Aller au contenu


Photo
- - - - -

( résolu )aide pour virus backdoor trojan et w32 spybot worm


  • Veuillez vous connecter pour répondre
24 réponses à ce sujet

#1 tdanny6

tdanny6

    Member

  • Membres
  • 69 messages

Posté 21 janvier 2007 - 11:17

Bonjour ,
voila je suis nouveau sur le forum ,en informatique aussi , un vrai débutant !! ( soyez indulgent SVP , merci ).
Bon voila mon problème ; il ya trois jours ,norton me signale un virus W32 spybot.worm et comme quoi il n'a pas été transmis .La même annonce est revenue plusieur fois, après recherches et différent logiciel plus rien pour l'instant ( détruit ou ??)
mais aujourd'hui vlan rebelote norton me signal un virus bakdoor trojan , 18 fois sur cet après midi. J' ai de nouveau testé avec quelques logiciels mais la rien a faire!! d'ou mon appel a l'aide .J'ai pu voir que l'on demandais souvent un rapport hijackhis, j'ai donc charger le programme ( j'espére ne pas avoir déjà fais une bêtise ? ) et analysé mon ordinateur , voici le résultat:

Logfile of HijackThis v1.99.1
Scan saved at 22:21:11, on 21/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\ezNTSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\TEMP\B8CF.tmp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\prodsrvs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skynet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: nuls Toolbar - {4acca1a7-ecc8-4c89-be52-b11919042bbf} - C:\Program Files\nuls\tbnuls.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: nuls Toolbar - {4acca1a7-ecc8-4c89-be52-b11919042bbf} - C:\Program Files\nuls\tbnuls.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Documents and Settings\ok\Mes documents\SDRmon.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\System32\prodsrvs.exe /res
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encycloped...sc/tdserver.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclas...s.com/npwwg.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.driveclea...nerstart_fr.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannel...e/KooPlayer.ocx
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137956595296
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127471785543
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pu...er/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free...p?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4...._1070_em_XP.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.asian-x.o.../asian-x_an.exe
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carped...AccesMembre.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.movi.../cabs/msway.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...942/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16....ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{12C8F930-42F1-4562-B0BE-78A1B34985C6}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{12C8F930-42F1-4562-B0BE-78A1B34985C6}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{12C8F930-42F1-4562-B0BE-78A1B34985C6}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\System32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\ok\LOCALS~1\Temp\ieupdate.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Voila si quelqu'un pouvais m'aidé car moi j'y comprend absolument rien.
En remerciant déjà toutes personne qui pourrais m'éclairez dans tous sa.
Merci. :P
Danny

Modifié par tdanny6, 23 janvier 2007 - 12:18 .

  • 0

PUBLICITÉ

    Annonces Google

#2 Thanos

Thanos

    Devil Member !

  • Equipe Sécurité+
  • 15882 messages

Posté 21 janvier 2007 - 11:24

salut et bienvenue

* Télécharge DiagHelp.exe sur ton bureau
  • quitte toutes les applications en cours, il va y avoir un redémarrage de ton pc.
  • Double-clique sur DiagHelp.exe : une fenêtre cmd va s'ouvrir, choisis l'option 1
  • On te demandera d'appuyer sur une touche lorsque le scan est terminé: le pc va alors redémarrer.
  • au redémarrage du pc copie/colle le contenu du bloc-note qui vient de s'ouvrir, dans ton prochain post.
Télécharge Blacklight (de F-Secure); clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

Le pc est infecté par Magic Control Agent entre autres. Poste stp ces rapports
  • 0

#3 tdanny6

tdanny6

    Member

  • Membres
  • 69 messages

Posté 22 janvier 2007 - 12:14

Un grand merci pour l'aide et surtout pour la rapidité.
Voila pour diaghelp.exe pas de redémarrage mais ouverture du bloc note, voici le contenu;

C:\WINDOWS\System32\nvapps.xml -->21/01/2007 23:40:24
C:\WINDOWS\System32\wpa.dbl -->21/01/2007 20:25:03
C:\WINDOWS\System32\i -->19/01/2007 21:56:24
C:\WINDOWS\System32\Uninstall.ico -->19/01/2007 16:02:50
C:\WINDOWS\System32\pavas.ico -->19/01/2007 16:02:50
C:\WINDOWS\System32\Help.ico -->19/01/2007 16:02:50
C:\WINDOWS\System32\update77526596.exe -->19/01/2007 0:06:30
C:\WINDOWS\System32\RunOnce.t__ -->19/01/2007 0:06:30
C:\WINDOWS\System32\crypts.dll -->19/01/2007 0:06:27
C:\WINDOWS\System32\update00822631.exe -->19/01/2007 0:06:24
C:\WINDOWS\System32\RunOnce.tm_ -->19/01/2007 0:06:15
C:\WINDOWS\System32\nvs2.inf -->17/01/2007 15:27:32
C:\WINDOWS\System32\prodsrvs.exe -->10/01/2007 10:35:26
C:\WINDOWS\System32\mmc.exe.config -->9/01/2007 14:13:32
C:\WINDOWS\System32\MRT.exe -->3/01/2007 0:19:44
C:\WINDOWS\System32\ElbyCDIO.dll -->13/12/2006 21:24:42
C:\WINDOWS\System32\WgaTray.exe -->17/11/2006 21:08:28
C:\WINDOWS\System32\WgaLogon.dll -->17/11/2006 21:08:28
C:\WINDOWS\System32\LegitCheckControl.DLL -->30/10/2006 11:25:08
C:\WINDOWS\System32\PerfStringBackup.INI -->29/10/2006 12:02:47
C:\WINDOWS\System32\perfh00C.dat -->29/10/2006 12:02:47
C:\WINDOWS\System32\perfh009.dat -->29/10/2006 12:02:47
C:\WINDOWS\System32\perfc00C.dat -->29/10/2006 12:02:47
C:\WINDOWS\System32\perfc009.dat -->29/10/2006 12:02:47
C:\WINDOWS\System32\QuickTimeVR.qtx -->25/10/2006 19:15:06

C:\WINDOWS.log -->21/01/2007 23:39:31
C:\WINDOWS\WindowsUpdate.log -->21/01/2007 23:39:29
C:\WINDOWS\wiadebug.log -->21/01/2007 23:39:28
C:\WINDOWS\wiaservc.log -->21/01/2007 23:39:27
C:\WINDOWS\bootstat.dat -->21/01/2007 23:39:24
C:\WINDOWS\tmlpcert2007 -->21/01/2007 21:15:40
C:\WINDOWS\setupapi.log -->21/01/2007 21:06:16
C:\WINDOWS\NeroDigital.ini -->21/01/2007 20:52:49
C:\WINDOWS\SchedLgU.Txt -->21/01/2007 20:23:43
C:\WINDOWS\AUTOLNCH.REG -->21/01/2007 18:32:12
C:\WINDOWS\MEMORY.DMP -->19/01/2007 21:43:16
C:\WINDOWS\pavsig.txt -->19/01/2007 16:02:56
C:\WINDOWS\9129837.exe -->19/01/2007 0:06:28
C:\WINDOWS\pack.epk -->17/01/2007 15:27:19
C:\WINDOWS\Ulead32.ini -->17/01/2007 1:05:28

C:\WINDOWS\9129837.exe |19/01/2007 00:06:35
C:\WINDOWS\htpatch.exe |02/09/2003 15:11:48
C:\WINDOWS\InstIt.exe |13/10/2004 10:35:41
C:\WINDOWS\IsUn040c.exe |02/09/2003 15:11:18
C:\WINDOWS\IsUninst.exe |11/09/2003 20:27:33
C:\WINDOWS\mHotkey.exe |13/10/2004 10:35:41
C:\WINDOWS\NuNinst.exe |27/11/2003 13:11:25
C:\WINDOWS\PATCH.EXE |08/06/2004 23:30:51
C:\WINDOWS\runtsckl.exe |24/03/2004 17:22:16
C:\WINDOWS\SkyCancel.exe |09/09/2004 23:16:22
C:\WINDOWS\SkyEnd.exe |09/09/2004 23:16:21
C:\WINDOWS\SkyEnd2.exe |09/09/2004 23:16:21
C:\WINDOWS\SkyGoOn.exe |09/09/2004 23:16:20
C:\WINDOWS\SynCor.exe |02/09/2003 15:12:08
C:\WINDOWS\tsc.exe |08/06/2004 23:31:19
C:\WINDOWS\twunk_16.exe |30/09/2001 11:49:06
C:\WINDOWS\twunk_32.exe |30/09/2001 11:49:06
C:\WINDOWS\UNIDRV.exe |28/12/2003 19:01:30
C:\WINDOWS\unin040c.exe |05/09/2003 08:16:01
C:\WINDOWS\uninst.exe |02/09/2003 22:00:44
C:\WINDOWS\UNNERO.exe |28/12/2003 18:53:07
C:\WINDOWS\UNNeroNET.exe |27/11/2003 14:33:14
C:\WINDOWS\UNNeroVision.exe |25/11/2005 05:33:14
C:\WINDOWS\UNNMIX.exe |12/11/2006 22:20:23
C:\WINDOWS\UNNMP.exe |08/01/2005 12:58:47
C:\WINDOWS\UNNVEContent.exe |21/10/2006 22:39:16
C:\WINDOWS\UnSiSUSB.exe |07/04/2004 21:06:17
C:\WINDOWS\unvise32.exe |02/12/2003 10:56:02
C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20
C:\WINDOWS\BPMNT.dll |08/06/2004 23:31:19
C:\WINDOWS\HCExtOutput.dll |08/06/2004 23:31:19
C:\WINDOWS\HIDMNT.dll |13/10/2004 10:35:41
C:\WINDOWS\loadhttp.dll |15/10/2002 13:29:40
C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46
C:\WINDOWS\SynthCoreA.Dll |02/09/2003 15:12:08
C:\WINDOWS\TMUPDATE.DLL |08/06/2004 23:30:52
C:\WINDOWS\twain.dll |30/09/2001 11:49:06
C:\WINDOWS\twain_32.dll |30/09/2001 11:49:06
C:\WINDOWS\UNZIP.DLL |08/06/2004 23:30:51
C:\WINDOWS\vsapi32.dll |08/06/2004 23:31:19
C:\WINDOWS\winio.dll |02/09/2003 15:11:48
C:\WINDOWS\system32\append.exe |30/09/2001 11:47:50
C:\WINDOWS\system32\asuninst.exe |19/01/2007 15:36:17
C:\WINDOWS\system32\CleanUp.exe |02/09/2003 15:12:03
C:\WINDOWS\system32\debug.exe |30/09/2001 11:47:58
C:\WINDOWS\system32\DivXsm.exe |23/11/2005 05:00:00
C:\WINDOWS\system32\dms4UVCon.exe |20/08/2005 12:49:48
C:\WINDOWS\system32\dosx.exe |30/09/2001 11:48:00
C:\WINDOWS\system32\DSndUp.exe |02/09/2003 15:12:03
C:\WINDOWS\system32\dvdplay.exe |23/08/2001 18:47:34
C:\WINDOWS\system32\edlin.exe |30/09/2001 11:48:12
C:\WINDOWS\system32\exe2bin.exe |30/09/2001 11:48:14
C:\WINDOWS\system32\ezMAPIHelper.exe |06/07/2005 20:55:30
C:\WINDOWS\system32\ezntsvc.exe |06/07/2005 20:55:30
C:\WINDOWS\system32\ezSetup.exe |06/07/2005 20:55:30
C:\WINDOWS\system32\ezShellStart.exe |06/07/2005 20:55:29
C:\WINDOWS\system32\ezUninst.exe |06/07/2005 20:55:30
C:\WINDOWS\system32\fastopen.exe |30/09/2001 11:48:14
C:\WINDOWS\system32\keystone.exe |20/09/2006 16:25:00
C:\WINDOWS\system32\mem.exe |30/09/2001 11:48:26
C:\WINDOWS\system32\mscdexnt.exe |30/09/2001 11:48:30
C:\WINDOWS\system32\NeroCheck.exe |11/11/2003 13:28:12
C:\WINDOWS\system32\nlsfunc.exe |30/09/2001 11:48:40
C:\WINDOWS\system32\nvappbar.exe |20/09/2006 16:25:00
C:\WINDOWS\system32\nvcolor.exe |20/09/2006 16:25:00
C:\WINDOWS\system32\nvcplui.exe |20/09/2006 16:25:00
C:\WINDOWS\system32\nvdspsch.exe |20/09/2006 16:25:00
C:\WINDOWS\system32\nvsvc32(2).exe |02/09/2003 15:15:40
C:\WINDOWS\system32\nvsvc32(4).exe |06/10/2003 14:16:00
C:\WINDOWS\system32\nvsvc32.exe |20/09/2006 16:25:00
C:\WINDOWS\system32\nvudisp.exe |08/12/2003 02:07:00
C:\WINDOWS\system32\NVUNINST.EXE |16/11/2006 08:48:43
C:\WINDOWS\system32\nwiz.exe |20/09/2006 16:25:00
C:\WINDOWS\system32\prodsrvs.exe |21/01/2007 21:06:15
C:\WINDOWS\system32\redir.exe |30/09/2001 11:48:54
C:\WINDOWS\system32\setver.exe |30/09/2001 11:48:58
C:\WINDOWS\system32\share.exe |30/09/2001 11:48:58
C:\WINDOWS\system32\SymTdiRg.exe |07/09/2003 14:54:44
C:\WINDOWS\system32\update00822631.exe |19/01/2007 00:06:21
C:\WINDOWS\system32\update77526596.exe |19/01/2007 00:06:30
C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 18:47:48
C:\WINDOWS\system32\usrprbda.exe |23/08/2001 18:47:48
C:\WINDOWS\system32\usrshuta.exe |23/08/2001 18:47:48
C:\WINDOWS\system32\a3d.dll |02/09/2003 15:12:04
C:\WINDOWS\system32\AcubeStrE.dll |20/08/2005 12:49:48
C:\WINDOWS\system32\AcubeStrK.dll |20/08/2005 12:49:48
C:\WINDOWS\system32\amstream.dll |10/11/2003 01:11:02
C:\WINDOWS\system32\atmfd.dll |30/09/2001 11:47:52
C:\WINDOWS\system32\atmlib.dll |30/09/2001 11:47:52
C:\WINDOWS\system32\Audio3d.dll |02/09/2003 15:12:05
C:\WINDOWS\system32\Camext30.dll |26/11/2003 20:28:17
C:\WINDOWS\system32\CamUsd30.dll |13/11/2003 20:52:24
C:\WINDOWS\system32\CCPASSWD.DLL |07/09/2003 22:14:59
C:\WINDOWS\system32\CCTRUST.DLL |07/09/2003 22:14:59
C:\WINDOWS\system32\compatUI.dll |30/09/2001 11:47:56
C:\WINDOWS\system32\CryptoSeed.dll |20/08/2005 12:49:48
C:\WINDOWS\system32\crypts.dll |19/01/2007 00:06:27
C:\WINDOWS\system32\dgrpsetu.dll |02/09/2003 14:36:23
C:\WINDOWS\system32\dgsetup.dll |02/09/2003 14:36:23
C:\WINDOWS\system32\DivX.dll |07/12/2005 18:05:50
C:\WINDOWS\system32\DivXc32.dll |01/04/2000 04:35:00
C:\WINDOWS\system32\DivXc32f.dll |01/04/2000 04:35:00
C:\WINDOWS\system32\divxdec_0407.dll |26/10/2004 23:38:18
C:\WINDOWS\system32\divxdec_040c.dll |26/10/2004 23:38:18
C:\WINDOWS\system32\divxdec_0411.dll |26/10/2004 23:38:18
C:\WINDOWS\system32\divx_xx07.dll |07/12/2005 18:05:49
C:\WINDOWS\system32\divx_xx0c.dll |07/12/2005 18:05:49
C:\WINDOWS\system32\divx_xx11.dll |07/12/2005 18:05:48
C:\WINDOWS\system32\dpl100.dll |27/10/2005 20:37:44
C:\WINDOWS\system32\dpu10.dll |27/10/2005 20:37:43
C:\WINDOWS\system32\dpu11.dll |27/10/2005 20:37:43
C:\WINDOWS\system32\dpuGUI10.dll |27/10/2005 20:37:47
C:\WINDOWS\system32\dpuGUI11.dll |27/10/2005 20:37:44
C:\WINDOWS\system32\dpus10.dll |13/08/2004 23:24:57
C:\WINDOWS\system32\dpus11.dll |27/10/2005 20:37:43
C:\WINDOWS\system32\dpv10.dll |13/08/2004 23:24:57
C:\WINDOWS\system32\dpv11.dll |27/10/2005 20:37:43
C:\WINDOWS\system32\dtu100.dll |27/10/2005 20:37:43
C:\WINDOWS\system32\dunzip32.dll |13/11/2005 06:47:54
C:\WINDOWS\system32\dzip32.dll |13/11/2005 06:47:54
C:\WINDOWS\system32\EDCode.dll |20/08/2005 12:49:48
C:\WINDOWS\system32\EDCodeCom.dll |20/08/2005 12:49:49
C:\WINDOWS\system32\EGDHTML_1024.dll |13/11/2003 11:54:08
C:\WINDOWS\system32\ElbyCDIO.dll |13/12/2006 21:24:42
C:\WINDOWS\system32\EqnClass.Dll |02/09/2003 14:36:22
C:\WINDOWS\system32\ezBook.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezEMail.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezFileImport.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezHints.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezLicPrompt.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezMenu.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezPrint.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezRas.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezScore.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezShell.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezSubs.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezUPBHook.dll |06/07/2005 20:55:29
C:\WINDOWS\system32\ezUtils.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\ezWizard.dll |13/06/2005 11:00:00
C:\WINDOWS\system32\GEARAspi.dll |19/09/2006 15:43:58
C:\WINDOWS\system32\GZIPLibMinorEx.dll |20/08/2005 12:49:48
C:\WINDOWS\system32\hpfinst.dll |12/09/2001 17:46:47
C:\WINDOWS\system32\hpgmastr.dll |03/09/2003 19:31:02
C:\WINDOWS\system32\hpgmatk.dll |03/09/2003 19:31:02
C:\WINDOWS\system32\hpgmausd.dll |03/09/2003 19:31:01
C:\WINDOWS\system32\hpgreg32.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\HPODXPAT.DLL |27/05/2004 15:00:52
C:\WINDOWS\system32\HPptp02.dll |07/11/2003 13:54:51
C:\WINDOWS\system32\HPptp03.dll |20/03/2003 10:57:22
C:\WINDOWS\system32\hpsj32.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\hpsjvset.dll |03/09/2003 19:31:01
C:\WINDOWS\system32\hpzcoi03.dll |23/07/2001 19:01:39
C:\WINDOWS\system32\hpzcoi04.dll |12/09/2001 17:47:20
C:\WINDOWS\system32\hpzcon03.dll |23/07/2001 19:01:40
C:\WINDOWS\system32\hpzcon04.dll |12/09/2001 17:47:20
C:\WINDOWS\system32\hpzlnt03.dll |25/10/2003 01:25:39
C:\WINDOWS\system32\hpzlnt04.dll |12/09/2001 17:47:22
C:\WINDOWS\system32\hticons.dll |02/09/2003 08:03:37
C:\WINDOWS\system32\hypertrm.dll |02/09/2003 08:03:37
C:\WINDOWS\system32\ic32.dll |05/09/2003 08:10:21
C:\WINDOWS\system32\iccvid.dll |30/09/2001 11:48:20
C:\WINDOWS\system32\IDEproperty.dll |02/09/2003 15:11:29
C:\WINDOWS\system32\imagr5.dll |28/10/2003 22:47:27
C:\WINDOWS\system32\imagx5.dll |28/10/2003 22:47:27
C:\WINDOWS\system32\ImagX7.dll |08/01/2005 12:52:03
C:\WINDOWS\system32\ImagXpr5.dll |28/10/2003 22:47:27
C:\WINDOWS\system32\ImagXpr7.dll |08/01/2005 12:52:04
C:\WINDOWS\system32\ImagXR7.dll |08/01/2005 12:52:05
C:\WINDOWS\system32\ImagXRA7.dll |08/01/2005 12:52:06
C:\WINDOWS\system32\ipeapi12.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\ipebase12.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\ipeistor12.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\ir32_32.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\ir41_qc.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\ir41_qcx.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\ir50_32.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\ir50_qc.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\ir50_qcx.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\isrdbg32.dll |02/09/2003 08:05:08
C:\WINDOWS\system32\Iticheck.dll |10/10/1998 23:07:38
C:\WINDOWS\system32\itidat.dll |21/05/1999 21:37:16
C:\WINDOWS\system32\itidib.dll |21/05/1999 21:37:28
C:\WINDOWS\system32\itiimg2.dll |15/07/1998 20:40:50
C:\WINDOWS\system32\Jgar500.dll |07/11/2003 13:56:39
C:\WINDOWS\system32\jgaw400.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\jgdw400.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\Jgdw500.dll |07/11/2003 13:56:39
C:\WINDOWS\system32\Jgid500.dll |07/11/2003 13:56:39
C:\WINDOWS\system32\jgmd400.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\Jgme500.dll |07/11/2003 13:56:39
C:\WINDOWS\system32\jgpl400.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\Jgpl500.dll |07/11/2003 13:56:39
C:\WINDOWS\system32\jgsd400.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\jgsh400.dll |30/09/2001 11:48:22
C:\WINDOWS\system32\Jgst500.dll |07/11/2003 13:56:39
C:\WINDOWS\system32\LCodcCMP.dll |07/11/2003 13:54:29
C:\WINDOWS\system32\ldf252.dll |07/11/2003 13:56:40
C:\WINDOWS\system32\lfavi11n.dll |26/11/2003 20:42:38
C:\WINDOWS\system32\lfbmp11n.dll |26/11/2003 20:29:19
C:\WINDOWS\system32\lfbmp13n.dll |14/01/2005 15:41:59
C:\WINDOWS\system32\LFCMP11n.DLL |26/11/2003 20:29:19
C:\WINDOWS\system32\lfcmp13n.dll |14/01/2005 15:41:59
C:\WINDOWS\system32\LFCMP70n.DLL |03/09/2003 19:31:53
C:\WINDOWS\system32\lffax11n.dll |26/11/2003 20:29:19
C:\WINDOWS\system32\lffax70n.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\lffpx11n.dll |26/11/2003 20:29:19
C:\WINDOWS\system32\Lffpx7.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\lffpx70n.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\lfgif13n.dll |14/01/2005 15:42:00
C:\WINDOWS\system32\lfgif70n.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\Lfkodak.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\lfpct11n.dll |26/11/2003 20:42:36
C:\WINDOWS\system32\lfpcx11n.dll |26/11/2003 20:42:36
C:\WINDOWS\system32\lfpcx70n.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\Lfpng11n.dll |26/11/2003 20:42:36
C:\WINDOWS\system32\lfpng70n.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\lfpsd11n.dll |26/11/2003 20:42:36
C:\WINDOWS\system32\lftga11n.dll |26/11/2003 20:42:36
C:\WINDOWS\system32\lftif11n.dll |26/11/2003 20:42:36
C:\WINDOWS\system32\lftif70n.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\lfwfx11n.dll |26/11/2003 20:42:36
C:\WINDOWS\system32\libdivx.dll |28/09/2005 19:50:04
C:\WINDOWS\system32\LTDIS11n.dll |26/11/2003 20:42:36
C:\WINDOWS\system32\ltdis13n.dll |14/01/2005 15:41:59
C:\WINDOWS\system32\ltefx11n.dll |26/11/2003 20:42:38
C:\WINDOWS\system32\ltefx13n.dll |14/01/2005 15:41:59
C:\WINDOWS\system32\ltfil11n.DLL |26/11/2003 20:29:19
C:\WINDOWS\system32\ltfil13n.dll |14/01/2005 15:41:59
C:\WINDOWS\system32\ltfil70n.DLL |03/09/2003 19:31:53
C:\WINDOWS\system32\ltimg11n.dll |26/11/2003 20:42:38
C:\WINDOWS\system32\ltimg13n.dll |14/01/2005 15:41:59
C:\WINDOWS\system32\ltkrn11n.dll |26/11/2003 20:42:38
C:\WINDOWS\system32\ltkrn13n.dll |14/01/2005 15:41:59
C:\WINDOWS\system32\ltkrn70n.dll |03/09/2003 19:31:53
C:\WINDOWS\system32\lttwn11n.dll |26/11/2003 20:42:38
C:\WINDOWS\system32\lwf214p.dll |07/11/2003 13:56:40
C:\WINDOWS\system32\lyc_language.dll |29/09/2004 19:57:20
C:\WINDOWS\system32\mciqtz32.dll |10/11/2003 01:11:02
C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 18:47:06
C:\WINDOWS\system32\msdmo.dll |02/09/2003 15:16:35
C:\WINDOWS\system32\msencode.dll |30/08/2002 18:24:06
C:\WINDOWS\system32\msssc.dll |02/09/2003 15:12:01
C:\WINDOWS\system32\nv4_disp(3).dll |02/09/2003 15:15:40
C:\WINDOWS\system32\nv4_disp(4).dll |06/10/2003 14:16:00
C:\WINDOWS\system32\nv4_disp.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvapi.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvcod(3).dll |06/10/2003 14:16:00
C:\WINDOWS\system32\nvcod.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvcodins.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvcpl.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvcpluir.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvdisps.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvdispsr.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvexpbar.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvgames.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvgamesr.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvhwvid.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nview.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvmccs.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvmccsrs.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvmccss.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvmccssr.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvmctray.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvmobls.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvmoblsr.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvnt4cpl.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvoglnt.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvrsar.dll |28/10/2003 22:57:16
C:\WINDOWS\system32\nvrscs.dll |28/10/2003 22:57:19
C:\WINDOWS\system32\nvrsda.dll |28/10/2003 22:57:20
C:\WINDOWS\system32\nvrsde.dll |28/10/2003 22:57:21
C:\WINDOWS\system32\nvrsel.dll |28/10/2003 22:57:22
C:\WINDOWS\system32\nvrseng.dll |28/10/2003 22:57:23
C:\WINDOWS\system32\nvrses.dll |28/10/2003 22:57:23
C:\WINDOWS\system32\nvrsesm.dll |28/10/2003 22:57:24
C:\WINDOWS\system32\nvrsfi.dll |28/10/2003 22:57:25
C:\WINDOWS\system32\nvrsfr.dll |28/10/2003 22:57:26
C:\WINDOWS\system32\nvrshe.dll |28/10/2003 22:57:27
C:\WINDOWS\system32\nvrshu.dll |28/10/2003 22:57:30
C:\WINDOWS\system32\nvrsit.dll |28/10/2003 22:57:31
C:\WINDOWS\system32\nvrsja.dll |28/10/2003 22:57:32
C:\WINDOWS\system32\nvrsko.dll |28/10/2003 22:57:34
C:\WINDOWS\system32\nvrsnl.dll |28/10/2003 22:57:37
C:\WINDOWS\system32\nvrsno.dll |28/10/2003 22:57:38
C:\WINDOWS\system32\nvrspl.dll |28/10/2003 22:57:39
C:\WINDOWS\system32\nvrspt.dll |28/10/2003 22:57:40
C:\WINDOWS\system32\nvrsptb.dll |28/10/2003 22:57:40
C:\WINDOWS\system32\nvrsru.dll |28/10/2003 22:57:41
C:\WINDOWS\system32\nvrssk.dll |28/10/2003 22:57:42
C:\WINDOWS\system32\nvrssl.dll |28/10/2003 22:57:43
C:\WINDOWS\system32\nvrssv.dll |28/10/2003 22:57:44
C:\WINDOWS\system32\nvrstr.dll |28/10/2003 22:57:45
C:\WINDOWS\system32\nvrszhc.dll |28/10/2003 22:57:46
C:\WINDOWS\system32\nvrszht.dll |28/10/2003 22:57:47
C:\WINDOWS\system32\nvshell.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvvitvs.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvvitvsr.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvwddi.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvwdmcpl.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvwimg.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvwrsar.dll |28/10/2003 22:57:19
C:\WINDOWS\system32\nvwrscs.dll |28/10/2003 22:57:19
C:\WINDOWS\system32\nvwrsda.dll |28/10/2003 22:57:20
C:\WINDOWS\system32\nvwrsde.dll |28/10/2003 22:57:21
C:\WINDOWS\system32\nvwrsel.dll |28/10/2003 22:57:22
C:\WINDOWS\system32\nvwrseng.dll |28/10/2003 22:57:23
C:\WINDOWS\system32\nvwrses.dll |28/10/2003 22:57:24
C:\WINDOWS\system32\nvwrsesm.dll |28/10/2003 22:57:25
C:\WINDOWS\system32\nvwrsfi.dll |28/10/2003 22:57:26
C:\WINDOWS\system32\nvwrsfr.dll |28/10/2003 22:57:27
C:\WINDOWS\system32\nvwrshe.dll |28/10/2003 22:57:29
C:\WINDOWS\system32\nvwrshu.dll |28/10/2003 22:57:30
C:\WINDOWS\system32\nvwrsit.dll |28/10/2003 22:57:31
C:\WINDOWS\system32\nvwrsja.dll |28/10/2003 22:57:34
C:\WINDOWS\system32\nvwrsko.dll |28/10/2003 22:57:36
C:\WINDOWS\system32\nvwrsnl.dll |28/10/2003 22:57:37
C:\WINDOWS\system32\nvwrsno.dll |28/10/2003 22:57:38
C:\WINDOWS\system32\nvwrspl.dll |28/10/2003 22:57:39
C:\WINDOWS\system32\nvwrspt.dll |28/10/2003 22:57:40
C:\WINDOWS\system32\nvwrsptb.dll |28/10/2003 22:57:41
C:\WINDOWS\system32\nvwrsru.dll |28/10/2003 22:57:42
C:\WINDOWS\system32\nvwrssk.dll |28/10/2003 22:57:43
C:\WINDOWS\system32\nvwrssl.dll |28/10/2003 22:57:44
C:\WINDOWS\system32\nvwrssv.dll |28/10/2003 22:57:45
C:\WINDOWS\system32\nvwrstr.dll |28/10/2003 22:57:45
C:\WINDOWS\system32\nvwrszhc.dll |28/10/2003 22:57:46
C:\WINDOWS\system32\nvwrszht.dll |28/10/2003 22:57:47
C:\WINDOWS\system32\nvwss.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\nvwssr.dll |20/09/2006 16:25:00
C:\WINDOWS\system32\ODBCSTF.DLL |05/09/2003 08:11:44
C:\WINDOWS\system32\ogg.dll |14/12/2002 21:46:04
C:\WINDOWS\system32\oggDS.dll |14/12/2002 21:46:04
C:\WINDOWS\system32\paqsp.dll |23/08/2001 18:47:16
C:\WINDOWS\system32\PCDLIB32.DLL |31/01/1998 23:00:00
C:\WINDOWS\system32\picn20.dll |28/10/2003 22:47:27
C:\WINDOWS\system32\pncrt.dll |24/07/2002 18:34:55
C:\WINDOWS\system32\PSIKey.dll |26/10/2004 23:38:24
C:\WINDOWS\system32\psisdecd.dll |10/11/2003 01:11:04
C:\WINDOWS\system32\qedwipes.dll |10/11/2003 01:11:02
C:\WINDOWS\system32\qt-dx331.dll |12/08/2005 22:57:09
C:\WINDOWS\system32\qt-mt331.dll |13/08/2004 23:24:57
C:\WINDOWS\system32\Roboex32.dll |07/11/2003 13:56:39
C:\WINDOWS\system32\S11thk32.dll |02/09/2003 15:12:07
C:\WINDOWS\system32\S32EVNT1.DLL |07/09/2003 14:53:24
C:\WINDOWS\system32\SftpApi.dll |20/08/2005 12:49:48
C:\WINDOWS\system32\ShttpApi.dll |20/08/2005 12:49:48
C:\WINDOWS\system32\SIMONW32.dll |05/08/2002 19:22:18
C:\WINDOWS\system32\slbcsp.dll |30/09/2001 11:48:58
C:\WINDOWS\system32\slbiop.dll |30/09/2001 11:48:58
C:\WINDOWS\system32\slbrccsp.dll |30/09/2001 11:48:58
C:\WINDOWS\system32\SMMedia.dll |02/09/2003 15:12:09
C:\WINDOWS\system32\spnike.dll |23/08/2001 18:47:18
C:\WINDOWS\system32\sprio600.dll |23/08/2001 18:47:18
C:\WINDOWS\system32\sprio800.dll |23/08/2001 18:47:18
C:\WINDOWS\system32\spxcoins.dll |02/09/2003 14:36:22
C:\WINDOWS\system32\ssldivx.dll |28/09/2005 19:50:03
C:\WINDOWS\system32\stci.dll |11/11/2003 18:37:01
C:\WINDOWS\system32\SymNeti.dll |05/04/2005 10:17:04
C:\WINDOWS\system32\SymRedir.dll |05/04/2005 10:17:04
C:\WINDOWS\system32\SymStore.dll |22/08/2004 18:01:55
C:\WINDOWS\system32\Syncor11.dll |02/09/2003 15:12:07
C:\WINDOWS\system32\SynthCore11Resources.dll |02/09/2003 15:12:07
C:\WINDOWS\system32\tsd32.dll |30/09/2001 11:49:06
C:\WINDOWS\system32\TwnLib20.dll |29/10/2003 19:06:58
C:\WINDOWS\system32\TwnLib4.dll |08/01/2005 12:52:07
C:\WINDOWS\system32\Tx32.dll |05/09/2003 08:10:21
C:\WINDOWS\system32\txobj32.dll |05/09/2003 08:10:21
C:\WINDOWS\system32\txtls32.dll |05/09/2003 08:10:21
C:\WINDOWS\system32\tx_htm32.dll |05/09/2003 08:10:21
C:\WINDOWS\system32\tx_rtf32.dll |05/09/2003 08:10:21
C:\WINDOWS\system32\tx_word.dll |05/09/2003 08:10:21
C:\WINDOWS\system32\unzip32.dll |15/07/2005 00:20:09
C:\WINDOWS\system32\usrcntra.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrcoina.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrdpa.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrdtea.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrlbva.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrv42a.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrv80a.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrvoica.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrvpa.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\virtear.dll |02/09/2003 15:12:05
C:\WINDOWS\system32\vorbis.dll |14/12/2002 21:46:04
C:\WINDOWS\system32\vorbisenc.dll |14/12/2002 21:46:04
C:\WINDOWS\system32\wdmioctl.dll |02/09/2003 15:12:09
C:\WINDOWS\system32\win87em.dll |30/09/2001 11:49:12
C:\WINDOWS\system32\WNASPI32.DLL |10/09/1999 12:06:00
C:\WINDOWS\system32\wndtls32.dll |05/09/2003 08:10:21
C:\WINDOWS\system32\xvid.dll |05/04/2003 17:17:52
C:\WINDOWS\system32\ZPORT4AS.dll |19/01/2007 15:36:17

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70B9-610B

Répertoire de C:\WINDOWS\system

10/09/1999 12:06 4.672 WOWPOST.EXE
1 fichier(s) 4.672 octets
0 Rép(s) 67.471.908.864 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70B9-610B

Répertoire de C:\WINDOWS\system32

30/09/2001 11:47 4.096 csrss.exe
1 fichier(s) 4.096 octets
0 Rép(s) 67.471.908.864 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70B9-610B

Répertoire de C:\WINDOWS\Downloaded Program Files

21/01/2007 21:06 <REP> .
21/01/2007 21:06 <REP> ..
02/07/2003 18:17 244 AccesMembre.inf
24/08/2006 08:28 141.424 asinst.dll
22/08/2006 09:06 537 asinst.inf
17/05/2006 13:32 231.072 avsniff.dll
17/05/2006 14:29 878 avsniff.inf
23/08/2005 09:39 198.256 avsniffdlgs.dll
17/05/2006 13:26 537.704 AXXPEE.dll
17/05/2006 13:29 241 CabSA.inf
12/01/2007 01:00 2.504 catalog.dat
19/01/2007 19:19 <REP> CONFLICT.1
13/12/2003 06:59 <REP> CONFLICT.2
20/03/2005 16:48 65 desktop.ini
28/10/2003 08:51 7.424 DjVuLite.inf
09/11/2006 11:01 227 driveragent.inf
09/11/2006 11:01 428.032 driveragent.ocx
12/01/2007 01:00 6.899 ecbootil.vxd
23/08/2005 09:32 42.112 ecmldr32.dll
12/01/2007 01:00 272.040 ecmsvr32.dll
15/06/2006 18:33 1.132.192 EPUWALcontrol.dll
28/03/2002 15:05 1.268 erma.inf
08/08/2006 13:28 1.563 hardwaredetection.inf
11/11/2004 21:52 113.408 HMAtchmt.ocx
23/10/2005 01:11 88.136 HPGetDownloadManager.ocx
20/10/2005 16:02 671.336 hpobjinstaller_gmn.dll
30/09/2005 11:04 714 hpobjinstaller_gmn.inf
16/05/2006 09:14 248 IaLdr32.inf
03/03/2004 14:59 393.216 imloader.exe
10/04/2001 14:25 24.576 iSetupML.dll
10/04/2001 14:24 356.352 iSetupML.exe
10/04/2001 14:25 423 isetupML.inf
25/08/2003 18:12 1.096 iuctl.inf
08/08/2006 11:45 576 kavwebscan.inf
30/12/2006 00:25 284.488 KooPlayer.ocx
24/10/2006 17:15 367 LegitCheckControl.inf
09/10/2003 18:25 225 loader.inf
18/12/2006 10:02 882 mcfscan.inf
29/05/2003 14:00 160.864 messengerstatsclient.dll
20/01/2000 15:25 1.162 Microsoft XML Parser for Java.osd
01/09/2003 11:10 2.295 MSC3.inf
29/05/2003 14:00 77.408 msgrchkr.dll
30/06/2005 14:19 227 MsnMessengerSetupDownloader.inf
13/08/2005 23:26 113.664 MsnMessengerSetupDownloader.ocx
08/10/2004 16:01 372.736 MsnPUpld.dll
17/03/2003 10:57 90.112 msway.dll
23/09/2002 14:06 304 msway.inf
26/05/2005 03:19 293 muweb.inf
11/08/2004 18:20 6.854 navapi.vxd
11/08/2004 18:20 208.896 navapi32.dll
12/01/2007 01:00 124.584 naveng32.dll
12/01/2007 01:00 882.344 navex32a.dll
17/05/2005 16:27 300.032 npwwg.dll
27/06/2001 09:37 220 npwwg.inf
29/06/2005 16:17 227 opuc.inf
17/05/2004 15:26 35.584 ProductIDGatherer.dll
25/05/2004 10:05 2.735 ProductIDGatherer.INF
22/09/2004 15:59 110.592 PURen-us.dll
31/05/2002 08:20 117.328 PURfr-be.dll
15/10/2004 07:59 110.592 PURfr-xx.dll
30/07/2003 03:45 728 qdiagh.inf
08/03/2005 15:29 <REP> rave
18/04/2003 20:11 6.638 ravllio.vxd
04/09/2003 15:00 200.704 ravonline.dll
04/09/2003 15:02 583 ravonline.inf
04/09/2003 14:33 167.936 ravscan.dll
04/09/2003 14:34 290.816 ravupdt.dll
05/03/2003 20:27 381 ravupdt.ini
17/05/2006 13:32 161.480 rufsi.dll
03/05/2004 14:39 118.784 SassCln.dll
03/05/2004 14:40 306 SASSCLN.INF
12/01/2007 01:00 97.712 scrauth.dat
06/12/2004 17:01 116.880 setup.exe
24/07/2005 18:16 16 speedup.fic
26/09/2003 10:31 53.784 SSCHECK.DLL
28/09/2003 23:33 60.072 SublimAnal.exe
27/08/2005 13:30 5.065 swflash.inf
12/01/2007 01:00 9.237 symaveng.cat
12/01/2007 01:00 1.061 symaveng.inf
07/08/2003 14:00 266 systemsoappro.inf
12/01/2007 01:00 187.905 tcdefs.dat
12/01/2007 01:00 1.196.629 tcscan7.dat
12/01/2007 01:00 325.348 tcscan8.dat
12/01/2007 01:00 736.279 tcscan9.dat
02/08/2000 12:33 224 tdserver.inf
02/08/2000 12:26 372.736 tdserver.ocx
12/01/2007 01:00 453 tinf.dat
12/01/2007 01:00 148 tinfidx.dat
12/01/2007 01:00 1.957 tinfl.dat
12/01/2007 01:00 64.232 tscan1.dat
12/01/2007 01:00 3.072 tscan1hd.dat
19/11/2006 17:24 23.600 tvichw32.sys
07/09/2006 12:15 142.848 UDC6V_0001_D19M0709NetInstaller.exe
07/09/2006 12:15 227 UDC6V_0001_D19M0709NetInstaller.inf
15/10/2005 09:28 44.137 update.log
12/01/2007 01:00 4.778 v.grd
12/01/2007 01:00 2.269 v.sig
24/07/2005 18:16 16 validate.rdb
12/01/2007 01:00 106.244 virscan.inf
12/01/2007 01:00 975.798 virscan1.dat
12/01/2007 01:00 570.042 virscan2.dat
12/01/2007 01:00 147.512 virscan3.dat
12/01/2007 01:00 320.186 virscan4.dat
12/01/2007 01:00 3.179.218 virscan5.dat
12/01/2007 01:00 390.197 virscan6.dat
12/01/2007 01:00 5.890.358 virscan7.dat
12/01/2007 01:00 1.662.499 virscan8.dat
12/01/2007 01:00 4.008.519 virscan9.dat
12/01/2007 01:00 32 virscant.dat
19/01/2007 19:35 2.072 vscanmsx.dat
06/04/2006 11:48 3.748.256 WebCleaner.dll
06/04/2006 14:44 318 WebCleaner.inf
02/03/2001 13:43 2.244 wmv8dmo.inf
27/10/2002 18:32 3.036 wmv9dmo.inf
30/06/2003 21:41 1.689 WMV9VCM.inf
26/05/2005 04:19 291 wuweb.inf
24/03/2004 17:17 1.777 xscan.inf
24/03/2004 17:22 435.712 xscan53.ocx
15/05/2002 02:25 538 Yahoo! Blackjack.osd
17/12/2004 09:55 530 Yahoo! Poker.osd
12/01/2007 01:00 224 zdone.dat
116 fichier(s) 33.506.377 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

19/01/2007 19:19 <REP> .
19/01/2007 19:19 <REP> ..
31/03/2004 15:40 393.216 imloader.exe
15/07/2005 00:19 116.880 setup.exe
2 fichier(s) 510.096 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.2

13/12/2003 06:59 <REP> .
13/12/2003 06:59 <REP> ..
0 fichier(s) 0 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\rave

08/03/2005 15:29 <REP> .
08/03/2005 15:29 <REP> ..
30/03/2005 17:08 305.189 avirexe.vdm
17/06/2003 18:31 119.120 avirscr.vdm
06/05/2003 17:51 98.350 base.vdm
11/06/2005 18:50 214.150 daily.vdm
11/06/2005 18:50 42.893 daily.vdt
25/02/2003 16:54 19.135 filters.vdm
24/06/2003 09:34 49.628 kernel.vdk
30/10/2002 17:35 265 keyring.vdk
25/02/2003 16:54 1.956 mapi_vdm.vdm
30/10/2002 17:35 265 modules.vdk
17/05/2005 13:35 1.959.486 rav8def.vdm
06/12/2004 20:18 22.482 rufs.vdm
04/06/2003 17:24 64.967 rufsplg.vdm
06/05/2003 13:01 112.783 unarch.vdm
24/06/2003 09:34 45.209 unmail.vdm
07/05/2004 12:50 158.229 unpack.vdm
16 fichier(s) 3.214.107 octets

Total des fichiers listés :
134 fichier(s) 37.230.580 octets
11 Rép(s) 67.471.900.672 octets libres

Recherche de rootkit! (Merci S!Ri)
infection possible Magic.Control : un scan F-Secure BlackLight est recommandé

Recherche d'infections connues




Liste des programmes installes

[ KKE+ - Ver:1.0 ]
a-squared Free 2.1
ACDSee
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Edition Découverte
Adobe Reader 7.0.9 - Français
Ahead NeroMIX
Ahead NeroNET
Alien Sky
AnyDVD
Apple Software Update
Archiveur WinRAR
Assistant Publication de sites Web 1.52 de Microsoft
AutoUpdate
Barre d'outils MSN
CleanUp!
CloneDVD
CloneDVD2
Compel Adaptec WinASPI
Complément MSN pour Windows Messenger
Correctif pour DirectX 9 - KB839643
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
Correctif Windows XP - Article Base de Connaissances 834707
Correctif Windows XP - KB823559
Correctif Windows XP - KB824141
Correctif Windows XP - KB824146
Correctif Windows XP - KB825119
Correctif Windows XP - KB828028
Correctif Windows XP - KB828035
Correctif Windows XP - KB828741
Correctif Windows XP - KB829558
Correctif Windows XP - KB833987
Correctif Windows XP - KB835732
Correctif Windows XP - KB837001
Correctif Windows XP - KB839645
Correctif Windows XP - KB840315
Correctif Windows XP - KB840374
Correctif Windows XP - KB840987
Correctif Windows XP - KB841356
Correctif Windows XP - KB841533
Correctif Windows XP - KB841873
Correctif Windows XP - KB842773
Correctif Windows XP - KB873376
Correctif Windows XP - KB883357
Correctif Windows XP - KB887822
Disque de souvenirs HP
DivX
DivX Player
DVD Shrink 3.2
eMule
EVEREST Home Edition v2.20
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
Futuremark Measurement Services Client
Google Toolbar for Internet Explorer
HardwareDetection
HijackThis 1.99.1
hp deskjet 920c series
hp deskjet 920c series (Supprimer uniquement)
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photosmart Essential
HP PrecisionScan LTX
HP Software Update
ImageDrive (Ahead Software)
IncrediMail Xe
Instant Access
iTunes
Java 2 Runtime Environment, SE v1.4.2_01
Kaspersky Online Scanner
Language pack for Ad-Aware SE
Lecteur Windows Media 10
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech Gaming Software
Macromedia Shockwave Player
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internet Explorer 6 SP1
Microsoft Office PowerPoint Viewer 2003
Mise à jour de licences personnelles
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN Messenger 7.5
Music Manager
Nero Digital
Nero Suite
NeroVision Express Content
Norton AntiVirus 2003
Norton WMI Update
nuls Toolbar
NVIDIA Drivers
Outlook Express Q823353
Package du correctif Windows XP [voir Q329115 pour plus de détails]
Panda ActiveScan
PCFriendly
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
PowerDVD
QuickTime
SafeCast Shared Components
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
Skype 3.0
Skype Plugin Manager
SLD CODEC PACK 1.5.3
SoundMAX
SpeedTouch USB Software
SpotLife
Spybot - Search & Destroy 1.4
Symantec Network Drivers Update
TomTom HOME
Ulead Photo Express 3.0 SE
USB EHCI Driver
USB Multimedia keyboard driver Ver1.02
VideoLink Mail
Visionneuse Journal Windows Microsoft
Weather tool
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix (SP1) [See Q307869 for more information]
Windows XP Hotfix (SP1) [See Q308210 for more information]
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q310437 for more information]
Windows XP Hotfix (SP1) [See Q310510 for more information]
Windows XP Hotfix (SP1) [See Q311542 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q316397 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q318388 for more information]
Windows XP Hotfix (SP1) [See Q318966 for more information]
Windows XP Hotfix (SP1) [See Q319322 for more information]
Windows XP Hotfix (SP1) [See Q320174 for more information]
Windows XP Hotfix (SP1) [See Q320552 for more information]
Windows XP Hotfix (SP1) [See Q320678 for more information]
Windows XP Hotfix (SP1) [See Q320914 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q323322 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
WinISO 5.3
WOWpapers utility
Yahoo! Toolbar
Yahoo! Toolbar



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70B9-610B

Répertoire de C:\Program Files

21/01/2007 23:43 <REP> .
21/01/2007 23:43 <REP> ..
08/03/2005 20:14 <REP> a2
10/11/2003 01:00 <REP> ACD Systems
29/11/2006 21:59 <REP> Adobe
12/11/2006 22:20 <REP> Ahead
07/09/2003 14:43 <REP> Alcatel
02/09/2003 15:12 <REP> Analog Devices
02/01/2007 16:54 <REP> Apple Software Update
19/01/2007 19:18 <REP> a-squared Free
19/01/2007 21:57 <REP> AxBx
24/09/2006 09:34 <REP> CartaGoGo
09/10/2006 00:46 <REP> ChEditorII(Flash2M,4000CH,Favorite4)
12/09/2005 01:32 <REP> CleanUp!
27/10/2003 20:41 <REP> Common Files
02/09/2003 08:04 <REP> ComPlus Applications
02/09/2003 15:37 <REP> CyberLink
05/09/2003 08:09 <REP> directx
21/01/2006 11:42 <REP> DivX
29/05/2006 18:19 <REP> DVD Shrink
15/02/2006 08:08 <REP> EasyBits For Kids
19/09/2005 18:13 <REP> eBay
21/01/2006 08:33 <REP> Elaborate Bytes
21/01/2007 18:46 <REP> eMule
26/10/2003 20:21 <REP> EuroTool
21/01/2007 23:40 <REP> Fichiers communs
19/01/2007 16:18 <REP> Google
10/11/2003 02:20 <REP> Grisoft
15/11/2006 20:15 <REP> HardwareDetection
17/11/2006 23:17 <REP> Hewlett-Packard
19/01/2007 15:39 <REP> HighMAT CD Writing Wizard
17/11/2006 23:17 <REP> HP
13/11/2005 07:55 <REP> hp deskjet 920c series
21/11/2005 23:52 <REP> IncrediMail
21/01/2007 21:06 <REP> Instant Access
17/12/2005 17:04 <REP> InstantTouch
30/12/2005 14:22 <REP> InterActual
19/01/2007 16:20 <REP> Internet Explorer
02/01/2007 16:57 <REP> iPod
19/01/2007 15:39 <REP> iTunes
15/09/2003 21:43 <REP> Java
29/11/2006 21:47 <REP> KKE+
13/10/2004 10:35 <REP> KYE
17/11/2006 22:50 <REP> Lavalys
13/09/2006 07:29 <REP> Lavasoft
14/02/2005 00:46 <REP> LizardTech
15/11/2006 20:17 <REP> Logitech
19/01/2007 16:20 <REP> Messenger
19/01/2007 22:03 <REP> MessengerSkinner
26/09/2006 08:13 <REP> Micro Application
02/09/2003 08:07 <REP> microsoft frontpage
19/01/2007 16:20 <REP> Microsoft IntelliPoint
26/12/2006 01:37 <REP> Microsoft IntelliPoint 5.5
21/01/2007 17:17 <REP> Microsoft IntelliType Pro
06/04/2005 19:43 <REP> Microsoft Office
18/11/2003 00:19 <REP> Movie Maker
02/03/2004 16:10 <REP> MSN
03/08/2004 07:26 <REP> MSN Apps
02/09/2003 08:03 <REP> MSN Gaming Zone
19/01/2007 16:21 <REP> MSN Messenger
15/07/2005 00:20 <REP> Music Manager
14/04/2004 12:06 <REP> NetMeeting
19/01/2007 22:07 <REP> Norton AntiVirus
10/11/2006 20:35 <REP> nuls
16/09/2006 12:15 <REP> OfficeUpdate11
25/04/2005 21:29 <REP> Outlook Express
16/01/2006 00:25 <REP> PCFriendly
14/09/2003 18:11 <REP> Publication Web
03/01/2007 20:11 <REP> QuickTime
15/09/2006 22:37 <REP> QuickZip4
23/10/2006 17:20 <REP> Radiac Tools
19/09/2005 21:33 <REP> ReflexiveArcade
13/09/2006 08:24 <REP> RegCleaner
20/08/2005 12:49 <REP> SAMSUNG SDS
20/03/2006 22:13 <REP> SereneScreen
02/09/2003 08:06 <REP> Services en ligne
20/10/2006 21:27 <REP> SetEditKaon
10/11/2003 02:20 226.067 setup.lns
07/04/2004 21:11 <REP> SiSLan
26/12/2006 01:14 <REP> Skype
28/11/2003 03:56 <REP> SLD CODEC PACK 1.5.3
25/04/2005 09:23 <REP> SlySoft
19/01/2007 16:22 <REP> Spybot - Search & Destroy
26/09/2006 06:43 <REP> Sybex
18/09/2006 20:19 <REP> Symantec
27/02/2005 02:54 <REP> SymNetDrv
22/11/2006 20:39 <REP> TomTom DesktopSuite
18/11/2006 10:18 <REP> TomTom HOME
29/05/2006 18:16 <REP> tradfr.com
16/01/2006 00:25 <REP> Ubi Soft
29/05/2006 17:20 <REP> Ulead Systems
26/09/2006 07:37 <REP> Uninstall Information
30/12/2003 22:24 <REP> video
12/12/2006 20:47 <REP> VideoLAN
26/11/2003 20:45 <REP> VideoLink Mail
05/12/2003 21:08 <REP> Virtools Web Player 2.0
29/12/2003 18:58 <REP> WinASPI
14/11/2003 19:41 <REP> Windows Journal Viewer
13/11/2005 06:47 <REP> Windows Media Bonus Pack for Windows XP
19/01/2007 16:24 <REP> Windows Media Player
24/09/2006 11:22 <REP> Windows NT
22/01/2006 20:06 <REP> WindowsUpdate
21/10/2006 22:17 <REP> WinISO
19/01/2007 15:39 <REP> WinRAR
13/11/2005 05:55 <REP> WMV9_VCM
02/09/2003 08:07 <REP> xerox
1 fichier(s) 226.067 octets
105 Rép(s) 67.472.793.600 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70B9-610B

Répertoire de C:\Program Files\fichiers communs

21/01/2007 23:40 <REP> .
21/01/2007 23:40 <REP> ..
11/12/2006 13:57 <REP> Adobe
08/01/2005 12:57 <REP> Ahead
17/11/2006 23:06 <REP> HP
15/07/2005 00:19 <REP> InstallShield
15/09/2003 21:42 <REP> Java
16/11/2006 08:51 <REP> Logitech
15/10/2005 02:22 <REP> Macrovision Shared
26/09/2006 07:37 <REP> Microsoft Shared
02/09/2003 08:04 <REP> MSSoap
18/12/2004 11:53 <REP> Oberon Media
02/09/2003 14:36 <REP> ODBC
02/12/2003 10:55 <REP> Real
20/03/2005 16:48 <REP> Services
26/12/2006 01:14 <REP> Skype
26/11/2003 20:44 <REP> Smith Micro Shared
02/09/2003 14:36 <REP> SpeechEngines
21/01/2007 23:41 <REP> Symantec Shared
13/12/2005 00:02 <REP> System
0 fichier(s) 0 octets
20 Rép(s) 67.472.793.600 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70B9-610B

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

02/09/2003 08:16 <REP> .
02/09/2003 08:16 <REP> ..
18/05/2001 16:57 561.209 MSONSEXT.DLL
03/06/1999 13:09 122.937 MSOWS409.DLL
07/03/2001 08:00 127.033 MSOWS40c.DLL
3 fichier(s) 811.179 octets
2 Rép(s) 67.472.789.504 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70B9-610B

Répertoire de C:\Program Files\common files

27/10/2003 20:41 <REP> .
27/10/2003 20:41 <REP> ..
27/10/2003 20:41 <REP> Microsoft Shared
03/08/2004 07:42 <REP> System
0 fichier(s) 0 octets
4 Rép(s) 67.472.789.504 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70B9-610B

Répertoire de C:\

11/11/2001 00:00 68.096 diff.exe
27/08/2006 14:10 103.424 grep.exe
2 fichier(s) 171.520 octets
0 Rép(s) 67.472.789.504 octets libres
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Menu Démarrer\Programmes\IDEUtil\SISIDE.exe
c:\Documents and Settings\ok\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\ok\Application Data\Dossier de téléchargement Share-to-Web \eMule0.30c-Installer.exe
c:\Documents and Settings\ok\Application Data\Image Zone Express\HPSoftwareUpdate.exe
c:\Documents and Settings\ok\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\ok\Bureau\DiagHelp.exe
c:\Documents and Settings\ok\Bureau\diff.exe
c:\Documents and Settings\ok\Bureau\FilesInfoCmd.exe
c:\Documents and Settings\ok\Bureau\Fport.exe
c:\Documents and Settings\ok\Bureau\grep.exe
c:\Documents and Settings\ok\Bureau\LFiles.exe
c:\Documents and Settings\ok\Bureau\LISTDLLS.exe
c:\Documents and Settings\ok\Bureau\pslist.exe
c:\Documents and Settings\ok\Bureau\streams.exe
c:\Documents and Settings\ok\Bureau\swreg.exe
c:\Documents and Settings\ok\Mes documents\divers fichier\AUTORUN.EXE
c:\Documents and Settings\ok\Mes documents\divers fichier\msjavx86.exe
c:\Documents and Settings\ok\Mes documents\divers fichier\PPVIEWER.EXE
c:\Documents and Settings\ok\Mes documents\divers fichier\winaspi.exe
c:\Documents and Settings\ok\Mes documents\divers fichier\WindowsXP-KB823980-x86-FRA.exe
c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\GetA3S.exe
c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\KeyLoader.exe
c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\KeyLoader1341.exe
c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\MSoftcam_575.exe
c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\vbrun60sp6.exe
c:\Documents and Settings\ok\Mes documents\kaon\Kaon - BOOT - 2.1.9.V4.exe
c:\Documents and Settings\ok\Mes documents\kaon\convertiseur firm\BinUpdate.exe
c:\Documents and Settings\ok\Mes documents\kaon\convertiseur firm\fichier conversion\awk.exe
c:\Documents and Settings\ok\Mes documents\kaon\firm desat.fr\Kup V3.1XP - Kaon Upgrade - Engineer Patch FR -- SatelliteFR.com.exe
c:\Documents and Settings\ok\Mes documents\kaon\generateur de code kkk\KKEditor_kaon_instuctie_filmpje.exe
c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Chaines Editeur - V3.0 - FR.exe
c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Install\_ISDEL.EXE
c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Install\Chaines Editeur - V3.0 - FR.exe
c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Install\ChEditorII.exe
c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Install\Install - SETUP.EXE
c:\Documents and Settings\ok\Mes documents\Languages\French.exe
c:\Documents and Settings\ok\Mes documents\Languages\German.exe
c:\Documents and Settings\ok\Mes documents\Languages\Italian.exe
c:\Documents and Settings\ok\Mes documents\Languages\Japanese.exe
c:\Documents and Settings\ok\Mes documents\Languages\Korean.exe
c:\Documents and Settings\ok\Mes documents\Languages\Simplified Chinese.exe
c:\Documents and Settings\ok\Mes documents\Languages\Spanish.exe
c:\Documents and Settings\ok\Mes documents\Languages\Traditional Chinese.exe
c:\Documents and Settings\ok\Mes documents\Mes fichiers reçus\eMule0.30c-Installer.exe
c:\Documents and Settings\ok\Mes documents\Mes photos\redeye.exe
c:\Documents and Settings\ok\Mes documents\nero 6.30\NBR6300fra.exe
c:\Documents and Settings\ok\Mes documents\nero 6.30\nero6300.exe
c:\Documents and Settings\ok\Mes documents\Readme\Skins\_ISDel.exe
c:\Documents and Settings\ok\Mes documents\Readme\Skins\Setup.exe
c:\Documents and Settings\ok\Mes documents\Super cartes de visite 2003.fr\Visiten.exe
c:\Documents and Settings\ok\Mes documents\TomTom\copie tomtom original\InstallTomTomHOME.exe
c:\Documents and Settings\ok\Mes documents\TomTom\HOME\Backups\GO\Backup03\Storage\installtomtomhome.exe
c:\Documents and Settings\ok\Mes documents\TomTom\HOME\Downloads\Download Cache\v1_3_308_win.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\autorun.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\hpzglu04.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\setup.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\fra\nt4\Disk1\setup.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\fra\nt4\Disk1\nt4\hpfinstx.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\fra\nt4\Disk1\nt4\hpfldr.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\fra\nt4\Disk1\nt4\hpfsplsh.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\util\common\hpfpdi04.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\util\common\hpzghl04.exe
c:\Documents and Settings\ok\Mes documents\win2k_xp\util\common\hpzpin04.exe
c:\Documents and Settings\ok\WINDOWS\system\dxwebsetup.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
c:\Documents and Settings\ok\Application Data\Adobe\Acrobat\Whapi\WHA Library.dll
c:\Documents and Settings\ok\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll


Pour le second blacklight , voici.

01/21/07 23:56:59 [Info]: BlackLight Engine 1.0.55 initialized
01/21/07 23:56:59 [Info]: OS: 5.1 build 2600 ()
01/21/07 23:57:00 [Note]: 7019 4
01/21/07 23:57:00 [Note]: 7005 0
01/21/07 23:57:05 [Note]: 7006 0
01/21/07 23:57:06 [Note]: 7011 1904
01/21/07 23:57:06 [Note]: 7026 0
01/21/07 23:57:06 [Note]: 7026 0
01/21/07 23:57:06 [Note]: 7024 3
01/21/07 23:57:06 [Info]: Hidden process: C:\windows\system32\erixmcyhdt.exe
01/21/07 23:57:20 [Note]: FSRAW library version 1.7.1021
01/22/07 00:03:04 [Info]: Hidden file: c:\WINDOWS\system32\erixmcyhdt.dat
01/22/07 00:03:04 [Note]: 10002 1
01/22/07 00:03:04 [Info]: Hidden file: C:\windows\system32\erixmcyhdt.exe
01/22/07 00:03:04 [Note]: 10002 1
01/22/07 00:03:05 [Info]: Hidden file: c:\WINDOWS\system32\erixmcyhdt_nav.dat
01/22/07 00:03:05 [Note]: 10002 1
01/22/07 00:03:05 [Info]: Hidden file: c:\WINDOWS\system32\erixmcyhdt_navps.dat
01/22/07 00:03:05 [Note]: 10002 1
01/22/07 00:05:41 [Note]: 7007 0
Voila j'espére que tu y vera un peut plus clair.
Merci
  • 0

#4 Thanos

Thanos

    Devil Member !

  • Equipe Sécurité+
  • 15882 messages

Posté 22 janvier 2007 - 12:59

ok on va procéder par ordre!

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire dans le dossier C:\SDFix.
Fermer la fenêtre du Bloc-notes qui s'est ouverte.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Modifié par charles ingals, 22 janvier 2007 - 01:08 .

  • 0

#5 Thanos

Thanos

    Devil Member !

  • Equipe Sécurité+
  • 15882 messages

Posté 22 janvier 2007 - 01:31

tdanny6 : si tu rencontres des problèmes, n'hésite pas à me le dire :P
  • 0

#6 tdanny6

tdanny6

    Member

  • Membres
  • 69 messages

Posté 22 janvier 2007 - 01:57

voila c'est fait peut être un peu plus long que prevu.
Pour sdfix contenu:


SDFix: Version 1.60

lun. 22/01/2007 - 1:45:31,84

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft IE Updater
new_drv

Path:
C:\DOCUME~1\ok\LOCALS~1\Temp\ieupdate.exe /start
\??\C:\WINDOWS\new_drv.sys

Microsoft IE Updater Deleted
new_drv Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Files will be copied to Backups folder and removed:

C:\WINDOWS\9129837.exe - Deleted
C:\WINDOWS\system32\i - Deleted



Alternate Streams Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\lpaccodec.dll
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\lpac_codec_api.dll
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PNCRT.dll
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\IA32MATH.DLL
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Shorten\CYGWIN1.DLL
C:\Program Files\Fichiers communs\MSSoap\Binaries\wisc10.dll
C:\WINDOWS\twain.dll
C:\WINDOWS\twain_32.dll
C:\WINDOWS\LastGood\System32\OLEPRO32.DLL
C:\WINDOWS\system32\olepro32.dll
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\AACMP4.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\OFR.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\RMADEC.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\MusePack\MPPDEC.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\MusePack\MPPENC.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\AACENC.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\AACMP4.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\FASTENC.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Shorten\SHORTEN.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Speex\SPEEXDEC.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Speex\SPEEXENC.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\WavPack\WAVPACK.EXE
C:\Program Files\Fichiers communs\Ahead\AudioPlugins\WavPack\WVUNPACK.EXE
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\LastGood.Tmp\INF\oem13.inf
C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF

Finished
et pour hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 1:52:34, on 22/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\ezNTSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skynet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: nuls Toolbar - {4acca1a7-ecc8-4c89-be52-b11919042bbf} - C:\Program Files\nuls\tbnuls.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: nuls Toolbar - {4acca1a7-ecc8-4c89-be52-b11919042bbf} - C:\Program Files\nuls\tbnuls.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Documents and Settings\ok\Mes documents\SDRmon.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\System32\prodsrvs.exe /res
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encycloped...sc/tdserver.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclas...s.com/npwwg.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.driveclea...nerstart_fr.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannel...e/KooPlayer.ocx
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137956595296
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127471785543
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pu...er/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free...p?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4...._1070_em_XP.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.asian-x.o.../asian-x_an.exe
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carped...AccesMembre.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.movi.../cabs/msway.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...942/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16....ex/HMAtchmt.ocx
O17 - HKLM\System\CS1\Services\Tcpip\..\{12C8F930-42F1-4562-B0BE-78A1B34985C6}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\System32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

voila encore merci de ta patience.
  • 0

#7 tdanny6

tdanny6

    Member

  • Membres
  • 69 messages

Posté 22 janvier 2007 - 02:10

ce qui freine également ma connection, c'est une ou deux page du centre de sécurité d'internet - microsoft internet explorer qui s'ouvre sans raison pour me proposé win anti spyware 2006 et anti virus 2006.
  • 0

#8 Thanos

Thanos

    Devil Member !

  • Equipe Sécurité+
  • 15882 messages

Posté 22 janvier 2007 - 02:16

Oui: ces messages sont affichés par le spyware Magic Control Agent, une fois l'infection éliminée, la connexion sera plus rapide!

Très bien!SDFix a fait son nettoyage!

On va a présent utiliser un programme très simple pour éliminer les infections >

Télécharge WinPFind3U.exesur ton bureau.
  • Double clique sur le fichier téléchargé : un dossier nommé WinPFind3U va apparaitre sur ton bureau.
  • Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
  • Sous le groupe Files Created Within sélectionne 30 days
  • Sous le groupe Files Modified Within sélectionne 30 days
  • Sous le groupe String Search sélectionne Non-Microsoft
  • A présent clique sur le bouton Run Scan dans la barre d'outils
  • Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
  • Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
  • Copie/Colle le contenu du rapport dans ta prochaine réponse.

  • 0

#9 tdanny6

tdanny6

    Member

  • Membres
  • 69 messages

Posté 22 janvier 2007 - 02:46

Voila , j'ai du recommancer 4 fois deux fois bloqué sur scanning schell extensions... une fois sur scanning file c:/windows/systeme32/nvwrsno.dll et enfin la 4éme la bonne :

WinPFind3 logfile created on: 22/01/2007 2:34:05
WinPFind3U by OldTimer - Version 1.0.11 Folder = C:\Documents and Settings\ok\Bureau\WinPFind3u\
Microsoft Windows XP (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

523808 Kb Total Physical Memory | 195552 Kb Available Physical Memory | 37,33% Memory free
1280560 Kb Paging File | 986120 Kb Available in Paging File | 77,01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80027764 Kb Total Space | 65877384 Kb Free Space | 82,32% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
549b.tmp -> %SystemRoot%\Temp\549B.tmp -> [Ver = | Size = 70144 bytes | Modified Date = 22/01/2007 2:14:02 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 1.08.01 | Size = 54512 bytes | Modified Date = 15/07/2003 13:36:36 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 1.03.4 | Size = 317128 bytes | Modified Date = 13/11/2002 15:44:02 | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 15/10/2005 2:22:50 | Attr = ]
ebaytbdaemon.exe -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTBDaemon.exe -> eBay [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:54 | Attr = ]
ezntsvc.exe -> %System32%\ezntsvc.exe -> EasyBits Software Corp. [Ver = 2.0.0.101 | Size = 32768 bytes | Modified Date = 6/07/2005 20:55:32 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 28/10/2006 15:17:16 | Attr = ]
hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 17/04/2002 9:42:56 | Attr = ]
hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe -> [Ver = 2, 6, 0, 162 | Size = 77824 bytes | Modified Date = 17/04/2002 9:49:16 | Attr = ]
hpqcmon.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 6/10/2002 23:23:20 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 16/02/2005 23:11:42 | Attr = ]
hpztsb04.exe -> %System32%\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 19/11/2001 15:37:36 | Attr = ]
htpatch.exe -> %SystemRoot%\htpatch.exe -> [Ver = | Size = 28672 bytes | Modified Date = 30/10/2002 10:40:34 | Attr = R ]
imapp.exe -> %ProgramFiles%\IncrediMail\bin\IMApp.exe -> IncrediMail, Ltd. [Ver = 4, 0, 0, 1930 | Size = 131113 bytes | Modified Date = 25/05/2005 12:07:46 | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 9.05.1015 | Size = 116320 bytes | Modified Date = 19/11/2002 13:09:48 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 168003 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.11.0 | Size = 306176 bytes | Modified Date = 18/01/2007 18:01:14 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 15/10/2005 2:22:50 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 1.03.4 | Size = 317128 bytes | Modified Date = 13/11/2002 15:44:02 | Attr = ]
(ccPwdSvc) Symantec Password Validation Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 1.08.01 | Size = 99568 bytes | Modified Date = 15/07/2003 13:37:18 | Attr = ]
(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 205312 bytes | Modified Date = 30/09/2001 11:47:58 | Attr = ]
(ezntsvc) EasyBits Magic Desktop Services for Windows NT [Win32_Own | Auto | Running] -> %System32%\ezntsvc.exe -> EasyBits Software Corp. [Ver = 2.0.0.101 | Size = 32768 bytes | Modified Date = 6/07/2005 20:55:32 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/04/2005 0:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30/10/2006 9:36:32 | Attr = ]
(navapsvc) Service Norton AntiVirus Auto-Protect [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 9.05.1015 | Size = 116320 bytes | Modified Date = 19/11/2002 13:09:48 | Attr = ]
(NeroNET) NeroNET [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\NeroNET\NeroNET.exe -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 168003 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 0, 126 | Size = 54408 bytes | Modified Date = 13/08/2001 22:18:36 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 5/04/2005 10:17:22 | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 2/11/2004 16:59:50 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CamMonitor -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 6/10/2002 23:23:20 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 1.08.01 | Size = 54512 bytes | Modified Date = 15/07/2003 13:36:36 | Attr = ]
ccRegVfy -> %CommonProgramFiles%\Symantec Shared\CCREGVFY.EXE -> Symantec Corporation [Ver = 1.08.01 | Size = 60344 bytes | Modified Date = 15/07/2003 13:42:36 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 16/02/2005 23:11:42 | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 19/11/2001 15:37:36 | Attr = ]
HTpatch -> %SystemRoot%\htpatch.exe -> [Ver = | Size = 28672 bytes | Modified Date = 30/10/2002 10:40:34 | Attr = R ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9/07/2001 11:50:42 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 7680000 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 86016 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1617920 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
SDR6V_Check -> %UserDocuments%\SDRmon.exe -> File not found
Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 17/04/2002 9:42:56 | Attr = ]
SpeedTouch USB Diagnostics -> %ProgramFiles%\Alcatel\SpeedTouch USB\dragdiag.exe -> THOMSON [Ver = 300.7.0.2 | Size = 878080 bytes | Modified Date = 5/09/2003 6:59:20 | Attr = ]
SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240 bytes | Modified Date = 10/11/2004 11:57:02 | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 7/06/2005 22:47:10 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IncrediMail -> %ProgramFiles%\IncrediMail\bin\IncMail.exe -> IncrediMail, Ltd. [Ver = 4, 0, 0, 1930 | Size = 188459 bytes | Modified Date = 25/05/2005 12:07:56 | Attr = ]
Instant Access -> %System32%\prodsrvs.exe -> [Ver = 1, 0, 0, 1 | Size = 144896 bytes | Modified Date = 10/01/2007 10:35:26 | Attr = ]
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 25 | Size = 1871872 bytes | Modified Date = 7/09/2004 12:55:20 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -> File not found
System Soap Pro -> %SystemDrive%\PROGRA~1\SYSTEM~1\soap.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
%AllUsersStartup%\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 22:05:26 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
AnyDVD -> %SystemDrive%\DOCUME~1\ok\LOCALS~1\Temp\Rar$EX02.031\Crack\AnyDVD.exe -> File not found
CHotkey -> %SystemRoot%\mHotkey.exe -> Chicony [Ver = 2, 0, 3, 0 | Size = 493056 bytes | Modified Date = 9/10/2002 10:56:56 | Attr = ]
eBayToolbar -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTBDaemon.exe -> eBay [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:54 | Attr = ]
lycosInside -> %ProgramFiles%\lycos\Lyc_SysTray.exe -> File not found
seekmo -> %ProgramFiles%\seekmo\seekmo.exe -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = Ma page d'accueil ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.skynet.be ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://be.msn.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{4acca1a7-ecc8-4c89-be52-b11919042bbf} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar] -> Conduit Ltd. [Ver = 4, 5, 125, 0 | Size = 1182744 bytes | Modified Date = 2/11/2006 11:12:24 | Attr = ]
HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 | Attr = ]
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} [HKLM] -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll [eBay Toolbar Helper] -> [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:46 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 1:04:00 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 3054 | Size = 2153536 bytes | Modified Date = 17/10/2006 14:04:36 | Attr = R ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 3054 | Size = 2153536 bytes | Modified Date = 17/10/2006 14:04:36 | Attr = R ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]
{4acca1a7-ecc8-4c89-be52-b11919042bbf} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar] -> Conduit Ltd. [Ver = 4, 5, 125, 0 | Size = 1182744 bytes | Modified Date = 2/11/2006 11:12:24 | Attr = ]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} [HKLM] -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll [eBay Toolbar] -> [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:46 | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{319A68DB-06D0-46DA-9F93-A810D5A70836} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 3054 | Size = 2153536 bytes | Modified Date = 17/10/2006 14:04:36 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]
WebBrowser\\{4ACCA1A7-ECC8-4C89-BE52-B11919042BBF} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar] -> Conduit Ltd. [Ver = 4, 5, 125, 0 | Size = 1182744 bytes | Modified Date = 2/11/2006 11:12:24 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{77BF5300-1474-4EC7-9980-D32B190E9B07} -> 8196 - Reg Data - Key not found ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Windows Messenger ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Add animation to IncrediMail Style Box -> %ProgramFiles%\IncrediMail\bin\resources\WebMenuImg.htm -> [Ver = | Size = 591 bytes | Modified Date = 5/01/2005 15:28:04 | Attr = ]
&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 30/01/2001 12:56:24 | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
[HKLM] -> Reg Data - Key not found [] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Barre des tâches et menu Démarrer] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Extension Affichage Panorama du Panneau de configuration] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Extensions de l'environnement de compression de fichiers] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Comptes d'utilisateurs] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Menu contextuel de cryptage] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [Extension icône HyperTerminal] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 30/09/2001 11:48:18 | Attr = ]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} [HKLM] -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll [eBay Toolbar] -> [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:46 | Attr = ]
{A155339D-CCCD-4714-85EB-3754B804C9DF} [HKLM] -> %ProgramFiles%\a-squared Free\a2freecontmenu.dll [a-squared Free Context Menu Shell Extension] -> Emsi Software GmbH [Ver = 2.0.0.48 | Size = 508928 bytes | Modified Date = 18/07/2006 12:32:50 | Attr = ]
{A4DF5659-0801-4A60-9607-1C48695EFDA9} [HKLM] -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wns.dll [Dossier de téléchargement Share-to-Web ] -> Hewlett-Packard [Ver = 2, 6, 0, 162 | Size = 147456 bytes | Modified Date = 17/04/2002 9:40:36 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 7680000 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
{AB77609F-2178-4E6F-9C4B-44AC179D937A} [HKLM] -> Reg Data - Key not found [a² Context Menu Shell Extension] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 118784 bytes | Modified Date = 17/01/2003 23:00:00 | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 30/10/2006 9:36:36 | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 7680000 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{F8984111-38B6-11D5-8725-0050DA2761C4} [HKLM] -> %ProgramFiles%\IncrediMail\bin\IMShExt.dll [IMMenuShellExt] -> IncrediMail, Ltd. [Ver = 2, 0, 0, 0 | Size = 61440 bytes | Modified Date = 25/05/2005 12:08:52 | Attr = ]
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 118784 bytes | Modified Date = 17/01/2003 23:00:00 | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{A155339D-CCCD-4714-85EB-3754B804C9DF} [HKLM] -> %ProgramFiles%\a-squared Free\a2freecontmenu.dll [a2FreeContMenu] -> Emsi Software GmbH [Ver = 2.0.0.48 | Size = 508928 bytes | Modified Date = 18/07/2006 12:32:50 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 118784 bytes | Modified Date = 17/01/2003 23:00:00 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> Reg Data - Key not found [InCDMenu] -> File not found
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 7680000 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{A155339D-CCCD-4714-85EB-3754B804C9DF} [HKLM] -> %ProgramFiles%\a-squared Free\a2freecontmenu.dll [a2FreeContMenu] -> Emsi Software GmbH [Ver = 2.0.0.48 | Size = 508928 bytes | Modified Date = 18/07/2006 12:32:50 | Attr = ]
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 118784 bytes | Modified Date = 17/01/2003 23:00:00 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14/12/2004 2:20:02 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SKY13 -> IEAK ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{E07A05DF-641D-418A-9A2D-15D22E2B554F} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 1/11/2006 15:21:20 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zon...kr.cab31267.cab ->
{0246ECA8-996F-11D1-BE2F-00A0C9037DFE} -> TDServer Control - CodeBase = http://fr.encycloped...sc/tdserver.cab ->
{084DAC27-6FA3-4F55-9005-033F2F102F5C} -> ITPPDiagIE Class - CodeBase = http://data.jeuxclas...s.com/npwwg.cab ->
{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -> - CodeBase = http://cdn.driveclea...nerstart_fr.cab ->
{0E8D0700-75DF-11D3-8B4A-0008C7450C4A} -> DjVuCtl Class - CodeBase = http://downloadcente...trolLite_EN.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky...can_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} -> VerifyGMN Class - CodeBase = http://h20270.www2.h...staller_gmn.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.syma...bin/AvSniff.cab ->
{32564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.micros...386/wmv8dmo.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...922/wmv9VCM.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.micros...386/wmv9dmo.cab ->
{39D420B3-E0EB-424C-89AA-C24F8DE7EF79} -> KooPlayer Control - CodeBase = http://www.euchannel...e/KooPlayer.ocx ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc3.cab ->
{4B48D5DF-9021-45F7-A240-60304302A215} -> Malicious Software Removal Tool - CodeBase = http://download.micr.../WebCleaner.cab ->
{4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} -> - CodeBase = http://sib1.od2.com/...2/OCI/setup.exe ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.micros...b?1137956595296 ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.syma...n/bin/cabsa.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1127471785543 ->
{72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} -> InstallShield International Setup Player - CodeBase = http://ftp.hp.com/pu...er/isetupML.cab ->
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai...all/xscan53.cab ->
{867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -> HardwareDetection Control - CodeBase = http://drivers1.free...p?id=2&version= ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{92ABACFE-EF6E-42C7-A824-D50A914B5B70} -> MastaCash Loader Class - CodeBase = http://dx.mastacash.com/loader.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> Update Class - CodeBase = http://v4.windowsupd...8739.4624537037 ->
{A3009861-330C-4E10-822B-39D16EC8829D} -> CRAVOnline Object - CodeBase = http://www.ravantivi...n/ravonline.cab ->
{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -> SassCln Object - CodeBase = http://www.microsoft...ols/SassCln.CAB ->
{AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} -> - CodeBase = http://scripts.dlv4...._1070_em_XP.cab ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -> Get_ActiveX Control - CodeBase = https://h17000.www1....loadManager.ocx ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn...pdownloader.cab ->
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} -> Virtools WebPlayer Class - CodeBase = http://a532.g.akamai...0/Installer.exe ->
{C771B05E-E725-4516-97A5-4CE5EB163CFB} -> - CodeBase = http://www.asian-x.o.../asian-x_an.exe ->
{D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} -> - CodeBase = http://dialup.carped...AccesMembre.cab ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -> Measurement Service Client v.3.4 - CodeBase = http://ccon.futurema...lobal/msc34.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macr...ash/swflash.cab ->
{E15111B0-95AE-4C05-B91F-F4564057990C} -> MovieSystem WAY - CodeBase = http://services.movi.../cabs/msway.cab ->
{E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} -> ProductIDGatherer.WindowsGatherer - CodeBase = http://download.micr...tIDGatherer.CAB ->
{EB387D2F-E27B-4D36-979E-847D1036C65D} -> QDiagHUpdateObj Class - CodeBase = http://h30043.www3.h.../qdiagh.cab?326 ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcaf...942/mcfscan.cab ->
{F00F4763-7355-4725-82F7-0DA94A256D46} -> IncrediMail - CodeBase = http://www2.incredim...er/imloader.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by16fd.bay16....ex/HMAtchmt.ocx ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files - Created Within 30 days]
diff.exe -> %SystemDrive%\diff.exe -> [Ver = | Size = 68096 bytes | Created Date = 21/01/2007 23:47:51 | Attr = ]
grep.exe -> %SystemDrive%\grep.exe -> [Ver = | Size = 103424 bytes | Created Date = 21/01/2007 23:47:51 | Attr = ]
reboot.cmd -> %SystemDrive%\reboot.cmd -> [Ver = | Size = 853 bytes | Created Date = 21/01/2007 23:47:51 | Attr = ]
ccReg.dat -> %CommonProgramFiles%\Symantec Shared\ccReg.dat -> [Ver = | Size = 1206 bytes | Created Date = 21/01/2007 23:41:04 | Attr = RH ]
CommonClient.dat -> %CommonProgramFiles%\Symantec Shared\CommonClient.dat -> [Ver = | Size = 13990 bytes | Created Date = 19/01/2007 11:05:47 | Attr = RH ]
MyAuth.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\MyAuth.dat -> [Ver = | Size = 384 bytes | Created Date = 19/01/2007 0:06:06 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Created Date = 13/01/2007 5:25:34 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 13/01/2007 5:25:35 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 13/01/2007 5:25:35 | Attr = ]
naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.exp -> [Ver = | Size = 13040 bytes | Created Date = 13/01/2007 5:25:36 | Attr = ]
naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 13/01/2007 5:25:36 | Attr = ]
naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.vxd -> [Ver = | Size = 89674 bytes | Created Date = 13/01/2007 5:25:36 | Attr = ]
naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng32.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.exp -> [Ver = | Size = 13232 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.vxd -> [Ver = | Size = 994379 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex32a.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
Raccourci vers scrauth.lnk -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\Raccourci vers scrauth.lnk -> [Ver = | Size = 956 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\symaveng.cat -> [Ver = | Size = 9237 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\symaveng.inf -> [Ver = | Size = 1061 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCDEFS.DAT -> [Ver = | Size = 187905 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN7.DAT -> [Ver = | Size = 1196629 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN8.DAT -> [Ver = | Size = 325348 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN9.DAT -> [Ver = | Size = 736279 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.GRD -> [Ver = | Size = 4778 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.SIG -> [Ver = | Size = 2269 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\virscan.inf -> [Ver = | Size = 106244 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN1.DAT -> [Ver = | Size = 975798 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN5.DAT -> [Ver = | Size = 3179218 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Created Date = 13/01/2007 5:25:38 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN7.DAT -> [Ver = | Size = 5890358 bytes | Created Date = 13/01/2007 5:25:38 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN8.DAT -> [Ver = | Size = 1662499 bytes | Created Date = 13/01/2007 5:25:40 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN9.DAT -> [Ver = | Size = 4008519 bytes | Created Date = 13/01/2007 5:25:40 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 13/01/2007 5:25:40 | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Created Date = 17/01/2007 20:26:39 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 13/01/2007 5:25:40 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Created Date = 18/01/2007 1:30:45 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 18/01/2007 1:30:45 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ECMSVR32.DLL -> Symantec Corporation [Ver = 71.1.0.11 | Size = 272040 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]
naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.exp -> [Ver = | Size = 13040 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]
naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.sys -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 80472 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]
naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.vxd -> [Ver = | Size = 90186 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]
naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng32.dll -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 124536 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]
navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.exp -> [Ver = | Size = 13232 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]
navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.sys -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 852280 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.vxd -> [Ver = | Size = 1014347 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex32a.dll -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 902776 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
Raccourci vers scrauth.lnk -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\Raccourci vers scrauth.lnk -> [Ver = | Size = 956 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\symaveng.cat -> [Ver = | Size = 9237 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\symaveng.inf -> [Ver = | Size = 1061 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCDEFS.DAT -> [Ver = | Size = 188007 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN7.DAT -> [Ver = | Size = 1204823 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN8.DAT -> [Ver = | Size = 327507 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN9.DAT -> [Ver = | Size = 739486 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\V.GRD -> [Ver = | Size = 4778 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\V.SIG -> [Ver = | Size = 2261 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\virscan.inf -> [Ver = | Size = 106244 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN1.DAT -> [Ver = | Size = 976014 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN3.DAT -> [Ver = | Size = 147584 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN5.DAT -> [Ver = | Size = 3200757 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN7.DAT -> [Ver = | Size = 6003538 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN8.DAT -> [Ver = | Size = 1664913 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN9.DAT -> [Ver = | Size = 4033733 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 18/01/2007 1:30:49 | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Created Date = 19/01/2007 0:12:54 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 18/01/2007 1:30:49 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.exp -> [Ver = | Size = 13040 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.vxd -> [Ver = | Size = 89674 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng32.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.exp -> [Ver = | Size = 13232 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.vxd -> [Ver = | Size = 994379 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex32a.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\symaveng.cat -> [Ver = | Size = 9237 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\symaveng.inf -> [Ver = | Size = 1061 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCDEFS.DAT -> [Ver = | Size = 187887 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN7.DAT -> [Ver = | Size = 1190578 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN8.DAT -> [Ver = | Size = 324094 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN9.DAT -> [Ver = | Size = 735255 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\V.GRD -> [Ver = | Size = 4778 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\V.SIG -> [Ver = | Size = 2269 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\virscan.inf -> [Ver = | Size = 106244 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN1.DAT -> [Ver = | Size = 975620 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN5.DAT -> [Ver = | Size = 3167664 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN6.DAT -> [Ver = | Size = 390049 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN7.DAT -> [Ver = | Size = 5790278 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN8.DAT -> [Ver = | Size = 1660106 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN9.DAT -> [Ver = | Size = 4000061 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]
pack.epk -> %SystemRoot%\pack.epk -> [Ver = | Size = 944917 bytes | Created Date = 17/01/2007 15:27:19 | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 19/01/2007 15:36:17 | Attr = ]
crypts.dll -> %System32%\crypts.dll -> [Ver = | Size = 23040 bytes | Created Date = 19/01/2007 0:06:27 | Attr = ]
mmc.exe.config -> %System32%\mmc.exe.config -> [Ver = | Size = 126 bytes | Created Date = 9/01/2007 14:13:32 | Attr = ]
nvs2.inf -> %System32%\nvs2.inf -> [Ver = | Size = 22 bytes | Created Date = 17/01/2007 15:27:32 | Attr = ]
prodsrvs.exe -> %System32%\prodsrvs.exe -> [Ver = 1, 0, 0, 1 | Size = 144896 bytes | Created Date = 21/01/2007 21:06:15 | Attr = ]
RunOnce.tm_ -> %System32%\RunOnce.tm_ -> [Ver = | Size = 14 bytes | Created Date = 19/01/2007 0:06:15 | Attr = ]
RunOnce.t__ -> %System32%\RunOnce.t__ -> [Ver = | Size = 8 bytes | Created Date = 19/01/2007 0:06:15 | Attr = ]
update00822631.exe -> %System32%\update00822631.exe -> [Ver = | Size = 39936 bytes | Created Date = 19/01/2007 0:06:21 | Attr = ]
update77526596.exe -> %System32%\update77526596.exe -> [Ver = | Size = 4129 bytes | Created Date = 19/01/2007 0:06:30 | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 19/01/2007 15:36:17 | Attr = ]

[Files - Modified Within 30 days]
ccReg.dat -> %CommonProgramFiles%\Symantec Shared\ccReg.dat -> [Ver = | Size = 1206 bytes | Modified Date = 22/01/2007 1:59:36 | Attr = RH ]
ccReg_old.dat -> %CommonProgramFiles%\Symantec Shared\ccReg_old.dat -> [Ver = | Size = 1206 bytes | Modified Date = 22/01/2007 1:50:36 | Attr = RH ]
CommonClient.dat -> %CommonProgramFiles%\Symantec Shared\CommonClient.dat -> [Ver = | Size = 13990 bytes | Modified Date = 22/01/2007 1:59:36 | Attr = RH ]
CommonClient_old.dat -> %CommonProgramFiles%\Symantec Shared\CommonClient_old.dat -> [Ver = | Size = 13990 bytes | Modified Date = 22/01/2007 1:50:36 | Attr = RH ]
Catalog.LiveSubscribe -> %CommonProgramFiles%\Symantec Shared\LiveReg\Catalog.LiveSubscribe -> [Ver = | Size = 988 bytes | Modified Date = 21/01/2007 21:39:16 | Attr = ]
definfo.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\definfo.dat -> [Ver = | Size = 57 bytes | Modified Date = 18/01/2007 1:30:52 | Attr = ]
MyAuth.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\MyAuth.dat -> [Ver = | Size = 384 bytes | Modified Date = 19/01/2007 0:06:08 | Attr = ]
usage.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\usage.dat -> [Ver = | Size = 115 bytes | Modified Date = 19/01/2007 15:09:26 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.exp -> [Ver = | Size = 13040 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.vxd -> [Ver = | Size = 89674 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng32.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.exp -> [Ver = | Size = 13232 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.vxd -> [Ver = | Size = 994379 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex32a.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\symaveng.cat -> [Ver = | Size = 9237 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\symaveng.inf -> [Ver = | Size = 1061 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCDEFS.DAT -> [Ver = | Size = 187905 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN7.DAT -> [Ver = | Size = 1196629 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN8.DAT -> [Ver = | Size = 325348 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN9.DAT -> [Ver = | Size = 736279 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINF.DAT -> [Ver = | Size = 453 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFL.DAT -> [Ver = | Size = 1957 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.GRD -> [Ver = | Size = 4778 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.SIG -> [Ver = | Size = 2269 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\virscan.inf -> [Ver = | Size = 106244 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN1.DAT -> [Ver = | Size = 975798 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN5.DAT -> [Ver = | Size = 3179218 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN7.DAT -> [Ver = | Size = 5890358 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN8.DAT -> [Ver = | Size = 1662499 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN9.DAT -> [Ver = | Size = 4008519 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Modified Date = 17/01/2007 20:26:40 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ECMSVR32.DLL -> Symantec Corporation [Ver = 71.1.0.11 | Size = 272040 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.exp -> [Ver = | Size = 13040 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.sys -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 80472 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.vxd -> [Ver = | Size = 90186 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng32.dll -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 124536 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.exp -> [Ver = | Size = 13232 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.sys -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 852280 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.vxd -> [Ver = | Size = 1014347 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex32a.dll -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 902776 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\symaveng.cat -> [Ver = | Size = 9237 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\symaveng.inf -> [Ver = | Size = 1061 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCDEFS.DAT -> [Ver = | Size = 188007 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN7.DAT -> [Ver = | Size = 1204823 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN8.DAT -> [Ver = | Size = 327507 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN9.DAT -> [Ver = | Size = 739486 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINF.DAT -> [Ver = | Size = 453 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINFL.DAT -> [Ver = | Size = 1957 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\V.GRD -> [Ver = | Size = 4778 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\V.SIG -> [Ver = | Size = 2261 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\virscan.inf -> [Ver = | Size = 106244 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN1.DAT -> [Ver = | Size = 976014 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN3.DAT -> [Ver = | Size = 147584 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN5.DAT -> [Ver = | Size = 3200757 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN7.DAT -> [Ver = | Size = 6003538 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN8.DAT -> [Ver = | Size = 1664913 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN9.DAT -> [Ver = | Size = 4033733 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Modified Date = 19/01/2007 0:12:56 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.exp -> [Ver = | Size = 13040 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.vxd -> [Ver = | Size = 89674 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng32.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.exp -> [Ver = | Size = 13232 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.vxd -> [Ver = | Size = 994379 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex32a.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\symaveng.cat -> [Ver = | Size = 9237 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\symaveng.inf -> [Ver = | Size = 1061 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCDEFS.DAT -> [Ver = | Size = 187887 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN7.DAT -> [Ver = | Size = 1190578 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN8.DAT -> [Ver = | Size = 324094 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN9.DAT -> [Ver = | Size = 735255 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINF.DAT -> [Ver = | Size = 453 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINFL.DAT -> [Ver = | Size = 1957 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\V.GRD -> [Ver = | Size = 4778 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\V.SIG -> [Ver = | Size = 2269 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\virscan.inf -> [Ver = | Size = 106244 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN1.DAT -> [Ver = | Size = 975620 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN5.DAT -> [Ver = | Size = 3167664 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN6.DAT -> [Ver = | Size = 390049 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN7.DAT -> [Ver = | Size = 5790278 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN8.DAT -> [Ver = | Size = 1660106 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN9.DAT -> [Ver = | Size = 4000061 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
AUTOLNCH.REG -> %SystemRoot%\AUTOLNCH.REG -> [Ver = | Size = 1080 bytes | Modified Date = 21/01/2007 18:32:14 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 22/01/2007 1:58:54 | Attr = S]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 0 bytes | Modified Date = 22/01/2007 1:58:50 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 21/01/2007 20:52:50 | Attr = ]
pack.epk -> %SystemRoot%\pack.epk -> [Ver = | Size = 944917 bytes | Modified Date = 17/01/2007 15:27:20 | Attr = ]
Ulead32.ini -> %SystemRoot%\Ulead32.ini -> [Ver = | Size = 907 bytes | Modified Date = 17/01/2007 1:05:30 | Attr = ]
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 1/01/2007 12:01:54 | Attr = ]
crypts.dll -> %System32%\crypts.dll -> [Ver = | Size = 23040 bytes | Modified Date = 19/01/2007 0:06:28 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 19/01/2007 16:02:52 | Attr = ]
mmc.exe.config -> %System32%\mmc.exe.config -> [Ver = | Size = 126 bytes | Modified Date = 9/01/2007 14:13:34 | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 75993 bytes | Modified Date = 22/01/2007 1:59:24 | Attr = ]
nvs2.inf -> %System32%\nvs2.inf -> [Ver = | Size = 22 bytes | Modified Date = 17/01/2007 15:27:34 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 19/01/2007 16:02:52 | Attr = ]
prodsrvs.exe -> %System32%\prodsrvs.exe -> [Ver = 1, 0, 0, 1 | Size = 144896 bytes | Modified Date = 10/01/2007 10:35:26 | Attr = ]
RunOnce.tm_ -> %System32%\RunOnce.tm_ -> [Ver = | Size = 14 bytes | Modified Date = 19/01/2007 0:06:16 | Attr = ]
RunOnce.t__ -> %System32%\RunOnce.t__ -> [Ver = | Size = 8 bytes | Modified Date = 19/01/2007 0:06:32 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 19/01/2007 16:02:52 | Attr = ]
update00822631.exe -> %System32%\update00822631.exe -> [Ver = | Size = 39936 bytes | Modified Date = 19/01/2007 0:06:26 | Attr = ]
update77526596.exe -> %System32%\update77526596.exe -> [Ver = | Size = 4129 bytes | Modified Date = 19/01/2007 0:06:32 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2184 bytes | Modified Date = 21/01/2007 20:25:04 | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 19/01/2007 19:22:34 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %CommonProgramFiles%\Ahead\AudioPlugins\MusePack\MPPDEC.EXE -> [Ver = | Size = 64512 bytes | Modified Date = 23/02/2003 19:29:44 | Attr = H ]
UPX! , UPX0 , -> %CommonProgramFiles%\Ahead\AudioPlugins\MusePack\MPPENC.EXE -> [Ver = | Size = 79360 bytes | Modified Date = 26/10/2002 0:53:22 | Attr = H ]
UPX! , UPX0 , -> %CommonProgramFiles%\Ahead\AudioPlugins\Speex\SPEEXDEC.EXE -> [Ver = | Size = 120832 bytes | Modified Date = 23/03/2003 15:45:40 | Attr = H ]
UPX! , UPX0 , -> %CommonProgramFiles%\Ahead\AudioPlugins\Speex\SPEEXENC.EXE -> [Ver = | Size = 122880 bytes | Modified Date = 23/03/2003 15:42:46 | Attr = H ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 19/08/2003 17:56:42 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Logitech\LGS500Inst\setup.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 121064 bytes | Modified Date = 6/04/2005 18:39:06 | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20031112.019\WHATSNEW.TXT -> [Ver = | Size = 27089 bytes | Modified Date = 12/11/2003 10:00:00 | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20031113.023\WHATSNEW.TXT -> [Ver = | Size = 27089 bytes | Modified Date = 13/11/2003 10:00:00 | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\navex15.sys -> Symantec Corporation [Ver = 20051.3.0.16 | Size = 750424 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\navex15.vxd -> [Ver = | Size = 907339 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\navex32a.dll -> Symantec Corporation [Ver = 20051.3.0.16 | Size = 788088 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\TCDEFS.DAT -> [Ver = | Size = 39566 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\VIRSCAN8.DAT -> [Ver = | Size = 1437408 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\VIRSCAN9.DAT -> [Ver = | Size = 2859322 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCDEFS.DAT -> [Ver = | Size = 187905 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN8.DAT -> [Ver = | Size = 1662499 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN9.DAT -> [Ver = | Size = 4008519 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCDEFS.DAT -> [Ver = | Size = 188007 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN8.DAT -> [Ver = | Size = 1664913 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN9.DAT -> [Ver = | Size = 4033733 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCDEFS.DAT -> [Ver = | Size = 187887 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN8.DAT -> [Ver = | Size = 1660106 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN9.DAT -> [Ver = | Size = 4000061 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\LPT$VPN.989 -> [Ver = | Size = 12848976 bytes | Modified Date = 26/02/2005 2:15:22 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 26/02/2005 2:15:22 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.989 -> [Ver = | Size = 12848976 bytes | Modified Date = 26/02/2005 2:15:22 | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.100-1003 | Size = 1036800 bytes | Modified Date = 26/02/2005 2:15:22 | Attr = ]
UPX! , UPX0 , -> %System32%\crypts.dll -> [Ver = | Size = 23040 bytes | Modified Date = 19/01/2007 0:06:28 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 30/09/2001 11:47:58 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.2 | Size = 573952 bytes | Modified Date = 7/12/2005 18:05:52 | Attr = ]
UPX! , UPX0 , -> %System32%\EGDHTML_1024.dll -> E-Group [Ver = 1, 0, 2, 4 | Size = 64000 bytes | Modified Date = 13/11/2003 11:54:08 | Attr = ]
Umonitor , -> %System32%\ipebase12.dll -> Hewlett-Packard Company [Ver = 1, 2, 0, 5 | Size = 331776 bytes | Modified Date = 15/01/2001 21:03:54 | Attr = ]
PEC2 , PECompact2 , -> %System32%\prodsrvs.exe -> [Ver = 1, 0, 0, 1 | Size = 144896 bytes | Modified Date = 10/01/2007 10:35:26 | Attr = ]
UPX! , UPX0 , -> %System32%\update00822631.exe -> [Ver = | Size = 39936 bytes | Modified Date = 19/01/2007 0:06:26 | Attr = ]
UPX! , UPX0 , -> %System32%\update77526596.exe -> [Ver = | Size = 4129 bytes | Modified Date = 19/01/2007 0:06:32 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 30/09/2001 11:49:10 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 30/09/2001 11:47:28 | Attr = ]
UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 30/09/2001 11:48:40 | Attr = ]

< End of report >
  • 0

#10 Thanos

Thanos

    Devil Member !

  • Equipe Sécurité+
  • 15882 messages

Posté 22 janvier 2007 - 03:58

ok merci pour le rapport! Stp suit exactement les manipulations ci dessous!!Va jusqu'au bout et si tu as rencontré des problèmes durant la procédure , fais le moi savoir.

Tu as deux possiblités pour consulter les instructions qui suivent:

-Soit tu copie/colles le contenu de la procédure dans un fichier texte(que tu met sur le bureau) pour pouvoir le consulter en mode sans échec(tu n'auras pas accès à internet!).

-Tu peux également enregistrer la page web complète, sur laquelle se trouve la procédure,
en le faisant à partir de ton navigateur :

-Aller en haut de page et cliquer sur le menu"Fichier" : une liste apparait=>
-Choisis "Enregistrer sous" et choisis "Bureau".
-Ensuite cliquer sur le bouton "Enregistrer" à droite du champs "nom du fichier".

Pour lire la procédure en mode sans échec, tu n'auras qu'à double cliquer sur le fichier aide pour virus backdoor trojan et w32 spybot worm (avec l'icone de ton navigateur) situé sur le bureau.(tu noteras qu'un nouveau dossier va se créer sur le bureau en plus du fichier : c'est normal!) De cette manière, tu conserveras toutes les mises en formes et les couleurs de la procédure, et cela permettra de t'y retrouver.
--------------------------------------------------------------------------------------------------------------------------

La procédure:

- Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.Ne lance pas le scan maintenant!!

- Télécharge ATF Cleaner by Atribune sur ton bureau.

- Télécharge Brute Force Uninstaller (de Merijn).
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
http://metallica.gee...m/EGDACCESS.bfu
FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica).
Voici ce à quoi doit ressembler l'icone du fichier .Bfu que tu viens de télécharger:
Image IPB
Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

- Démarre WinPFind3U en double cliquant sur WinPFind3U.exe et copie/colle le texte ci dessous (ne copie pas le mot code) dans le Panneau Paste fix here , puis clique sur le bouton Run Fix.
[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> 549b.tmp -> %SystemRoot%\Temp\549B.tmp
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> SDR6V_Check -> %UserDocuments%\SDRmon.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Instant Access -> %System32%\prodsrvs.exe
YY -> System Soap Pro -> %SystemDrive%\PROGRA~1\SYSTEM~1\soap.exe
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> seekmo -> %ProgramFiles%\seekmo\seekmo.exe
< Internet Explorer Settings > -> 
YY -> HKCU: URLSearchHooks\\{4acca1a7-ecc8-4c89-be52-b11919042bbf} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar]
YN -> HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {4acca1a7-ecc8-4c89-be52-b11919042bbf} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{319A68DB-06D0-46DA-9F93-A810D5A70836} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YY -> WebBrowser\\{4ACCA1A7-ECC8-4C89-BE52-B11919042BBF} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
YN -> {77BF5300-1474-4EC7-9980-D32B190E9B07} -> 8196 - Reg Data - Key not found
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {084DAC27-6FA3-4F55-9005-033F2F102F5C} -> ITPPDiagIE Class - CodeBase = http://data.jeuxclassiques.com/npwwg.cab
YN -> {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -> - CodeBase = http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab
YN -> {92ABACFE-EF6E-42C7-A824-D50A914B5B70} -> MastaCash Loader Class - CodeBase = http://dx.mastacash.com/loader.cab
YN -> {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} -> - CodeBase = http://scripts.dlv4.com/binaries/egaccess4..._1070_em_XP.cab
YN -> {C771B05E-E725-4516-97A5-4CE5EB163CFB} -> - CodeBase = http://www.asian-x.org/acces/237/asian-x_an.exe
YN -> {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} -> - CodeBase = http://dialup.carpediem.fr/CABS/cd/1,0,3,8...AccesMembre.cab
[Files - Created Within 30 days]
NY -> pack.epk -> %SystemRoot%\pack.epk
NY -> nvs2.inf -> %System32%\nvs2.inf
NY -> prodsrvs.exe -> %System32%\prodsrvs.exe
NY -> RunOnce.tm_ -> %System32%\RunOnce.tm_
NY -> RunOnce.t__ -> %System32%\RunOnce.t__
NY -> update00822631.exe -> %System32%\update00822631.exe
NY -> update77526596.exe -> %System32%\update77526596.exe
[Files - Modified Within 30 days]
NY -> pack.epk -> %SystemRoot%\pack.epk
NY -> nvs2.inf -> %System32%\nvs2.inf
NY -> prodsrvs.exe -> %System32%\prodsrvs.exe
NY -> RunOnce.tm_ -> %System32%\RunOnce.tm_
NY -> RunOnce.t__ -> %System32%\RunOnce.t__
NY -> update00822631.exe -> %System32%\update00822631.exe
NY -> update77526596.exe -> %System32%\update77526596.exe
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\EGDHTML_1024.dll
NY -> PEC2 , PECompact2 , -> %System32%\prodsrvs.exe
NY -> UPX! , UPX0 , -> %System32%\update00822631.exe
NY -> UPX! , UPX0 , -> %System32%\update77526596.exe
[ Extra Files ]
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.inf
[Reboot]
Le Fix va se faire rapidement,puis il te sera demandé de redémarrer ton pc : accepte en cliquant sur Yes

Étape 1:

*Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".
Choisir le compte usuel (et non Administrateur).

en cas de problème pour sélectionner le mode sans échec, appliquer la procédure de Symantec "Comment démarrer l'ordinateur en mode sans échec"

(n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

Étape 2:

* Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
  • Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
    EGDACCESS.bfu
  • Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
  • Clique sur Execute et laisse-le faire son travail.
  • Attendre que Complete script execution apparaîsse et clique sur OK.
  • Clique Exit pour fermer le programme BFU.
Étape 3:

Créer un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code" )

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\erixmcyhdt
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|erixmcyhdt
FileDelete %SYSDIR%\erixmcyhdt_navps.dat
FileDelete %SYSDIR%\erixmcyhdt_nav.dat
FileDelete %SYSDIR%\erixmcyhdt.dat
FileDelete %SYSDIR%\erixmcyhdt.exe
-Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
-Choisis "Enregistrer sous" et choisis "C:\BFU"
-Dans le champs "Nom du fichier" en bas de page donne le nom suivant: aftermath.bfu
-Dans le champs"Type" en bas de page ,choisis: "tous les fichiers"
-ensuite clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
-quitte le Bloc Notes.

Étape 4:

Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
  • Clique sur le petit dossier jaune (à droite de la boîte "Scriptline to execute");
  • Double-clique sur aftermath.bfu
  • Tu devrais maintenant voir ceci dans la boîte "Scriptline to execute" :
    C:\BFU\aftermath.bfu
  • Clique sur Execute et laisse-le faire son travail.
  • Attendre que Complete script execution apparaîsse et clique sur OK (l'exécution est rapide..).
  • Clique Exit pour fermer le programme BFU.
Étape 5:

Double-clique sur ATF-Cleaner.exe afin de lancer le programme.Pour internet explorer
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected

Pour Firefox(si tu l'utilises)
Sous l'onglet Firefox, choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Clique Exit, du menu prinicipal, afin de fermer le programme.
* Si l'onglet "Firefox" est grisé dans ATF,nettoie le cache et les cookies dans Firefox comme ceci :
  • Ouvre Firefox et clique sur Outils=> Options
  • Clique sur l'onglet Vie Privée
  • clique sur le bouton Vider le cache dans l'onglet "Historique"
  • clique sur le bouton Supprimer les cookies dans l'onglet "Cookies"
  • clique sur le bouton Vider le cache dans l'onglet "Cache"
  • clique sur le bouton Ok pour fermer la fenêtre des options et valider tes choix.
Étape 6:

Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"

http://img509.images.../scanavgjk2.jpg
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

/!\ Si un fichier infecté est détécté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

Étape 7:

Redémarre normalement et poste:

-Le rapport d'Avg As
-Un nouveau rapport avec Blacklight
-Relance WinPFind3U et poste le nouveau rapport.
Poste aussi le rapport qui se trouve dans le dossier WinPFind3u( c'est un rapport qui a pour nom la date du jour\mois\année\heure).

Allez courage! c'est pas compliqué si tu suis bien les étapes :P

Edit: comme je t'ai indiqué dans mon MP, j'ai modifié la procédure :P

Modifié par charles ingals, 22 janvier 2007 - 01:41 .

  • 0