-11-15 02:56 0 --a------ c:\prout\Windir.dat
2008-11-15 02:56 0 --a------ c:\prout\StartUpFileB.dat
2008-11-15 02:56 0 --a------ c:\prout\progfile.dat
2008-11-15 02:56 0 --a------ c:\prout\N_\7930
2008-11-15 02:56 0 --a------ c:\prout\N_\5650
2008-11-15 02:56 0 --a------ c:\prout\N_\32035
2008-11-15 02:56 0 --a------ c:\prout\N_\31502
2008-11-15 02:56 0 --a------ c:\prout\N_\30843
2008-11-15 02:56 0 --a------ c:\prout\N_\300
2008-11-15 02:56 0 --a------ c:\prout\N_\28144
2008-11-15 02:56 0 --a------ c:\prout\N_\27626
2008-11-15 02:56 0 --a------ c:\prout\N_\23311
2008-11-15 02:56 0 --a------ c:\prout\N_\18054
2008-11-15 02:56 0 --a------ c:\prout\N_\15708
2008-11-15 02:56 0 --a------ c:\prout\N_\14159
2008-11-15 02:56 0 --a------ c:\prout\f_system
2008-11-15 02:56 0 --a------ c:\prout\cfscriptDequarantine00
2008-11-15 02:56 0 --a------ c:\prout\catch_k.dat
2008-11-15 02:56 0 --a------ c:\prout\ADS.dat
2008-11-15 02:55 79 --a------ c:\prout\sfx.cmd
2008-11-15 02:55 6 --a------ c:\prout\NlsLanguageDefault
2008-11-15 02:55 47401 --a------ c:\prout\[u]0/u23.dat
2008-11-15 02:55 456 --a------ c:\prout\MWindows.dat
2008-11-15 02:55 43 --a------ c:\prout\OsVer
2008-11-15 02:55 42 --a------ c:\prout\Sum01
2008-11-15 02:55 2 --a------ c:\prout\XP.mac
2008-11-15 02:55 2 --a------ c:\prout\HP_Administrateur.user.cf
2008-11-15 02:55 16 --a------ c:\prout\CHCP.bat
2008-11-15 02:55 153088 --a------ c:\prout\regt.cfexe
2008-11-15 02:55 13 --a------ c:\prout\kmd.dat
2008-11-15 02:55 10 --a------ c:\prout\erunt.dat
2008-11-15 02:55 0 --a------ c:\prout\NULL
2008-11-15 02:55 0 --a------ c:\prout\d-delA.dat
2008-11-15 02:55 0 --a------ c:\prout\CregC_.dat
2008-11-15 02:55 0 --a------ c:\prout\CFVersionOld
2008-11-14 19:06 421 --a------ c:\prout\cache.folder.dat
2008-11-14 19:06 362 --a------ c:\prout\appdata.folder.dat
2008-11-14 19:06 305 --a------ c:\prout\localappdata.folder.dat
2008-11-14 19:06 296 --a------ c:\prout\localsettings.folder.dat
2008-11-14 19:06 288 --a------ c:\prout\Profiles.Folder.dat
2008-11-14 19:06 235 --a------ c:\prout\startup.folder.dat
2008-11-14 19:06 209 --a------ c:\prout\Cookies.folder.dat
2008-11-14 19:06 205 --a------ c:\prout\programs.folder.dat
2008-11-14 19:06 201 --a------ c:\prout\mypictures.folder.dat
2008-11-14 19:06 172 --a------ c:\prout\startmenu.folder.dat
2008-11-14 19:06 168 --a------ c:\prout\personal.folder.dat
2008-11-14 19:06 154 --a------ c:\prout\templates.folder.dat
2008-11-14 19:06 154 --a------ c:\prout\favorites.folder.dat
2008-11-14 19:06 151 --a------ c:\prout\desktop.folder.dat
2008-11-14 18:23 620423 --a------ c:\prout\C.bat
2008-04-14 03:34 29184 -ra------ c:\prout\FINDSTR.cfexe
2008-04-14 03:33 12288 -ra------ c:\prout\Attrib.cfexe
2006-12-04 03:17 19968 -ra------ c:\prout\setcsum.cfexe
2006-04-02 21:18 40448 -ra------ c:\prout\md5deep.cfexe
2005-10-20 20:02 163328 --a------ c:\prout\ERDNT.e_e
2005-10-20 20:00 157696 -ra------ c:\prout\ERUNT.cfexe
2005-08-16 01:54 1536 --a------ c:\prout\hidec.exe
2003-04-13 08:00 102400 -ra------ c:\prout\unzip.cfexe
2002-11-12 05:38 110592 -ra------ c:\prout\fi.cfexe
2000-08-31 08:00 98816 -ra------ c:\prout\sed.cfexe
2000-08-31 08:00 924 --a------ c:\prout\OSid.vbs
2000-08-31 08:00 91 --a------ c:\prout\LocalServiceNetworkRestricted.dat
2000-08-31 08:00 89504 -ra------ c:\prout\fdsv.cfexe
2000-08-31 08:00 88 --a------ c:\prout\NetworkService.dat
2000-08-31 08:00 820 --a------ c:\prout\rogues.dat
2000-08-31 08:00 80412 -ra------ c:\prout\grep.cfexe
2000-08-31 08:00 804 --a------ c:\prout\Fin.dat
2000-08-31 08:00 7784 --a------ c:\prout\appinit.bad
2000-08-31 08:00 7711 --a------ c:\prout\Boot.bat
2000-08-31 08:00 7680 --a------ c:\prout\BootSect
2000-08-31 08:00 746 --a------ c:\prout\DPF.str
2000-08-31 08:00 73728 -ra------ c:\prout\pv.cfexe
2000-08-31 08:00 7213 --a------ c:\prout\Exe.reg
2000-08-31 08:00 6856 --a------ c:\prout\Combobatch.bat
2000-08-31 08:00 68096 -ra------ c:\prout\zip.cfexe
2000-08-31 08:00 6536 --a------ c:\prout\RCLink
2000-08-31 08:00 61440 --a------ c:\prout\ComboFix-Download.exe
2000-08-31 08:00 574979 --a------ c:\prout\Creg.dat
2000-08-31 08:00 5572 --a------ c:\prout\srizbi.md5
2000-08-31 08:00 555 --a------ c:\prout\svchost.dat
2000-08-31 08:00 52736 -ra------ c:\prout\extract.cfexe
2000-08-31 08:00 525 --a------ c:\prout\netsvc.dat
2000-08-31 08:00 51200 -ra------ c:\prout\dumphive.cfexe
2000-08-31 08:00 49152 -ra------ c:\prout\vfind.cfexe
2000-08-31 08:00 49152 -ra------ c:\prout\SF.cfexe
2000-08-31 08:00 470398 --a------ c:\prout\clsid.dat
2000-08-31 08:00 463 --a------ c:\prout\safeboot.def.vista.dat
2000-08-31 08:00 423 --a------ c:\prout\netsvc.bad.dat
2000-08-31 08:00 413 --a------ c:\prout\toolbar.sed
2000-08-31 08:00 4090 --a------ c:\prout\ERUNT.LOC
2000-08-31 08:00 404 --a------ c:\prout\Purity.dat
2000-08-31 08:00 401 --a------ c:\prout\whitedirB.dat
2000-08-31 08:00 3849 --a------ c:\prout\FIXLSP.bat
2000-08-31 08:00 38400 -ra------ c:\prout\moveex.cfexe
2000-08-31 08:00 3641 --a------ c:\prout\ND_.bat
2000-08-31 08:00 329 --a------ c:\prout\safeboot.dat
2000-08-31 08:00 3275 --a------ c:\prout\ERDNTWIN.LOC
2000-08-31 08:00 3241 --a------ c:\prout\Assoc.cmd
2000-08-31 08:00 3204 --a------ c:\prout\MoveIt.bat
2000-08-31 08:00 3186 --a------ c:\prout\CregC.cmd
2000-08-31 08:00 303 --a------ c:\prout\embedded.sed
2000-08-31 08:00 29990 -ra------ c:\prout\setpath.cfexe
2000-08-31 08:00 298 --a------ c:\prout\DPF.sed
2000-08-31 08:00 287 --a------ c:\prout\run2.sed
2000-08-31 08:00 287 --a------ c:\prout\ndis_combofix.dat
2000-08-31 08:00 28672 -ra------ c:\prout\nircmd.com
2000-08-31 08:00 28672 -ra------ c:\prout\NirCmd.cfexe
2000-08-31 08:00 2815 --a------ c:\prout\ERDNTDOS.LOC
2000-08-31 08:00 27648 -ra------ c:\prout\NirCmdC.cfexe
2000-08-31 08:00 276 --a------ c:\prout\system_ini.dat
2000-08-31 08:00 2687 --a------ c:\prout\WhiteLegacy.dat
2000-08-31 08:00 26112 -ra------ c:\prout\WRP.cfexe
2000-08-31 08:00 254 --a------ c:\prout\svclist.sed
2000-08-31 08:00 246438 --a------ c:\prout\List-C.bat
2000-08-31 08:00 23773 --a------ c:\prout\zDomain.dat
2000-08-31 08:00 232 --a------ c:\prout\restore_pt.vbs
2000-08-31 08:00 225 --a------ c:\prout\LocalService.dat
2000-08-31 08:00 2161 --a------ c:\prout\NirCmd.inf
2000-08-31 08:00 2126 --a------ c:\prout\[u]0/u23v.dat
2000-08-31 08:00 212480 -ra------ c:\prout\swxcacls.cfexe
2000-08-31 08:00 2117 --a------ c:\prout\history.bat
2000-08-31 08:00 198 --a------ c:\prout\LocalSystemNetworkRestricted.dat
2000-08-31 08:00 1937884 --a------ c:\prout\badclsid
2000-08-31 08:00 181776 -ra------ c:\prout\handle.cfexe
2000-08-31 08:00 1766 --a------ c:\prout\DelClsid.bat
2000-08-31 08:00 1758 --a------ c:\prout\RestoreO4.bat
2000-08-31 08:00 1718 --a------ c:\prout\Policies.dat
2000-08-31 08:00 1660 --a------ c:\prout\safeboot.def.dat
2000-08-31 08:00 161792 --a------ c:\prout\swreg.exe
2000-08-31 08:00 161792 --a------ c:\prout\SWREG.cfexe
2000-08-31 08:00 15388 --a------ c:\prout\FProps.vbs
2000-08-31 08:00 15360 -ra------ c:\prout\gsar.cfexe
2000-08-31 08:00 15317 --a------ c:\prout\SafeBootRepair.bat
2000-08-31 08:00 1528 --a------ c:\prout\lnkread.vbs
2000-08-31 08:00 145920 -ra------ c:\prout\catchme.cfexe
2000-08-31 08:00 138153 --a------ c:\prout\Lang.bat
2000-08-31 08:00 136704 -ra------ c:\prout\swsc.cfexe
2000-08-31 08:00 131072 -ra------ c:\prout\psexec.cfexe
2000-08-31 08:00 1277 --a------ c:\prout\region.dat
2000-08-31 08:00 12755 --a------ c:\prout\SetEnvmt.bat
2000-08-31 08:00 11934 --a------ c:\prout\svc_wht.dat
2000-08-31 08:00 117 --a------ c:\prout\executables.dat
2000-08-31 08:00 1128 --a------ c:\prout\SvcDrv.vbs
2000-08-31 08:00 11264 -ra------ c:\prout\mtee.cfexe
2000-08-31 08:00 1057 --a------ c:\prout\image001.gif
2000-08-31 08:00 102368 --a------ c:\prout\FIND3M.bat
2000-08-31 08:00 101376 -ra------ c:\prout\dd.cfexe

---- Directory of c:\windows\system32\appmgmt ----

---- Directory of c:\windows\system32\inetsrv ----

2008-04-14 03:33 221696 --a------ c:\windows\system32\inetsrv\seo.dll
2008-04-14 03:33 2134528 --------- c:\windows\system32\inetsrv\smtpsnap.dll
2008-04-14 03:33 189440 --a------ c:\windows\system32\inetsrv\smtpadm.dll

---- Directory of c:\windows\system32\oobe ----

2008-11-07 19:29 9825 --a------ c:\windows\system32\oobe\oobeutil.js
2008-11-07 19:29 5723 --a------ c:\windows\system32\oobe\setup\autoupdt.htm
2008-11-07 19:29 3420 --a------ c:\windows\system32\oobe\agtscrp2.js
2008-11-07 19:29 32047 --a------ c:\windows\system32\oobe\updshell.htm
2008-11-07 19:29 15646 --a------ c:\windows\system32\oobe\setup\au_plcy.htm
2008-09-24 11:16 244 --a------ c:\windows\system32\oobe\oobeinfo.ini
2008-04-14 03:34 51712 --a------ c:\windows\system32\oobe\oobebaln.exe
2008-04-14 03:34 29184 --a------ c:\windows\system32\oobe\msoobe.exe
2008-04-14 03:33 566272 --a------ c:\windows\system32\oobe\msobmain.dll
2008-04-14 03:33 30720 --a------ c:\windows\system32\oobe\msobshel.dll
2008-04-14 03:33 19456 --a------ c:\windows\system32\oobe\msobweb.dll
2008-04-14 03:33 16384 --a------ c:\windows\system32\oobe\msobdl.dll
2008-04-14 03:33 122368 --a------ c:\windows\system32\oobe\msobcomm.dll
2008-03-01 04:15 91978 --a------ c:\windows\system32\oobe\actshell.htm
2008-03-01 04:15 19834 --a------ c:\windows\system32\oobe\error.js
2007-12-28 19:48 5004 --a------ c:\windows\system32\oobe\actsetup\apolicy.htm
2007-04-02 15:49 175240 --a------ c:\windows\system32\oobe\msobshel.htm
2006-01-03 01:19 892 --a------ c:\windows\system32\oobe\hpoobe\Agent\Agt_TxtCommon.js
2006-01-03 01:19 6133 --a------ c:\windows\system32\oobe\hpoobe\SndChk2.htm
2006-01-03 01:19 5279 --a------ c:\windows\system32\oobe\hpoobe\SndChk1.htm
2006-01-03 01:19 385 --a------ c:\windows\system32\oobe\hpoobe\Custom.ini
2006-01-03 01:19 2185 --a------ c:\windows\system32\oobe\hpoobe\Agent\Agt_TxtSndChk1.js
2006-01-03 01:19 1171 --a------ c:\windows\system32\oobe\hpoobe\Agent\Agt_TxtSndChk2.js
2005-08-17 20:55 4622 --a------ c:\windows\system32\oobe\hpoobe\WebRegSC.js
2004-09-14 17:10 2607 --a------ c:\windows\system32\oobe\hpoobe\msobcustom.js
2004-08-10 12:00 8527 --a------ c:\windows\system32\oobe\actsetup\activsvc.htm
2004-08-10 12:00 83 --a------ c:\windows\system32\oobe\setup\Oobedisc.htm
2004-08-10 12:00 7923 --a------ c:\windows\system32\oobe\setup\ics.htm
2004-08-10 12:00 7160 --a------ c:\windows\system32\oobe\phone.obe
2004-08-10 12:00 7160 --a------ c:\windows\system32\oobe\migrate.obe
2004-08-10 12:00 5977 --a------ c:\windows\system32\oobe\actsetup\activ.htm
2004-08-10 12:00 48410 --a------ c:\windows\system32\oobe\agtcore.js
2004-08-10 12:00 47910 --a------ c:\windows\system32\oobe\phone.inf
2004-08-10 12:00 4375 --a------ c:\windows\system32\oobe\actsetup\actlan.htm
2004-08-10 12:00 42735 --a------ c:\windows\system32\oobe\dtsgnup.htm
2004-08-10 12:00 416 --a------ c:\windows\system32\oobe\obeip.dun
2004-08-10 12:00 282945 --a------ c:\windows\system32\oobe\agtscrpt.js
2004-08-10 12:00 269 --a------ c:\windows\system32\oobe\msobe.isp
2004-08-10 12:00 23928 --a------ c:\windows\system32\oobe\migrate.js
2004-08-10 12:00 2135 --a------ c:\windows\system32\oobe\images\greenshd.gif
2004-08-10 12:00 2119 --a------ c:\windows\system32\oobe\images\redshd.gif
2004-08-10 12:00 19752 --a------ c:\windows\system32\oobe\actsetup\adeskerr.htm
2004-08-10 12:00 19118 --a------ c:\windows\system32\oobe\dialmgr.js
2004-08-10 12:00 17548 --a------ c:\windows\system32\oobe\setup\welcome.htm
2004-08-10 12:00 17210 --a------ c:\windows\system32\oobe\icsmgr.js
2004-08-10 12:00 17057 --a------ c:\windows\system32\oobe\dslmain.js
2004-08-10 12:00 13152 --a------ c:\windows\system32\oobe\iconnect.js
2004-08-10 12:00 1249 --a------ c:\windows\system32\oobe\isptype.js
2004-08-10 12:00 11284 --a------ c:\windows\system32\oobe\mousetut.js
2004-08-10 12:00 11091 --a------ c:\windows\system32\oobe\setup\neweula.htm
2004-08-10 12:00 1044 --a------ c:\windows\system32\oobe\sconnect.js
2004-08-10 05:00 9986 --a------ c:\windows\system32\oobe\setup\refdial.htm
2004-08-10 05:00 993 --a------ c:\windows\system32\oobe\images\prodkey.gif
2004-08-10 05:00 983 --a------ c:\windows\system32\oobe\html\mouse\images\but3_up.gif
2004-08-10 05:00 981 --a------ c:\windows\system32\oobe\html\mouse\images\but3_dwn.gif
2004-08-10 05:00 978 --a------ c:\windows\system32\oobe\images\btn3.gif
2004-08-10 05:00 978 --a------ c:\windows\system32\oobe\images\btn2.gif
2004-08-10 05:00 978 --a------ c:\windows\system32\oobe\images\btn1.gif
2004-08-10 05:00 9513 --a------ c:\windows\system32\oobe\images\hand1.gif
2004-08-10 05:00 9257 --a------ c:\windows\system32\oobe\images\hand2.gif
2004-08-10 05:00 9131 --a------ c:\windows\system32\oobe\images\newbtm1.jpg
2004-08-10 05:00 8806 --a------ c:\windows\system32\oobe\images\newtop1.jpg
2004-08-10 05:00 8727 --a------ c:\windows\system32\oobe\images\newbtm8.jpg
2004-08-10 05:00 8635 --a------ c:\windows\system32\oobe\setup\reg3.htm
2004-08-10 05:00 8624 --a------ c:\windows\system32\oobe\setup\ident2.htm
2004-08-10 05:00 825 --a------ c:\windows\system32\oobe\html\mouse\images\but4_dwn.gif
2004-08-10 05:00 823 --a------ c:\windows\system32\oobe\html\mouse\images\but4_up.gif
2004-08-10 05:00 8048 --a------ c:\windows\system32\oobe\images\newtop8.jpg
2004-08-10 05:00 7972 --a------ c:\windows\system32\oobe\images\magnify.gif
2004-08-10 05:00 7952 --a------ c:\windows\system32\oobe\html\dslmain\dsl_a.htm
2004-08-10 05:00 7702 --a------ c:\windows\system32\oobe\setup\drdyref.htm
2004-08-10 05:00 753 --a------ c:\windows\system32\oobe\html\mouse\images\but2_up.gif
2004-08-10 05:00 751 --a------ c:\windows\system32\oobe\html\mouse\images\but2_dwn.gif
2004-08-10 05:00 7341 --a------ c:\windows\system32\oobe\actsetup\ausrinfo.htm
2004-08-10 05:00 72921 --a------ c:\windows\system32\oobe\html\mouse\images\bulzano.jpg
2004-08-10 05:00 7132 --a------ c:\windows\system32\oobe\setup\oobestyl.css
2004-08-10 05:00 6829 --a------ c:\windows\system32\oobe\html\mouse\images\clicking.gif
2004-08-10 05:00 6779 --a------ c:\windows\system32\oobe\setup\reg1.htm
2004-08-10 05:00 6743 --a------ c:\windows\system32\oobe\isperror\ispnoanw.htm
2004-08-10 05:00 6682 --a------ c:\windows\system32\oobe\html\dslmain\dsl_b.htm
2004-08-10 05:00 665107 --a------ c:\windows\system32\oobe\images\intro.wmv
2004-08-10 05:00 6569 --a------ c:\windows\system32\oobe\error\noanswer.htm
2004-08-10 05:00 6382 --a------ c:\windows\system32\oobe\regerror\rnoansw.htm
2004-08-10 05:00 6376 --a------ c:\windows\system32\oobe\isperror\ispphbsy.htm
2004-08-10 05:00 6334 --a------ c:\windows\system32\oobe\error\toobusy.htm
2004-08-10 05:00 63016 --a------ c:\windows\system32\oobe\html\mouse\images\tyrol.jpg
2004-08-10 05:00 627 --a------ c:\windows\system32\oobe\migx25b.dun
2004-08-10 05:00 6225 --a------ c:\windows\system32\oobe\regerror\rtoobusy.htm
2004-08-10 05:00 6105 --a------ c:\windows\system32\oobe\setup\username.htm
2004-08-10 05:00 5951 --a------ c:\windows\system32\oobe\setup\prvcyms.htm
2004-08-10 05:00 590 --a------ c:\windows\system32\oobe\html\mouse\images\but3_idl.gif
2004-08-10 05:00 5876 --a------ c:\windows\system32\oobe\actsetup\aprvcyms.htm
2004-08-10 05:00 5823 --a------ c:\windows\system32\oobe\images\wpaflag.jpg
2004-08-10 05:00 576 --a------ c:\windows\system32\oobe\migx25c.dun
2004-08-10 05:00 576 --a------ c:\windows\system32\oobe\migx25a.dun
2004-08-10 05:00 5712 --a------ c:\windows\system32\oobe\setup\drdyisp.htm
2004-08-10 05:00 5705 --a------ c:\windows\system32\oobe\setup\compname.htm
2004-08-10 05:00 5618 --a------ c:\windows\system32\oobe\setup\drdymig.htm
2004-08-10 05:00 56043 --a------ c:\windows\system32\oobe\images\newmark1.jpg
2004-08-10 05:00 559 --a------ c:\windows\system32\oobe\images\clickhr.gif
2004-08-10 05:00 5582 --a------ c:\windows\system32\oobe\setup\drdyoem.htm
2004-08-10 05:00 543 --a------ c:\windows\system32\oobe\html\mouse\images\but1_idl.gif
2004-08-10 05:00 54 --a------ c:\windows\system32\oobe\images\bullet1.gif
2004-08-10 05:00 5273 --a------ c:\windows\system32\oobe\html\isptype\isptype.htm
2004-08-10 05:00 52203 --a------ c:\windows\system32\oobe\html\mouse\images\verona.jpg
2004-08-10 05:00 4937 --a------ c:\windows\system32\oobe\setup\isp.htm
2004-08-10 05:00 4932 --a------ c:\windows\system32\oobe\actsetup\adrdyreg.htm
2004-08-10 05:00 49251 --a------ c:\windows\system32\oobe\html\mouse\images\venice.jpg
2004-08-10 05:00 4852 --a------ c:\windows\system32\oobe\setup\miglist.htm
2004-08-10 05:00 4795 --a------ c:\windows\system32\oobe\images\dialtone.gif
2004-08-10 05:00 4755 --a------ c:\windows\system32\oobe\html\dslmain\dslmain.htm
2004-08-10 05:00 47282 --a------ c:\windows\system32\oobe\html\mouse\images\mouse4.gif
2004-08-10 05:00 4616 --a------ c:\windows\system32\oobe\images\clickerx.wav
2004-08-10 05:00 4473 --a------ c:\windows\system32\oobe\setup\activate.htm
2004-08-10 05:00 4459 --a------ c:\windows\system32\oobe\setup\act_plcy.htm
2004-08-10 05:00 4448 --a------ c:\windows\system32\oobe\setup\keybd.htm
2004-08-10 05:00 44244 --a------ c:\windows\system32\oobe\images\wpaback.jpg
2004-08-10 05:00 4416 --a------ c:\windows\system32\oobe\actsetup\areg1.htm
2004-08-10 05:00 4361 --a------ c:\windows\system32\oobe\html\mouse\images\mouseimg.gif
2004-08-10 05:00 436 --a------ c:\windows\system32\oobe\html\mouse\images\but4_idl.gif
2004-08-10 05:00 4298 --a------ c:\windows\system32\oobe\setup\badpkey.htm
2004-08-10 05:00 4231 --a------ c:\windows\system32\oobe\setup\jndomain.htm
2004-08-10 05:00 42189 --a------ c:\windows\system32\oobe\html\mouse\images\paris.jpg
2004-08-10 05:00 4109 --a------ c:\windows\system32\oobe\html\mouse\mouse.htm
2004-08-10 05:00 409 --a------ c:\windows\system32\oobe\html\mouse\images\but2_idl.gif
2004-08-10 05:00 4052 --a------ c:\windows\system32\oobe\setup\acterror.htm
2004-08-10 05:00 40046 --a------ c:\windows\system32\oobe\html\mouse\images\bulzanom.jpg
2004-08-10 05:00 39156 --a------ c:\windows\system32\oobe\html\mouse\images\pisa.jpg
2004-08-10 05:00 38987 --a------ c:\windows\system32\oobe\images\newmark8.jpg
2004-08-10 05:00 3887 --a------ c:\windows\system32\oobe\setup\security.htm
2004-08-10 05:00 38850 --a------ c:\windows\system32\oobe\html\mouse\images\prague.jpg
2004-08-10 05:00 38558 --a------ c:\windows\system32\oobe\images\thanks10.png
2004-08-10 05:00 3844 --a------ c:\windows\system32\oobe\setup\ident1.htm
2004-08-10 05:00 3800 --a------ c:\windows\system32\oobe\html\mouse\mouse_e.htm
2004-08-10 05:00 3793 --a------ c:\windows\system32\oobe\setup\migpage.htm
2004-08-10 05:00 3757 --a------ c:\windows\system32\oobe\html\mouse\mouse_c.htm
2004-08-10 05:00 3743 --a------ c:\windows\system32\oobe\setup\badeula.htm
2004-08-10 05:00 3710 --a------ c:\windows\system32\oobe\html\sconnect\scntlast.htm
2004-08-10 05:00 3571 --a------ c:\windows\system32\oobe\error\cnncterr.htm
2004-08-10 05:00 3569 --a------ c:\windows\system32\oobe\isperror\ispcnerr.htm
2004-08-10 05:00 3557 --a------ c:\windows\system32\oobe\images\backover.jpg
2004-08-10 05:00 3556 --a------ c:\windows\system32\oobe\images\skipdown.jpg
2004-08-10 05:00 3554 --a------ c:\windows\system32\oobe\images\nextover.jpg
2004-08-10 05:00 3540 --a------ c:\windows\system32\oobe\images\backup.jpg
2004-08-10 05:00 3539 --a------ c:\windows\system32\oobe\images\nextup.jpg
2004-08-10 05:00 353 --a------ c:\windows\system32\oobe\migip.dun
2004-08-10 05:00 35268 --a------ c:\windows\system32\oobe\html\mouse\images\heidelb.jpg
2004-08-10 05:00 3518 --a------ c:\windows\system32\oobe\setup\iconn.htm
2004-08-10 05:00 3502 --a------ c:\windows\system32\oobe\html\sconnect\sconnect.htm
2004-08-10 05:00 3485 --a------ c:\windows\system32\oobe\images\skipover.jpg
2004-08-10 05:00 3483 --a------ c:\windows\system32\oobe\images\skipup.jpg
2004-08-10 05:00 3464 --a------ c:\windows\system32\oobe\html\iconnect\icntlast.htm
2004-08-10 05:00 3461 --a------ c:\windows\system32\oobe\images\backdown.jpg
2004-08-10 05:00 3439 --a------ c:\windows\system32\oobe\images\nextdown.jpg
2004-08-10 05:00 3436 --a------ c:\windows\system32\oobe\setup\jndom_a.htm
2004-08-10 05:00 3417 --a------ c:\windows\system32\oobe\html\mouse\mouse_g.htm
2004-08-10 05:00 3414 --a------ c:\windows\system32\oobe\html\mouse\mouse_i.htm
2004-08-10 05:00 3388 --a------ c:\windows\system32\oobe\icserror\icsdc.htm
2004-08-10 05:00 3377 --a------ c:\windows\system32\oobe\setup\fini.htm
2004-08-10 05:00 33735 --a------ c:\windows\system32\oobe\html\mouse\images\tyrolm.jpg
2004-08-10 05:00 3364 --a------ c:\windows\system32\oobe\images\oemcoa.jpg
2004-08-10 05:00 3344 --a------ c:\windows\system32\oobe\actsetup\actconn.htm
2004-08-10 05:00 3343 --a------ c:\windows\system32\oobe\images\oemlogo.gif
2004-08-10 05:00 3317 --a------ c:\windows\system32\oobe\setup\neweula2.htm
2004-08-10 05:00 3237 --a------ c:\windows\system32\oobe\setup\timezone.htm
2004-08-10 05:00 3224 --a------ c:\windows\system32\oobe\isperror\ispdtone.htm
2004-08-10 05:00 3198 --a------ c:\windows\system32\oobe\error\dialtone.htm
2004-08-10 05:00 3142 --a------ c:\windows\system32\oobe\regerror\rcnterr.htm
2004-08-10 05:00 3053 --a------ c:\windows\system32\oobe\setup\keybdcmt.htm
2004-08-10 05:00 30177 --a------ c:\windows\system32\oobe\html\mouse\images\veronam.jpg
2004-08-10 05:00 300 --a------ c:\windows\system32\oobe\images\arrow.gif
2004-08-10 05:00 2966 --a------ c:\windows\system32\oobe\html\mouse\mouse_h.htm
2004-08-10 05:00 2925 --a------ c:\windows\system32\oobe\html\mouse\mouse_j.htm
2004-08-10 05:00 2857 --a------ c:\windows\system32\oobe\html\mouse\mouse_k.htm
2004-08-10 05:00 2844 --a------ c:\windows\system32\oobe\error\pulse.htm
2004-08-10 05:00 2817 --a------ c:\windows\system32\oobe\images\backoff.jpg
2004-08-10 05:00 2789 --a------ c:\windows\system32\oobe\regerror\rdtone.htm
2004-08-10 05:00 27707 --a------ c:\windows\system32\oobe\html\mouse\images\venicem.jpg
2004-08-10 05:00 2759 --a------ c:\windows\system32\oobe\images\skipoff.jpg
2004-08-10 05:00 2730 --a------ c:\windows\system32\oobe\images\mouse.gif
2004-08-10 05:00 2727 --a------ c:\windows\system32\oobe\setup\hnwprmpt.htm
2004-08-10 05:00 2714 --a------ c:\windows\system32\oobe\isperror\ispins.htm
2004-08-10 05:00 2705 --a------ c:\windows\system32\oobe\images\nextoff.jpg
2004-08-10 05:00 2700 --a------ c:\windows\system32\oobe\images\merlin.gif
2004-08-10 05:00 26392 --a------ c:\windows\system32\oobe\images\thanks8.png
2004-08-10 05:00 2624518 --a------ c:\windows\system32\oobe\images\title.wma
2004-08-10 05:00 25759 --a------ c:\windows\system32\oobe\images\wpakey.jpg
2004-08-10 05:00 25628 --a------ c:\windows\system32\oobe\html\mouse\images\parism.jpg
2004-08-10 05:00 2514 --a------ c:\windows\system32\oobe\isperror\ispsbusy.htm
2004-08-10 05:00 2505 --a------ c:\windows\system32\oobe\setup\regdial.htm
2004-08-10 05:00 2479 --a------ c:\windows\system32\oobe\images\qmark.gif
2004-08-10 05:00 2473 --a------ c:\windows\system32\oobe\isperror\isphdshk.htm
2004-08-10 05:00 2460 --a------ c:\windows\system32\oobe\regerror\rpulse.htm
2004-08-10 05:00 2432 --a------ c:\windows\system32\oobe\html\mouse\mouse_b.htm
2004-08-10 05:00 2425 --a------ c:\windows\system32\oobe\html\mouse\mouse_f.htm
2004-08-10 05:00 242 --a------ c:\windows\system32\oobe\migrate.isp
2004-08-10 05:00 2400 --a------ c:\windows\system32\oobe\setup\migdial.htm
2004-08-10 05:00 2397 --a------ c:\windows\system32\oobe\html\mouse\mouse_a.htm
2004-08-10 05:00 2388 --a------ c:\windows\system32\oobe\error\hndshake.htm
2004-08-10 05:00 2367 --a------ c:\windows\system32\oobe\html\mouse\mouse_d.htm
2004-08-10 05:00 23646 --a------ c:\windows\system32\oobe\html\mouse\images\praguem.jpg
2004-08-10 05:00 2333 --a------ c:\windows\system32\oobe\isperror\isppberr.htm
2004-08-10 05:00 2300 --a------ c:\windows\system32\oobe\setup\dialup.htm
2004-08-10 05:00 2290 --a------ c:\windows\system32\oobe\error\isp2busy.htm
2004-08-10 05:00 2290 --a------ c:\windows\system32\oobe\actsetup\aregdial.htm
2004-08-10 05:00 2286 --a------ c:\windows\system32\oobe\actsetup\aregsty2.css
2004-08-10 05:00 2277 --a------ c:\windows\system32\oobe\actsetup\aregstyl.css
2004-08-10 05:00 22602 --a------ c:\windows\system32\oobe\html\mouse\images\pisam.jpg
2004-08-10 05:00 2257 --a------ c:\windows\system32\oobe\setup\oempriv.htm
2004-08-10 05:00 21991 --a------ c:\windows\system32\oobe\images\monitor2.gif
2004-08-10 05:00 2198 --a------ c:\windows\system32\oobe\actsetup\activerr.htm
2004-08-10 05:00 2152 --a------ c:\windows\system32\oobe\error\pberr.htm
2004-08-10 05:00 20512 --a------ c:\windows\system32\oobe\html\mouse\images\heidelbm.jpg
2004-08-10 05:00 2037 --a------ c:\windows\system32\oobe\regerror\rhndshk.htm
2004-08-10 05:00 1993 --a------ c:\windows\system32\oobe\actsetup\aregdone.htm
2004-08-10 05:00 1912 --a------ c:\windows\system32\oobe\actsetup\actdone.htm
2004-08-10 05:00 1881 --a------ c:\windows\system32\oobe\regerror\rpberr.htm
2004-08-10 05:00 1878 --a------ c:\windows\system32\oobe\regerror\rnomdm.htm
2004-08-10 05:00 17745 --a------ c:\windows\system32\oobe\images\monitor.gif
2004-08-10 05:00 17719 --a------ c:\windows\system32\oobe\images\wpatop.jpg
2004-08-10 05:00 17486 --a------ c:\windows\system32\oobe\html\mouse\images\desktop3.gif
2004-08-10 05:00 14679 --a------ c:\windows\system32\oobe\images\mslogo.jpg
2004-08-10 05:00 1259 --a------ c:\windows\system32\oobe\setup\ispwait.htm
2004-08-10 05:00 124383 --a------ c:\windows\system32\oobe\images\dialup.gif
2004-08-10 05:00 124 --a------ c:\windows\system32\oobe\reg.isp
2004-08-10 05:00 1234 --a------ c:\windows\system32\oobe\images\grn_btn.gif
2004-08-10 05:00 1230 --a------ c:\windows\system32\oobe\images\progress.gif
2004-08-10 05:00 1190 --a------ c:\windows\system32\oobe\html\mouse\images\but1_up.gif
2004-08-10 05:00 1188 --a------ c:\windows\system32\oobe\html\mouse\images\but1_dwn.gif
2004-08-10 05:00 11746 --a------ c:\windows\system32\oobe\images\wpabtm.jpg
2004-08-10 05:00 1174050 --a------ c:\windows\system32\oobe\images\qmark.acs
2004-08-10 05:00 11376 --a------ c:\windows\system32\oobe\html\iconnect\iconnect.htm
2004-08-10 05:00 11148 --a------ c:\windows\system32\oobe\setup\prodkey.htm
2004-08-10 05:00 10567 --a------ c:\windows\system32\oobe\images\mousewn1.gif
2004-08-10 05:00 1021 --a------ c:\windows\system32\oobe\setup\dtiwait.htm
2004-01-05 20:00 693 --a------ c:\windows\system32\oobe\hpoobe\Agent\AgtCommon.js
2003-08-07 17:00 7057 --a------ c:\windows\system32\oobe\oemeula.txt
2002-09-04 02:37 1739 --a------ c:\windows\system32\oobe\images\oemlogo.JPG
2002-08-28 22:36 3188 --a------ c:\windows\system32\oobe\hpoobe\Agent\AgtSndChk1.js
2002-08-28 22:36 2927 --a------ c:\windows\system32\oobe\hpoobe\Agent\AgtSndChk2.js
2002-04-02 21:55 1611 --a------ c:\windows\system32\oobe\html\oemhw\oemhw.htm
2001-04-28 21:26 1078 --a------ c:\windows\system32\oobe\images\Register.ico

---- Directory of c:\windows\system32\ReinstallBackups ----

2006-08-23 20:55 43124 --a------ c:\windows\system32\ReinstallBackups\[u]0/u011\DriverFiles\hpqps2kb.PNF
2006-08-23 20:28 6728 --a------ c:\windows\system32\ReinstallBackups\[u]0/u012\DriverFiles\hdaudbus.PNF
2006-08-23 20:28 17068 --a------ c:\windows\system32\ReinstallBackups\[u]0/u010\DriverFiles\cpu.PNF
2006-02-02 11:35 7794 --a-s---- c:\windows\system32\ReinstallBackups\[u]0/u011\DriverFiles\hpqps2kb.cat
2006-01-14 02:47 46907 --a------ c:\windows\system32\ReinstallBackups\[u]0/u011\DriverFiles\hpqps2kb.inf
2006-01-03 00:29 191804 --a------ c:\windows\system32\ReinstallBackups\[u]0/u008\DriverFiles\machine.PNF
2006-01-03 00:29 191804 --a------ c:\windows\system32\ReinstallBackups\[u]0/u007\DriverFiles\machine.PNF
2006-01-03 00:29 191804 --a------ c:\windows\system32\ReinstallBackups\[u]0/u006\DriverFiles\machine.PNF
2006-01-03 00:29 191804 --a------ c:\windows\system32\ReinstallBackups\[u]0/u005\DriverFiles\machine.PNF
2006-01-03 00:29 191804 --a------ c:\windows\system32\ReinstallBackups\[u]0/u004\DriverFiles\machine.PNF
2006-01-03 00:29 191804 --a------ c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\machine.PNF
2006-01-03 00:29 191804 --a------ c:\windows\system32\ReinstallBackups\[u]0/u002\DriverFiles\machine.PNF
2006-01-03 00:29 191804 --a------ c:\windows\system32\ReinstallBackups\[u]0/u001\DriverFiles\machine.PNF
2006-01-03 00:29 191804 --a------ c:\windows\system32\ReinstallBackups\[u]0/u000\DriverFiles\machine.PNF
2006-01-03 00:28 17068 --a------ c:\windows\system32\ReinstallBackups\[u]0/u009\DriverFiles\cpu.PNF
2005-12-13 01:27 19072 --a------ c:\windows\system32\ReinstallBackups\[u]0/u011\DriverFiles\PS2.sys
2005-01-08 00:08 4942 --a------ c:\windows\system32\ReinstallBackups\[u]0/u012\DriverFiles\hdaudbus.inf
2005-01-08 00:07 138752 --a------ c:\windows\system32\ReinstallBackups\[u]0/u012\DriverFiles\hdaudbus.sys
2004-08-10 12:00 39552 --a------ c:\windows\system32\ReinstallBackups\[u]0/u009\DriverFiles\i386\processr.sys
2004-08-10 12:00 173854 --a------ c:\windows\system32\ReinstallBackups\[u]0/u008\DriverFiles\machine.inf
2004-08-10 12:00 173854 --a------ c:\windows\system32\ReinstallBackups\[u]0/u007\DriverFiles\machine.inf
2004-08-10 12:00 173854 --a------ c:\windows\system32\ReinstallBackups\[u]0/u006\DriverFiles\machine.inf
2004-08-10 12:00 173854 --a------ c:\windows\system32\ReinstallBackups\[u]0/u005\DriverFiles\machine.inf
2004-08-10 12:00 173854 --a------ c:\windows\system32\ReinstallBackups\[u]0/u004\DriverFiles\machine.inf
2004-08-10 12:00 173854 --a------ c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\machine.inf
2004-08-10 12:00 173854 --a------ c:\windows\system32\ReinstallBackups\[u]0/u002\DriverFiles\machine.inf
2004-08-10 12:00 173854 --a------ c:\windows\system32\ReinstallBackups\[u]0/u001\DriverFiles\machine.inf
2004-08-10 12:00 173854 --a------ c:\windows\system32\ReinstallBackups\[u]0/u000\DriverFiles\machine.inf
2004-08-10 12:00 16326 --a------ c:\windows\system32\ReinstallBackups\[u]0/u010\DriverFiles\cpu.inf
2004-08-10 12:00 16326 --a------ c:\windows\system32\ReinstallBackups\[u]0/u009\DriverFiles\cpu.inf
2004-08-03 23:45 25216 --a------ c:\windows\system32\ReinstallBackups\[u]0/u011\DriverFiles\i386\kbdclass.sys
2004-08-03 23:41 54400 --a------ c:\windows\system32\ReinstallBackups\[u]0/u011\DriverFiles\i386\i8042prt.sys

---- Directory of c:\windows\system32\Setup ----

2008-04-14 03:33 90112 --a------ c:\windows\system32\Setup\msdtcstp.dll
2008-04-14 03:33 8192 --a------ c:\windows\system32\Setup\koc.dll
2008-04-14 03:33 78336 --a------ c:\windows\system32\Setup\netoc.dll
2008-04-14 03:33 63488 --a------ c:\windows\system32\Setup\ntoc.dll
2008-04-14 03:33 34304 --a------ c:\windows\system32\Setup\tabletoc.dll
2008-04-14 03:33 32828 --a------ c:\windows\system32\Setup\fp40ext.dll
2008-04-14 03:33 274944 --a------ c:\windows\system32\Setup\comsetup.dll
2008-04-14 03:33 17408 --a------ c:\windows\system32\Setup\ocmsn.dll
2008-04-14 03:33 170496 --a------ c:\windows\system32\Setup\msmqocm.dll
2008-04-14 03:33 15872 --a------ c:\windows\system32\Setup\ocgen.dll
2008-04-14 03:33 15360 --a------ c:\windows\system32\Setup\msgrocm.dll
2008-04-14 03:33 132608 --a------ c:\windows\system32\Setup\fxsocm.dll
2008-04-14 03:33 132096 --a------ c:\windows\system32\Setup\tsoc.dll
2008-04-14 03:33 126464 --a------ c:\windows\system32\Setup\imsinsnt.dll
2008-04-14 03:33 101888 --a------ c:\windows\system32\Setup\setupqry.dll
2008-04-14 03:31 508416 --a------ c:\windows\system32\Setup\iis.dll
2004-08-10 12:00 27136 --a------ c:\windows\system32\Setup\plusoc.dll
2004-08-10 12:00 25088 --a------ c:\windows\system32\Setup\medctroc.dll
2004-08-10 12:00 24576 --a------ c:\windows\system32\Setup\ehOCGen.dll
2004-08-10 12:00 126976 --a------ c:\windows\system32\Setup\netfxocm.dll
2004-08-10 05:00 8261 --a------ c:\windows\system32\Setup\zoneoc.dll
2004-08-10 05:00 6144 --a------ c:\windows\system32\Setup\fsconins.dll

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-06 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-15 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=c:\windows\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 20:34 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-02-07 06:10 98304 c:\program files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
--a------ 2006-01-22 18:45 286720 c:\program files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-04 18:41 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-04 18:41 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 22:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-06 17:56 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-12-06 00:38 707360 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--------- 2005-08-03 02:15 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
--a------ 2004-06-07 13:05 106496 c:\windows\system32\ftutil2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-04 18:41 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 12:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ARSVC"=2 (0x2)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"FTRTSVC"=2 (0x2)
"lxcr_device"=3 (0x3)
"usnjsvc"=3 (0x3)
"MSCamSvc"=2 (0x2)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:*:Disabled:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:*:Disabled:MioNet Remote Drive Verification

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2005-11-18 70896]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-02-15 2825088]
R3 usbstor;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 F-Secure Filter;F-Secure File System Filter;c:\program files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [ ]
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [ ]
S2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [ ]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432]
S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2006-12-06 1963680]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\ZDCndis5.SYS [ ]
S4 BackWeb Plug-in - 6588780;Antivirus Firewall;c:\progra~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [ ]
S4 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - JAVAQUICKSTARTERSERVICE
.
Contenu du dossier 'Tâches planifiées'

2008-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2007-11-24 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2006-12-06 00:38]

2008-10-28 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\ANTIVI~1\ANTI-V~1\fsav.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 02:58:39
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-15 2:59:30
ComboFix-quarantined-files.txt 2008-11-15 01:59:25
ComboFix2.txt 2008-11-14 22:17:25
ComboFix3.txt 2008-11-14 21:58:16
ComboFix4.txt 2008-11-14 21:37:24
ComboFix5.txt 2008-11-15 01:55:58

Avant-CF: 190 484 840 448 octets libres
Après-CF: 190,505,996,288 octets libres

756 --- E O F --- 2008-11-15 00:28:24

Réponse 24 / 25

Utilisateur anonyme
15 nov. 2008 à 04:31

Bon,
ok :
Je me plante dans la rédaction du script :: appelle moi GroNaze

Bon supprime : C:\Program Files\AntivirusFirewall

Puis passe un coup de Ccleaner stp.

Ensute,
> Télécharge ToolsCleaner : https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/ sur ton bureau pour supprimer les boîtes de Pandore.
- Clique sur Recherche et laisse le scan agir ...
- Clique sur Suppression pour finaliser (tu peux, si tu le souhaites, te servir des Options facultatives)
- Clique sur Quitter pour obtenir le rapport et poste le dans ta réponse (TCleaner.txt se trouve à la racine de ton disque dur (C:\)).
- Supprime ToolsCleaner ensuite (il n'est pas installé dans Ajout/suppression de programmes. C'est un fichier directement exécutable : pas d'installation).

Et puis voilà.

C'est tout. Tu peux créer un point de restauration.

:)

A+

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 25

proxad
15 nov. 2008 à 04:34

merci DllD pour tout ce temps passé

t as gagné une biere quand on se verra

Utilisateur anonyme
15 nov. 2008 à 04:36

Merci mais je ne suis pas vénal !

Tous le plaisir est pour moi !

A très bientôt.

;)

Discussions similaires

Infection ?

infection ou pas?

Infection ou pas ???

Avast detecte une menace "infection URL:MAL"

Infection pc