Aller au contenu

Wisewise3

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    226

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Wisewise3

  1. Wisewise3
    Bonjour, lorsque je suis revenu devant mon pc, celui-ci n'afficahit plus rien à l'écran (écran noir). Pas de réaction pour le faire sortir de la veille. Je l'ai redémarrer par un RESET et là au démarrage, quelque peu après les infication en dos (hdd, etc) il redémarrait indéfiniment. J'ai appuyer sur F8 et là j'ai choisi dernière bonne configuration reconnue. il est allé sous windwos et après le début du chargement du bureau, BSoD avec erreur 0 X 0000008E......Scsiport.sys J'ai cherché cherché cherché et j'ai finalement trouvé qu'en désactivant le service BAMSERVICE je n'avais plus ce message. J'ai désinstallé Malware Byte, réinstallé celui-ci et ensuite cocher onglet "PROTECTION" activer le module de protection. Le service démarre sans prob. Mais si je redémarre, comme il se charge alors BSoD... Je dois aller à chaque fois en Mode sans echec et executer msconfig et décocher MBAMSERVICE. Ensuite cela fonctionne... Je pense à un virus car j'ai vu appraitre des trucs... Merci pour votre analyse du fichier hijackthis et me dire si un quelconque virus est responsable de ce problème. Bien à vous, Wisewise3 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:52:02, on 03/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Replay Media Catcher\FLVSrvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\VIA\RAID\vialogsv.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\TeamViewer\Version6\tv_w32.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Wise3\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Wise3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {24774AA3-569B-44A8-97F4-F7DAA4DF2EE3} (CSSAxConfigurator Class) - Belgacom 12 O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266187646546 O16 - DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} (LinksysMLViewer Control) - http://cactus.mylinksyscam.com:1024/img/LinksysMLViewer.cab O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://192.168.1.80/DvrOcx.cab O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} (DVM_IPCam2 Control) - http://zirkakiou.dyndns.org:81/codebase/DVM_IPCam2.ocx O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://bonbon.safe100.net:81/plugin/h263ctrl.cab O16 - DPF: {B11003F9-9E07-4CF8-8C79-20B1DD62FD5B} (Siebel CSSAxCatalogNavigator Class) - Belgacom 12 O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://belgacom.extrafilm.be/ExtraFilmUploader6.cab O16 - DPF: {BFBF6089-ABB0-479D-90F1-1C7A8C0C19FD} (Siebel Product Selection) - Belgacom 12 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E68D228B-A4FB-4A12-A175-BDE041D58372} (Siebel High Interactivity Framework) - Belgacom 12 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 12141 bytes PS: le logo de Malwarebyte n'apparait plus en bas à droite près de l'heure.
  2. Wisewise3
    Bonjour, On m'a apporté un pc très lent... J'ai lancé ComboFix, fais un scan avec Avira. Le pc a l'air de mieux se comporter. Cependant, malgré que je fais plusieurs fois Combofix, il m'indique toujours que le fichier regedit est infecté. Il y a peut etre donc d'autres choses encore. Pouvez vous controler le pc par l'analyse du rapport Hijackthis et de Avira. J'avais fait aussi un scan avec malwarebyte, je joins tous les rapports. Merci pour votre analyse. Bien à vous, Wisewise3 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:58:10, on 31/03/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\WINDOWS\system32\IcoSauve.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Recherche Google R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: MSI Global - Computer, Laptop, Notebook, Desktop, Mainboard, Graphics and more O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301520345343 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301520329953 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {B0E1526D-A0C8-417E-9F8D-E8D11ADFAFC6} (_NetIPCam Control) - http://wise3.dyndns.org:81/img/IPCamActiveX_Setup.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 8667 bytes ComboFix 11-03-30.03 - Administrateur 31/03/2011 20:12:47.4.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.265 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\regedit.exe . . . est infecté!! . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-28 au 2011-03-31 )))))))))))))))))))))))))))))))))))) . . 2011-03-31 06:58 . 2004-08-03 20:29 23615 -c--a-w- c:\windows\system32\dllcache\OLD1092.tmp 2011-03-31 06:57 . 2004-08-03 21:07 44672 -c--a-w- c:\windows\system32\dllcache\OLDF95.tmp 2011-03-31 06:56 . 2001-08-17 19:51 61824 -c--a-w- c:\windows\system32\dllcache\OLDEAE.tmp 2011-03-31 06:55 . 2001-08-17 18:50 68608 -c--a-w- c:\windows\system32\dllcache\OLDDA6.tmp 2011-03-31 06:54 . 2001-08-23 15:47 86097 -c--a-w- c:\windows\system32\dllcache\OLDCC8.tmp 2011-03-31 06:53 . 2001-08-17 18:12 30495 -c--a-w- c:\windows\system32\dllcache\OLDBD0.tmp 2011-03-31 06:52 . 2001-08-23 15:09 53791 -c--a-w- c:\windows\system32\dllcache\OLDB02.tmp 2011-03-31 06:51 . 2002-09-06 19:59 92416 -c--a-w- c:\windows\system32\dllcache\OLDA7B.tmp 2011-03-31 06:50 . 2002-09-06 19:59 5632 -c--a-w- c:\windows\system32\dllcache\OLD999.tmp 2011-03-31 06:49 . 2002-09-06 19:59 6656 -c--a-w- c:\windows\system32\dllcache\OLD8AF.tmp 2011-03-31 06:48 . 2001-08-17 19:28 57471 -c--a-w- c:\windows\system32\dllcache\OLD813.tmp 2011-03-31 06:47 . 2004-08-19 16:09 285184 -c--a-w- c:\windows\system32\dllcache\OLD72B.tmp 2011-03-31 06:46 . 2001-08-23 15:13 175104 -c--a-w- c:\windows\system32\dllcache\OLD62C.tmp 2011-03-31 06:45 . 2001-08-17 18:11 24648 -c--a-w- c:\windows\system32\dllcache\OLD555.tmp 2011-03-31 06:44 . 2001-08-17 19:57 248064 -c--a-w- c:\windows\system32\dllcache\OLD489.tmp 2011-03-31 06:43 . 2001-08-23 15:02 14080 -c--a-w- c:\windows\system32\dllcache\OLD32C.tmp 2011-03-31 06:42 . 2004-08-03 21:10 11776 -c--a-w- c:\windows\system32\dllcache\OLD2B7.tmp 2011-03-31 06:41 . 2004-08-03 20:29 34735 -c--a-w- c:\windows\system32\dllcache\OLD1D0.tmp 2011-03-31 06:40 . 2001-08-17 19:28 762780 -c--a-w- c:\windows\system32\dllcache\OLDC8.tmp 2011-03-31 06:39 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\OLD1B.tmp 2011-03-31 06:39 . 2003-03-24 13:52 16439 -c--a-w- c:\windows\system32\dllcache\OLD1F.tmp 2011-03-31 06:39 . 2004-08-19 16:09 43520 -c--a-w- c:\windows\system32\dllcache\OLD14.tmp 2011-03-31 06:39 . 2004-08-19 16:09 290816 -c--a-w- c:\windows\system32\dllcache\OLD17.tmp 2011-03-31 06:39 . 2003-03-24 13:52 16439 -c--a-w- c:\windows\system32\dllcache\OLD11.tmp 2011-03-31 06:39 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\OLDD.tmp 2011-03-31 06:39 . 2011-03-31 06:59 -------- d-----w- c:\windows\LastGood 2011-03-31 05:54 . 2011-03-31 05:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2011-03-31 05:54 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-31 05:54 . 2011-03-31 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-31 05:54 . 2011-03-31 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-31 05:54 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-30 21:32 . 2009-08-06 17:24 16096 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-03-30 07:34 . 2011-03-30 07:34 84621672 ----a-w- c:\program files\Fichiers communs\Windows Live\.cache\wlc10F4.tmp 2011-03-30 06:54 . 2002-09-06 19:59 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll 2011-03-30 06:54 . 2002-09-06 19:59 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll 2011-03-30 06:54 . 2002-09-06 19:59 7168 -c--a-w- c:\windows\system32\dllcache\kbdnec95.dll . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- . [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\LastGood\system32\drivers\tcpip.sys [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys . . [-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . c:\windows\System32\wscntfy.exe ... manque !! . ((((((((((((((((((((((((((((( SnapShot_2011-03-30_09.03.15 ))))))))))))))))))))))))))))))))))))))))) . + 2007-06-15 13:17 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll + 2007-06-15 12:46 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll + 2007-06-15 12:46 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe + 2011-03-30 21:32 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2011-03-30 21:32 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2007-06-15 12:46 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll + 2007-06-15 12:46 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-19 16:09 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-19 16:09 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll + 2011-03-31 06:52 . 2006-11-18 22:58 91648 c:\windows\LastGood\system32\mydocs.dll + 2011-03-31 06:59 . 2001-08-23 15:47 23040 c:\windows\LastGood\system32\dllcache\xrxwbtmp.dll + 2011-03-31 06:59 . 2001-08-23 15:47 17408 c:\windows\LastGood\system32\dllcache\xrxscnui.dll + 2011-03-31 06:59 . 2001-08-23 15:47 27648 c:\windows\LastGood\system32\dllcache\xrxftplt.exe + 2011-03-31 06:59 . 2001-08-23 15:47 99865 c:\windows\LastGood\system32\dllcache\xlog.exe + 2011-03-31 06:59 . 2001-08-17 18:11 16970 c:\windows\LastGood\system32\dllcache\xem336n5.sys + 2011-03-31 06:59 . 2004-08-03 20:29 19455 c:\windows\LastGood\system32\dllcache\wvchntxx.sys + 2011-03-31 06:59 . 2004-08-03 21:10 19328 c:\windows\LastGood\system32\dllcache\wstcodec.sys + 2011-03-31 06:59 . 2004-08-03 20:29 12063 c:\windows\LastGood\system32\dllcache\wsiintxx.sys + 2011-03-31 06:59 . 2001-08-23 15:05 35402 c:\windows\LastGood\system32\dllcache\wlandrv2.sys + 2011-03-31 06:59 . 2001-08-23 15:47 54272 c:\windows\LastGood\system32\dllcache\wiamsmud.dll + 2011-03-31 06:59 . 2001-08-23 15:47 87040 c:\windows\LastGood\system32\dllcache\wiafbdrv.dll + 2011-03-31 06:59 . 2002-09-06 19:59 31360 c:\windows\LastGood\system32\dllcache\weitekp9.sys + 2011-03-31 06:59 . 2002-09-06 19:59 41600 c:\windows\LastGood\system32\dllcache\weitekp9.dll + 2011-03-31 06:58 . 2004-08-03 20:29 23615 c:\windows\LastGood\system32\dllcache\wch7xxnt.sys + 2011-03-31 06:58 . 2001-08-17 18:10 35871 c:\windows\LastGood\system32\dllcache\wbfirdma.sys + 2011-03-31 06:58 . 2004-08-03 20:29 25471 c:\windows\LastGood\system32\dllcache\watv10nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 22271 c:\windows\LastGood\system32\dllcache\watv06nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 33599 c:\windows\LastGood\system32\dllcache\watv04nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 19551 c:\windows\LastGood\system32\dllcache\watv02nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 29311 c:\windows\LastGood\system32\dllcache\watv01nt.sys + 2011-03-31 06:58 . 2004-08-19 16:09 53248 c:\windows\LastGood\system32\dllcache\wamreg51.dll + 2011-03-31 06:58 . 2004-08-19 16:09 77824 c:\windows\LastGood\system32\dllcache\wam51.dll + 2011-03-31 06:58 . 2004-08-03 20:29 11935 c:\windows\LastGood\system32\dllcache\wadv11nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 11871 c:\windows\LastGood\system32\dllcache\wadv09nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 11295 c:\windows\LastGood\system32\dllcache\wadv08nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 11807 c:\windows\LastGood\system32\dllcache\wadv07nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 11775 c:\windows\LastGood\system32\dllcache\wadv05nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 12127 c:\windows\LastGood\system32\dllcache\wadv02nt.sys + 2011-03-31 06:58 . 2004-08-03 20:29 12415 c:\windows\LastGood\system32\dllcache\wadv01nt.sys + 2011-03-31 06:58 . 2004-08-03 21:04 13568 c:\windows\LastGood\system32\dllcache\wacompen.sys + 2011-03-31 06:58 . 2001-08-17 18:13 16925 c:\windows\LastGood\system32\dllcache\w940nd.sys + 2011-03-31 06:58 . 2001-08-17 18:13 19016 c:\windows\LastGood\system32\dllcache\w926nd.sys + 2011-03-31 06:58 . 2001-08-17 18:13 19528 c:\windows\LastGood\system32\dllcache\w840nd.sys + 2011-03-31 06:58 . 2002-09-06 19:59 74240 c:\windows\LastGood\system32\dllcache\w3ext.dll + 2011-03-31 06:58 . 2002-09-06 19:59 48256 c:\windows\LastGood\system32\dllcache\w32.dll + 2011-03-31 06:58 . 2001-08-17 19:28 64605 c:\windows\LastGood\system32\dllcache\vvoice.sys + 2011-03-31 06:58 . 2004-08-03 22:32 86073 c:\windows\LastGood\system32\dllcache\voicesub.dll + 2011-03-31 06:58 . 2001-08-17 19:49 24576 c:\windows\LastGood\system32\dllcache\viairda.sys + 2011-03-31 06:58 . 2004-08-19 14:09 54784 c:\windows\LastGood\system32\dllcache\vfwwdm32.dll + 2011-03-31 06:58 . 2004-08-19 14:09 11325 c:\windows\LastGood\system32\dllcache\vchnt5.dll + 2011-03-31 06:58 . 2004-08-03 21:08 25600 c:\windows\LastGood\system32\dllcache\usbser.sys + 2011-03-31 06:58 . 2004-08-03 20:58 15104 c:\windows\LastGood\system32\dllcache\usbscan.sys + 2011-03-31 06:58 . 2004-08-03 21:08 17024 c:\windows\LastGood\system32\dllcache\usbohci.sys + 2011-03-31 06:58 . 2004-08-03 21:08 26624 c:\windows\LastGood\system32\dllcache\usbehci.sys + 2011-03-31 06:58 . 2004-08-03 21:07 59264 c:\windows\LastGood\system32\dllcache\usbaudio.sys + 2011-03-31 06:58 . 2004-08-03 21:04 12672 c:\windows\LastGood\system32\dllcache\usb8023x.sys + 2011-03-31 06:58 . 2004-08-19 13:58 32384 c:\windows\LastGood\system32\dllcache\usb101et.sys + 2011-03-31 06:58 . 2004-08-03 23:04 76288 c:\windows\LastGood\system32\dllcache\uniime.dll + 2011-03-31 06:58 . 2001-08-23 15:47 94720 c:\windows\LastGood\system32\dllcache\umaxud32.dll + 2011-03-31 06:58 . 2001-08-23 15:47 28672 c:\windows\LastGood\system32\dllcache\umaxu40.dll + 2011-03-31 06:58 . 2001-08-23 15:47 27136 c:\windows\LastGood\system32\dllcache\umaxu22.dll + 2011-03-31 06:58 . 2001-08-23 15:47 70144 c:\windows\LastGood\system32\dllcache\umaxu12.dll + 2011-03-31 06:58 . 2001-08-23 15:47 50688 c:\windows\LastGood\system32\dllcache\umaxscan.dll + 2011-03-31 06:58 . 2001-08-17 19:58 22912 c:\windows\LastGood\system32\dllcache\umaxpcls.sys + 2011-03-31 06:58 . 2001-08-23 15:47 50688 c:\windows\LastGood\system32\dllcache\umaxp60.dll + 2011-03-31 06:58 . 2001-08-23 15:47 47616 c:\windows\LastGood\system32\dllcache\umaxcam.dll + 2011-03-31 06:58 . 2001-08-17 19:52 36736 c:\windows\LastGood\system32\dllcache\ultra.sys + 2011-03-31 06:57 . 2004-08-03 21:07 44672 c:\windows\LastGood\system32\dllcache\uagp35.sys + 2011-03-31 06:57 . 2001-08-17 19:48 11520 c:\windows\LastGood\system32\dllcache\twotrack.sys + 2011-03-31 06:57 . 2002-09-06 19:59 14336 c:\windows\LastGood\system32\dllcache\tsprof.exe + 2011-03-31 06:57 . 2001-08-17 18:12 34375 c:\windows\LastGood\system32\dllcache\tpro4.sys + 2011-03-31 06:57 . 2001-08-23 15:46 43520 c:\windows\LastGood\system32\dllcache\tp4res.dll + 2011-03-31 06:57 . 2004-08-19 14:10 82432 c:\windows\LastGood\system32\dllcache\tp4mon.exe + 2011-03-31 06:57 . 2001-08-23 15:47 31744 c:\windows\LastGood\system32\dllcache\tp4.dll + 2011-03-31 06:57 . 2001-08-17 18:10 28232 c:\windows\LastGood\system32\dllcache\tos4mo.sys + 2011-03-31 06:57 . 2002-09-06 19:59 31232 c:\windows\LastGood\system32\dllcache\tools.dll + 2011-03-31 06:57 . 2004-08-03 22:32 10240 c:\windows\LastGood\system32\dllcache\tmigrate.dll + 2011-03-31 06:57 . 2004-08-03 22:32 44032 c:\windows\LastGood\system32\dllcache\tintlphr.exe + 2011-03-31 06:57 . 2001-08-23 15:46 81408 c:\windows\LastGood\system32\dllcache\tgiul50.dll + 2011-03-31 06:57 . 2002-09-06 19:59 19464 c:\windows\LastGood\system32\dllcache\tdspx.sys + 2011-03-31 06:57 . 2001-08-17 18:13 17129 c:\windows\LastGood\system32\dllcache\tdkcd31.sys + 2011-03-31 06:57 . 2001-08-17 18:13 37961 c:\windows\LastGood\system32\dllcache\tdk100b.sys + 2011-03-31 06:57 . 2002-09-06 19:59 21896 c:\windows\LastGood\system32\dllcache\tdipx.sys + 2011-03-31 06:57 . 2002-09-06 19:59 13192 c:\windows\LastGood\system32\dllcache\tdasync.sys + 2011-03-31 06:40 . 2003-04-14 18:29 16384 c:\windows\LastGood\system32\dllcache\tcptsat.dll + 2011-03-31 06:40 . 2003-03-24 13:52 32827 c:\windows\LastGood\system32\dllcache\tcptest.exe + 2011-03-31 06:57 . 2001-08-17 19:49 30464 c:\windows\LastGood\system32\dllcache\tbatm155.sys + 2011-03-31 06:57 . 2001-08-17 18:50 36640 c:\windows\LastGood\system32\dllcache\t2r4mini.sys + 2011-03-31 06:57 . 2001-08-17 20:07 32640 c:\windows\LastGood\system32\dllcache\symc8xx.sys + 2011-03-31 06:57 . 2001-08-17 20:07 16256 c:\windows\LastGood\system32\dllcache\symc810.sys + 2011-03-31 06:57 . 2001-08-17 20:07 30688 c:\windows\LastGood\system32\dllcache\sym_u3.sys + 2011-03-31 06:57 . 2001-08-17 20:07 28384 c:\windows\LastGood\system32\dllcache\sym_hi.sys + 2011-03-31 06:57 . 2001-08-23 15:47 94293 c:\windows\LastGood\system32\dllcache\sxports.dll + 2011-03-31 06:57 . 2001-08-23 15:47 10240 c:\windows\LastGood\system32\dllcache\swpidflt.dll + 2011-03-31 06:57 . 2001-08-23 15:47 10240 c:\windows\LastGood\system32\dllcache\swpdflt2.dll + 2011-03-31 06:57 . 2001-08-23 15:47 53760 c:\windows\LastGood\system32\dllcache\sw_wheel.dll + 2011-03-31 06:57 . 2001-08-23 15:47 41472 c:\windows\LastGood\system32\dllcache\sw_effct.dll + 2011-03-31 06:57 . 2004-08-19 16:09 46592 c:\windows\LastGood\system32\dllcache\svcext51.dll + 2011-03-31 06:57 . 2004-08-03 21:10 15360 c:\windows\LastGood\system32\dllcache\streamip.sys + 2011-03-31 06:57 . 2001-08-23 15:47 53248 c:\windows\LastGood\system32\dllcache\stlncoin.dll + 2011-03-31 06:57 . 2001-08-23 14:57 17024 c:\windows\LastGood\system32\dllcache\stcusb.sys + 2011-03-31 06:57 . 2002-09-06 19:59 16896 c:\windows\LastGood\system32\dllcache\status.dll + 2011-03-31 06:57 . 2004-08-19 16:09 46592 c:\windows\LastGood\system32\dllcache\sspifilt.dll + 2011-03-31 06:57 . 2004-08-19 16:09 45568 c:\windows\LastGood\system32\dllcache\ssinc51.dll + 2011-03-31 06:57 . 2001-08-17 18:11 48736 c:\windows\LastGood\system32\dllcache\srwlnd5.sys + 2011-03-31 06:57 . 2001-08-23 15:47 99840 c:\windows\LastGood\system32\dllcache\srusd.dll + 2011-03-31 06:57 . 2001-08-23 15:47 24660 c:\windows\LastGood\system32\dllcache\spxupchk.dll + 2011-03-31 06:56 . 2001-08-17 19:51 61824 c:\windows\LastGood\system32\dllcache\speed.sys + 2011-03-31 06:56 . 2001-08-17 20:07 19072 c:\windows\LastGood\system32\dllcache\sparrow.sys + 2011-03-31 06:56 . 2001-08-17 18:51 37040 c:\windows\LastGood\system32\dllcache\sonypi.sys + 2011-03-31 06:56 . 2001-08-17 18:51 20752 c:\windows\LastGood\system32\dllcache\sonync.sys + 2011-03-31 06:56 . 2004-08-19 16:09 40448 c:\windows\LastGood\system32\dllcache\snmpthrd.dll + 2011-03-31 06:56 . 2002-09-06 19:59 10240 c:\windows\LastGood\system32\dllcache\snmpstup.dll + 2011-03-31 06:56 . 2004-08-19 16:10 32768 c:\windows\LastGood\system32\dllcache\snmp.exe + 2011-03-31 06:56 . 2004-08-19 16:09 10752 c:\windows\LastGood\system32\dllcache\smtpapi.dll + 2011-03-31 06:56 . 2001-08-17 18:51 58368 c:\windows\LastGood\system32\dllcache\smiminib.sys + 2011-03-31 06:56 . 2002-09-06 19:59 15872 c:\windows\LastGood\system32\dllcache\smierrsm.dll + 2011-03-31 06:56 . 2001-08-17 18:12 25034 c:\windows\LastGood\system32\dllcache\smcpwr2n.sys + 2011-03-31 06:56 . 2001-08-23 15:21 36937 c:\windows\LastGood\system32\dllcache\smcirda.sys + 2011-03-31 06:56 . 2001-08-17 18:12 24576 c:\windows\LastGood\system32\dllcache\smc8000n.sys + 2011-03-31 06:56 . 2004-08-03 21:07 16128 c:\windows\LastGood\system32\dllcache\smbbatt.sys + 2011-03-31 06:56 . 2002-09-06 19:59 31744 c:\windows\LastGood\system32\dllcache\smb6w.dll + 2011-03-31 06:56 . 2001-08-23 15:47 45568 c:\windows\LastGood\system32\dllcache\smb3w.dll + 2011-03-31 06:56 . 2001-08-23 15:47 33792 c:\windows\LastGood\system32\dllcache\smb0w.dll + 2011-03-31 06:56 . 2002-09-06 19:59 31744 c:\windows\LastGood\system32\dllcache\sma3w.dll + 2011-03-31 06:56 . 2001-08-23 15:47 28672 c:\windows\LastGood\system32\dllcache\sma0w.dll + 2011-03-31 06:56 . 2002-09-06 19:59 38912 c:\windows\LastGood\system32\dllcache\sm9aw.dll + 2011-03-31 06:56 . 2002-09-06 19:59 26624 c:\windows\LastGood\system32\dllcache\sm93w.dll + 2011-03-31 06:56 . 2002-09-06 19:59 26624 c:\windows\LastGood\system32\dllcache\sm92w.dll + 2011-03-31 06:56 . 2001-08-23 15:47 28160 c:\windows\LastGood\system32\dllcache\sm91w.dll + 2011-03-31 06:56 . 2002-09-06 19:59 26112 c:\windows\LastGood\system32\dllcache\sm90w.dll + 2011-03-31 06:56 . 2002-09-06 19:59 26112 c:\windows\LastGood\system32\dllcache\sm8dw.dll + 2011-03-31 06:56 . 2002-09-06 19:59 29184 c:\windows\LastGood\system32\dllcache\sm8cw.dll + 2011-03-31 06:56 . 2002-09-06 19:59 26112 c:\windows\LastGood\system32\dllcache\sm8aw.dll + 2011-03-31 06:56 . 2002-09-06 19:59 26112 c:\windows\LastGood\system32\dllcache\sm89w.dll + 2011-03-31 06:56 . 2002-09-06 19:59 30208 c:\windows\LastGood\system32\dllcache\sm87w.dll + 2011-03-31 06:56 . 2002-09-06 19:59 30208 c:\windows\LastGood\system32\dllcache\sm81w.dll + 2011-03-31 06:56 . 2002-09-06 19:59 25088 c:\windows\LastGood\system32\dllcache\sm59w.dll + 2011-03-31 06:56 . 2004-08-03 20:41 13240 c:\windows\LastGood\system32\dllcache\slwdmsup.sys + 2011-03-31 06:56 . 2004-08-19 14:10 73796 c:\windows\LastGood\system32\dllcache\slserv.exe + 2011-03-31 06:56 . 2004-08-19 14:10 32866 c:\windows\LastGood\system32\dllcache\slrundll.exe + 2011-03-31 06:56 . 2004-08-03 20:41 95424 c:\windows\LastGood\system32\dllcache\slnthal.sys + 2011-03-31 06:56 . 2004-08-03 21:10 11136 c:\windows\LastGood\system32\dllcache\slip.sys + 2011-03-31 06:56 . 2004-08-19 14:09 73832 c:\windows\LastGood\system32\dllcache\slcoinst.dll + 2011-03-31 06:56 . 2004-08-03 20:31 63547 c:\windows\LastGood\system32\dllcache\sla30nd5.sys + 2011-03-31 06:56 . 2001-08-17 18:12 91294 c:\windows\LastGood\system32\dllcache\skfpwin.sys + 2011-03-31 06:56 . 2001-08-23 15:21 95114 c:\windows\LastGood\system32\dllcache\sk98xwin.sys + 2011-03-31 06:56 . 2001-08-17 18:50 50432 c:\windows\LastGood\system32\dllcache\sisv.sys + 2011-03-31 06:56 . 2004-08-03 20:31 32768 c:\windows\LastGood\system32\dllcache\sisnic.sys + 2011-03-31 06:56 . 2004-08-03 21:07 41088 c:\windows\LastGood\system32\dllcache\sisagp.sys + 2011-03-31 06:55 . 2001-08-17 18:50 68608 c:\windows\LastGood\system32\dllcache\sis6306p.sys + 2011-03-31 06:55 . 2002-09-06 19:59 18944 c:\windows\LastGood\system32\dllcache\simptcp.dll + 2011-03-31 06:40 . 2003-03-24 13:52 16437 c:\windows\LastGood\system32\dllcache\shtml.exe + 2011-03-31 06:40 . 2003-03-24 13:52 20536 c:\windows\LastGood\system32\dllcache\shtml.dll + 2011-03-31 06:55 . 2001-07-21 20:29 18400 c:\windows\LastGood\system32\dllcache\sgsmld.sys + 2011-03-31 06:55 . 2001-08-17 18:51 98080 c:\windows\LastGood\system32\dllcache\sgiulnt5.sys + 2011-03-31 06:55 . 2001-08-17 18:19 36480 c:\windows\LastGood\system32\dllcache\sfmanm.sys + 2011-03-31 06:55 . 2001-08-23 15:20 18432 c:\windows\LastGood\system32\dllcache\sermouse.sys + 2011-03-31 06:55 . 2001-08-17 19:53 10880 c:\windows\LastGood\system32\dllcache\scsiscan.sys + 2011-03-31 06:55 . 2001-08-17 19:52 11648 c:\windows\LastGood\system32\dllcache\scsiprnt.sys + 2011-03-31 06:55 . 2001-08-23 15:20 17536 c:\windows\LastGood\system32\dllcache\scr111.sys + 2011-03-31 06:55 . 2001-08-23 15:20 16768 c:\windows\LastGood\system32\dllcache\scmstcs.sys + 2011-03-31 06:55 . 2001-08-17 19:51 23936 c:\windows\LastGood\system32\dllcache\sccmusbm.sys + 2011-03-31 06:55 . 2001-08-23 15:20 24064 c:\windows\LastGood\system32\dllcache\sccmn50m.sys + 2011-03-31 06:55 . 2004-08-03 20:59 43136 c:\windows\LastGood\system32\dllcache\sbp2port.sys + 2011-03-31 06:55 . 2001-08-17 18:50 75392 c:\windows\LastGood\system32\dllcache\s3savmxm.sys + 2011-03-31 06:55 . 2001-08-17 18:50 77824 c:\windows\LastGood\system32\dllcache\s3sav4m.sys + 2011-03-31 06:55 . 2001-08-17 18:50 61504 c:\windows\LastGood\system32\dllcache\s3sav3dm.sys + 2011-03-31 06:55 . 2001-08-23 15:46 62496 c:\windows\LastGood\system32\dllcache\s3mtrio.dll + 2011-03-31 06:55 . 2001-08-17 18:50 41216 c:\windows\LastGood\system32\dllcache\s3mt3d.sys + 2011-03-31 06:55 . 2001-08-17 19:57 65664 c:\windows\LastGood\system32\dllcache\s3legacy.sys + 2011-03-31 06:40 . 2001-08-23 15:46 66048 c:\windows\LastGood\system32\dllcache\s3legacy.dll + 2011-03-31 06:55 . 2001-08-23 15:47 83968 c:\windows\LastGood\system32\dllcache\rwia450.dll + 2011-03-31 06:55 . 2001-08-23 15:47 81408 c:\windows\LastGood\system32\dllcache\rwia430.dll + 2011-03-31 06:55 . 2002-09-06 19:59 81408 c:\windows\LastGood\system32\dllcache\rwia330.dll + 2011-03-31 06:55 . 2002-09-06 19:59 81408 c:\windows\LastGood\system32\dllcache\rwia001.dll + 2011-03-31 06:55 . 2001-08-23 15:47 26624 c:\windows\LastGood\system32\dllcache\rw450ext.dll + 2011-03-31 06:55 . 2001-08-23 15:47 25088 c:\windows\LastGood\system32\dllcache\rw430ext.dll + 2011-03-31 06:55 . 2002-09-06 19:59 26624 c:\windows\LastGood\system32\dllcache\rw330ext.dll + 2011-03-31 06:55 . 2002-09-06 19:59 25088 c:\windows\LastGood\system32\dllcache\rw001ext.dll + 2011-03-31 06:55 . 2001-08-17 18:12 19017 c:\windows\LastGood\system32\dllcache\rtl8029.sys + 2011-03-31 06:55 . 2001-08-17 18:19 30720 c:\windows\LastGood\system32\dllcache\rthwcls.sys + 2011-03-31 06:55 . 2001-08-23 15:47 10240 c:\windows\LastGood\system32\dllcache\rsmgrstr.dll + 2011-03-31 06:55 . 2004-08-19 13:55 79360 c:\windows\LastGood\system32\dllcache\rocket.sys + 2011-03-31 06:55 . 2004-08-03 21:04 30080 c:\windows\LastGood\system32\dllcache\rndismpx.sys + 2011-03-31 06:55 . 2001-08-17 18:12 37563 c:\windows\LastGood\system32\dllcache\rlnet5.sys + 2011-03-31 06:55 . 2004-08-03 21:10 59648 c:\windows\LastGood\system32\dllcache\rfcomm.sys + 2011-03-31 06:54 . 2001-08-23 15:47 86097 c:\windows\LastGood\system32\dllcache\reslog32.dll + 2011-03-31 06:54 . 2002-09-06 19:59 15360 c:\windows\LastGood\system32\dllcache\register.exe + 2011-03-31 06:54 . 2004-08-03 20:41 13776 c:\windows\LastGood\system32\dllcache\recagent.sys + 2011-03-31 06:54 . 2001-08-17 19:51 19584 c:\windows\LastGood\system32\dllcache\rasirda.sys + 2011-03-31 06:54 . 2004-08-03 23:00 20736 c:\windows\LastGood\system32\dllcache\ramdisk.sys + 2011-03-31 06:54 . 2001-08-23 15:47 41984 c:\windows\LastGood\system32\dllcache\qvusd.dll + 2011-03-31 06:54 . 2002-09-06 19:59 16896 c:\windows\LastGood\system32\dllcache\quser.exe + 2011-03-31 06:54 . 2002-09-06 19:59 10240 c:\windows\LastGood\system32\dllcache\query.exe + 2011-03-31 06:54 . 2001-08-17 19:52 49024 c:\windows\LastGood\system32\dllcache\ql1280.sys + 2011-03-31 06:54 . 2001-08-17 19:52 40448 c:\windows\LastGood\system32\dllcache\ql1240.sys + 2011-03-31 06:54 . 2001-08-17 19:52 45312 c:\windows\LastGood\system32\dllcache\ql12160.sys + 2011-03-31 06:54 . 2001-08-17 19:52 33152 c:\windows\LastGood\system32\dllcache\ql10wnt.sys + 2011-03-31 06:54 . 2001-08-17 19:52 40320 c:\windows\LastGood\system32\dllcache\ql1080.sys + 2011-03-31 06:54 . 2001-08-23 15:47 35328 c:\windows\LastGood\system32\dllcache\psisload.dll + 2011-03-31 06:54 . 2001-08-23 15:17 16512 c:\windows\LastGood\system32\dllcache\pscr.sys + 2011-03-31 06:54 . 2004-08-03 21:00 17664 c:\windows\LastGood\system32\dllcache\ppa3.sys + 2011-03-31 06:54 . 2001-08-17 19:53 17792 c:\windows\LastGood\system32\dllcache\ppa.sys + 2011-03-31 06:54 . 2002-09-06 19:59 11264 c:\windows\LastGood\system32\dllcache\pmxmcro.dll + 2011-03-31 06:54 . 2004-08-03 22:31 67584 c:\windows\LastGood\system32\dllcache\pmigrate.dll + 2011-03-31 06:54 . 2004-08-03 22:31 70144 c:\windows\LastGood\system32\dllcache\pintlphr.exe + 2011-03-31 06:54 . 2004-08-03 22:31 53760 c:\windows\LastGood\system32\dllcache\pintlcsd.dll + 2011-03-31 06:54 . 2001-08-17 20:07 19840 c:\windows\LastGood\system32\dllcache\philtune.sys + 2011-03-31 06:54 . 2001-08-17 20:04 92416 c:\windows\LastGood\system32\dllcache\phildec.sys + 2011-03-31 06:54 . 2001-08-17 20:04 75776 c:\windows\LastGood\system32\dllcache\philcam1.sys + 2011-03-31 06:54 . 2001-08-23 15:47 16896 c:\windows\LastGood\system32\dllcache\philcam1.dll + 2011-03-31 06:54 . 2002-09-06 19:59 20992 c:\windows\LastGood\system32\dllcache\permchk.dll + 2011-03-31 06:54 . 2004-08-03 21:06 28032 c:\windows\LastGood\system32\dllcache\perm3.sys + 2011-03-31 06:54 . 2004-08-03 21:06 27904 c:\windows\LastGood\system32\dllcache\perm2.sys + 2011-03-31 06:54 . 2001-08-17 20:07 27296 c:\windows\LastGood\system32\dllcache\perc2.sys + 2011-03-31 06:54 . 2001-08-23 15:47 86016 c:\windows\LastGood\system32\dllcache\pctspk.exe + 2011-03-31 06:54 . 2001-08-17 18:11 35328 c:\windows\LastGood\system32\dllcache\pcntpci5.sys + 2011-03-31 06:54 . 2001-08-17 18:11 29769 c:\windows\LastGood\system32\dllcache\pcntn5m.sys + 2011-03-31 06:54 . 2001-08-17 18:11 30282 c:\windows\LastGood\system32\dllcache\pcntn5hl.sys + 2011-03-31 06:54 . 2001-08-17 18:12 26153 c:\windows\LastGood\system32\dllcache\pcmlm56.sys + 2011-03-31 06:54 . 2004-08-03 20:31 29502 c:\windows\LastGood\system32\dllcache\pca200e.sys + 2011-03-31 06:53 . 2001-08-17 18:12 30495 c:\windows\LastGood\system32\dllcache\pc100nds.sys + 2011-03-31 06:53 . 2002-09-06 19:59 31744 c:\windows\LastGood\system32\dllcache\pagecnt.dll + 2011-03-31 06:53 . 2004-08-03 22:31 15360 c:\windows\LastGood\system32\dllcache\padrs804.dll + 2011-03-31 06:53 . 2002-09-06 19:59 14336 c:\windows\LastGood\system32\dllcache\padrs412.dll + 2011-03-31 06:53 . 2002-09-06 19:59 36927 c:\windows\LastGood\system32\dllcache\padrs411.dll + 2011-03-31 06:53 . 2004-08-03 22:32 15872 c:\windows\LastGood\system32\dllcache\padrs404.dll + 2011-03-31 06:53 . 2001-08-23 15:47 42496 c:\windows\LastGood\system32\dllcache\ovui2rc.dll + 2011-03-31 06:53 . 2001-08-23 15:47 44544 c:\windows\LastGood\system32\dllcache\ovui2.dll + 2011-03-31 06:53 . 2001-08-17 20:05 25216 c:\windows\LastGood\system32\dllcache\ovsound2.sys + 2011-03-31 06:53 . 2001-08-23 15:47 39424 c:\windows\LastGood\system32\dllcache\ovcoms.exe + 2011-03-31 06:53 . 2001-08-23 15:47 20480 c:\windows\LastGood\system32\dllcache\ovcomc.dll + 2011-03-31 06:53 . 2001-08-17 20:05 31872 c:\windows\LastGood\system32\dllcache\ovce.sys + 2011-03-31 06:53 . 2001-08-17 20:05 28032 c:\windows\LastGood\system32\dllcache\ovcd.sys + 2011-03-31 06:53 . 2001-08-17 20:05 48000 c:\windows\LastGood\system32\dllcache\ovcam2.sys + 2011-03-31 06:53 . 2001-08-17 20:05 25088 c:\windows\LastGood\system32\dllcache\ovca.sys + 2011-03-31 06:53 . 2001-08-23 15:15 54954 c:\windows\LastGood\system32\dllcache\otcsercb.sys + 2011-03-31 06:53 . 2001-08-23 15:15 44297 c:\windows\LastGood\system32\dllcache\otceth5.sys + 2011-03-31 06:53 . 2001-08-17 18:12 27209 c:\windows\LastGood\system32\dllcache\otc06x5.sys + 2011-03-31 06:53 . 2001-08-17 18:20 54528 c:\windows\LastGood\system32\dllcache\opl3sax.sys + 2011-03-31 06:53 . 2005-08-12 23:11 61312 c:\windows\LastGood\system32\dllcache\ohci1394.sys + 2011-03-31 06:53 . 2001-08-17 18:49 51552 c:\windows\LastGood\system32\dllcache\ntgrip.sys + 2011-03-31 06:53 . 2004-08-19 16:09 45056 c:\windows\LastGood\system32\dllcache\nsepm.dll + 2011-03-31 06:53 . 2004-08-03 21:00 28672 c:\windows\LastGood\system32\dllcache\nscirda.sys + 2011-03-31 06:53 . 2001-08-17 18:20 87040 c:\windows\LastGood\system32\dllcache\nm6wdm.sys + 2011-03-31 06:53 . 2001-08-17 18:12 32840 c:\windows\LastGood\system32\dllcache\ngrpci.sys + 2011-03-31 06:53 . 2002-09-06 19:59 53248 c:\windows\LastGood\system32\dllcache\nextlink.dll + 2011-03-31 06:53 . 2001-08-23 15:10 66302 c:\windows\LastGood\system32\dllcache\netflx3.sys + 2011-03-31 06:53 . 2001-08-17 18:50 39264 c:\windows\LastGood\system32\dllcache\neo20xx.sys + 2011-03-31 06:53 . 2001-08-23 15:46 60480 c:\windows\LastGood\system32\dllcache\neo20xx.dll + 2011-03-31 06:53 . 2001-08-17 19:49 15872 c:\windows\LastGood\system32\dllcache\ne2000.sys + 2011-03-31 06:53 . 2004-08-03 21:10 10880 c:\windows\LastGood\system32\dllcache\ndisip.sys + 2011-03-31 06:53 . 2004-08-03 21:10 85376 c:\windows\LastGood\system32\dllcache\nabtsfec.sys + 2011-03-31 06:53 . 2001-08-23 15:46 91488 c:\windows\LastGood\system32\dllcache\n9i3disp.dll + 2011-03-31 06:53 . 2001-08-17 18:50 27936 c:\windows\LastGood\system32\dllcache\n9i3d.sys + 2011-03-31 06:53 . 2001-08-17 18:50 33088 c:\windows\LastGood\system32\dllcache\n9i128v2.sys + 2011-03-31 06:53 . 2001-08-23 15:46 59104 c:\windows\LastGood\system32\dllcache\n9i128v2.dll + 2011-03-31 06:53 . 2001-08-17 18:50 13664 c:\windows\LastGood\system32\dllcache\n9i128.sys + 2011-03-31 06:53 . 2001-08-23 15:46 35392 c:\windows\LastGood\system32\dllcache\n9i128.dll + 2011-03-31 06:52 . 2001-08-23 15:09 53791 c:\windows\LastGood\system32\dllcache\n1000nt5.sys + 2011-03-31 06:52 . 2001-08-23 15:09 76928 c:\windows\LastGood\system32\dllcache\mxport.sys + 2011-03-31 06:52 . 2001-08-17 19:49 19968 c:\windows\LastGood\system32\dllcache\mxnic.sys + 2011-03-31 06:52 . 2001-08-23 15:47 19968 c:\windows\LastGood\system32\dllcache\mxicfg.dll + 2011-03-31 06:52 . 2001-08-23 15:08 22144 c:\windows\LastGood\system32\dllcache\mxcard.sys + 2011-03-31 06:52 . 2004-08-03 21:04 12672 c:\windows\LastGood\system32\dllcache\mutohpen.sys + 2011-03-31 06:52 . 2004-08-03 21:10 49024 c:\windows\LastGood\system32\dllcache\mstape.sys + 2011-03-31 06:52 . 2001-08-17 19:48 12416 c:\windows\LastGood\system32\dllcache\msriffwv.sys + 2011-03-31 06:52 . 2004-08-19 16:09 40960 c:\windows\LastGood\system32\dllcache\msiregmv.exe + 2011-03-31 06:52 . 2004-08-03 21:00 22016 c:\windows\LastGood\system32\dllcache\msircomm.sys + 2011-03-31 06:52 . 2002-09-06 19:59 98304 c:\windows\LastGood\system32\dllcache\msir3jp.dll + 2011-03-31 06:52 . 2001-08-17 20:02 35200 c:\windows\LastGood\system32\dllcache\msgame.sys + 2011-03-31 06:52 . 2004-08-03 21:10 51328 c:\windows\LastGood\system32\dllcache\msdv.sys + 2011-03-31 06:52 . 2001-08-17 19:52 17280 c:\windows\LastGood\system32\dllcache\mraid35x.sys + 2011-03-31 06:52 . 2004-08-03 21:10 15360 c:\windows\LastGood\system32\dllcache\mpe.sys + 2011-03-31 06:52 . 2001-08-17 19:57 16128 c:\windows\LastGood\system32\dllcache\modemcsa.sys + 2011-03-31 06:52 . 2002-09-06 19:59 34816 c:\windows\LastGood\system32\dllcache\migisol.exe + 2011-03-31 06:51 . 2002-09-06 19:59 92416 c:\windows\LastGood\system32\dllcache\mga.sys + 2011-03-31 06:51 . 2002-09-06 19:59 92032 c:\windows\LastGood\system32\dllcache\mga.dll + 2011-03-31 06:51 . 2004-08-19 16:09 86016 c:\windows\LastGood\system32\dllcache\metada51.dll + 2011-03-31 06:51 . 2004-08-03 21:00 26112 c:\windows\LastGood\system32\dllcache\memstpci.sys + 2011-03-31 06:51 . 2001-08-23 15:47 47616 c:\windows\LastGood\system32\dllcache\memgrp.dll + 2011-03-31 06:51 . 2002-09-06 19:59 26624 c:\windows\LastGood\system32\dllcache\mdsync.dll + 2011-03-31 06:51 . 2004-08-19 16:09 37888 c:\windows\LastGood\system32\dllcache\md5filt.dll + 2011-03-31 06:51 . 2001-08-17 18:19 48768 c:\windows\LastGood\system32\dllcache\maestro.sys + 2011-03-31 06:51 . 2001-08-23 15:47 59392 c:\windows\LastGood\system32\dllcache\m3092dc.dll + 2011-03-31 06:51 . 2001-08-23 15:47 58880 c:\windows\LastGood\system32\dllcache\m3091dc.dll + 2011-03-31 06:51 . 2001-08-17 18:49 22848 c:\windows\LastGood\system32\dllcache\lwusbhid.sys + 2011-03-31 06:51 . 2004-08-03 20:39 20864 c:\windows\LastGood\system32\dllcache\lwadihid.sys + 2011-03-31 06:51 . 2004-08-19 16:09 19456 c:\windows\LastGood\system32\dllcache\lprmon.dll + 2011-03-31 06:51 . 2004-08-19 16:09 23040 c:\windows\LastGood\system32\dllcache\lpdsvc.dll + 2011-03-31 06:51 . 2004-08-19 16:09 13312 c:\windows\LastGood\system32\dllcache\lonsint.dll + 2011-03-31 06:51 . 2002-09-06 19:59 22016 c:\windows\LastGood\system32\dllcache\logscrpt.dll + 2011-03-31 06:51 . 2001-08-17 18:12 70730 c:\windows\LastGood\system32\dllcache\lne100tx.sys + 2011-03-31 06:51 . 2001-08-17 18:12 20573 c:\windows\LastGood\system32\dllcache\lne100.sys + 2011-03-31 06:51 . 2001-08-17 18:11 25065 c:\windows\LastGood\system32\dllcache\lmndis3.sys + 2011-03-31 06:51 . 2004-08-19 16:09 33792 c:\windows\LastGood\system32\dllcache\lmmib2.dll + 2011-03-31 06:51 . 2001-08-23 15:00 16384 c:\windows\LastGood\system32\dllcache\lit220p.sys + 2011-03-31 06:51 . 2004-08-03 20:59 34688 c:\windows\LastGood\system32\dllcache\lbrtfdc.sys + 2011-03-31 06:51 . 2001-08-23 14:59 26922 c:\windows\LastGood\system32\dllcache\lanepic5.sys + 2011-03-31 06:51 . 2001-08-17 18:12 19016 c:\windows\LastGood\system32\dllcache\ktc111.sys + 2011-03-31 06:51 . 2001-08-23 15:47 37888 c:\windows\LastGood\system32\dllcache\kousd.dll + 2011-03-31 06:51 . 2002-09-06 19:59 70656 c:\windows\LastGood\system32\dllcache\korwbrkr.dll + 2011-03-31 06:51 . 2001-08-23 15:47 46080 c:\windows\LastGood\system32\dllcache\kdsui.dll + 2011-03-31 06:50 . 2002-09-06 19:59 18432 c:\windows\LastGood\system32\dllcache\jupiw.dll + 2011-03-31 06:50 . 2004-08-19 16:09 27648 c:\windows\LastGood\system32\dllcache\iscomlog.dll + 2011-03-31 06:40 . 2004-08-19 16:09 68608 c:\windows\LastGood\system32\dllcache\isatq.dll + 2011-03-31 06:50 . 2001-08-17 19:49 26624 c:\windows\LastGood\system32\dllcache\irstusb.sys + 2011-03-31 06:50 . 2001-08-17 19:51 18688 c:\windows\LastGood\system32\dllcache\irsir.sys + 2011-03-31 06:50 . 2004-08-19 14:09 28160 c:\windows\LastGood\system32\dllcache\irmon.dll + 2011-03-31 06:50 . 2001-08-17 19:49 23552 c:\windows\LastGood\system32\dllcache\irmk7.sys + 2011-03-31 06:50 . 2004-08-03 21:00 87424 c:\windows\LastGood\system32\dllcache\irda.sys + 2011-03-31 06:50 . 2004-08-03 21:08 40832 c:\windows\LastGood\system32\dllcache\irbus.sys + 2011-03-31 06:50 . 2004-08-19 16:09 36864 c:\windows\LastGood\system32\dllcache\iprip.dll + 2011-03-31 06:50 . 2001-08-17 18:12 45632 c:\windows\LastGood\system32\dllcache\ip5515.sys + 2011-03-31 06:50 . 2001-08-23 15:47 90200 c:\windows\LastGood\system32\dllcache\io8ports.dll + 2011-03-31 06:50 . 2001-08-17 19:50 38784 c:\windows\LastGood\system32\dllcache\io8.sys + 2011-03-31 06:50 . 2001-08-23 14:57 13824 c:\windows\LastGood\system32\dllcache\inport.sys + 2011-03-31 06:50 . 2001-08-17 19:52 16000 c:\windows\LastGood\system32\dllcache\ini910u.sys + 2011-03-31 06:40 . 2004-08-19 16:09 13312 c:\windows\LastGood\system32\dllcache\infoadmn.dll + 2011-03-31 06:40 . 2002-09-06 19:59 19968 c:\windows\LastGood\system32\dllcache\inetsloc.dll + 2011-03-31 06:50 . 2004-08-19 16:09 15872 c:\windows\LastGood\system32\dllcache\inetin51.exe + 2011-03-31 06:50 . 2004-08-03 22:31 59392 c:\windows\LastGood\system32\dllcache\imscinst.exe + 2011-03-31 06:50 . 2002-09-06 19:59 59904 c:\windows\LastGood\system32\dllcache\imkrinst.exe + 2011-03-31 06:50 . 2002-09-06 19:59 45109 c:\windows\LastGood\system32\dllcache\imjpuex.exe + 2011-03-31 06:50 . 2004-08-03 22:31 81976 c:\windows\LastGood\system32\dllcache\imjpdct.dll + 2011-03-31 06:50 . 2002-09-06 19:59 57398 c:\windows\LastGood\system32\dllcache\imjpdadm.exe + 2011-03-31 06:50 . 2002-09-06 19:59 44032 c:\windows\LastGood\system32\dllcache\imekrmig.exe + 2011-03-31 06:50 . 2004-08-03 23:04 86016 c:\windows\LastGood\system32\dllcache\imekrmbx.dll + 2011-03-31 06:40 . 2004-08-19 16:09 31232 c:\windows\LastGood\system32\dllcache\iisrstas.exe + 2011-03-31 06:40 . 2002-09-06 19:59 14848 c:\windows\LastGood\system32\dllcache\iisreset.exe + 2011-03-31 06:40 . 2004-08-19 16:09 64512 c:\windows\LastGood\system32\dllcache\iismap.dll + 2011-03-31 06:49 . 2004-08-19 16:09 79872 c:\windows\LastGood\system32\dllcache\iislog51.dll + 2011-03-31 06:40 . 2004-08-19 16:09 68608 c:\windows\LastGood\system32\dllcache\iisext51.dll + 2011-03-31 06:49 . 2002-09-06 19:59 19456 c:\windows\LastGood\system32\dllcache\iiscrmap.dll + 2011-03-31 06:49 . 2002-09-06 19:59 60928 c:\windows\LastGood\system32\dllcache\iisclex4.dll + 2011-03-31 06:49 . 2004-08-19 16:09 25088 c:\windows\LastGood\system32\dllcache\iisadmin.dll + 2011-03-31 06:49 . 2001-08-23 15:47 20992 c:\windows\LastGood\system32\dllcache\icam5ext.dll + 2011-03-31 06:49 . 2001-08-23 15:47 45056 c:\windows\LastGood\system32\dllcache\icam5com.dll + 2011-03-31 06:49 . 2001-08-23 15:47 63488 c:\windows\LastGood\system32\dllcache\icam4ext.dll + 2011-03-31 06:49 . 2001-08-23 15:47 92160 c:\windows\LastGood\system32\dllcache\icam4com.dll + 2011-03-31 06:49 . 2001-08-23 15:47 27136 c:\windows\LastGood\system32\dllcache\icam3ext.dll + 2011-03-31 06:49 . 2001-08-17 20:06 38528 c:\windows\LastGood\system32\dllcache\ibmvcap.sys + 2011-03-31 06:49 . 2001-08-23 15:45 10240 c:\windows\LastGood\system32\dllcache\ibmsgnet.dll + 2011-03-31 06:49 . 2001-08-17 18:11 28700 c:\windows\LastGood\system32\dllcache\ibmexmp.sys + 2011-03-31 06:49 . 2001-08-17 18:49 58592 c:\windows\LastGood\system32\dllcache\i740nt5.sys + 2011-03-31 06:49 . 2004-08-03 21:00 18560 c:\windows\LastGood\system32\dllcache\i2omp.sys + 2011-03-31 06:49 . 2004-08-19 16:09 62464 c:\windows\LastGood\system32\dllcache\httpod51.dll + 2011-03-31 06:49 . 2004-08-19 14:09 32285 c:\windows\LastGood\system32\dllcache\hsfcisp2.dll + 2011-03-31 06:49 . 2001-08-17 19:28 50751 c:\windows\LastGood\system32\dllcache\hsf_tone.sys + 2011-03-31 06:49 . 2001-08-17 19:28 73279 c:\windows\LastGood\system32\dllcache\hsf_spkp.sys + 2011-03-31 06:49 . 2001-08-17 19:28 44863 c:\windows\LastGood\system32\dllcache\hsf_soar.sys + 2011-03-31 06:48 . 2001-08-17 19:28 57471 c:\windows\LastGood\system32\dllcache\hsf_samp.sys + 2011-03-31 06:48 . 2001-08-17 19:28 67167 c:\windows\LastGood\system32\dllcache\hsf_bsc2.sys + 2011-03-31 06:48 . 2001-08-23 15:47 19456 c:\windows\LastGood\system32\dllcache\hr1w.dll + 2011-03-31 06:48 . 2001-08-23 15:47 13312 c:\windows\LastGood\system32\dllcache\hpsjmcro.dll + 2011-03-31 06:48 . 2001-08-17 20:07 25952 c:\windows\LastGood\system32\dllcache\hpn.sys + 2011-03-31 06:48 . 2001-08-23 15:47 32768 c:\windows\LastGood\system32\dllcache\hpgtmcro.dll + 2011-03-31 06:48 . 2001-08-23 15:47 68608 c:\windows\LastGood\system32\dllcache\hpgt53tk.dll + 2011-03-31 06:48 . 2001-08-23 15:47 31232 c:\windows\LastGood\system32\dllcache\hpgt42tk.dll + 2011-03-31 06:48 . 2001-08-23 15:47 93696 c:\windows\LastGood\system32\dllcache\hpgt42.dll + 2011-03-31 06:48 . 2001-08-23 15:47 48128 c:\windows\LastGood\system32\dllcache\hpgt33tk.dll + 2011-03-31 06:48 . 2001-08-23 15:47 89088 c:\windows\LastGood\system32\dllcache\hpgt33.dll + 2011-03-31 06:48 . 2001-08-23 15:47 83968 c:\windows\LastGood\system32\dllcache\hpgt21.dll + 2011-03-31 06:48 . 2004-08-19 16:09 39936 c:\windows\LastGood\system32\dllcache\hostmib.dll + 2011-03-31 06:48 . 2004-08-03 21:08 15104 c:\windows\LastGood\system32\dllcache\hidir.sys + 2011-03-31 06:48 . 2004-08-19 13:55 25856 c:\windows\LastGood\system32\dllcache\hidbth.sys + 2011-03-31 06:48 . 2001-08-17 19:58 19200 c:\windows\LastGood\system32\dllcache\hidbatt.sys + 2011-03-31 06:48 . 2002-09-06 19:59 36864 c:\windows\LastGood\system32\dllcache\hanjadic.dll + 2011-03-31 06:48 . 2004-08-19 16:09 32256 c:\windows\LastGood\system32\dllcache\gzip.dll + 2011-03-31 06:48 . 2004-08-19 13:55 28672 c:\windows\LastGood\system32\dllcache\grserial.sys + 2011-03-31 06:48 . 2001-08-23 15:18 82560 c:\windows\LastGood\system32\dllcache\grclass.sys + 2011-03-31 06:48 . 2001-08-23 15:18 17664 c:\windows\LastGood\system32\dllcache\gpr400.sys + 2011-03-31 06:48 . 2004-08-03 21:08 59136 c:\windows\LastGood\system32\dllcache\gckernel.sys + 2011-03-31 06:48 . 2004-08-03 21:07 46464 c:\windows\LastGood\system32\dllcache\gagp30kx.sys + 2011-03-31 06:48 . 2002-09-06 19:59 11776 c:\windows\LastGood\system32\dllcache\fxssend.exe + 2011-03-31 06:48 . 2002-09-06 19:59 31744 c:\windows\LastGood\system32\dllcache\fxsroute.dll + 2011-03-31 06:48 . 2004-08-19 16:09 24064 c:\windows\LastGood\system32\dllcache\fxsmon.dll + 2011-03-31 06:48 . 2004-08-19 16:09 23552 c:\windows\LastGood\system32\dllcache\fxsext32.dll + 2011-03-31 06:48 . 2004-08-19 16:09 66048 c:\windows\LastGood\system32\dllcache\fxsevent.dll + 2011-03-31 06:48 . 2004-08-19 16:09 27136 c:\windows\LastGood\system32\dllcache\fxsdrv.dll + 2011-03-31 06:47 . 2004-08-19 16:09 72192 c:\windows\LastGood\system32\dllcache\fxscom.dll + 2011-03-31 06:47 . 2001-08-23 15:47 92672 c:\windows\LastGood\system32\dllcache\fuusd.dll + 2011-03-31 06:40 . 2003-03-24 13:52 20538 c:\windows\LastGood\system32\dllcache\fpremadm.exe + 2011-03-31 06:40 . 2003-03-24 13:52 20541 c:\windows\LastGood\system32\dllcache\fpexedll.dll + 2011-03-31 06:47 . 2002-05-14 11:08 94208 c:\windows\LastGood\system32\dllcache\fpencode.dll + 2011-03-31 06:47 . 2003-03-24 13:52 20541 c:\windows\LastGood\system32\dllcache\fpadmdll.dll + 2011-03-31 06:47 . 2003-03-24 13:52 24632 c:\windows\LastGood\system32\dllcache\fpadmcgi.exe + 2011-03-31 06:40 . 2002-05-14 11:08 14608 c:\windows\LastGood\system32\dllcache\fp98sadm.exe + 2011-03-31 06:40 . 2003-03-24 13:52 49212 c:\windows\LastGood\system32\dllcache\fp4awebs.dll + 2011-03-31 06:40 . 2003-03-24 13:52 32826 c:\windows\LastGood\system32\dllcache\fp4avss.dll + 2011-03-31 06:40 . 2003-03-24 13:52 41020 c:\windows\LastGood\system32\dllcache\fp4avnb.dll + 2011-03-31 06:40 . 2003-03-24 13:52 49210 c:\windows\LastGood\system32\dllcache\fp4areg.dll + 2011-03-31 06:40 . 2003-03-24 13:52 82035 c:\windows\LastGood\system32\dllcache\fp4anscp.dll + 2011-03-31 06:47 . 2004-08-03 20:31 34173 c:\windows\LastGood\system32\dllcache\forehe.sys + 2011-03-31 06:47 . 2001-08-23 15:47 72192 c:\windows\LastGood\system32\dllcache\fnfilter.dll + 2011-03-31 06:47 . 2002-09-06 19:59 15360 c:\windows\LastGood\system32\dllcache\flattemp.exe + 2011-03-31 06:47 . 2001-08-17 18:13 27165 c:\windows\LastGood\system32\dllcache\fetnd5.sys + 2011-03-31 06:47 . 2001-08-17 18:10 22090 c:\windows\LastGood\system32\dllcache\fem556n5.sys + 2011-03-31 06:47 . 2001-08-17 18:12 24618 c:\windows\LastGood\system32\dllcache\fa410nd5.sys + 2011-03-31 06:47 . 2001-08-17 18:12 16074 c:\windows\LastGood\system32\dllcache\fa312nd5.sys + 2011-03-31 06:47 . 2001-08-17 18:11 11850 c:\windows\LastGood\system32\dllcache\f3ab18xj.sys + 2011-03-31 06:47 . 2001-08-17 18:11 12362 c:\windows\LastGood\system32\dllcache\f3ab18xi.sys + 2011-03-31 06:47 . 2004-08-19 16:09 14336 c:\windows\LastGood\system32\dllcache\exstrace.dll + 2011-03-31 06:56 . 2001-08-23 15:47 12800 c:\windows\LastGood\system32\dllcache\EXCH_smtpctrs.dll + 2011-03-31 06:55 . 2001-08-23 15:47 26112 c:\windows\LastGood\system32\dllcache\EXCH_seos.dll + 2011-03-31 06:55 . 2001-08-23 15:47 57856 c:\windows\LastGood\system32\dllcache\EXCH_scripto.dll + 2011-03-31 06:54 . 2001-08-23 15:47 23040 c:\windows\LastGood\system32\dllcache\EXCH_regtrace.exe + 2011-03-31 06:53 . 2001-08-23 15:47 38912 c:\windows\LastGood\system32\dllcache\EXCH_ntfsdrv.dll + 2011-03-31 06:51 . 2001-08-23 15:47 65536 c:\windows\LastGood\system32\dllcache\EXCH_mailmsg.dll + 2011-03-31 06:47 . 2001-08-23 15:47 43520 c:\windows\LastGood\system32\dllcache\EXCH_fcachdll.dll + 2011-03-31 06:41 . 2001-08-23 15:46 45056 c:\windows\LastGood\system32\dllcache\EXCH_aqadmin.dll + 2011-03-31 06:47 . 2001-08-17 18:12 16998 c:\windows\LastGood\system32\dllcache\ex10.sys + 2011-03-31 06:47 . 2004-08-19 16:09 94720 c:\windows\LastGood\system32\dllcache\evntwin.exe + 2011-03-31 06:47 . 2004-08-19 16:09 26112 c:\windows\LastGood\system32\dllcache\evntcmd.exe + 2011-03-31 06:47 . 2002-09-06 19:59 25856 c:\windows\LastGood\system32\dllcache\et4000.sys + 2011-03-31 06:47 . 2002-09-06 19:59 45568 c:\windows\LastGood\system32\dllcache\esunid.dll + 2011-03-31 06:47 . 2001-08-23 15:47 46080 c:\windows\LastGood\system32\dllcache\esunib.dll + 2011-03-31 06:47 . 2001-08-23 15:47 46080 c:\windows\LastGood\system32\dllcache\esuni.dll + 2011-03-31 06:47 . 2002-09-06 19:59 57856 c:\windows\LastGood\system32\dllcache\esuimgd.dll + 2011-03-31 06:47 . 2001-08-23 15:47 34816 c:\windows\LastGood\system32\dllcache\esuimg.dll + 2011-03-31 06:47 . 2002-09-06 19:59 31744 c:\windows\LastGood\system32\dllcache\esucmd.dll + 2011-03-31 06:47 . 2001-08-23 15:47 43008 c:\windows\LastGood\system32\dllcache\esucm.dll + 2011-03-31 06:47 . 2001-08-17 18:19 63360 c:\windows\LastGood\system32\dllcache\ess.sys + 2011-03-31 06:47 . 2001-08-17 18:19 72192 c:\windows\LastGood\system32\dllcache\es1969.sys + 2011-03-31 06:47 . 2001-08-17 18:19 40704 c:\windows\LastGood\system32\dllcache\es1371mp.sys + 2011-03-31 06:47 . 2001-08-17 18:19 37120 c:\windows\LastGood\system32\dllcache\es1370mp.sys + 2011-03-31 06:47 . 2001-08-23 15:47 62464 c:\windows\LastGood\system32\dllcache\eqnloop.exe + 2011-03-31 06:47 . 2001-08-23 15:47 51712 c:\windows\LastGood\system32\dllcache\eqnlogr.exe + 2011-03-31 06:47 . 2001-08-23 15:47 53760 c:\windows\LastGood\system32\dllcache\eqndiag.exe + 2011-03-31 06:47 . 2001-08-17 18:12 18503 c:\windows\LastGood\system32\dllcache\epro4.sys + 2011-03-31 06:47 . 2001-08-17 18:10 19996 c:\windows\LastGood\system32\dllcache\em556n4.sys + 2011-03-31 06:47 . 2001-08-17 18:10 25159 c:\windows\LastGood\system32\dllcache\elnk3.sys + 2011-03-31 06:46 . 2001-08-17 18:11 70174 c:\windows\LastGood\system32\dllcache\el98xn5.sys + 2011-03-31 06:46 . 2001-08-17 18:11 66591 c:\windows\LastGood\system32\dllcache\el90xbc5.sys + 2011-03-31 06:46 . 2001-08-17 18:11 77386 c:\windows\LastGood\system32\dllcache\el656nd5.sys + 2011-03-31 06:46 . 2001-08-17 18:11 69194 c:\windows\LastGood\system32\dllcache\el656cd5.sys + 2011-03-31 06:46 . 2001-08-17 18:10 26141 c:\windows\LastGood\system32\dllcache\el589nd5.sys + 2011-03-31 06:46 . 2001-08-17 18:10 69692 c:\windows\LastGood\system32\dllcache\el575nd5.sys + 2011-03-31 06:46 . 2001-08-17 18:10 24653 c:\windows\LastGood\system32\dllcache\el574nd4.sys + 2011-03-31 06:46 . 2001-08-17 18:10 55999 c:\windows\LastGood\system32\dllcache\el556nd5.sys + 2011-03-31 06:46 . 2001-08-23 15:13 44615 c:\windows\LastGood\system32\dllcache\el515.sys + 2011-03-31 06:46 . 2001-08-17 18:12 19594 c:\windows\LastGood\system32\dllcache\e100isa4.sys + 2011-03-31 06:46 . 2001-08-23 15:12 51743 c:\windows\LastGood\system32\dllcache\e1000nt5.sys + 2011-03-31 06:46 . 2001-08-17 20:07 20192 c:\windows\LastGood\system32\dllcache\dpti2o.sys + 2011-03-31 06:46 . 2001-08-17 18:12 28062 c:\windows\LastGood\system32\dllcache\dp83820.sys + 2011-03-31 06:46 . 2001-08-23 15:11 24064 c:\windows\LastGood\system32\dllcache\dot4usb.sys + 2011-03-31 06:46 . 2001-08-17 19:47 12928 c:\windows\LastGood\system32\dllcache\dot4prt.sys + 2011-03-31 06:46 . 2001-08-17 18:11 29696 c:\windows\LastGood\system32\dllcache\dm9pci5.sys + 2011-03-31 06:46 . 2001-08-17 18:11 26698 c:\windows\LastGood\system32\dllcache\dlh5xnd5.sys + 2011-03-31 06:46 . 2001-08-23 15:47 29768 c:\windows\LastGood\system32\dllcache\divasu.dll + 2011-03-31 06:46 . 2001-08-23 15:47 37962 c:\windows\LastGood\system32\dllcache\divaprop.dll + 2011-03-31 06:46 . 2001-08-23 15:47 38985 c:\windows\LastGood\system32\dllcache\disrvsu.dll + 2011-03-31 06:46 . 2001-08-23 15:47 31817 c:\windows\LastGood\system32\dllcache\disrvpp.dll + 2011-03-31 06:46 . 2001-08-17 18:13 91305 c:\windows\LastGood\system32\dllcache\dimaint.sys + 2011-03-31 06:46 . 2001-08-23 15:10 42656 c:\windows\LastGood\system32\dllcache\digirlpt.sys + 2011-03-31 06:46 . 2001-08-17 18:14 21606 c:\windows\LastGood\system32\dllcache\digiisdn.sys + 2011-03-31 06:46 . 2001-08-23 15:47 41046 c:\windows\LastGood\system32\dllcache\digiisdn.dll + 2011-03-31 06:46 . 2001-08-23 15:10 90685 c:\windows\LastGood\system32\dllcache\digifep5.sys + 2011-03-31 06:46 . 2001-08-23 15:10 37927 c:\windows\LastGood\system32\dllcache\digiasyn.sys + 2011-03-31 06:46 . 2001-08-23 15:47 65622 c:\windows\LastGood\system32\dllcache\digiasyn.dll + 2011-03-31 06:44 . 2001-08-23 15:47 32256 c:\windows\LastGood\system32\dllcache\diapi2NT.dll + 2011-03-31 06:46 . 2001-08-23 15:09 29691 c:\windows\LastGood\system32\dllcache\dgapci.sys + 2011-03-31 06:46 . 2001-08-17 18:11 24649 c:\windows\LastGood\system32\dllcache\dfe650d.sys + 2011-03-31 06:45 . 2001-08-17 18:11 24648 c:\windows\LastGood\system32\dllcache\dfe650.sys + 2011-03-31 06:45 . 2001-08-23 15:47 24064 c:\windows\LastGood\system32\dllcache\devldr32.exe + 2011-03-31 06:45 . 2001-08-17 18:11 20928 c:\windows\LastGood\system32\dllcache\defpa.sys + 2011-03-31 06:45 . 2001-08-23 15:47 87552 c:\windows\LastGood\system32\dllcache\dc240usd.dll + 2011-03-31 06:45 . 2001-08-17 18:12 63208 c:\windows\LastGood\system32\dllcache\dc21x4.sys + 2011-03-31 06:45 . 2001-08-23 15:47 82432 c:\windows\LastGood\system32\dllcache\dc210usd.dll + 2011-03-31 06:45 . 2001-08-23 15:47 25600 c:\windows\LastGood\system32\dllcache\dc210_32.dll + 2011-03-31 06:45 . 2004-08-19 16:09 42496 c:\windows\LastGood\system32\dllcache\davcdata.exe + 2011-03-31 06:45 . 2001-08-17 19:52 14720 c:\windows\LastGood\system32\dllcache\dac960nt.sys + 2011-03-31 06:45 . 2001-08-23 15:47 28160 c:\windows\LastGood\system32\dllcache\cyzports.dll + 2011-03-31 06:45 . 2001-08-23 15:08 50688 c:\windows\LastGood\system32\dllcache\cyzport.sys + 2011-03-31 06:45 . 2001-08-23 15:47 28160 c:\windows\LastGood\system32\dllcache\cyzcoins.dll + 2011-03-31 06:45 . 2001-08-23 15:47 28160 c:\windows\LastGood\system32\dllcache\cyyports.dll + 2011-03-31 06:45 . 2001-08-23 15:08 50944 c:\windows\LastGood\system32\dllcache\cyyport.sys + 2011-03-31 06:45 . 2001-08-23 15:47 29184 c:\windows\LastGood\system32\dllcache\cyycoins.dll + 2011-03-31 06:45 . 2001-08-23 15:08 15104 c:\windows\LastGood\system32\dllcache\cyclom-y.sys + 2011-03-31 06:45 . 2001-08-23 15:08 17536 c:\windows\LastGood\system32\dllcache\cyclad-z.sys + 2011-03-31 06:45 . 2004-08-03 20:32 48640 c:\windows\LastGood\system32\dllcache\cwrwdm.sys + 2011-03-31 06:45 . 2001-08-17 18:19 93952 c:\windows\LastGood\system32\dllcache\cwcwdm.sys + 2011-03-31 06:45 . 2001-08-17 18:19 72832 c:\windows\LastGood\system32\dllcache\cwbwdm.sys + 2011-03-31 06:45 . 2001-08-17 18:19 96256 c:\windows\LastGood\system32\dllcache\ctlsb16.sys + 2011-03-31 06:45 . 2001-08-17 18:19 42112 c:\windows\LastGood\system32\dllcache\crtaud.sys + 2011-03-31 06:45 . 2002-09-06 19:59 19456 c:\windows\LastGood\system32\dllcache\cprofile.exe + 2011-03-31 06:45 . 2001-08-23 15:07 61194 c:\windows\LastGood\system32\dllcache\cpqtrnd5.sys + 2011-03-31 06:45 . 2001-08-23 15:07 21533 c:\windows\LastGood\system32\dllcache\cpqndis5.sys + 2011-03-31 06:45 . 2001-08-17 19:52 14976 c:\windows\LastGood\system32\dllcache\cpqarray.sys + 2011-03-31 06:45 . 2004-08-03 22:31 57399 c:\windows\LastGood\system32\dllcache\cplexe.exe + 2011-03-31 06:45 . 2002-09-06 19:59 20480 c:\windows\LastGood\system32\dllcache\counters.dll + 2011-03-31 06:45 . 2002-09-06 19:59 56832 c:\windows\LastGood\system32\dllcache\convlog.exe + 2011-03-31 06:45 . 2002-09-06 19:59 33792 c:\windows\LastGood\system32\dllcache\controt.dll + 2011-03-31 06:45 . 2004-08-19 16:09 24064 c:\windows\LastGood\system32\dllcache\compfilt.dll + 2011-03-31 06:40 . 2004-08-19 16:09 47104 c:\windows\LastGood\system32\dllcache\coadmin.dll + 2011-03-31 06:45 . 2001-08-17 18:11 39936 c:\windows\LastGood\system32\dllcache\cnxt1803.sys + 2011-03-31 06:45 . 2001-08-23 15:47 44544 c:\windows\LastGood\system32\dllcache\cnusd.dll + 2011-03-31 06:45 . 2001-08-23 15:04 20864 c:\windows\LastGood\system32\dllcache\cmbp0wdm.sys + 2011-03-31 06:45 . 2004-08-03 21:07 14080 c:\windows\LastGood\system32\dllcache\cmbatt.sys + 2011-03-31 06:44 . 2001-08-17 19:57 45696 c:\windows\LastGood\system32\dllcache\cirrus.sys + 2011-03-31 06:44 . 2001-08-23 15:46 91264 c:\windows\LastGood\system32\dllcache\cirrus.dll + 2011-03-31 06:44 . 2004-08-03 22:31 56320 c:\windows\LastGood\system32\dllcache\chtskdic.dll + 2011-03-31 06:44 . 2004-08-03 22:31 97792 c:\windows\LastGood\system32\dllcache\chtmbx.dll + 2011-03-31 06:44 . 2002-09-06 19:59 14848 c:\windows\LastGood\system32\dllcache\chgusr.exe + 2011-03-31 06:44 . 2002-09-06 19:59 15872 c:\windows\LastGood\system32\dllcache\chgport.exe + 2011-03-31 06:44 . 2002-09-06 19:59 13824 c:\windows\LastGood\system32\dllcache\chglogon.exe + 2011-03-31 06:44 . 2002-09-06 19:59 10240 c:\windows\LastGood\system32\dllcache\change.exe + 2011-03-31 06:44 . 2004-08-19 14:09 15423 c:\windows\LastGood\system32\dllcache\ch7xxnt5.dll + 2011-03-31 06:44 . 2001-08-23 15:03 49182 c:\windows\LastGood\system32\dllcache\cem56n5.sys + 2011-03-31 06:44 . 2001-08-23 15:03 22556 c:\windows\LastGood\system32\dllcache\cem33n5.sys + 2011-03-31 06:44 . 2001-08-23 15:03 22556 c:\windows\LastGood\system32\dllcache\cem28n5.sys + 2011-03-31 06:44 . 2001-08-23 15:03 27164 c:\windows\LastGood\system32\dllcache\ce3n5.sys + 2011-03-31 06:44 . 2001-08-23 15:03 21530 c:\windows\LastGood\system32\dllcache\ce2n5.sys + 2011-03-31 06:44 . 2004-08-03 21:10 17024 c:\windows\LastGood\system32\dllcache\ccdecode.sys + 2011-03-31 06:44 . 2001-08-17 18:13 46108 c:\windows\LastGood\system32\dllcache\cben5.sys + 2011-03-31 06:44 . 2001-08-17 18:12 39680 c:\windows\LastGood\system32\dllcache\cb325.sys + 2011-03-31 06:44 . 2001-08-17 18:12 37916 c:\windows\LastGood\system32\dllcache\cb102.sys + 2011-03-31 06:44 . 2002-09-06 19:59 54528 c:\windows\LastGood\system32\dllcache\cap7146.sys + 2011-03-31 06:44 . 2001-08-23 15:47 74240 c:\windows\LastGood\system32\dllcache\camexo20.dll + 2011-03-31 06:44 . 2002-09-06 19:59 10752 c:\windows\LastGood\system32\dllcache\c_iscii.dll + 2011-03-31 06:43 . 2001-08-23 15:02 14080 c:\windows\LastGood\system32\dllcache\bulltlp3.sys + 2011-03-31 06:43 . 2004-08-03 21:10 18944 c:\windows\LastGood\system32\dllcache\bthusb.sys + 2011-03-31 06:43 . 2004-08-03 21:10 35456 c:\windows\LastGood\system32\dllcache\bthprint.sys + 2011-03-31 06:43 . 2004-08-03 21:10 38016 c:\windows\LastGood\system32\dllcache\bthmodem.sys + 2011-03-31 06:43 . 2004-08-03 21:10 17024 c:\windows\LastGood\system32\dllcache\bthenum.sys + 2011-03-31 06:43 . 2001-08-17 18:11 31529 c:\windows\LastGood\system32\dllcache\brzwlan.sys + 2011-03-31 06:43 . 2001-08-17 19:12 10368 c:\windows\LastGood\system32\dllcache\brusbscn.sys + 2011-03-31 06:43 . 2001-08-17 19:12 11008 c:\windows\LastGood\system32\dllcache\brusbmdm.sys + 2011-03-31 06:43 . 2001-08-17 19:12 60416 c:\windows\LastGood\system32\dllcache\brserwdm.sys + 2011-03-31 06:43 . 2001-08-23 15:01 39808 c:\windows\LastGood\system32\dllcache\brparwdm.sys + 2011-03-31 06:43 . 2002-09-06 19:59 45568 c:\windows\LastGood\system32\dllcache\browscap.dll + 2011-03-31 06:43 . 2001-08-23 15:46 41472 c:\windows\LastGood\system32\dllcache\brmfusb.dll + 2011-03-31 06:43 . 2001-08-23 15:47 32256 c:\windows\LastGood\system32\dllcache\brmfrsmg.exe + 2011-03-31 06:43 . 2001-08-23 15:46 29696 c:\windows\LastGood\system32\dllcache\brmflpt.dll + 2011-03-31 06:43 . 2001-08-23 15:46 81920 c:\windows\LastGood\system32\dllcache\brmfcwia.dll + 2011-03-31 06:43 . 2001-08-23 15:46 15360 c:\windows\LastGood\system32\dllcache\brmfbidi.dll + 2011-03-31 06:43 . 2001-08-17 19:12 12160 c:\windows\LastGood\system32\dllcache\brfiltlo.sys + 2011-03-31 06:43 . 2001-08-23 15:46 12800 c:\windows\LastGood\system32\dllcache\brevif.dll + 2011-03-31 06:43 . 2001-08-23 15:46 19456 c:\windows\LastGood\system32\dllcache\brbidiif.dll + 2011-03-31 06:42 . 2004-08-03 21:10 11776 c:\windows\LastGood\system32\dllcache\bdasup.sys + 2011-03-31 06:42 . 2001-08-17 18:11 26568 c:\windows\LastGood\system32\dllcache\bcm4e5.sys + 2011-03-31 06:42 . 2001-08-17 18:11 54271 c:\windows\LastGood\system32\dllcache\bcm42xx5.sys + 2011-03-31 06:42 . 2001-08-17 18:11 66557 c:\windows\LastGood\system32\dllcache\bcm42u.sys + 2011-03-31 06:42 . 2001-08-17 19:57 14080 c:\windows\LastGood\system32\dllcache\battc.sys + 2011-03-31 06:42 . 2001-08-17 18:48 36128 c:\windows\LastGood\system32\dllcache\banshee.sys + 2011-03-31 06:42 . 2001-08-23 15:00 97248 c:\windows\LastGood\system32\dllcache\b57xp32.sys + 2011-03-31 06:42 . 2001-08-17 18:13 89952 c:\windows\LastGood\system32\dllcache\b1cbase.sys + 2011-03-31 06:42 . 2001-08-17 18:19 36992 c:\windows\LastGood\system32\dllcache\aztw2320.sys + 2011-03-31 06:42 . 2001-08-17 18:13 37568 c:\windows\LastGood\system32\dllcache\avmwan.sys + 2011-03-31 06:42 . 2001-08-23 15:46 87552 c:\windows\LastGood\system32\dllcache\avmcoxp.dll + 2011-03-31 06:42 . 2004-08-03 21:10 13696 c:\windows\LastGood\system32\dllcache\avcstrm.sys + 2011-03-31 06:42 . 2001-08-17 20:01 36096 c:\windows\LastGood\system32\dllcache\avcaudio.sys + 2011-03-31 06:42 . 2004-08-03 21:10 38912 c:\windows\LastGood\system32\dllcache\avc.sys + 2011-03-31 06:39 . 2003-03-24 13:52 16439 c:\windows\LastGood\system32\dllcache\author.exe + 2011-03-31 06:39 . 2003-03-24 13:52 20540 c:\windows\LastGood\system32\dllcache\author.dll + 2011-03-31 06:42 . 2004-08-19 14:09 17279 c:\windows\LastGood\system32\dllcache\atv10nt5.dll + 2011-03-31 06:42 . 2004-08-19 14:09 14143 c:\windows\LastGood\system32\dllcache\atv06nt5.dll + 2011-03-31 06:42 . 2004-08-19 14:09 25471 c:\windows\LastGood\system32\dllcache\atv04nt5.dll + 2011-03-31 06:42 . 2004-08-19 14:09 11359 c:\windows\LastGood\system32\dllcache\atv02nt5.dll + 2011-03-31 06:42 . 2004-08-19 14:09 21183 c:\windows\LastGood\system32\dllcache\atv01nt5.dll + 2011-03-31 06:42 . 2001-08-17 18:49 23552 c:\windows\LastGood\system32\dllcache\atixbar.sys + 2011-03-31 06:42 . 2001-08-17 18:49 26624 c:\windows\LastGood\system32\dllcache\ativxbar.sys + 2011-03-31 06:42 . 2001-08-17 18:49 19456 c:\windows\LastGood\system32\dllcache\ativttxx.sys + 2011-03-31 06:42 . 2004-08-19 14:09 32768 c:\windows\LastGood\system32\dllcache\ativtmxx.dll + 2011-03-31 06:42 . 2001-08-17 18:49 17152 c:\windows\LastGood\system32\dllcache\atitvsnd.sys + 2011-03-31 06:42 . 2001-08-17 18:49 17152 c:\windows\LastGood\system32\dllcache\atitunep.sys + 2011-03-31 06:42 . 2001-08-17 18:49 26880 c:\windows\LastGood\system32\dllcache\atirtsnd.sys + 2011-03-31 06:42 . 2001-08-17 18:49 49920 c:\windows\LastGood\system32\dllcache\atirtcap.sys + 2011-03-31 06:42 . 2001-08-23 14:59 70784 c:\windows\LastGood\system32\dllcache\atiragem.sys + 2011-03-31 06:42 . 2001-08-17 18:49 10240 c:\windows\LastGood\system32\dllcache\atipcxxx.sys + 2011-03-31 06:42 . 2004-08-03 20:29 63488 c:\windows\LastGood\system32\dllcache\atinxsxx.sys + 2011-03-31 06:42 . 2004-08-03 20:29 31744 c:\windows\LastGood\system32\dllcache\atinxbxx.sys + 2011-03-31 06:42 . 2004-08-03 20:29 73216 c:\windows\LastGood\system32\dllcache\atintuxx.sys + 2011-03-31 06:42 . 2004-08-03 20:29 13824 c:\windows\LastGood\system32\dllcache\atinttxx.sys + 2011-03-31 06:42 . 2004-08-03 20:29 28672 c:\windows\LastGood\system32\dllcache\atinsnxx.sys + 2011-03-31 06:42 . 2004-08-03 20:29 52224 c:\windows\LastGood\system32\dllcache\atinraxx.sys + 2011-03-31 06:42 . 2004-08-03 20:29 14336 c:\windows\LastGood\system32\dllcache\atinpdxx.sys + 2011-03-31 06:42 . 2004-08-03 20:29 13824 c:\windows\LastGood\system32\dllcache\atinmdxx.sys + 2011-03-31 06:42 . 2004-08-03 20:29 57856 c:\windows\LastGood\system32\dllcache\atinbtxx.sys + 2011-03-31 06:42 . 2001-08-23 14:59 75392 c:\windows\LastGood\system32\dllcache\atimpae.sys + 2011-03-31 06:42 . 2001-08-23 15:47 37376 c:\windows\LastGood\system32\dllcache\atievxx.exe + 2011-03-31 06:42 . 2001-08-17 18:49 46464 c:\windows\LastGood\system32\dllcache\atibt829.sys + 2011-03-31 06:41 . 2004-08-03 20:29 34735 c:\windows\LastGood\system32\dllcache\ati1xsxx.sys + 2011-03-31 06:41 . 2004-08-03 20:29 29455 c:\windows\LastGood\system32\dllcache\ati1xbxx.sys + 2011-03-31 06:41 . 2004-08-03 20:29 36463 c:\windows\LastGood\system32\dllcache\ati1tuxx.sys + 2011-03-31 06:41 . 2004-08-03 20:29 21343 c:\windows\LastGood\system32\dllcache\ati1ttxx.sys + 2011-03-31 06:41 . 2004-08-03 20:29 26367 c:\windows\LastGood\system32\dllcache\ati1snxx.sys + 2011-03-31 06:41 . 2004-08-03 20:29 63663 c:\windows\LastGood\system32\dllcache\ati1rvxx.sys + 2011-03-31 06:41 . 2004-08-03 20:29 30671 c:\windows\LastGood\system32\dllcache\ati1raxx.sys + 2011-03-31 06:41 . 2004-08-03 20:29 12047 c:\windows\LastGood\system32\dllcache\ati1pdxx.sys + 2011-03-31 06:41 . 2004-08-03 20:29 11615 c:\windows\LastGood\system32\dllcache\ati1mdxx.sys + 2011-03-31 06:41 . 2004-08-03 20:29 56623 c:\windows\LastGood\system32\dllcache\ati1btxx.sys + 2011-03-31 06:41 . 2001-08-23 14:59 77824 c:\windows\LastGood\system32\dllcache\ati.sys + 2011-03-31 06:41 . 2001-08-23 15:46 96128 c:\windows\LastGood\system32\dllcache\ati.dll + 2011-03-31 06:41 . 2002-09-06 19:59 29184 c:\windows\LastGood\system32\dllcache\asptxn.dll + 2011-03-31 06:41 . 2002-09-06 19:59 10240 c:\windows\LastGood\system32\dllcache\aspperf.dll + 2011-03-31 06:41 . 2001-08-17 18:12 97354 c:\windows\LastGood\system32\dllcache\aspndis3.sys + 2011-03-31 06:41 . 2001-08-17 19:51 14848 c:\windows\LastGood\system32\dllcache\asc3550.sys + 2011-03-31 06:41 . 2001-08-17 19:52 22400 c:\windows\LastGood\system32\dllcache\asc3350p.sys + 2011-03-31 06:41 . 2001-08-17 19:52 26496 c:\windows\LastGood\system32\dllcache\asc.sys + 2011-03-31 06:41 . 2004-08-03 20:31 36224 c:\windows\LastGood\system32\dllcache\an983.sys + 2011-03-31 06:41 . 2001-08-17 19:52 12032 c:\windows\LastGood\system32\dllcache\amsint.sys + 2011-03-31 06:41 . 2004-08-03 21:07 43008 c:\windows\LastGood\system32\dllcache\amdagp.sys + 2011-03-31 06:41 . 2001-08-17 18:11 16969 c:\windows\LastGood\system32\dllcache\amb8002.sys + 2011-03-31 06:41 . 2004-08-03 21:07 42752 c:\windows\LastGood\system32\dllcache\alim1541.sys + 2011-03-31 06:41 . 2001-08-17 19:49 26624 c:\windows\LastGood\system32\dllcache\alifir.sys + 2011-03-31 06:41 . 2001-08-17 18:11 27678 c:\windows\LastGood\system32\dllcache\ali5261.sys + 2011-03-31 06:41 . 2001-08-17 20:07 56960 c:\windows\LastGood\system32\dllcache\aic78xx.sys + 2011-03-31 06:41 . 2001-08-17 20:07 55168 c:\windows\LastGood\system32\dllcache\aic78u2.sys + 2011-03-31 06:41 . 2001-08-17 19:52 12800 c:\windows\LastGood\system32\dllcache\aha154x.sys + 2011-03-31 06:41 . 2004-08-03 21:07 44928 c:\windows\LastGood\system32\dllcache\agpcpq.sys + 2011-03-31 06:41 . 2004-08-03 21:07 42368 c:\windows\LastGood\system32\dllcache\agp440.sys + 2011-03-31 06:41 . 2002-09-06 19:59 50176 c:\windows\LastGood\system32\dllcache\adrot.dll + 2011-03-31 06:41 . 2001-08-17 18:11 46112 c:\windows\LastGood\system32\dllcache\adptsf50.sys + 2011-03-31 06:39 . 2004-08-19 16:09 43520 c:\windows\LastGood\system32\dllcache\admwprox.dll + 2011-03-31 06:41 . 2004-08-03 20:32 10880 c:\windows\LastGood\system32\dllcache\admjoy.sys + 2011-03-31 06:39 . 2003-03-24 13:52 16439 c:\windows\LastGood\system32\dllcache\admin.exe + 2011-03-31 06:39 . 2003-03-24 13:52 20540 c:\windows\LastGood\system32\dllcache\admin.dll + 2011-03-31 06:41 . 2004-08-19 16:09 29696 c:\windows\LastGood\system32\dllcache\admexs.dll + 2011-03-31 06:41 . 2001-08-17 18:11 20160 c:\windows\LastGood\system32\dllcache\adm8511.sys + 2011-03-31 06:41 . 2001-08-23 15:46 61952 c:\windows\LastGood\system32\dllcache\acerscad.dll + 2011-03-31 06:41 . 2001-08-17 18:20 96256 c:\windows\LastGood\system32\dllcache\ac97intc.sys + 2011-03-31 06:41 . 2001-08-17 19:52 23552 c:\windows\LastGood\system32\dllcache\abp480n5.sys + 2011-03-31 06:41 . 2001-08-23 15:46 98304 c:\windows\LastGood\system32\dllcache\a3d.dll + 2011-03-31 06:41 . 2001-08-23 15:46 38400 c:\windows\LastGood\system32\dllcache\8514a.dll + 2011-03-31 06:41 . 2004-08-03 21:10 48128 c:\windows\LastGood\system32\dllcache\61883.sys + 2011-03-31 06:41 . 2004-08-03 21:00 12288 c:\windows\LastGood\system32\dllcache\4mmdat.sys + 2011-03-31 06:40 . 2001-08-17 20:06 11264 c:\windows\LastGood\system32\dllcache\1394vdbg.sys + 2011-03-31 06:40 . 2004-08-03 21:10 53248 c:\windows\LastGood\system32\dllcache\1394bus.sys + 2011-03-31 06:59 . 2001-08-23 15:47 4608 c:\windows\LastGood\system32\dllcache\xrxflnch.exe + 2011-03-31 06:59 . 2004-08-19 14:09 8192 c:\windows\LastGood\system32\dllcache\wshirda.dll + 2011-03-31 06:59 . 2004-08-03 21:07 8832 c:\windows\LastGood\system32\dllcache\wmiacpi.sys + 2011-03-31 06:40 . 2002-09-06 19:59 7168 c:\windows\LastGood\system32\dllcache\wamregps.dll + 2011-03-31 06:58 . 2002-09-06 19:59 9216 c:\windows\LastGood\system32\dllcache\wamps51.dll + 2011-03-31 06:58 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\w3svapi.dll + 2011-03-31 06:58 . 2002-09-06 19:59 4608 c:\windows\LastGood\system32\dllcache\w3ctrs51.dll + 2011-03-31 06:58 . 2001-08-17 19:28 7556 c:\windows\LastGood\system32\dllcache\usroslba.sys + 2011-03-31 06:57 . 2001-08-23 15:00 4992 c:\windows\LastGood\system32\dllcache\toside.sys + 2011-03-31 06:57 . 2001-08-17 19:52 7040 c:\windows\LastGood\system32\dllcache\tandqic.sys + 2011-03-31 06:57 . 2001-08-17 20:02 3968 c:\windows\LastGood\system32\dllcache\swusbflt.sys + 2011-03-31 06:40 . 2004-08-19 16:09 8192 c:\windows\LastGood\system32\dllcache\staxmem.dll + 2011-03-31 06:56 . 2001-08-17 19:56 7552 c:\windows\LastGood\system32\dllcache\sonypvu1.sys + 2011-03-31 06:56 . 2001-08-17 19:53 9600 c:\windows\LastGood\system32\dllcache\sonymc.sys + 2011-03-31 06:56 . 2004-08-03 21:00 7552 c:\windows\LastGood\system32\dllcache\sonyait.sys + 2011-03-31 06:56 . 2001-08-17 19:53 7040 c:\windows\LastGood\system32\dllcache\snyaitmc.sys + 2011-03-31 06:56 . 2004-08-19 16:10 8704 c:\windows\LastGood\system32\dllcache\snmptrap.exe + 2011-03-31 06:56 . 2004-08-19 16:09 6144 c:\windows\LastGood\system32\dllcache\snmpmib.dll + 2011-03-31 06:56 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\smimsgif.dll + 2011-03-31 06:56 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\smierrsy.dll + 2011-03-31 06:56 . 2001-08-17 19:57 6784 c:\windows\LastGood\system32\dllcache\smbhc.sys + 2011-03-31 06:56 . 2004-08-03 21:07 6912 c:\windows\LastGood\system32\dllcache\smbclass.sys + 2011-03-31 06:56 . 2004-08-03 21:07 6016 c:\windows\LastGood\system32\dllcache\smbali.sys + 2011-03-31 06:55 . 2004-08-19 14:09 3901 c:\windows\LastGood\system32\dllcache\siint5.dll + 2011-03-31 06:55 . 2001-08-23 15:20 6912 c:\windows\LastGood\system32\dllcache\serscan.sys + 2011-03-31 06:55 . 2001-08-17 19:53 6912 c:\windows\LastGood\system32\dllcache\seaddsmc.sys + 2011-03-31 06:55 . 2004-08-19 16:09 9728 c:\windows\LastGood\system32\dllcache\rwnh.dll + 2011-03-31 06:55 . 2001-08-17 18:19 3840 c:\windows\LastGood\system32\dllcache\rpfun.sys + 2011-03-31 06:55 . 2004-08-19 16:09 4096 c:\windows\LastGood\system32\dllcache\rpcref.dll + 2011-03-31 06:54 . 2001-08-17 19:53 3328 c:\windows\LastGood\system32\dllcache\qv2kux.sys + 2011-03-31 06:54 . 2004-08-03 21:00 6016 c:\windows\LastGood\system32\dllcache\qic157.sys + 2011-03-31 06:54 . 2004-08-19 16:09 7680 c:\windows\LastGood\system32\dllcache\pwsdata.dll + 2011-03-31 06:54 . 2001-08-23 15:47 5632 c:\windows\LastGood\system32\dllcache\ptpusb.dll + 2011-03-31 06:54 . 2001-08-17 19:53 7552 c:\windows\LastGood\system32\dllcache\powerfil.sys + 2011-03-31 06:54 . 2001-08-17 19:53 7168 c:\windows\LastGood\system32\dllcache\pnrmc.sys + 2011-03-31 06:54 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\pmxgl.dll + 2011-03-31 06:54 . 2001-08-17 20:07 5504 c:\windows\LastGood\system32\dllcache\perc2hib.sys + 2011-03-31 06:54 . 2001-08-23 15:15 3328 c:\windows\LastGood\system32\dllcache\pciide.sys + 2011-03-31 06:53 . 2001-08-23 15:11 9472 c:\windows\LastGood\system32\dllcache\ntapm.sys + 2011-03-31 06:53 . 2001-08-17 19:53 7552 c:\windows\LastGood\system32\dllcache\nsmmc.sys + 2011-03-31 06:52 . 2001-08-23 15:47 7168 c:\windows\LastGood\system32\dllcache\mxport.dll + 2011-03-31 06:52 . 2004-08-03 20:58 5504 c:\windows\LastGood\system32\dllcache\mstee.sys + 2011-03-31 06:52 . 2001-08-17 20:00 2944 c:\windows\LastGood\system32\dllcache\msmpu401.sys + 2011-03-31 06:52 . 2001-08-17 19:48 6016 c:\windows\LastGood\system32\dllcache\msfsio.sys + 2011-03-31 06:52 . 2001-08-17 19:52 6528 c:\windows\LastGood\system32\dllcache\miniqic.sys + 2011-03-31 06:52 . 2006-12-13 11:50 8704 c:\windows\LastGood\system32\dllcache\migregdb.exe + 2011-03-31 06:51 . 2001-08-17 19:58 8320 c:\windows\LastGood\system32\dllcache\memcard.sys + 2011-03-31 06:51 . 2001-08-17 19:52 7424 c:\windows\LastGood\system32\dllcache\mammoth.sys + 2011-03-31 06:51 . 2004-08-03 21:00 7040 c:\windows\LastGood\system32\dllcache\ltotape.sys + 2011-03-31 06:51 . 2001-08-17 19:53 4992 c:\windows\LastGood\system32\dllcache\loop.sys + 2011-03-31 06:51 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdvntc.dll + 2011-03-31 06:51 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdusa.dll + 2011-03-31 06:51 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdurdu.dll + 2011-03-31 06:51 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\kbdth3.dll + 2011-03-31 06:51 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\kbdth2.dll + 2011-03-31 06:51 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdth1.dll + 2011-03-31 06:51 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdth0.dll + 2011-03-31 06:51 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdsyr2.dll + 2011-03-31 06:51 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdsyr1.dll + 2011-03-31 06:51 . 2002-09-06 19:59 7680 c:\windows\LastGood\system32\dllcache\kbdnecnt.dll + 2011-03-31 06:51 . 2002-09-06 19:59 9216 c:\windows\LastGood\system32\dllcache\kbdnecat.dll + 2011-03-31 06:51 . 2002-09-06 19:59 7168 c:\windows\LastGood\system32\dllcache\kbdnec95.dll + 2011-03-31 06:51 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\kbdlk41j.dll + 2011-03-31 06:51 . 2002-09-06 19:59 6656 c:\windows\LastGood\system32\dllcache\kbdlk41a.dll + 2011-03-31 06:51 . 2001-08-23 15:47 8192 c:\windows\LastGood\system32\dllcache\kbdkor.dll + 2011-03-31 06:51 . 2001-08-23 15:47 8704 c:\windows\LastGood\system32\dllcache\kbdjpn.dll + 2011-03-31 06:51 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdintel.dll + 2011-03-31 06:51 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdintam.dll + 2011-03-31 06:51 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\kbdinpun.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdinmar.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdinkan.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdinhin.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdinguj.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdindev.dll + 2011-03-31 06:50 . 2002-09-06 19:59 7168 c:\windows\LastGood\system32\dllcache\kbdibm02.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdheb.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5120 c:\windows\LastGood\system32\dllcache\kbdgeo.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbdfa.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbddiv2.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbddiv1.dll + 2011-03-31 06:50 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\kbdax2.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5120 c:\windows\LastGood\system32\dllcache\kbdarmw.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5120 c:\windows\LastGood\system32\dllcache\kbdarme.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbda3.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbda2.dll + 2011-03-31 06:50 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\kbda1.dll + 2011-03-31 06:50 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\kbd106n.dll + 2011-03-31 06:50 . 2001-08-17 20:55 6144 c:\windows\LastGood\system32\dllcache\kbd106.dll + 2011-03-31 06:50 . 2001-08-17 20:55 5632 c:\windows\LastGood\system32\dllcache\kbd103.dll + 2011-03-31 06:50 . 2001-08-17 20:55 6144 c:\windows\LastGood\system32\dllcache\kbd101c.dll + 2011-03-31 06:50 . 2001-08-17 20:55 6144 c:\windows\LastGood\system32\dllcache\kbd101b.dll + 2011-03-31 06:50 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\kbd101a.dll + 2011-03-31 06:50 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\kbd101.dll + 2011-03-31 06:50 . 2002-09-06 19:59 9216 c:\windows\LastGood\system32\dllcache\iwrps.dll + 2011-03-31 06:50 . 2002-09-06 19:59 7168 c:\windows\LastGood\system32\dllcache\isapips.dll + 2011-03-31 06:50 . 2004-08-19 13:59 5504 c:\windows\LastGood\system32\dllcache\intelide.sys + 2011-03-31 06:50 . 2002-09-06 19:59 8704 c:\windows\LastGood\system32\dllcache\infoctrs.dll + 2011-03-31 06:40 . 2002-09-06 19:59 7680 c:\windows\LastGood\system32\dllcache\inetmgr.exe + 2011-03-31 06:49 . 2002-09-06 19:59 6656 c:\windows\LastGood\system32\dllcache\iissync.exe + 2011-03-31 06:40 . 2002-09-06 19:59 5632 c:\windows\LastGood\system32\dllcache\iisrstap.dll + 2011-03-31 06:49 . 2002-09-06 19:59 3584 c:\windows\LastGood\system32\dllcache\iismui.dll + 2011-03-31 06:49 . 2004-08-19 16:09 7168 c:\windows\LastGood\system32\dllcache\iisfecnv.dll + 2011-03-31 06:49 . 2004-08-03 21:00 8192 c:\windows\LastGood\system32\dllcache\i2omgmt.sys + 2011-03-31 06:49 . 2004-08-19 16:09 8192 c:\windows\LastGood\system32\dllcache\httpmb51.dll + 2011-03-31 06:48 . 2001-08-23 15:47 9759 c:\windows\LastGood\system32\dllcache\hsf_inst.dll + 2011-03-31 06:48 . 2001-08-17 19:52 5760 c:\windows\LastGood\system32\dllcache\hpt4qic.sys + 2011-03-31 06:48 . 2001-08-17 20:02 2688 c:\windows\LastGood\system32\dllcache\hidswvd.sys + 2011-03-31 06:48 . 2001-08-17 20:02 8576 c:\windows\LastGood\system32\dllcache\hidgame.sys + 2011-03-31 06:48 . 2004-08-19 14:09 7168 c:\windows\LastGood\system32\dllcache\hccoin.dll + 2011-03-31 06:48 . 2004-08-19 16:08 7168 c:\windows\LastGood\system32\dllcache\fxsres.dll + 2011-03-31 06:48 . 2004-08-19 16:09 8704 c:\windows\LastGood\system32\dllcache\fxsperf.dll + 2011-03-31 06:40 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\ftpsapi2.dll + 2011-03-31 06:47 . 2004-08-19 16:09 6144 c:\windows\LastGood\system32\dllcache\ftpmib.dll + 2011-03-31 06:47 . 2002-09-06 19:59 7680 c:\windows\LastGood\system32\dllcache\ftpctrs2.dll + 2011-03-31 06:47 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\ftlx041e.dll + 2011-03-31 06:47 . 2002-09-06 19:59 7168 c:\windows\LastGood\system32\dllcache\f3ahvoas.dll + 2011-03-31 06:56 . 2001-08-23 15:47 7168 c:\windows\LastGood\system32\dllcache\EXCH_snprfdll.dll + 2011-03-31 06:41 . 2001-08-23 15:46 5632 c:\windows\LastGood\system32\dllcache\EXCH_adsiisex.dll + 2011-03-31 06:47 . 2001-08-17 19:52 7040 c:\windows\LastGood\system32\dllcache\exabyte2.sys + 2011-03-31 06:47 . 2001-08-17 19:46 6400 c:\windows\LastGood\system32\dllcache\enum1394.sys + 2011-03-31 06:46 . 2001-08-17 19:53 7296 c:\windows\LastGood\system32\dllcache\elmsmc.sys + 2011-03-31 06:46 . 2001-08-17 19:47 8704 c:\windows\LastGood\system32\dllcache\dot4scan.sys + 2011-03-31 06:46 . 2004-08-03 21:00 8320 c:\windows\LastGood\system32\dllcache\dlttape.sys + 2011-03-31 06:46 . 2001-08-23 15:47 6216 c:\windows\LastGood\system32\dllcache\divaci.dll + 2011-03-31 06:46 . 2001-08-23 15:47 6729 c:\windows\LastGood\system32\dllcache\disrvci.dll + 2011-03-31 06:45 . 2001-08-17 19:52 7424 c:\windows\LastGood\system32\dllcache\ddsmc.sys + 2011-03-31 06:45 . 2001-08-17 18:19 3584 c:\windows\LastGood\system32\dllcache\cwcosnt5.sys + 2011-03-31 06:45 . 2001-08-17 18:19 3072 c:\windows\LastGood\system32\dllcache\cwbmidi.sys + 2011-03-31 06:45 . 2001-08-17 18:19 3072 c:\windows\LastGood\system32\dllcache\cwbase.sys + 2011-03-31 06:45 . 2001-08-23 15:47 4096 c:\windows\LastGood\system32\dllcache\ctwdm32.dll + 2011-03-31 06:45 . 2001-08-17 18:19 3712 c:\windows\LastGood\system32\dllcache\ctljystk.sys + 2011-03-31 06:45 . 2001-08-17 18:19 6912 c:\windows\LastGood\system32\dllcache\ctlfacem.sys + 2011-03-31 06:45 . 2001-08-17 19:58 9344 c:\windows\LastGood\system32\dllcache\compbatt.sys + 2011-03-31 06:45 . 2001-08-23 15:04 6656 c:\windows\LastGood\system32\dllcache\cmdide.sys + 2011-03-31 06:44 . 2004-08-03 21:00 8192 c:\windows\LastGood\system32\dllcache\changer.sys + 2011-03-31 06:44 . 2001-08-17 19:52 7680 c:\windows\LastGood\system32\dllcache\cd20xrnt.sys + 2011-03-31 06:44 . 2002-09-06 19:59 6656 c:\windows\LastGood\system32\dllcache\c_is2022.dll + 2011-03-31 06:43 . 2001-08-23 15:46 9728 c:\windows\LastGood\system32\dllcache\brserif.dll + 2011-03-31 06:43 . 2001-08-23 15:46 5120 c:\windows\LastGood\system32\dllcache\brscnrsm.dll + 2011-03-31 06:43 . 2001-08-17 19:12 3168 c:\windows\LastGood\system32\dllcache\brparimg.sys + 2011-03-31 06:43 . 2001-08-17 19:12 3968 c:\windows\LastGood\system32\dllcache\brfiltup.sys + 2011-03-31 06:43 . 2001-08-17 19:12 2944 c:\windows\LastGood\system32\dllcache\brfilt.sys + 2011-03-31 06:43 . 2001-08-23 15:46 9728 c:\windows\LastGood\system32\dllcache\brcoinst.dll + 2011-03-31 06:42 . 2002-09-06 19:59 9216 c:\windows\LastGood\system32\dllcache\authfilt.dll + 2011-03-31 06:42 . 2001-08-17 18:49 9472 c:\windows\LastGood\system32\dllcache\ativmdcd.sys + 2011-03-31 06:41 . 2001-08-17 19:47 6272 c:\windows\LastGood\system32\dllcache\apmbatt.sys + 2011-03-31 06:41 . 2001-08-17 19:51 5248 c:\windows\LastGood\system32\dllcache\aliide.sys + 2011-03-31 06:41 . 2004-08-19 14:09 3775 c:\windows\LastGood\system32\dllcache\adv11nt5.dll + 2011-03-31 06:41 . 2004-08-19 14:09 3711 c:\windows\LastGood\system32\dllcache\adv09nt5.dll + 2011-03-31 06:41 . 2004-08-19 14:09 3135 c:\windows\LastGood\system32\dllcache\adv08nt5.dll + 2011-03-31 06:41 . 2004-08-19 14:09 3647 c:\windows\LastGood\system32\dllcache\adv07nt5.dll + 2011-03-31 06:41 . 2004-08-19 14:09 3615 c:\windows\LastGood\system32\dllcache\adv05nt5.dll + 2011-03-31 06:41 . 2004-08-19 14:09 3967 c:\windows\LastGood\system32\dllcache\adv02nt5.dll + 2011-03-31 06:41 . 2004-08-19 14:09 4255 c:\windows\LastGood\system32\dllcache\adv01nt5.dll + 2011-03-31 06:41 . 2002-09-06 19:59 6144 c:\windows\LastGood\system32\dllcache\admxprox.dll + 2011-03-31 06:41 . 2001-08-17 19:53 7424 c:\windows\LastGood\system32\dllcache\adicvls.sys + 2007-06-15 12:46 . 2009-08-06 17:23 209624 c:\windows\system32\wuweb.dll + 2007-06-15 12:46 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll + 2007-06-15 12:46 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll + 2011-03-30 21:32 . 2009-08-06 17:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll + 2009-08-06 17:23 . 2009-08-06 17:23 215904 c:\windows\system32\muweb.dll + 2011-03-31 06:48 . 2011-03-31 06:48 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe + 2011-03-31 06:48 . 2011-03-31 06:48 311456 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.dll + 2007-06-15 12:46 . 2009-08-06 17:23 209624 c:\windows\system32\dllcache\wuweb.dll + 2007-06-15 12:46 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2007-06-15 12:46 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2011-03-31 06:59 . 2006-11-18 22:59 370688 c:\windows\LastGood\system32\zipfldr.dll + 2011-03-31 06:58 . 2006-07-05 20:52 219648 c:\windows\LastGood\system32\uxtheme.dll + 2011-03-31 06:55 . 2006-12-07 18:16 142336 c:\windows\LastGood\system32\sfc_os.dll + 2011-03-31 06:53 . 2006-07-05 20:52 577536 c:\windows\LastGood\system32\notepad.exe + 2011-03-31 06:52 . 2006-11-18 22:54 281600 c:\windows\LastGood\system32\mstask.dll + 2011-03-31 06:47 . 2006-11-18 22:46 404992 c:\windows\LastGood\system32\fontext.dll + 2011-03-31 06:59 . 2004-08-19 14:09 116736 c:\windows\LastGood\system32\dllcache\xrxwiadr.dll + 2011-03-31 06:59 . 2004-08-03 20:31 154624 c:\windows\LastGood\system32\dllcache\wlluc48.sys + 2011-03-31 06:59 . 2001-08-17 19:28 771581 c:\windows\LastGood\system32\dllcache\winacisa.sys + 2011-03-31 06:59 . 2001-08-17 19:28 701386 c:\windows\LastGood\system32\dllcache\wdhaalba.sys + 2011-03-31 06:58 . 2004-08-19 16:09 366592 c:\windows\LastGood\system32\dllcache\w3svc.dll + 2011-03-31 06:58 . 2001-08-17 19:28 397502 c:\windows\LastGood\system32\dllcache\vpctcom.sys + 2011-03-31 06:58 . 2004-08-03 22:32 426041 c:\windows\LastGood\system32\dllcache\voicepad.dll + 2011-03-31 06:58 . 2001-08-17 19:28 604253 c:\windows\LastGood\system32\dllcache\vmodem.sys + 2011-03-31 06:58 . 2001-08-17 18:14 249402 c:\windows\LastGood\system32\dllcache\vinwm.sys + 2011-03-31 06:58 . 2001-08-17 19:28 687999 c:\windows\LastGood\system32\dllcache\usrwdxjs.sys + 2011-03-31 06:58 . 2001-08-17 19:28 765884 c:\windows\LastGood\system32\dllcache\usrti.sys + 2011-03-31 06:58 . 2001-08-17 19:28 113762 c:\windows\LastGood\system32\dllcache\usrpda.sys + 2011-03-31 06:58 . 2001-08-17 19:28 224802 c:\windows\LastGood\system32\dllcache\usr1807a.sys + 2011-03-31 06:58 . 2001-08-17 19:28 794399 c:\windows\LastGood\system32\dllcache\usr1806v.sys + 2011-03-31 06:58 . 2001-08-17 19:28 793598 c:\windows\LastGood\system32\dllcache\usr1806.sys + 2011-03-31 06:58 . 2001-08-17 19:28 794654 c:\windows\LastGood\system32\dllcache\usr1801.sys + 2011-03-31 06:58 . 2005-07-29 23:01 121856 c:\windows\LastGood\system32\dllcache\usbvideo.sys + 2011-03-31 06:58 . 2001-08-23 15:47 212480 c:\windows\LastGood\system32\dllcache\um54scan.dll + 2011-03-31 06:58 . 2001-08-23 15:47 216576 c:\windows\LastGood\system32\dllcache\um34scan.dll + 2011-03-31 06:58 . 2004-08-19 16:09 104448 c:\windows\LastGood\system32\dllcache\uihelper.dll + 2011-03-31 06:57 . 2001-08-17 18:51 166784 c:\windows\LastGood\system32\dllcache\tridxpm.sys + 2011-03-31 06:57 . 2001-08-23 15:47 525568 c:\windows\LastGood\system32\dllcache\tridxp.dll + 2011-03-31 06:57 . 2001-08-17 18:51 159232 c:\windows\LastGood\system32\dllcache\tridkbm.sys + 2011-03-31 06:57 . 2001-08-23 15:46 440576 c:\windows\LastGood\system32\dllcache\tridkb.dll + 2011-03-31 06:57 . 2001-08-17 18:51 222336 c:\windows\LastGood\system32\dllcache\trid3dm.sys + 2011-03-31 06:57 . 2001-08-23 15:46 315520 c:\windows\LastGood\system32\dllcache\trid3d.dll + 2011-03-31 06:57 . 2001-08-17 20:02 230912 c:\windows\LastGood\system32\dllcache\tosdvd03.sys + 2011-03-31 06:57 . 2001-08-17 20:01 241664 c:\windows\LastGood\system32\dllcache\tosdvd02.sys + 2011-03-31 06:57 . 2001-08-17 18:14 123995 c:\windows\LastGood\system32\dllcache\tjisdn.sys + 2011-03-31 06:57 . 2004-08-03 22:32 455168 c:\windows\LastGood\system32\dllcache\tintsetp.exe + 2011-03-31 06:57 . 2002-09-06 19:59 185344 c:\windows\LastGood\system32\dllcache\thawbrkr.dll + 2011-03-31 06:57 . 2001-08-17 18:51 138528 c:\windows\LastGood\system32\dllcache\tgiulnt5.sys + 2011-03-31 06:57 . 2004-08-03 21:00 149376 c:\windows\LastGood\system32\dllcache\tffsport.sys + 2011-03-31 06:57 . 2001-08-23 15:46 172768 c:\windows\LastGood\system32\dllcache\t2r4disp.dll + 2011-03-31 06:57 . 2001-08-17 19:50 103936 c:\windows\LastGood\system32\dllcache\sx.sys + 2011-03-31 06:57 . 2001-08-23 15:47 155648 c:\windows\LastGood\system32\dllcache\stlnprop.dll + 2011-03-31 06:57 . 2001-08-23 14:57 286848 c:\windows\LastGood\system32\dllcache\stlnata.sys + 2011-03-31 06:57 . 2002-09-06 19:59 101888 c:\windows\LastGood\system32\dllcache\srusbusd.dll + 2011-03-31 06:56 . 2001-08-23 15:47 106584 c:\windows\LastGood\system32\dllcache\spdports.dll + 2011-03-31 06:56 . 2001-08-23 15:47 114688 c:\windows\LastGood\system32\dllcache\sonypi.dll + 2011-03-31 06:56 . 2002-09-06 19:59 143422 c:\windows\LastGood\system32\dllcache\softkey.dll + 2011-03-31 06:56 . 2004-08-19 16:09 188416 c:\windows\LastGood\system32\dllcache\snmpsmir.dll + 2011-03-31 06:56 . 2004-08-19 16:09 358400 c:\windows\LastGood\system32\dllcache\snmpincl.dll + 2011-03-31 06:56 . 2004-08-19 16:09 259072 c:\windows\LastGood\system32\dllcache\snmpcl.dll + 2011-03-31 06:56 . 2004-08-19 16:09 466944 c:\windows\LastGood\system32\dllcache\smtpsvc.dll + 2011-03-31 06:40 . 2004-08-19 16:09 189440 c:\windows\LastGood\system32\dllcache\smtpadm.dll + 2011-03-31 06:56 . 2001-08-23 15:46 147200 c:\windows\LastGood\system32\dllcache\smidispb.dll + 2011-03-31 06:56 . 2004-08-19 16:10 236544 c:\windows\LastGood\system32\dllcache\smi2smir.exe + 2011-03-31 06:56 . 2004-08-03 20:41 404990 c:\windows\LastGood\system32\dllcache\slntamr.sys + 2011-03-31 06:56 . 2004-08-03 20:41 129535 c:\windows\LastGood\system32\dllcache\slnt7554.sys + 2011-03-31 06:56 . 2004-08-19 14:09 188508 c:\windows\LastGood\system32\dllcache\slgen.dll + 2011-03-31 06:56 . 2004-08-19 14:09 286792 c:\windows\LastGood\system32\dllcache\slextspk.dll + 2011-03-31 06:56 . 2001-08-23 15:46 157696 c:\windows\LastGood\system32\dllcache\sisv256.dll + 2011-03-31 06:56 . 2001-08-23 15:47 238592 c:\windows\LastGood\system32\dllcache\sisgrv.dll + 2011-03-31 06:56 . 2001-08-17 18:50 104064 c:\windows\LastGood\system32\dllcache\sisgrp.sys + 2011-03-31 06:56 . 2001-08-23 15:46 150144 c:\windows\LastGood\system32\dllcache\sis6306v.dll + 2011-03-31 06:55 . 2001-08-23 15:46 252032 c:\windows\LastGood\system32\dllcache\sis300iv.dll + 2011-03-31 06:55 . 2001-08-17 18:50 101760 c:\windows\LastGood\system32\dllcache\sis300ip.sys + 2011-03-31 06:55 . 2001-08-23 15:21 161664 c:\windows\LastGood\system32\dllcache\sgsmusb.sys + 2011-03-31 06:55 . 2001-08-23 15:46 386560 c:\windows\LastGood\system32\dllcache\sgiul50.dll + 2011-03-31 06:55 . 2004-08-19 16:09 221696 c:\windows\LastGood\system32\dllcache\seo.dll + 2011-03-31 06:55 . 2001-08-23 15:47 495616 c:\windows\LastGood\system32\dllcache\sblfx.dll + 2011-03-31 06:55 . 2001-08-23 15:46 245632 c:\windows\LastGood\system32\dllcache\s3savmx.dll + 2011-03-31 06:55 . 2001-08-23 15:46 198400 c:\windows\LastGood\system32\dllcache\s3sav4.dll + 2011-03-31 06:55 . 2001-08-23 15:46 179264 c:\windows\LastGood\system32\dllcache\s3sav3d.dll + 2011-03-31 06:55 . 2001-08-23 15:46 210496 c:\windows\LastGood\system32\dllcache\s3mvirge.dll + 2011-03-31 06:55 . 2001-08-23 15:46 182272 c:\windows\LastGood\system32\dllcache\s3mt3d.dll + 2011-03-31 06:55 . 2001-08-17 18:50 166720 c:\windows\LastGood\system32\dllcache\s3m.sys + 2011-03-31 06:55 . 2004-08-03 20:29 166912 c:\windows\LastGood\system32\dllcache\s3gnbm.sys + 2011-03-31 06:55 . 2004-08-19 14:09 397056 c:\windows\LastGood\system32\dllcache\s3gnb.dll + 2011-03-31 06:54 . 2001-08-23 15:18 715530 c:\windows\LastGood\system32\dllcache\r2mdmkxx.sys + 2011-03-31 06:54 . 2001-08-23 15:18 899914 c:\windows\LastGood\system32\dllcache\r2mdkxga.sys + 2011-03-31 06:54 . 2001-08-17 19:28 130942 c:\windows\LastGood\system32\dllcache\ptserlv.sys + 2011-03-31 06:54 . 2001-08-17 19:28 112574 c:\windows\LastGood\system32\dllcache\ptserlp.sys + 2011-03-31 06:54 . 2001-08-17 19:28 128286 c:\windows\LastGood\system32\dllcache\ptserli.sys + 2011-03-31 06:54 . 2004-08-19 14:09 159232 c:\windows\LastGood\system32\dllcache\ptpusd.dll + 2011-03-31 06:54 . 2005-03-25 20:43 363520 c:\windows\LastGood\system32\dllcache\psisdecd.dll + 2011-03-31 06:54 . 2002-09-06 19:59 131584 c:\windows\LastGood\system32\dllcache\pmxviceo.dll + 2011-03-31 06:54 . 2004-08-03 22:31 175104 c:\windows\LastGood\system32\dllcache\pintlcsa.dll + 2011-03-31 06:54 . 2001-08-23 15:47 121344 c:\windows\LastGood\system32\dllcache\phvfwext.dll + 2011-03-31 06:54 . 2001-08-17 20:04 173696 c:\windows\LastGood\system32\dllcache\philcam2.sys + 2011-03-31 06:54 . 2004-08-19 14:08 259328 c:\windows\LastGood\system32\dllcache\perm3dd.dll + 2011-03-31 06:54 . 2004-08-19 14:08 211712 c:\windows\LastGood\system32\dllcache\perm2dll.dll + 2011-03-31 06:54 . 2004-08-03 20:06 169984 c:\windows\LastGood\system32\dllcache\pcx500.sys + 2011-03-31 06:53 . 2001-08-17 20:05 351616 c:\windows\LastGood\system32\dllcache\ovcodek2.sys + 2011-03-31 06:53 . 2001-08-23 15:47 116736 c:\windows\LastGood\system32\dllcache\ovcodec2.dll + 2011-03-31 06:53 . 2001-08-17 18:50 198144 c:\windows\LastGood\system32\dllcache\nv3.sys + 2011-03-31 06:53 . 2001-08-23 15:46 123776 c:\windows\LastGood\system32\dllcache\nv3.dll + 2011-03-31 06:53 . 2004-08-03 20:41 180360 c:\windows\LastGood\system32\dllcache\ntmtlfax.sys + 2011-03-31 06:53 . 2001-08-17 18:20 126080 c:\windows\LastGood\system32\dllcache\nm5a2wdm.sys + 2011-03-31 06:53 . 2004-08-19 14:03 132695 c:\windows\LastGood\system32\dllcache\netwlan5.sys + 2011-03-31 06:52 . 2001-08-23 15:09 131072 c:\windows\LastGood\system32\dllcache\n100325.sys + 2011-03-31 06:52 . 2002-09-06 19:59 229439 c:\windows\LastGood\system32\dllcache\multibox.dll + 2011-03-31 06:52 . 2001-08-17 18:50 103296 c:\windows\LastGood\system32\dllcache\mtxvideo.sys + 2011-03-31 06:52 . 2004-08-03 20:29 452736 c:\windows\LastGood\system32\dllcache\mtxparhm.sys + 2011-03-31 06:52 . 2002-09-06 19:59 111104 c:\windows\LastGood\system32\dllcache\mtstocom.exe + 2011-03-31 06:52 . 2004-08-03 20:41 126686 c:\windows\LastGood\system32\dllcache\mtlmnt5.sys + 2011-03-31 06:52 . 2001-08-23 15:03 320384 c:\windows\LastGood\system32\dllcache\mgaum.sys + 2011-03-31 06:51 . 2001-08-23 15:46 235648 c:\windows\LastGood\system32\dllcache\mgaud.dll + 2011-03-31 06:51 . 2001-08-23 15:02 165066 c:\windows\LastGood\system32\dllcache\mdgndis5.sys + 2011-03-31 06:51 . 2001-08-17 19:28 797500 c:\windows\LastGood\system32\dllcache\ltsmt.sys + 2011-03-31 06:51 . 2001-08-17 19:28 802683 c:\windows\LastGood\system32\dllcache\ltsm.sys + 2011-03-31 06:51 . 2004-08-19 14:02 422528 c:\windows\LastGood\system32\dllcache\ltmdmntt.sys + 2011-03-31 06:51 . 2001-08-23 15:00 577514 c:\windows\LastGood\system32\dllcache\ltmdmntl.sys + 2011-03-31 06:51 . 2004-08-19 14:02 607452 c:\windows\LastGood\system32\dllcache\ltmdmnt.sys + 2011-03-31 06:51 . 2001-08-23 15:00 728554 c:\windows\LastGood\system32\dllcache\ltck000c.sys + 2011-03-31 06:51 . 2001-08-23 15:47 242688 c:\windows\LastGood\system32\dllcache\kdsusd.dll + 2011-03-31 06:50 . 2004-08-19 14:09 154112 c:\windows\LastGood\system32\dllcache\irftp.exe + 2011-03-31 06:50 . 2004-08-19 16:09 257024 c:\windows\LastGood\system32\dllcache\infocomm.dll + 2011-03-31 06:40 . 2004-08-19 16:09 842240 c:\windows\LastGood\system32\dllcache\inetmgr.dll + 2011-03-31 06:50 . 2002-09-06 19:59 315452 c:\windows\LastGood\system32\dllcache\imskf.dll + 2011-03-31 06:50 . 2002-09-06 19:59 471102 c:\windows\LastGood\system32\dllcache\imskdic.dll + 2011-03-31 06:50 . 2004-08-03 22:32 102456 c:\windows\LastGood\system32\dllcache\imlang.dll + 2011-03-31 06:50 . 2004-08-03 22:32 274489 c:\windows\LastGood\system32\dllcache\imjputyc.dll + 2011-03-31 06:50 . 2004-08-03 22:32 262200 c:\windows\LastGood\system32\dllcache\imjputy.exe + 2011-03-31 06:50 . 2004-08-03 22:32 233527 c:\windows\LastGood\system32\dllcache\imjprw.exe + 2011-03-31 06:50 . 2004-08-03 22:31 208952 c:\windows\LastGood\system32\dllcache\imjpmig.exe + 2011-03-31 06:50 . 2004-08-03 22:31 196665 c:\windows\LastGood\system32\dllcache\imjpinst.exe + 2011-03-31 06:50 . 2004-08-03 22:31 155705 c:\windows\LastGood\system32\dllcache\imjpdsvr.exe + 2011-03-31 06:50 . 2004-08-03 22:31 307257 c:\windows\LastGood\system32\dllcache\imjpdct.exe + 2011-03-31 06:50 . 2004-08-03 22:31 716856 c:\windows\LastGood\system32\dllcache\imjpcus.dll + 2011-03-31 06:50 . 2004-08-03 22:31 368696 c:\windows\LastGood\system32\dllcache\imjpcic.dll + 2011-03-31 06:50 . 2004-08-03 22:31 811064 c:\windows\LastGood\system32\dllcache\imjp81k.dll + 2011-03-31 06:50 . 2002-09-06 19:59 311359 c:\windows\LastGood\system32\dllcache\imepadsv.exe + 2011-03-31 06:50 . 2002-09-06 19:59 102463 c:\windows\LastGood\system32\dllcache\imepadsm.dll + 2011-03-31 06:50 . 2004-08-03 23:04 106496 c:\windows\LastGood\system32\dllcache\imekrcic.dll + 2011-03-31 06:40 . 2002-09-06 19:59 173056 c:\windows\LastGood\system32\dllcache\iisui.dll + 2011-03-31 06:40 . 2004-08-19 16:09 133632 c:\windows\LastGood\system32\dllcache\iisrtl.dll + 2011-03-31 06:49 . 2004-08-19 16:09 145408 c:\windows\LastGood\system32\dllcache\iische51.dll + 2011-03-31 06:49 . 2001-08-23 15:47 372824 c:\windows\LastGood\system32\dllcache\iconf32.dll + 2011-03-31 06:49 . 2001-08-17 20:06 100992 c:\windows\LastGood\system32\dllcache\icam5usb.sys + 2011-03-31 06:49 . 2001-08-17 20:06 154496 c:\windows\LastGood\system32\dllcache\icam4usb.sys + 2011-03-31 06:49 . 2001-08-17 20:05 141056 c:\windows\LastGood\system32\dllcache\icam3.sys + 2011-03-31 06:49 . 2001-08-17 18:12 109085 c:\windows\LastGood\system32\dllcache\ibmtrp.sys + 2011-03-31 06:49 . 2001-08-17 18:12 100936 c:\windows\LastGood\system32\dllcache\ibmtok.sys + 2011-03-31 06:49 . 2004-08-03 20:29 161020 c:\windows\LastGood\system32\dllcache\i81xnt5.sys + 2011-03-31 06:49 . 2004-08-19 14:09 702845 c:\windows\LastGood\system32\dllcache\i81xdnt5.dll + 2011-03-31 06:49 . 2001-08-23 15:46 353184 c:\windows\LastGood\system32\dllcache\i740dnt5.dll + 2011-03-31 06:49 . 2004-08-19 16:09 268288 c:\windows\LastGood\system32\dllcache\httpext.dll + 2011-03-31 06:49 . 2004-08-03 20:41 685056 c:\windows\LastGood\system32\dllcache\hsfcxts2.sys + 2011-03-31 06:49 . 2004-08-03 20:41 220032 c:\windows\LastGood\system32\dllcache\hsfbs2s2.sys + 2011-03-31 06:49 . 2001-08-17 19:28 488383 c:\windows\LastGood\system32\dllcache\hsf_v124.sys + 2011-03-31 06:48 . 2001-08-17 19:28 542879 c:\windows\LastGood\system32\dllcache\hsf_msft.sys + 2011-03-31 06:48 . 2001-08-17 19:28 391199 c:\windows\LastGood\system32\dllcache\hsf_k56k.sys + 2011-03-31 06:48 . 2001-08-17 19:28 115807 c:\windows\LastGood\system32\dllcache\hsf_fsks.sys + 2011-03-31 06:48 . 2001-08-17 19:28 199711 c:\windows\LastGood\system32\dllcache\hsf_faxx.sys + 2011-03-31 06:48 . 2001-08-17 19:28 289887 c:\windows\LastGood\system32\dllcache\hsf_fall.sys + 2011-03-31 06:48 . 2001-08-17 19:28 150239 c:\windows\LastGood\system32\dllcache\hsf_amos.sys + 2011-03-31 06:48 . 2001-08-23 15:47 324608 c:\windows\LastGood\system32\dllcache\hpojwia.dll + 2011-03-31 06:48 . 2001-08-23 15:47 165888 c:\windows\LastGood\system32\dllcache\hpgt53.dll + 2011-03-31 06:48 . 2001-08-23 15:47 126976 c:\windows\LastGood\system32\dllcache\hpgt34tk.dll + 2011-03-31 06:48 . 2001-08-23 15:47 101376 c:\windows\LastGood\system32\dllcache\hpgt34.dll + 2011-03-31 06:48 . 2001-08-23 15:47 123392 c:\windows\LastGood\system32\dllcache\hpgt21tk.dll + 2011-03-31 06:48 . 2001-08-23 15:47 119296 c:\windows\LastGood\system32\dllcache\hpdigwia.dll + 2011-03-31 06:48 . 2001-08-23 15:19 908000 c:\windows\LastGood\system32\dllcache\hcf_msft.sys + 2011-03-31 06:48 . 2001-08-23 15:18 322560 c:\windows\LastGood\system32\dllcache\g400m.sys + 2011-03-31 06:48 . 2001-08-23 15:18 320512 c:\windows\LastGood\system32\dllcache\g200m.sys + 2011-03-31 06:48 . 2001-08-23 15:46 470144 c:\windows\LastGood\system32\dllcache\g200d.dll + 2011-03-31 06:48 . 2001-08-17 18:15 454912 c:\windows\LastGood\system32\dllcache\fxusbase.sys + 2011-03-31 06:48 . 2004-08-19 16:09 400896 c:\windows\LastGood\system32\dllcache\fxsxp32.dll + 2011-03-31 06:48 . 2004-08-19 16:09 197120 c:\windows\LastGood\system32\dllcache\fxswzrd.dll + 2011-03-31 06:48 . 2004-08-19 16:09 156672 c:\windows\LastGood\system32\dllcache\fxsui.dll + 2011-03-31 06:48 . 2004-08-19 16:09 397312 c:\windows\LastGood\system32\dllcache\fxstiff.dll + 2011-03-31 06:48 . 2004-08-19 16:09 246272 c:\windows\LastGood\system32\dllcache\fxst30.dll + 2011-03-31 06:48 . 2004-08-19 16:09 268800 c:\windows\LastGood\system32\dllcache\fxssvc.exe + 2011-03-31 06:48 . 2004-08-19 16:09 563712 c:\windows\LastGood\system32\dllcache\fxsst.dll + 2011-03-31 06:48 . 2004-08-19 16:09 238592 c:\windows\LastGood\system32\dllcache\fxscover.exe + 2011-03-31 06:47 . 2004-08-19 16:09 285184 c:\windows\LastGood\system32\dllcache\fxscomex.dll + 2011-03-31 06:47 . 2002-09-06 19:59 141312 c:\windows\LastGood\system32\dllcache\fxsclntr.dll + 2011-03-31 06:47 . 2004-08-19 16:09 143360 c:\windows\LastGood\system32\dllcache\fxsclnt.exe + 2011-03-31 06:47 . 2002-09-06 19:59 113664 c:\windows\LastGood\system32\dllcache\fxscfgwz.dll + 2011-03-31 06:47 . 2004-08-19 16:09 452096 c:\windows\LastGood\system32\dllcache\fxsapi.dll + 2011-03-31 06:47 . 2001-08-17 18:15 455296 c:\windows\LastGood\system32\dllcache\fusbbase.sys + 2011-03-31 06:47 . 2001-08-17 18:15 455680 c:\windows\LastGood\system32\dllcache\fus2base.sys + 2011-03-31 06:47 . 2004-08-19 16:09 127488 c:\windows\LastGood\system32\dllcache\ftpsv251.dll + 2011-03-31 06:47 . 2001-08-17 18:15 442240 c:\windows\LastGood\system32\dllcache\fpnpbase.sys + 2011-03-31 06:40 . 2003-04-14 18:29 217088 c:\windows\LastGood\system32\dllcache\fpmmcsat.dll + 2011-03-31 06:40 . 2004-05-12 22:39 598071 c:\windows\LastGood\system32\dllcache\fpmmc.dll + 2011-03-31 06:40 . 2003-03-24 13:52 188494 c:\windows\LastGood\system32\dllcache\fpcount.exe + 2011-03-31 06:47 . 2001-08-17 18:14 441728 c:\windows\LastGood\system32\dllcache\fpcmbase.sys + 2011-03-31 06:47 . 2001-08-17 18:14 444416 c:\windows\LastGood\system32\dllcache\fpcibase.sys + 2011-03-31 06:40 . 2002-05-14 11:08 109328 c:\windows\LastGood\system32\dllcache\fp98swin.exe + 2011-03-31 06:40 . 2004-05-12 22:39 876653 c:\windows\LastGood\system32\dllcache\fp4awel.dll + 2011-03-31 06:40 . 2003-03-24 13:52 102509 c:\windows\LastGood\system32\dllcache\fp4atxt.dll + 2011-03-31 06:40 . 2003-03-24 13:52 147513 c:\windows\LastGood\system32\dllcache\fp4apws.dll + 2011-03-31 06:40 . 2004-05-12 22:39 184435 c:\windows\LastGood\system32\dllcache\fp4amsft.dll + 2011-03-31 06:47 . 2004-08-19 16:09 109568 c:\windows\LastGood\system32\dllcache\evntagnt.dll + 2011-03-31 06:47 . 2004-08-03 20:32 137088 c:\windows\LastGood\system32\dllcache\essm2e.sys + 2011-03-31 06:47 . 2001-08-23 15:16 348222 c:\windows\LastGood\system32\dllcache\es56tpi.sys + 2011-03-31 06:47 . 2001-08-23 15:16 594910 c:\windows\LastGood\system32\dllcache\es56hpi.sys + 2011-03-31 06:47 . 2001-08-23 15:16 596319 c:\windows\LastGood\system32\dllcache\es56cvmp.sys + 2011-03-31 06:47 . 2001-08-17 18:19 174464 c:\windows\LastGood\system32\dllcache\es198x.sys + 2011-03-31 06:47 . 2001-08-23 15:16 630016 c:\windows\LastGood\system32\dllcache\eqn.sys + 2011-03-31 06:47 . 2001-08-17 19:50 114944 c:\windows\LastGood\system32\dllcache\epstw2k.sys + 2011-03-31 06:47 . 2001-08-17 19:50 144896 c:\windows\LastGood\system32\dllcache\epcfw2k.sys + 2011-03-31 06:47 . 2001-08-17 18:19 283904 c:\windows\LastGood\system32\dllcache\emu10k1m.sys + 2011-03-31 06:46 . 2001-08-23 15:13 175104 c:\windows\LastGood\system32\dllcache\el99xn51.sys + 2011-03-31 06:46 . 2001-08-23 15:13 455711 c:\windows\LastGood\system32\dllcache\el985n51.sys + 2011-03-31 06:46 . 2001-08-23 15:13 153631 c:\windows\LastGood\system32\dllcache\el90xnd5.sys + 2011-03-31 06:46 . 2001-08-23 15:13 241238 c:\windows\LastGood\system32\dllcache\el656se5.sys + 2011-03-31 06:46 . 2001-08-23 15:13 634166 c:\windows\LastGood\system32\dllcache\el656ct5.sys + 2011-03-31 06:46 . 2002-09-06 19:59 514587 c:\windows\LastGood\system32\dllcache\edb500.dll + 2011-03-31 06:46 . 2001-08-23 15:12 117760 c:\windows\LastGood\system32\dllcache\e100b325.sys + 2011-03-31 06:46 . 2001-08-17 18:20 334208 c:\windows\LastGood\system32\dllcache\ds1wdm.sys + 2011-03-31 06:46 . 2004-08-03 20:58 207360 c:\windows\LastGood\system32\dllcache\dot4.sys + 2011-03-31 06:46 . 2001-08-17 18:14 952007 c:\windows\LastGood\system32\dllcache\diwan.sys + 2011-03-31 06:46 . 2001-08-23 15:47 236060 c:\windows\LastGood\system32\dllcache\ditrace.exe + 2011-03-31 06:46 . 2001-08-23 15:47 622621 c:\windows\LastGood\system32\dllcache\digiview.exe + 2011-03-31 06:46 . 2001-08-23 15:47 110621 c:\windows\LastGood\system32\dllcache\digirlpt.dll + 2011-03-31 06:46 . 2001-08-23 15:47 102484 c:\windows\LastGood\system32\dllcache\digiinf.dll + 2011-03-31 06:46 . 2001-08-23 15:47 159828 c:\windows\LastGood\system32\dllcache\digihlc.dll + 2011-03-31 06:46 . 2001-08-23 15:47 229462 c:\windows\LastGood\system32\dllcache\digifwrk.dll + 2011-03-31 06:46 . 2001-08-23 15:10 103492 c:\windows\LastGood\system32\dllcache\digidxb.sys + 2011-03-31 06:46 . 2001-08-23 15:47 135252 c:\windows\LastGood\system32\dllcache\digidbp.dll + 2011-03-31 06:44 . 2001-08-17 18:13 164923 c:\windows\LastGood\system32\dllcache\diapi2.sys + 2011-03-31 06:46 . 2001-08-23 15:47 422429 c:\windows\LastGood\system32\dllcache\dgconfig.dll + 2011-03-31 06:45 . 2001-08-23 15:47 256512 c:\windows\LastGood\system32\dllcache\devcon32.dll + 2011-03-31 06:45 . 2001-08-23 15:47 112128 c:\windows\LastGood\system32\dllcache\dc260usd.dll + 2011-03-31 06:45 . 2001-08-17 19:52 179584 c:\windows\LastGood\system32\dllcache\dac2w2k.sys + 2011-03-31 06:45 . 2001-08-23 15:08 117760 c:\windows\LastGood\system32\dllcache\d100ib5.sys + 2011-03-31 06:45 . 2001-08-17 18:19 111872 c:\windows\LastGood\system32\dllcache\cwcspud.sys + 2011-03-31 06:45 . 2004-08-19 14:09 252416 c:\windows\LastGood\system32\dllcache\ctmasetp.dll + 2011-03-31 06:45 . 2001-08-23 15:47 175104 c:\windows\LastGood\system32\dllcache\csamsp.dll + 2011-03-31 06:45 . 2001-08-23 15:47 216576 c:\windows\LastGood\system32\dllcache\cpscan.dll + 2011-03-31 06:44 . 2001-08-17 19:57 248064 c:\windows\LastGood\system32\dllcache\cl546xm.sys + 2011-03-31 06:44 . 2001-08-23 15:46 170880 c:\windows\LastGood\system32\dllcache\cl546x.dll + 2011-03-31 06:44 . 2001-08-23 15:46 111232 c:\windows\LastGood\system32\dllcache\cl5465.dll + 2011-03-31 06:44 . 2004-08-03 22:31 480256 c:\windows\LastGood\system32\dllcache\cintsetp.exe + 2011-03-31 06:44 . 2004-08-03 22:31 198656 c:\windows\LastGood\system32\dllcache\cintime.dll + 2011-03-31 06:44 . 2001-08-23 15:04 272640 c:\windows\LastGood\system32\dllcache\cinemclc.sys + 2011-03-31 06:44 . 2001-08-23 15:04 980034 c:\windows\LastGood\system32\dllcache\cicap.sys + 2011-03-31 06:44 . 2004-08-03 22:31 173568 c:\windows\LastGood\system32\dllcache\chtskf.dll + 2011-03-31 06:44 . 2002-09-06 19:59 838144 c:\windows\LastGood\system32\dllcache\chtbrkr.dll + 2011-03-31 06:40 . 2003-03-24 13:52 188480 c:\windows\LastGood\system32\dllcache\cfgwiz.exe + 2011-03-31 06:44 . 2001-08-23 15:03 715466 c:\windows\LastGood\system32\dllcache\cbmdmkxx.sys + 2011-03-31 06:44 . 2001-08-23 15:47 119296 c:\windows\LastGood\system32\dllcache\camext30.dll + 2011-03-31 06:44 . 2001-08-23 15:47 236032 c:\windows\LastGood\system32\dllcache\camext20.dll + 2011-03-31 06:44 . 2001-08-17 20:04 171264 c:\windows\LastGood\system32\dllcache\camdrv30.sys + 2011-03-31 06:44 . 2001-08-17 20:04 223232 c:\windows\LastGood\system32\dllcache\camdrv21.sys + 2011-03-31 06:44 . 2001-08-17 20:05 314752 c:\windows\LastGood\system32\dllcache\camdro21.sys + 2011-03-31 06:44 . 2002-09-06 19:59 218112 c:\windows\LastGood\system32\dllcache\c_g18030.dll + 2011-03-31 06:43 . 2004-08-19 13:55 274944 c:\windows\LastGood\system32\dllcache\bthport.sys + 2011-03-31 06:43 . 2004-08-03 20:58 100992 c:\windows\LastGood\system32\dllcache\bthpan.sys + 2011-03-31 06:43 . 2001-08-23 15:46 105472 c:\windows\LastGood\system32\dllcache\binlsvc.dll + 2011-03-31 06:42 . 2001-08-17 19:28 871388 c:\windows\LastGood\system32\dllcache\bcmdm.sys + 2011-03-31 06:42 . 2001-08-23 15:46 342336 c:\windows\LastGood\system32\dllcache\banshee.dll + 2011-03-31 06:42 . 2001-08-23 15:46 144384 c:\windows\LastGood\system32\dllcache\avmenum.dll + 2011-03-31 06:42 . 2001-08-23 15:46 104832 c:\windows\LastGood\system32\dllcache\atiraged.dll + 2011-03-31 06:42 . 2004-08-03 20:29 104960 c:\windows\LastGood\system32\dllcache\atinrvxx.sys + 2011-03-31 06:42 . 2001-08-23 14:59 281728 c:\windows\LastGood\system32\dllcache\atimtai.sys + 2011-03-31 06:42 . 2001-08-23 14:59 289920 c:\windows\LastGood\system32\dllcache\atimpab.sys + 2011-03-31 06:42 . 2001-08-23 15:46 268160 c:\windows\LastGood\system32\dllcache\atidvai.dll + 2011-03-31 06:42 . 2001-08-23 15:46 137216 c:\windows\LastGood\system32\dllcache\atidrae.dll + 2011-03-31 06:42 . 2001-08-23 15:46 382592 c:\windows\LastGood\system32\dllcache\atidrab.dll + 2011-03-31 06:42 . 2004-08-19 13:53 327168 c:\windows\LastGood\system32\dllcache\ati2mtaa.sys + 2011-03-31 06:42 . 2004-08-19 14:09 377984 c:\windows\LastGood\system32\dllcache\ati2dvaa.dll + 2011-03-31 06:41 . 2006-12-13 11:52 377344 c:\windows\LastGood\system32\dllcache\asp51.dll + 2011-03-31 06:41 . 2004-08-19 16:09 334336 c:\windows\LastGood\system32\dllcache\aqueue.dll + 2011-03-31 06:41 . 2004-08-19 16:09 110080 c:\windows\LastGood\system32\dllcache\appconf.dll + 2011-03-31 06:39 . 2004-08-19 16:09 290816 c:\windows\LastGood\system32\dllcache\adsiis51.dll + 2011-03-31 06:41 . 2001-08-17 20:07 101888 c:\windows\LastGood\system32\dllcache\adpu160m.sys + 2011-03-31 06:41 . 2001-08-17 18:19 747392 c:\windows\LastGood\system32\dllcache\adm8830.sys + 2011-03-31 06:41 . 2001-08-17 18:19 553984 c:\windows\LastGood\system32\dllcache\adm8820.sys + 2011-03-31 06:41 . 2001-08-17 18:19 584448 c:\windows\LastGood\system32\dllcache\adm8810.sys + 2011-03-31 06:41 . 2001-08-17 18:20 297728 c:\windows\LastGood\system32\dllcache\ac97sis.sys + 2011-03-31 06:41 . 2004-08-03 20:32 231552 c:\windows\LastGood\system32\dllcache\ac97ali.sys + 2011-03-31 06:41 . 2001-08-23 15:46 462848 c:\windows\LastGood\system32\dllcache\a3dapi.dll + 2011-03-31 06:41 . 2001-08-17 18:48 148352 c:\windows\LastGood\system32\dllcache\3dfxvsm.sys + 2011-03-31 06:41 . 2001-08-23 15:46 689216 c:\windows\LastGood\system32\dllcache\3dfxvs.dll + 2011-03-31 06:40 . 2001-08-17 19:28 762780 c:\windows\LastGood\system32\dllcache\3cwmcru.sys + 2011-03-31 06:54 . 2004-08-19 14:10 331264 c:\windows\LastGood\regedit.exe + 2011-03-31 06:53 . 2006-07-05 20:52 577536 c:\windows\LastGood\notepad.exe + 2007-06-15 12:46 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll + 2007-06-15 12:46 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2011-03-31 06:59 . 2006-12-15 17:53 1264128 c:\windows\LastGood\system32\winntbbu.dll + 2011-03-31 06:40 . 2004-08-19 16:09 2134528 c:\windows\LastGood\system32\dllcache\smtpsnap.dll + 2011-03-31 06:53 . 2004-08-03 20:29 1897408 c:\windows\LastGood\system32\dllcache\nv4_mini.sys + 2011-03-31 06:53 . 2004-08-19 14:09 4274816 c:\windows\LastGood\system32\dllcache\nv4_disp.dll + 2011-03-31 06:53 . 2007-02-28 16:08 2019328 c:\windows\LastGood\system32\dllcache\ntkrpamp.exe + 2011-03-31 06:40 . 2007-02-28 16:08 2139648 c:\windows\LastGood\system32\dllcache\ntkrnlmp.exe + 2011-03-31 06:52 . 2004-08-19 14:09 1737856 c:\windows\LastGood\system32\dllcache\mtxparhd.dll + 2011-03-31 06:52 . 2004-08-03 20:41 1309184 c:\windows\LastGood\system32\dllcache\mtlstrm.sys + 2011-03-31 06:49 . 2004-08-03 20:41 1041536 c:\windows\LastGood\system32\dllcache\hsfdpsp2.sys + 2011-03-31 06:48 . 2001-08-23 15:46 1733120 c:\windows\LastGood\system32\dllcache\g400d.dll + 2011-03-31 06:44 . 2002-09-06 19:59 1677824 c:\windows\LastGood\system32\dllcache\chsbrkr.dll + 2011-03-31 06:49 . 2002-09-06 19:59 10129408 c:\windows\LastGood\system32\dllcache\hwxkor.dll + 2011-03-31 06:49 . 2002-09-06 19:59 13463552 c:\windows\LastGood\system32\dllcache\hwxjpn.dll + 2011-03-31 06:49 . 2002-09-06 19:59 10096640 c:\windows\LastGood\system32\dllcache\hwxcht.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] . c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2007-6-15 112128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "DisallowCpl"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-12-08 12:11 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Mes documents.lnk] path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Mes documents.lnk backup=c:\windows\pss\Mes documents.lnkStartup . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/07/2007 11:10 639224] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [24/02/2010 23:32 194817] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/02/2010 23:32 108289] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [24/02/2010 23:32 434945] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [30/09/2010 18:05 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28/02/2008 15:31 12856] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [7/05/2010 14:36 92008] S3 ATICDSDr;ATICDSDr;c:\ati\SUPPORT\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185\BIN\atiicdxx.sys [3/05/2006 18:47 6144] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll Trusted Zone: com.tw\www.msi DPF: {B0E1526D-A0C8-417E-9F8D-E8D11ADFAFC6} - hxxp://wise3.dyndns.org:81/img/IPCamActiveX_Setup.exe . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-31 20:17 Windows 5.1.2600 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(700) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'lsass.exe'(764) c:\program files\Avira\AntiVir Desktop\avsda.dll . Heure de fin: 2011-03-31 20:20:20 ComboFix-quarantined-files.txt 2011-03-31 18:20 ComboFix2.txt 2011-03-30 09:05 ComboFix3.txt 2011-03-29 22:53 ComboFix4.txt 2010-02-24 21:08 . Avant-CF: 7.729.745.920 octets libres Après-CF: 7.729.967.104 octets libres . - - End Of File - - 2B9A9C6BC2DEFF8B8149A32CF2A964D9 Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6223 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 31/03/2011 8:28:10 mbam-log-2011-03-31 (08-28-10).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 216578 Temps écoulé: 19 minute(s), 35 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Value: 1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\system volume information\_restore{a309f517-6f46-4c8a-a2db-9326e8312099}\RP65\A0083337.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\system volume information\_restore{a309f517-6f46-4c8a-a2db-9326e8312099}\RP65\A0083338.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\system volume information\_restore{a309f517-6f46-4c8a-a2db-9326e8312099}\RP65\A0086469.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\system32\iexpress.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Avira AntiVir Premium Date de création du fichier de rapport : mercredi 30 mars 2011 09:52 La recherche porte sur 1892292 souches de virus. Détenteur de la licence : 8905149 495231 Numéro de série : 2213326426-PEPWE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 2) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : MARIANNE-NETWOR Informations de version : BUILD.DAT : 9.0.0.54 24890 Bytes 22/01/2010 23:21:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:46 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 21:44:20 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 21:44:49 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 21:44:59 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 17:14:46 VBASE005.VDF : 7.10.4.204 2048 Bytes 05/03/2010 17:14:47 VBASE006.VDF : 7.10.4.205 2048 Bytes 05/03/2010 17:14:47 VBASE007.VDF : 7.10.4.206 2048 Bytes 05/03/2010 17:14:48 VBASE008.VDF : 7.10.4.207 2048 Bytes 05/03/2010 17:14:49 VBASE009.VDF : 7.10.4.208 2048 Bytes 05/03/2010 17:14:50 VBASE010.VDF : 7.10.4.209 2048 Bytes 05/03/2010 17:14:51 VBASE011.VDF : 7.10.4.210 2048 Bytes 05/03/2010 17:14:52 VBASE012.VDF : 7.10.4.211 2048 Bytes 05/03/2010 17:14:52 VBASE013.VDF : 7.10.4.242 153088 Bytes 08/03/2010 17:17:21 VBASE014.VDF : 7.10.5.17 99328 Bytes 10/03/2010 11:48:30 VBASE015.VDF : 7.10.5.44 107008 Bytes 11/03/2010 18:59:50 VBASE016.VDF : 7.10.5.69 92672 Bytes 12/03/2010 18:59:51 VBASE017.VDF : 7.10.5.91 119808 Bytes 15/03/2010 18:59:52 VBASE018.VDF : 7.10.5.121 112640 Bytes 18/03/2010 17:57:14 VBASE019.VDF : 7.10.5.138 139776 Bytes 18/03/2010 20:01:01 VBASE020.VDF : 7.10.5.164 113152 Bytes 22/03/2010 19:45:03 VBASE021.VDF : 7.10.5.165 2048 Bytes 22/03/2010 19:45:03 VBASE022.VDF : 7.10.5.166 2048 Bytes 22/03/2010 19:45:04 VBASE023.VDF : 7.10.5.167 2048 Bytes 22/03/2010 19:45:04 VBASE024.VDF : 7.10.5.168 2048 Bytes 22/03/2010 19:45:04 VBASE025.VDF : 7.10.5.169 2048 Bytes 22/03/2010 19:45:04 VBASE026.VDF : 7.10.5.170 2048 Bytes 22/03/2010 19:45:04 VBASE027.VDF : 7.10.5.171 2048 Bytes 22/03/2010 19:45:04 VBASE028.VDF : 7.10.5.172 2048 Bytes 22/03/2010 19:45:04 VBASE029.VDF : 7.10.5.173 2048 Bytes 22/03/2010 19:45:04 VBASE030.VDF : 7.10.5.174 2048 Bytes 22/03/2010 19:45:04 VBASE031.VDF : 7.10.5.180 130048 Bytes 23/03/2010 19:45:06 Version du moteur : 8.2.1.196 AEVDF.DLL : 8.1.1.3 106868 Bytes 24/02/2010 21:45:42 AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 17/03/2010 19:00:13 AESCN.DLL : 8.1.5.0 127347 Bytes 26/02/2010 11:55:35 AESBX.DLL : 8.1.2.1 254323 Bytes 17/03/2010 19:00:14 AERDL.DLL : 8.1.4.3 541043 Bytes 17/03/2010 19:00:10 AEPACK.DLL : 8.2.1.1 426358 Bytes 21/03/2010 20:01:12 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/03/2010 19:00:08 AEHEUR.DLL : 8.1.1.13 2470262 Bytes 17/03/2010 19:00:07 AEHELP.DLL : 8.1.10.2 237941 Bytes 17/03/2010 18:59:58 AEGEN.DLL : 8.1.3.2 373108 Bytes 21/03/2010 20:01:09 AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26 AECORE.DLL : 8.1.12.3 188789 Bytes 17/03/2010 18:59:55 AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:31 AVREP.DLL : 8.0.0.7 159784 Bytes 24/02/2010 21:45:50 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.28 2623745 Bytes 17/06/2009 12:51:05 RCTEXT.DLL : 9.0.74.0 92417 Bytes 02/11/2009 16:04:54 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: réparer Action secondaire.............................: supprimer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, D:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Fichiers à exclure............................: C:\Documents and Settings\Administrateur\Bureau\Reset Antivir\Box_Avira_9.0_TR2.1A.exe, Début de la recherche : mercredi 30 mars 2011 09:52 La recherche d'objets cachés commence. '36513' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'avwebgrd.exe' - '1' module(s) sont contrôlés Processus de recherche 'avmailc.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'WgaTray.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'TomTomHOMEService.exe' - '1' module(s) sont contrôlés Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés Processus de recherche 'IcoSauve.exe' - '1' module(s) sont contrôlés Processus de recherche 'TomTomHOMERunner.exe' - '1' module(s) sont contrôlés Processus de recherche 'LogMeIn.exe' - '1' module(s) sont contrôlés Processus de recherche 'wcescomm.exe' - '1' module(s) sont contrôlés Processus de recherche 'ramaint.exe' - '1' module(s) sont contrôlés Processus de recherche 'LMIGuardianSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'hpztsb04.exe' - '1' module(s) sont contrôlés Processus de recherche 'LogMeInSystray.exe' - '1' module(s) sont contrôlés Processus de recherche 'daemon.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '34' processus ont été contrôlés avec '34' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '55' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\WINDOWS\system32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'D:\' Fin de la recherche : mercredi 30 mars 2011 10:44 Temps nécessaire: 51:40 Minute(s) La recherche a été effectuée intégralement 4559 Les répertoires ont été contrôlés 280992 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 3 Impossible de contrôler des fichiers 280989 Fichiers non infectés 6755 Les archives ont été contrôlées 3 Avertissements 2 Consignes 36513 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés
  3. Wisewise3
    Merci Pear pour l'aide. Je peux donc mettre en résolu. Bien à vous, WiseWise3
  4. Wisewise3
    Bonsoir Pear, tout d'abord merci de prendre en main le sujet. On a déjà eu affaire ensemble dans le passé... J'ai voulu exécuté vos commandes mais n'ai pas eu le menu appuyer sur 1 ou 2,etc. Comme après au moins une heure cela ne semblait pas bougé, j'ai redémarrer en mode sans echec SANS prise en charge du reseau. Ainsi je n'était pas connecté à Internet et Antivir n'était pas présent dans les programmes executé. Malheureusement quand je glisse le fichier texte demandé, je ne peux executer Combofix en tant qu'administrateur en mode sans echec. Soit, voici le rapport qu'il a donné en le laissant faire: Merci pour votre analayse. ComboFix 11-02-19.02 - matthieu 21/02/2011 21:52:14.10.2 - x86 MINIMAL Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.766.277 [GMT 1:00] Lancé depuis: c:\users\matthieu\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\matthieu\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FILE :: "c:\program files\AskBarDis\bar\bin\askBar.dll" "c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe" "c:\program files\Google\Update\GoogleUpdate.exe" "c:\program files\Softonic_France\tbSof1.dll" "c:\users\matthieu\appdata\local\nfflst.exe" "c:\windows\Tasks\Google Software Updater.job" "c:\windows\Tasks\GoogleUpdateTaskMachineUA.job" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\Tasks\Google Software Updater.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_sbbotdi ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-21 au 2011-02-21 )))))))))))))))))))))))))))))))))))) . 2011-02-21 21:02 . 2011-02-21 21:09 -------- d-----w- c:\users\matthieu\AppData\Local\temp 2011-02-21 21:02 . 2011-02-21 21:02 -------- d-----w- c:\users\Invité\AppData\Local\temp 2011-02-21 21:02 . 2011-02-21 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-21 07:47 . 2011-02-21 07:47 -------- d-----w- c:\program files\TeamViewer 2011-02-20 13:26 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll 2011-02-20 13:17 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll 2011-02-20 13:17 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-02-20 10:18 . 2011-02-20 10:18 -------- d-----w- c:\users\matthieu\AppData\Roaming\Avira 2011-02-20 10:10 . 2011-02-20 13:41 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-20 10:10 . 2011-02-20 10:10 -------- d-----w- c:\program files\Avira 2011-02-01 11:29 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{982EF7F6-B894-4744-934E-C79C4C2868DD}\mpengine.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-20 13:41 . 2009-12-07 15:26 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-12-28 15:55 . 2011-01-12 16:47 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-20 17:09 . 2008-10-05 13:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2008-10-05 13:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-14 14:49 . 2011-01-12 16:47 1169408 ----a-w- c:\windows\system32\sdclt.exe 2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-04-27 2393184] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-04-27 2393184] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-04-27 2393184] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-09-22 4240760] "BitTorrent DNA"="c:\users\matthieu\Program Files\DNA\btdna.exe" [2009-11-08 323392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408] "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-12-21 2705008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760] c:\users\matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "FilterAdministratorToken"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-48966518-32507159-2678861333-1000] "EnableNotificationsRef"=dword:00000003 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 bthav;Profil AV Bluetooth;c:\windows\system32\drivers\bthav.sys [2008-07-10 34816] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-26 721904] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-08-17 339624] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-08-17 403624] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688] S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-12-21 292472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{167B4588-2D0E-4931-B8F4-49CB7F191CF7}.job - c:\windows\system32\msfeedssync.exe [2011-02-20 04:47] . . ------- Examen supplémentaire ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.be/ mWindow Title = uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube Download - c:\users\matthieu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\matthieu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.opticiens-atol.com/pages/collections/adriana/total-immersion/plugin/DFusionHomeWebPlugIn.InstallerFull.exe . ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\windows\system32\PnkBstrB.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\program files\TeamViewer\Version6\TeamViewer.exe c:\windows\system32\conime.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\Windows Media Player\wmplayer.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Avira\AntiVir Desktop\GUARDGUI.EXE . ************************************************************************** . Heure de fin: 2011-02-21 22:25:25 - La machine a redémarré ComboFix-quarantined-files.txt 2011-02-21 21:22 ComboFix2.txt 2011-02-20 20:06 ComboFix3.txt 2011-02-20 17:43 ComboFix4.txt 2011-02-20 08:05 ComboFix5.txt 2011-02-21 19:25 Avant-CF: 61 406 912 512 octets libres Après-CF: 61 276 180 480 octets libres - - End Of File - - 77AF52C369B8387CB29BDF8C91D944EA
  5. Wisewise3
    Bonjour, quelqun vient de me passer un portable qui ne pouvait plus aler sur internet et TRES lent. J'ai lancé comboFix plusieurs fois, j'ai installé antivir et lancé un scan et il m'a trouvé plus ou moins 7 "Virus". Chaque fois que je lance un combofix, j'i toujours des trace de 3M... Voici mon rapport Hijack et merci pour votre aide. En effet,quand j'ouvre internet explorer il met plus ou moins 35 secondes pour afficher la page. La personne avait PLEIN de barre d'outils, j'ai désinstaller le max que je pouvait. Merci pour votre analyse. Bien à vous, Wisewise3 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:39:39, on 21/02/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\matthieu\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\Vid HD\Vid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\matthieu\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\vaproxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\matthieu\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [soapdog] "C:\ProgramData\Bike mags mags.uzuj7c" O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKCU\..\Run: [nfflst] "c:\users\matthieu\appdata\local\nfflst.exe" nfflst O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube Download - C:\Users\matthieu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\matthieu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} (CDFusionActiveXCtl Object) - http://www.opticiens-atol.com/pages/collections/adriana/total-immersion/plugin/DFusionHomeWebPlugIn.InstallerFull.exe O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\WindowsMobile\rapimgr.dll,-104 (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\WindowsMobile\wcescomm.dll,-40079 (WcesComm) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 23468 bytes Dernier rapport COmboFix ComboFix 11-02-18.05 - matthieu 19/02/2011 19:00:22.5.2 - x86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.766.86 [GMT 1:00] Lancé depuis: c:\users\matthieu\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe c:\program files\FunWebProducts c:\program files\FunWebProducts\Installr\1.bin\F3EZsetp.dll c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\users\matthieu\AppData\Roaming\Microsoft\Windows\Recent\BIBOPORTO6009.URL c:\users\matthieu\videos\abiword-setup-2.8.6.exe c:\users\matthieu\videos\everest-ultimate_everest_ultimate_5.50.2100_francais_12281.exe c:\windows\TEMP\logishrd\LVPrcInj01.dll ----- BITS: Il y a peut-être des sites infectés ----- hxxp://wlxindex . ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-19 au 2011-02-19 )))))))))))))))))))))))))))))))))))) . 2011-02-19 18:15 . 2011-02-19 18:24 -------- d-----w- c:\users\matthieu\AppData\Local\temp 2011-02-19 18:15 . 2011-02-19 18:15 -------- d-----w- c:\users\Invité\AppData\Local\temp 2011-02-19 18:15 . 2011-02-19 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-01 11:29 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{982EF7F6-B894-4744-934E-C79C4C2868DD}\mpengine.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-28 15:55 . 2011-01-12 16:47 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-14 14:49 . 2011-01-12 16:47 1169408 ----a-w- c:\windows\system32\sdclt.exe 2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-04-27 2393184] "{d1a1c8f1-e3d9-48df-802f-20201061ef61}"= "c:\program files\Messenger_Plus_Live_Belgium\tbMes0.dll" [2010-10-06 2735200] "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSof1.dll" [2010-10-25 2735200] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CLASSES_ROOT\clsid\{d1a1c8f1-e3d9-48df-802f-20201061ef61}] [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-26 08:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}] 2010-10-25 19:03 2735200 ----a-w- c:\program files\Softonic_France\tbSof1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1a1c8f1-e3d9-48df-802f-20201061ef61}] 2010-10-06 15:32 2735200 ----a-w- c:\program files\Messenger_Plus_Live_Belgium\tbMes0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-04-27 2393184] "{d1a1c8f1-e3d9-48df-802f-20201061ef61}"= "c:\program files\Messenger_Plus_Live_Belgium\tbMes0.dll" [2010-10-06 2735200] "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSof1.dll" [2010-10-25 2735200] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CLASSES_ROOT\clsid\{d1a1c8f1-e3d9-48df-802f-20201061ef61}] [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-04-27 2393184] "{D1A1C8F1-E3D9-48DF-802F-20201061EF61}"= "c:\program files\Messenger_Plus_Live_Belgium\tbMes0.dll" [2010-10-06 2735200] "{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\tbSof1.dll" [2010-10-25 2735200] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CLASSES_ROOT\clsid\{d1a1c8f1-e3d9-48df-802f-20201061ef61}] [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "soapdog"="c:\programdata\Bike mags mags.716w6ju" [X] "MODE FREE BIRD SURF"="c:\programdata\pop seek part.vqbiqz" [X] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-09-22 4240760] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "BitTorrent DNA"="c:\users\matthieu\Program Files\DNA\btdna.exe" [2009-11-08 323392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408] "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-12-21 2705008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "FilterAdministratorToken"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-48966518-32507159-2678861333-1000] "EnableNotificationsRef"=dword:00000003 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 135664] R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [x] R3 bthav;Profil AV Bluetooth;c:\windows\system32\drivers\bthav.sys [2008-07-10 34816] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-09 38528] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-26 721904] S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-12-21 292472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2011-02-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-05 07:36] 2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 13:40] 2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 13:40] 2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{167B4588-2D0E-4931-B8F4-49CB7F191CF7}.job - c:\windows\system32\msfeedssync.exe [2010-12-15 04:25] . . ------- Examen supplémentaire ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.be/ mWindow Title = uInternet Settings,ProxyServer = http=127.0.0.1:8992 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube Download - c:\users\matthieu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\matthieu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.opticiens-atol.com/pages/collections/adriana/total-immersion/plugin/DFusionHomeWebPlugIn.InstallerFull.exe . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-nfflst - c:\users\matthieu\appdata\local\nfflst.exe AddRemove-nfflst - c:\users\matthieu\appdata\local\nfflst.bat ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-02-19 19:21 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\windows\system32\PnkBstrB.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\program files\Logitech\Logitech WebCam Software\eReg.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\Windows Media Player\wmplayer.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe c:\windows\system32\DllHost.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\System32\wsqmcons.exe c:\windows\system32\RacAgent.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2011-02-19 19:37:20 - La machine a redémarré ComboFix-quarantined-files.txt 2011-02-19 18:36 Avant-CF: 60 679 909 376 octets libres Après-CF: 61 086 904 320 octets libres - - End Of File - - AAC882A78F989EB9CFB56B99272F7217 Et un autre combofix quanrantine 2011-02-20 17:38:19 . 2011-02-20 17:38:19 186 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{4daac69c-cba7-45e2-9bc8-1044483d3352}.reg.dat 2011-02-20 17:28:05 . 2011-02-20 17:28:05 162,021 -c--a-w- C:\Qoobox\Quarantine\C\Windows\temp\logishrd\_LVPrcInj01_.dll.zip 2011-02-20 13:49:29 . 2009-10-07 00:47:22 109,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\temp\logishrd\LVPrcInj01.dll.vir 2011-02-19 18:32:55 . 2011-02-19 18:32:55 598 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-nfflst.reg.dat 2011-02-19 18:31:53 . 2011-02-19 18:31:53 150 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-nfflst.reg.dat 2011-02-19 18:11:12 . 2011-02-20 18:03:25 10,004 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-02-19 17:42:33 . 2011-02-20 17:53:04 1,025 -c--a-w- C:\Qoobox\Quarantine\catchme.log 2010-11-01 18:48:15 . 2010-11-01 18:48:15 24,687 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir 2010-11-01 18:48:15 . 2010-11-01 18:48:15 45,163 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir 2010-11-01 18:48:15 . 2010-11-01 18:48:14 217,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir 2010-09-03 09:16:00 . 2010-08-26 08:09:10 10,255,080 ----a-w- C:\Qoobox\Quarantine\C\Users\matthieu\Videos\everest-ultimate_everest_ultimate_5.50.2100_francais_12281.exe.vir 2010-09-03 09:14:34 . 2010-08-26 08:08:04 8,335,349 ----a-w- C:\Qoobox\Quarantine\C\Users\matthieu\Videos\abiword-setup-2.8.6.exe.vir 2008-08-03 22:53:56 . 2008-08-03 22:53:56 58 ----a-w- C:\Qoobox\Quarantine\C\Users\matthieu\AppData\Roaming\Microsoft\Windows\Recent\BIBOPORTO6009.URL.vir 2007-11-07 06:03:18 . 2007-11-07 06:03:18 562,688 -c--a-w- C:\Qoobox\Quarantine\C\install.exe.vir 2006-11-02 13:01:44 . 2011-02-19 17:53:17 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir 2006-11-02 13:01:43 . 2011-02-19 17:53:17 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir Rapport Antivir Avira AntiVir Premium Date de création du fichier de rapport : 2011-02-20 11:20 La recherche porte sur 2415455 souches de virus. Le programme fonctionne en version d’évaluation entièrement fonctionnelle. Les services en ligne sont disponibles. Détenteur de la licence : ;;,n ,;:n Numéro de série : 2212743978-PEPWE-0000001 Plateforme : Windows Vista Version de Windows : (Service Pack 2) [6.0.6002] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : PC-DE-MATTHIEU Informations de version : BUILD.DAT : 10.0.0.81 35931 Bytes 2010-08-27 08:01:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 2010-08-17 12:45:31 AVSCAN.DLL : 10.0.3.0 56168 Bytes 2010-08-17 12:45:49 LUKE.DLL : 10.0.2.3 104296 Bytes 2010-08-17 12:45:39 LUKERES.DLL : 10.0.0.0 13672 Bytes 2010-08-17 12:45:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 10:14:43 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2011-02-09 10:14:46 VBASE003.VDF : 7.11.3.1 2048 Bytes 2011-02-09 10:14:47 VBASE004.VDF : 7.11.3.2 2048 Bytes 2011-02-09 10:14:47 VBASE005.VDF : 7.11.3.3 2048 Bytes 2011-02-09 10:14:47 VBASE006.VDF : 7.11.3.4 2048 Bytes 2011-02-09 10:14:47 VBASE007.VDF : 7.11.3.5 2048 Bytes 2011-02-09 10:14:48 VBASE008.VDF : 7.11.3.6 2048 Bytes 2011-02-09 10:14:48 VBASE009.VDF : 7.11.3.7 2048 Bytes 2011-02-09 10:14:48 VBASE010.VDF : 7.11.3.8 2048 Bytes 2011-02-09 10:14:48 VBASE011.VDF : 7.11.3.9 2048 Bytes 2011-02-09 10:14:48 VBASE012.VDF : 7.11.3.10 2048 Bytes 2011-02-09 10:14:48 VBASE013.VDF : 7.11.3.59 157184 Bytes 2011-02-14 10:14:49 VBASE014.VDF : 7.11.3.97 120320 Bytes 2011-02-16 10:14:49 VBASE015.VDF : 7.11.3.148 128000 Bytes 2011-02-19 10:14:49 VBASE016.VDF : 7.11.3.149 2048 Bytes 2011-02-19 10:14:49 VBASE017.VDF : 7.11.3.150 2048 Bytes 2011-02-19 10:14:49 VBASE018.VDF : 7.11.3.151 2048 Bytes 2011-02-19 10:14:49 VBASE019.VDF : 7.11.3.152 2048 Bytes 2011-02-19 10:14:49 VBASE020.VDF : 7.11.3.153 2048 Bytes 2011-02-19 10:14:49 VBASE021.VDF : 7.11.3.154 2048 Bytes 2011-02-19 10:14:49 VBASE022.VDF : 7.11.3.155 2048 Bytes 2011-02-19 10:14:50 VBASE023.VDF : 7.11.3.156 2048 Bytes 2011-02-19 10:14:50 VBASE024.VDF : 7.11.3.157 2048 Bytes 2011-02-19 10:14:50 VBASE025.VDF : 7.11.3.158 2048 Bytes 2011-02-19 10:14:50 VBASE026.VDF : 7.11.3.159 2048 Bytes 2011-02-19 10:14:50 VBASE027.VDF : 7.11.3.160 2048 Bytes 2011-02-19 10:14:50 VBASE028.VDF : 7.11.3.161 2048 Bytes 2011-02-19 10:14:50 VBASE029.VDF : 7.11.3.162 2048 Bytes 2011-02-19 10:14:50 VBASE030.VDF : 7.11.3.163 2048 Bytes 2011-02-19 10:14:50 VBASE031.VDF : 7.11.3.164 2048 Bytes 2011-02-19 10:14:50 Version du moteur : 8.2.4.170 AEVDF.DLL : 8.1.2.1 106868 Bytes 2010-08-17 12:45:28 AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 2011-02-20 10:14:57 AESCN.DLL : 8.1.7.2 127349 Bytes 2011-02-20 10:14:56 AESBX.DLL : 8.1.3.2 254324 Bytes 2011-02-20 10:14:57 AERDL.DLL : 8.1.9.2 635252 Bytes 2011-02-20 10:14:56 AEPACK.DLL : 8.2.4.9 512374 Bytes 2011-02-20 10:14:55 AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2011-02-20 10:14:55 AEHEUR.DLL : 8.1.2.78 3277175 Bytes 2011-02-20 10:14:55 AEHELP.DLL : 8.1.16.1 246134 Bytes 2011-02-20 10:14:52 AEGEN.DLL : 8.1.5.2 397683 Bytes 2011-02-20 10:14:52 AEEMU.DLL : 8.1.3.0 393589 Bytes 2011-02-20 10:14:51 AECORE.DLL : 8.1.19.2 196983 Bytes 2011-02-20 10:14:51 AEBB.DLL : 8.1.1.0 53618 Bytes 2010-08-17 12:45:18 AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-08-17 12:45:32 AVPREF.DLL : 10.0.0.0 44904 Bytes 2010-08-17 12:45:30 AVREP.DLL : 10.0.0.8 62209 Bytes 2010-06-17 14:07:44 AVREG.DLL : 10.0.3.2 53096 Bytes 2010-08-17 12:45:30 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 2010-08-17 12:45:31 AVARKT.DLL : 10.0.0.14 227176 Bytes 2010-08-17 12:45:28 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2010-08-17 12:45:29 SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-06-17 14:07:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-08-17 12:45:31 NETNT.DLL : 10.0.0.0 11624 Bytes 2010-06-17 14:07:52 RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 2010-04-01 12:57:46 RCTEXT.DLL : 10.0.58.0 99688 Bytes 2010-08-17 12:45:50 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Documentation.................................: bas Action principale.............................: réparer Action secondaire.............................: supprimer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: marche Programmes en cours étendus...................: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : 2011-02-20 11:20 La recherche d'objets cachés commence. c:\progra~1\speedb~1\videoacceleratorengine.exe c:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe [REMARQUE] Le processus n'est pas visible. c:\progra~1\speedb~1\videoacceleratorengine.exe c:\progra~1\speedb~1\videoacceleratorengine.exe c:\program files\logitech\logitech webcam software\lu\lulnchr.exe c:\Program Files\Logitech\Logitech WebCam Software\LU\LULnchr.exe [REMARQUE] Le processus n'est pas visible. La recherche sur les processus démarrés commence : Processus de recherche 'svchost.exe' - '30' module(s) sont contrôlés Processus de recherche 'vssvc.exe' - '49' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '81' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '29' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '73' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '37' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '69' module(s) sont contrôlés Processus de recherche 'avmailc.exe' - '36' module(s) sont contrôlés Processus de recherche 'AVWEBGRD.EXE' - '42' module(s) sont contrôlés Processus de recherche 'sched.exe' - '57' module(s) sont contrôlés Processus de recherche 'avshadow.exe' - '33' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '80' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '21' module(s) sont contrôlés Processus de recherche 'CCC.exe' - '151' module(s) sont contrôlés Processus de recherche 'VideoAcceleratorEngine.exe' - '64' module(s) sont contrôlés Processus de recherche 'wmiprvse.exe' - '33' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '28' module(s) sont contrôlés Processus de recherche 'TosBtHsp.exe' - '30' module(s) sont contrôlés Processus de recherche 'COCIManager.exe' - '36' module(s) sont contrôlés Processus de recherche 'TosBtHid.exe' - '13' module(s) sont contrôlés Processus de recherche 'TosA2dp.exe' - '27' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '49' module(s) sont contrôlés Processus de recherche 'iexplore.exe' - '36' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '61' module(s) sont contrôlés Processus de recherche 'iexplore.exe' - '61' module(s) sont contrôlés Processus de recherche 'WLIDSvcM.exe' - '16' module(s) sont contrôlés Processus de recherche 'SearchIndexer.exe' - '59' module(s) sont contrôlés Processus de recherche 'WLIDSVC.EXE' - '71' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '25' module(s) sont contrôlés Processus de recherche 'VideoAcceleratorService.exe' - '20' module(s) sont contrôlés Processus de recherche 'TosBtSrv.exe' - '25' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '44' module(s) sont contrôlés Processus de recherche 'SeaPort.exe' - '57' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '42' module(s) sont contrôlés Processus de recherche 'PnkBstrB.exe' - '33' module(s) sont contrôlés Processus de recherche 'LVPrcSrv.exe' - '29' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '30' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '44' module(s) sont contrôlés Processus de recherche 'MOM.EXE' - '59' module(s) sont contrôlés Processus de recherche 'TosBtMng.exe' - '54' module(s) sont contrôlés Processus de recherche 'Vid.exe' - '101' module(s) sont contrôlés Processus de recherche 'GoogleToolbarNotifier.exe' - '57' module(s) sont contrôlés Processus de recherche 'btdna.exe' - '57' module(s) sont contrôlés Processus de recherche 'sidebar.exe' - '88' module(s) sont contrôlés Processus de recherche 'LWS.exe' - '68' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '22' module(s) sont contrôlés Processus de recherche 'AdobeARM.exe' - '47' module(s) sont contrôlés Processus de recherche 'VideoAccelerator.exe' - '74' module(s) sont contrôlés Processus de recherche 'wmdSync.exe' - '33' module(s) sont contrôlés Processus de recherche 'ATKOSD.exe' - '13' module(s) sont contrôlés Processus de recherche 'Hcontrol.exe' - '59' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '62' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '89' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '83' module(s) sont contrôlés Processus de recherche 'ASLDRSrv.exe' - '25' module(s) sont contrôlés Processus de recherche 'Explorer.EXE' - '135' module(s) sont contrôlés Processus de recherche 'Dwm.exe' - '26' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '93' module(s) sont contrôlés Processus de recherche 'Ati2evxx.exe' - '31' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '82' module(s) sont contrôlés Processus de recherche 'SLsvc.exe' - '26' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '37' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '155' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '114' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '66' module(s) sont contrôlés Processus de recherche 'Ati2evxx.exe' - '28' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '33' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '40' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '30' module(s) sont contrôlés Processus de recherche 'lsm.exe' - '22' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '60' module(s) sont contrôlés Processus de recherche 'services.exe' - '33' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '14' module(s) sont contrôlés Processus de recherche 'wininit.exe' - '26' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '14' module(s) sont contrôlés Processus de recherche 'smss.exe' - '2' module(s) sont contrôlés La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '389' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <HDD> C:\Program Files\Circle Develpement\Uninstall.exe [RESULTAT] Contient le cheval de Troie TR/Dldr.Swizzor.Gen2 [REMARQUE] Une copie de sécurité a été créée sous le nom 49bd4624.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\ProgramData\beep axis mode free\Trust Warn.exe [RESULTAT] Contient le cheval de Troie TR/Dldr.Swizzor.Gen2 [AVERTISSEMENT] Impossible de supprimer le fichier ! C:\ProgramData\ITCHSIXTHWMA\hbluxwjl.exe [RESULTAT] Contient le cheval de Troie TR/Dldr.Swizzor.Gen2 [REMARQUE] Une copie de sécurité a été créée sous le nom 03702c1c.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\ProgramData\ITCHSIXTHWMA\HOLD PLAN PROXY LIST.exe [RESULTAT] Contient le cheval de Troie TR/Dldr.Swizzor.Gen2 [REMARQUE] Une copie de sécurité a été créée sous le nom 652763e3.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\ProgramData\ITCHSIXTHWMA\lgdfvubj.exe [RESULTAT] Contient le cheval de Troie TR/Dldr.Swizzor.Gen2 [REMARQUE] Une copie de sécurité a été créée sous le nom 20cb4ee5.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\Users\matthieu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\570561ac-6a5e59ae [0] Type d'archive: ZIP [RESULTAT] Contient le modèle de détection du virus Java JAVA/Applet.K --> prev/monoid.class [RESULTAT] Contient le modèle de détection du virus Java JAVA/Applet.K [REMARQUE] Une copie de sécurité a été créée sous le nom 5f84572d.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\Windows\System32\config\systemprofile\Desktop\ELIBAGLA.ABA%D8B%D8%D8H.EXE [RESULTAT] Contient le cheval de Troie TR/Gendal.57355 [REMARQUE] Une copie de sécurité a été créée sous le nom 13056d0f.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. Fin de la recherche : 2011-02-20 12:32 Temps nécessaire: 1:12:52 Heure(s) La recherche a été effectuée intégralement 20881 Les répertoires ont été contrôlés 239645 Des fichiers ont été contrôlés 7 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 6 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 7 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 0 Impossible de scanner des fichiers 239638 Fichiers non infectés 1279 Les archives ont été contrôlées 1 Avertissements 6 Consignes 646877 Des objets ont été contrôlés lors du Rootkitscan 4 Des objets cachés ont été trouvés
  6. Wisewise3
    Bonjour, suite à un epc sur lequel j'ai enlevé Avast, Avast Pro, etc par désinstallation ainsi que par tool clean avast. Lorsque je redémarre le pc, j'ai le parapluis Avira qui reste fermé et pourtant les services sont actifs. J'ai esayé de désinstallé plusieurs fois - Mode sans echec ensuite registrycleaner. Redémarrage. Réinstallation toujours en mode sans echec. Toujours pareil. C'est la version 9 de Avira que j'utilise. Lorsque je vais voir dans services.msc, tous les services relatifs à Avira sont pourtant en "Démarré" "Démarage automatique". Si je désactive par exemple Avira Antivir Guard et que je le réactive, le parapluie se remet... J'avais posté précedemment dans la section Virus, mais on me confirme que tout est clean car le pc avait pas mal de prob... J'ai vu que je ne suis pas le seul a avoir rencontré ce prob mais les solutions données à savoir désisntall clean reg et réinstall ne fonctionne pas pour moi. Je suis sous XP Bien à vous, WiseWise3
  7. Wisewise3
    Ok, Merci :'(
  8. Wisewise3
    Voici log Logfile of random's system information tool 1.06 (written by random/random) Run by Beeckers at 2010-03-27 23:34:22 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 43 GB (65%) free of 66 GB Total RAM: 2039 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:34:37, on 27/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\RapidBIT\cidaemon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Beeckers\Bureau\RSIT.exe C:\Documents and Settings\Beeckers\Bureau\Beeckers.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [VoipDiscount] "C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" -nosplash -minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: BrowserQuest Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\BrowserQuest\browserquest119.exe (file missing) O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files\RapidBIT\cisvc.exe O23 - Service: Service Google Update (gupdate1ca3562d16642cc) (gupdate1ca3562d16642cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing) -- End of file - 10834 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Beeckers.job C:\WINDOWS\tasks\OGALogon.job C:\WINDOWS\tasks\User_Feed_Synchronization-{66E785E6-A68D-4F38-9FF0-0810CD72983D}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-13 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-13 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-18 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-18 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-13 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-11-16 226224] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2006-11-16 86960] "WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-05-23 192512] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040] "LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "VoipDiscount"=C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe [2009-12-08 9143608] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-28 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-09-18 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-03-27 23:34:22 ----D---- C:\rsit 2010-03-27 22:59:50 ----A---- C:\WINDOWS\resetlog.txt 2010-03-27 22:59:40 ----D---- C:\ERDNT 2010-03-27 22:15:59 ----D---- C:\Documents and Settings\Beeckers\Application Data\Avira 2010-03-27 22:11:21 ----D---- C:\Program Files\Avira 2010-03-27 22:03:20 ----A---- C:\WINDOWS\ntbtlog.txt 2010-03-27 20:54:58 ----SHD---- C:\RECYCLER 2010-03-27 20:48:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-27 15:10:37 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-27 15:08:15 ----D---- C:\Program Files\CCleaner 2010-03-27 14:45:24 ----D---- C:\Config.Msi 2010-03-27 13:39:10 ----D---- C:\Program Files\VS Revo Group 2010-03-27 13:28:06 ----D---- C:\WINDOWS\pss 2010-03-27 12:55:31 ----D---- C:\Program Files\Avira(2) 2010-03-27 12:38:41 ----SHD---- C:\WINDOWS\CSC 2010-03-27 00:40:09 ----D---- C:\Documents and Settings\All Users\Application Data\LogMeIn 2010-03-27 00:40:05 ----A---- C:\WINDOWS\system32\LMIport.dll 2010-03-27 00:40:04 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll 2010-03-27 00:39:58 ----A---- C:\WINDOWS\system32\LMIinit.dll 2010-03-27 00:39:41 ----D---- C:\Program Files\LogMeIn 2010-03-26 23:31:14 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2010-03-26 23:31:07 ----D---- C:\Documents and Settings\Beeckers\Application Data\Office Genuine Advantage 2010-03-26 23:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-26 23:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-03-26 23:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-03-26 23:19:07 ----A---- C:\WINDOWS\PEV.exe 2010-03-26 23:19:07 ----A---- C:\WINDOWS\MBR.exe 2010-03-26 23:18:47 ----D---- C:\WINDOWS\ie8updates 2010-03-26 23:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2010-03-26 23:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2010-03-26 23:18:15 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-03-26 23:11:05 ----D---- C:\WINDOWS\Prefetch 2010-03-26 23:08:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-03-26 23:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-03-26 23:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-03-26 23:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-03-26 23:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$ 2010-03-26 23:07:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-03-26 23:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-03-26 23:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-03-26 23:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-03-26 23:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-03-26 23:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-03-26 23:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-03-26 23:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-03-26 23:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-03-26 23:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-03-26 23:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-03-26 23:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2010-03-26 23:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-03-26 23:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2010-03-26 23:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-03-26 23:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2010-03-26 23:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2010-03-26 23:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2010-03-26 23:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-03-26 23:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-03-26 23:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-03-26 23:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-03-26 23:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-03-26 23:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2010-03-26 23:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-03-26 23:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-03-26 23:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2010-03-26 23:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-03-26 23:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2010-03-26 23:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2010-03-26 23:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-03-26 23:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-03-26 23:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-03-26 23:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-03-26 23:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-03-26 23:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2010-03-26 23:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2010-03-26 23:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-03-26 23:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2010-03-26 23:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-03-26 23:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2010-03-26 23:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-03-26 23:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-03-26 23:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-03-26 23:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-03-26 23:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$ 2010-03-26 23:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-03-26 23:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$ 2010-03-26 23:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2010-03-26 23:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-03-26 23:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-03-26 23:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-03-26 23:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-03-26 23:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2010-03-26 23:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-03-26 23:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2010-03-26 23:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-03-26 23:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-03-26 23:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2010-03-26 23:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2010-03-26 23:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-03-26 22:58:55 ----D---- C:\WINDOWS\system32\fr 2010-03-26 22:58:55 ----D---- C:\WINDOWS\l2schemas 2010-03-26 22:58:54 ----D---- C:\WINDOWS\system32\bits 2010-03-26 22:55:26 ----D---- C:\WINDOWS\network diagnostic 2010-03-26 22:53:33 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-03-26 22:48:58 ----D---- C:\Documents and Settings\All Users\Application Data\Sun 2010-03-26 22:48:41 ----A---- C:\WINDOWS\system32\javaws.exe 2010-03-26 22:48:41 ----A---- C:\WINDOWS\system32\javaw.exe 2010-03-26 22:48:41 ----A---- C:\WINDOWS\system32\java.exe 2010-03-26 22:42:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira ======List of files/folders modified in the last 1 months====== 2010-03-27 23:33:37 ----D---- C:\WINDOWS\Temp 2010-03-27 23:30:29 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-27 22:59:50 ----AD---- C:\WINDOWS 2010-03-27 22:22:07 ----AD---- C:\WINDOWS\system32 2010-03-27 22:22:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-03-27 22:11:23 ----D---- C:\WINDOWS\system32\drivers 2010-03-27 22:11:21 ----D---- C:\Program Files 2010-03-27 22:03:50 ----D---- C:\Documents and Settings 2010-03-27 20:49:09 ----SD---- C:\WINDOWS\Tasks 2010-03-27 17:53:54 ----D---- C:\WINDOWS\system32\wbem 2010-03-27 15:43:30 ----A---- C:\WINDOWS\system.ini 2010-03-27 15:42:12 ----D---- C:\WINDOWS\AppPatch 2010-03-27 15:42:12 ----D---- C:\Program Files\Fichiers communs 2010-03-27 15:17:22 ----HD---- C:\WINDOWS\inf 2010-03-27 15:16:23 ----SHD---- C:\WINDOWS\Installer 2010-03-27 15:16:22 ----D---- C:\WINDOWS\WinSxS 2010-03-27 14:46:14 ----D---- C:\WINDOWS\system32\config 2010-03-27 14:45:53 ----D---- C:\WINDOWS\Registration 2010-03-27 14:45:07 ----D---- C:\WINDOWS\system32\Restore 2010-03-27 13:31:40 ----A---- C:\WINDOWS\win.ini 2010-03-27 12:50:33 ----D---- C:\WINDOWS\Minidump 2010-03-27 12:50:33 ----D---- C:\WINDOWS\Debug 2010-03-27 00:19:34 ----D---- C:\Documents and Settings\Beeckers\Application Data\Win32 2010-03-27 00:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$ 2010-03-26 23:27:01 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-03-26 23:23:47 ----D---- C:\Program Files\Internet Explorer 2010-03-26 23:20:43 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-26 23:20:43 ----D---- C:\Program Files\Movie Maker 2010-03-26 23:20:41 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-26 23:10:46 ----D---- C:\WINDOWS\system32\Setup 2010-03-26 23:10:45 ----RSD---- C:\WINDOWS\Fonts 2010-03-26 23:09:10 ----D---- C:\WINDOWS\system32\CatRoot 2010-03-26 23:07:28 ----D---- C:\WINDOWS\security 2010-03-26 23:06:44 ----D---- C:\Program Files\Outlook Express 2010-03-26 23:01:48 ----D---- C:\Program Files\Messenger 2010-03-26 22:59:05 ----D---- C:\WINDOWS\system32\inetsrv 2010-03-26 22:59:05 ----D---- C:\WINDOWS\ehome 2010-03-26 22:59:04 ----D---- C:\WINDOWS\ime 2010-03-26 22:59:04 ----D---- C:\WINDOWS\Help 2010-03-26 22:58:55 ----D---- C:\WINDOWS\system32\usmt 2010-03-26 22:58:55 ----D---- C:\WINDOWS\system32\fr-FR 2010-03-26 22:58:54 ----D---- C:\WINDOWS\PeerNet 2010-03-26 22:56:50 ----D---- C:\WINDOWS\ServicePackFiles 2010-03-26 22:56:42 ----D---- C:\WINDOWS\system32\npp 2010-03-26 22:56:40 ----D---- C:\WINDOWS\msagent 2010-03-26 22:56:39 ----D---- C:\WINDOWS\srchasst 2010-03-26 22:56:39 ----D---- C:\Program Files\NetMeeting 2010-03-26 22:56:38 ----D---- C:\WINDOWS\system32\Com 2010-03-26 22:56:37 ----D---- C:\Program Files\Windows Media Player 2010-03-26 22:56:36 ----D---- C:\Program Files\Windows NT 2010-03-26 22:56:35 ----D---- C:\Program Files\Fichiers communs\System 2010-03-26 22:56:24 ----D---- C:\WINDOWS\system32\oobe 2010-03-26 22:56:22 ----D---- C:\WINDOWS\system 2010-03-26 22:54:35 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-03-26 22:48:58 ----D---- C:\Program Files\Fichiers communs\Java 2010-03-26 22:48:38 ----D---- C:\Program Files\Java 2010-03-26 22:42:08 ----SHD---- C:\System Volume Information 2010-03-26 22:34:20 ----D---- C:\WINDOWS\ERDNT 2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776] R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-04-01 1391104] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-09-18 5779296] R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!\K!TVXP~1\DSDrv4.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys [] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-23 722416] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936] R2 IviRegMgr;IviRegMgr; C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-12-14 61440] R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032] R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192] S2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-03-16 337064] S2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-02-24 405672] S2 BrowserQuest Service;BrowserQuest Service; C:\Documents and Settings\All Users\Application Data\BrowserQuest\browserquest119.exe C:\Program Files\BrowserQuest\browserquest.dll Service [] S2 FlexService;Remote Connections Service; C:\Program Files\RapidBIT\cisvc.exe [2009-05-17 41984] S2 gupdate1ca3562d16642cc;Service Google Update (gupdate1ca3562d16642cc); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-14 133104] S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-28 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [] -----------------EOF----------------- et l'autre info.txt logfile of random's system information tool 1.06 2010-03-27 23:34:40 ======Uninstall list====== -->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749} -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A6F0720-739C-408B-966F-93091631A918}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" ACDSee 4.0.2 Trial Version-->MsiExec.exe /I{B36C64F9-8658-42CE-8857-068D484AB03A} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Agere Systems HDA Modem-->agrsmdel Application Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8C3A9E8-07F4-4D44-BB9D-C4AE5D230468}\Setup.exe" -l0x40c Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe" Carte réseau local sans fil 802.11 Broadcom-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Correctif pour Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC EasyPrediction-->C:\Program Files\EasyPrediction\2.0\Uninstall.exe eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe" Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} Google SketchUp 7-->MsiExec.exe /I{E80B8E43-EC59-4ECF-B15B-194A6B86DE46} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005056806466} Gskstudio Youtube Downloader v 2.3.0.0-->"C:\Program Files\Gskstudio\Youtube Downloader\unins000.exe" HijackThis 2.0.2-->"C:\Documents and Settings\Beeckers\Bureau\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe Intel® PRO Network Connections Drivers-->Prounstl.exe InterVideo DVD Check-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} K-Lite Codec Pack 4.7.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LogMeIn-->MsiExec.exe /I{34F93E31-E1A0-421C-8E86-BCF7C4193A91} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9111040C-6000-11D3-8CFE-0150048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe" MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} Roxio Backup MyPC Deluxe-->MsiExec.exe /I{1E2F8094-9DCD-4B87-ADB3-25CC5A0442FF} Roxio Easy Archive-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly Search Settings 1.2.1-->MsiExec.exe /X{0B1AAC97-8563-41D9-AE47-58E6A222F0E1} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SoftwareUpdate 1.0-->"C:\Documents and Settings\Beeckers\Application Data\eoRezo\SoftwareUpdate\unins000.exe" SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly Think Tanks-->"C:\Program Files\Think Tanks\ReflexiveArcade\unins000.exe" TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Torrents Download-->MsiExec.exe /I{B2C178D1-89F4-4E9B-A624-02F167B7AF6C} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VoipDiscount-->"C:\Program Files\VoipDiscount.com\VoipDiscount\unins000.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: BUREAUTI-1C9372 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL. Record Number: 28957 Source Name: Service Control Manager Time Written: 20100223162730.000000+060 Event Type: Informations User: AUTORITE NT\SERVICE LOCAL Computer Name: BUREAUTI-1C9372 Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté. Record Number: 28956 Source Name: Service Control Manager Time Written: 20100223162724.000000+060 Event Type: Informations User: Computer Name: BUREAUTI-1C9372 Event Code: 7036 Message: Le service Google Software Updater est entré dans l'état : en cours d'exécution. Record Number: 28955 Source Name: Service Control Manager Time Written: 20100223162723.000000+060 Event Type: Informations User: Computer Name: BUREAUTI-1C9372 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Google Software Updater. Record Number: 28954 Source Name: Service Control Manager Time Written: 20100223162723.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: BUREAUTI-1C9372 Event Code: 7036 Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté. Record Number: 28953 Source Name: Service Control Manager Time Written: 20100223162719.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: BUREAUTI-1C9372 Event Code: 0 Message: Service started successfully. Record Number: 11301 Source Name: cisvc Time Written: 20100201163814.000000+060 Event Type: Informations User: Computer Name: BUREAUTI-1C9372 Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur BUREAUTI-1C9372\Beeckers alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 11300 Source Name: Userenv Time Written: 20100201062436.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: BUREAUTI-1C9372 Event Code: 0 Message: Service stopped successfully. Record Number: 11299 Source Name: cisvc Time Written: 20100201060410.000000+060 Event Type: Informations User: Computer Name: BUREAUTI-1C9372 Event Code: 0 Message: Record Number: 11298 Source Name: gupdate1ca3562d16642cc Time Written: 20100201060138.000000+060 Event Type: Informations User: Computer Name: BUREAUTI-1C9372 Event Code: 0 Message: Record Number: 11297 Source Name: hpqwmiex Time Written: 20100201060108.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Fichiers communs\DivX Shared "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=0f0a "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "RoxioCentral"=C:\Program Files\Fichiers communs\Roxio Shared\9.0\Roxio Central33\ -----------------EOF-----------------
  9. Wisewise3
    Désinstallé Antivir, je l'ai fait plein de fois. Aller en mode sans echec. Regcleaner. retournée en modem normal ensuite résintall toujours prareil Je vais de nouveau désinstaller Mettre en anglais plutot la version on sait jamais. Si va pas alors je lance un scan malwarebyte et post Qu'est ce que RSIT? Bien à toi, Wise3 Edit: même avec la version 10eng de avira premium çà fait le même... JE lance malware byte
  10. Wisewise3
    Ok, merci pour ton aide. Pour Antivir, il s'agit de la version d'essai 30 Jours de Antivir Premium. En désinstallant comme demandé OTM, j'ai redémarré et là de nouveau ce fichu parapluie qui reste fermé et pourtant antivirus actif.... çà recommence... bien à toi, Wise3
  11. Wisewise3
    Bonjour Apollo, tout d'abord merci pour ton intervention. Avant de voir ta réponse, j'ai exécuté Rescue Cd avec Avira. Il m'a juste trouvé un truc et renommé en nom du fichier+XXX mais rien de bien grave. Et depuis j'ai le parapluie ouvert de nouveau dès le démarrage. Ce qui est bisard c'est que j'ai un message quand je lance un scan qui dit "Ceci est une licence EVAL de Avira Antivir Premium" J'ai aussi réinstallé MalwareByte J'ai néanmoins fait les étapes tel que tu me l'as demandé et voici le rapport: Faut il ensuite que je fasse un autre rapport pour que tu puisses comparé ce qui a changé? et comprendre ainsi pourquoi ce parapluie ne s'ouvrait pas alors que Avira actif? En tout cas merci et ma meilleure amie pour l'instant est "F5" en attendant de te lire All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== File/Folder c:\program files\torrents_download not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SubsSearch\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Beeckers ->Temp folder emptied: 4732886 bytes ->Temporary Internet Files folder emptied: 31677253 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 5646 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 821030 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2167428 bytes %systemroot%\System32 .tmp files removed: 1167032 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 39,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 03272010_205438 Files moved on Reboot... File C:\Documents and Settings\Beeckers\Local Settings\Temp\flaB.tmp not found! C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\NMSG3B5Y\ban_728x90[1].htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\NMSG3B5Y\hp[1].htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\NMSG3B5Y\povh[1].htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\NMSG3B5Y\rectangle_300x250[1].htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\KHLLWDVG\AP_ADV_300x250[1].htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\KHLLWDVG\AP_ADV_728x90[1].htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\KHLLWDVG\avira-parapluie-ferme-mais-tous-les-services-actifs-t175233[1].htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\KHLLWDVG\imgCA0495S8.htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\KHLLWDVG\imgCAXG4AL4.htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\GTV266RT\adsCAGSC3X5.htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\Content.IE5\GTV266RT\iframe[1].htm moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\Beeckers\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully. Registry entries deleted on Reboot...
  12. Wisewise3
    Bonjour, Je viens vers vous car je ne sais plus quoi faire. j'ai eu un pc qui avait plusieurs symptomes: mauvaises date, heure, msn qui se lancait plus, page d'accueil internet explorer qui ne restait jamais,etc. J'ai désinstallé avast, plus clean tools d'avast Désinstallé quelques hotbar lancé combo fix il a nettoyé pas mal msn se lancait ensuite... j'ai installé avira, mis à jour. Idem avec malwarebyte et mis à jour. Scanné avec les deux. Tout allait bien puis j'ai redémarré le pc et là le parapluie de avira reste toujours fermé. Quand je double clique dessus, j'ai pourtant tout les services actifs. Dans services.msc tout est ok pour avira. J'ai lu qu'il fallait désinstaler en mode sans échec. Ensuite utiliser le cleanreg de avira. Ensuite réinstaller. Rien y fait. J'ai désinstallé malwarebyte car je lisais qu'il pouvait faire blocage mais pareil. Actuellement malwarebyte est toujours désisntallé. Voici mon hijackthis, afin que quelqun puisse me dire si j'ai pas un truc qui pourrait me causer ce prob. Merci pour votre aide. Bien à vous et merci pour votre aide, WiseWise3 Je mets le rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:14:29, on 27/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\RapidBIT\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Beeckers\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [VoipDiscount] "C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" -nosplash -minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: BrowserQuest Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\BrowserQuest\browserquest119.exe (file missing) O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files\RapidBIT\cisvc.exe O23 - Service: Service Google Update (gupdate1ca3562d16642cc) (gupdate1ca3562d16642cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: SubsSearch - Unknown owner - C:\Program Files\Torrents_Download\Torrents Download\SubsSearchService.exe (file missing) -- End of file - 10514 bytes
  13. Wisewise3
    Re, donc tout est nettoyé alors. Merci, je note "RESOLU" Bien à vous, WiseWise3
  14. Wisewise3
    Bonjour, voici le premier rapport: SmitFraudFix v2.401 Rapport fait à 11:15:28,09, mar. 10/03/2009 Executé à partir de C:\Documents and Settings\user-\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Program Files\Winamp3\winampa.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\WINDOWS\system32\NotifyPhoneBook.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wpabaln.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\user-\Bureau\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user- »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user-\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user-\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user-\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3524A4D9-0DFC-4C95-A5FA-07051A771456}: NameServer=194.64.31.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: NameServer=194.64.31.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{BF4237BE-093A-42B0-A4B0-43EC0D099381}: NameServer=194.64.31.3 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin et le deuxièe rapport: SmitFraudFix v2.401 Rapport fait à 11:23:53,85, mar. 10/03/2009 Executé à partir de C:\Documents and Settings\user-\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3524A4D9-0DFC-4C95-A5FA-07051A771456}: NameServer=194.64.31.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: NameServer=194.64.31.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{BF4237BE-093A-42B0-A4B0-43EC0D099381}: NameServer=194.64.31.3 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Bien à vous, WiseWise3
  15. Wisewise3
    Bonjour Pear, non je ne sais pas ce qu'est: O17 - HKLM\System\CCS\Services\Tcpip\..\{3524A4D9-0DFC-4C95-A5FA-07051A771456}: NameServer = 194.64.31.3 Voici le rapport de SD Fix: SDFix: Version 1.240 Run by user- on lun. 09/03/2009 at 20:52 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\-64593~1 - Deleted C:\WINDOWS\accwiz.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 21:22:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\PRO\\PRO.exe"="C:\\Program Files\\PRO\\PRO.exe:*:Enabled:msvr" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Finished! et voici un rapport HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:59:16, on 9/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp3\winampa.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\Ras2000.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\NotifyPhoneBook.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\user-\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [RAS2000] C:\WINDOWS\System32\Ras2000.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3CA6DFF6-C6B0-11D4-8035-0050BF0BA18C} (BMSPX Control) - http://217.136.17.140/bmspx.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986 O16 - DPF: {93F796E1-6BF7-4E22-958E-4E969E88F69D} (WebClient Control) - http://island-1000.dyndns.org/WebClient.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3524A4D9-0DFC-4C95-A5FA-07051A771456}: NameServer = 194.64.31.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: NameServer = 194.64.31.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{BF4237BE-093A-42B0-A4B0-43EC0D099381}: NameServer = 194.64.31.3 O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing) -- End of file - 6964 bytes MErci pour l'analyse. WiseWise3
  16. Wisewise3
    Bonjour, le pc sur lequel je suis redémarrait en boucle aussi bien en mode normal, mode sans echec, dernière bonne configuration connue... J'ai d'abord analysé sur un autre pc le disque dur et il m'a trouvé plus ou moins 170 virus... Comme il n'y avait pas d'amélioration j'ai réinstallé le windows XP par dessus et j'ai enfin pu retourné sous windows. J'ai exécuté msnfix qui m'a trouvé une infection et nettoyé. Ensuite j'ai exécuté Lop S&D qui m'a nettoyé aussi des trucs. Ensuite MalwareByte qui m'a encore trouvé quelques traces et enfin Antivir qui m'a trouvé aussi des traces mais ds les restauration système. J'ai désactivé restauration système et denouveau réactivé celui-ci afin qu'il m'éfface toutes traces malicieuses. Pouvez vous analyser le rapport suivant afin dêtre sur que plus de traces malicieuses? Merci. S'il fallait un rapport d'un des outils cités, pas de problème. Bien à vous, WiseWise3 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:46:00, on 9/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp3\winampa.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\NotifyPhoneBook.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wpabaln.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\user-\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [RAS2000] C:\WINDOWS\System32\Ras2000.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKCU\..\Run: [kavir] C:\WINDOWS\kavir.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3CA6DFF6-C6B0-11D4-8035-0050BF0BA18C} (BMSPX Control) - http://217.136.17.140/bmspx.cab O16 - DPF: {93F796E1-6BF7-4E22-958E-4E969E88F69D} (WebClient Control) - http://island-1000.dyndns.org/WebClient.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3524A4D9-0DFC-4C95-A5FA-07051A771456}: NameServer = 194.64.31.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{50B7AB5B-0228-498C-BB98-F7962945CBE4}: NameServer = 194.64.31.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{BF4237BE-093A-42B0-A4B0-43EC0D099381}: NameServer = 194.64.31.3 O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing) -- End of file - 6266 bytes
  17. Wisewise3
    Bonjour Pear, tout d'abord merci pour la prise en main. Ensuite, j'ai été sur une fausse piste en raison des alertes de virus trouvés mais nettoyé par l'antivirus. En fait la lenteur est due à un malheureux concours de circonstances qui ont fait que le quota d'adsl était épuisé et donc que le FAI limitait le traffic juste au moement où les virus ont été nettoyé. En Belgique, suivant l'opérateur, quand le quota est atteint cela ne coupe pas mais la vitesse est fortement diminuée (+- 64 kbps) Merci encore. Bien à vous, WiseWise3
  18. Wisewise3
    Maintenant j'ai de nouveau l'accè à internet mais TRES lent
  19. Wisewise3
    Bonjour, voici le log d'un pc dont j'ai le controle à distance. L'utilisateur se plaignait d'avoir un surf lent. AVG lui a détecté plusieurs virus et nettoyé. J'ai lancé malwarebyte mais il ne m'a rien trouvé. Il y avait dans les process nl.exe nl2.exe ree.exe ree1.exe... Maintenant je n'ai plus accès à internet ni par IE ni par Firefox. Le pc est pourtant sur internet vu que j'y accède à distance... Pouvez-vous me guider par rapport à ce qui est mis dans le log de hijackthis? Merci. WiseWise3 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:22:26, on 23/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\APPS\SMP\SmpSys.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MioNet\MioNetManager.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\MioNet\jvm\bin\MioNet.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\APPS\skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\System32\svchost.exe C:\APPS\skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avscan.exe C:\Documents and Settings\Bispo Dos Santos\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ig?hl=fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = fc092794@SKYNET R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-4239459417-1417923691-3133778916-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?26bccc3a598b4b8e8e4a8fd89ee7d2cb O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?26bccc3a598b4b8e8e4a8fd89ee7d2cb O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.fullweb.be:83/VatDec.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://euroinvest.safe100.net:81/plugin/h263ctrl.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 14443 bytes
  20. Wisewise3
    Merci pour ces conseils et l'aide. J'en fait part au proprio du pc. Bien à vous, WiseWise3
  21. Wisewise3
    oui c'est une version "coccinelle" Mais pour réparer j'ai utilisé une version "normale"... est cela la cause?
  22. Wisewise3
    Bonsoir, Pour la pile, je vérifierai avec un ohmetre. Voici les rapports demandés: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Athlon XP 2400+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Mouthuy ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:19 Go (Free:13 Go) D:\ (Local Disk) - NTFS - Total:14 Go (Free:10 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( sam. 10/01/2009|21:06 ) --------------------\\ Listing des dossiers dans APPLIC~1 [18/03/2008|16:47] C:\DOCUME~1\ADMINI~1.MO~\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web [26/03/2008|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [27/01/2007|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems [21/02/2007|15:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [24/11/2008|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [31/08/2007|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [09/03/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Farm Frenzy [27/09/2007|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames [30/11/2007|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [23/01/2008|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft [03/02/2008|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations [30/08/2007|17:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear [19/06/2008|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn [24/11/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [31/07/2008|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [06/10/2007|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania [27/11/2007|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve [02/02/2007|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [02/02/2007|21:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [26/11/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage [03/02/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite [04/09/2007|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst [27/03/2008|15:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games [24/11/2008|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [02/02/2007|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com [29/09/2007|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [26/11/2008|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [26/02/2008|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [03/07/2007|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [27/01/2007|07:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [25/04/2007|16:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [27/01/2007|07:47] C:\DOCUME~1\LOGMEI~1\APPLIC~1\Microsoft [10/02/2007|19:01] C:\DOCUME~1\Mouthuy\APPLIC~1\3D-Album-PS [04/01/2008|20:13] C:\DOCUME~1\Mouthuy\APPLIC~1\Adobe [04/06/2008|11:27] C:\DOCUME~1\Mouthuy\APPLIC~1\AdobeUM [02/02/2007|22:57] C:\DOCUME~1\Mouthuy\APPLIC~1\Ahead [27/01/2007|08:30] C:\DOCUME~1\Mouthuy\APPLIC~1\aignes [28/07/2007|13:20] C:\DOCUME~1\Mouthuy\APPLIC~1\Anuman Interactive [21/02/2007|15:20] C:\DOCUME~1\Mouthuy\APPLIC~1\Apple Computer [24/11/2008|23:07] C:\DOCUME~1\Mouthuy\APPLIC~1\Avira [28/09/2007|15:59] C:\DOCUME~1\Mouthuy\APPLIC~1\Big Fish Games [28/03/2007|17:38] C:\DOCUME~1\Mouthuy\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web [27/08/2007|19:44] C:\DOCUME~1\Mouthuy\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web [27/09/2007|16:48] C:\DOCUME~1\Mouthuy\APPLIC~1\FloodLightGames [01/12/2007|10:47] C:\DOCUME~1\Mouthuy\APPLIC~1\Google [27/01/2007|08:30] C:\DOCUME~1\Mouthuy\APPLIC~1\gtopala [31/01/2007|19:17] C:\DOCUME~1\Mouthuy\APPLIC~1\Help [02/04/2007|21:30] C:\DOCUME~1\Mouthuy\APPLIC~1\Hemera [27/03/2008|15:32] C:\DOCUME~1\Mouthuy\APPLIC~1\Identities [19/05/2007|12:30] C:\DOCUME~1\Mouthuy\APPLIC~1\Image Zone Express [26/11/2008|18:04] C:\DOCUME~1\Mouthuy\APPLIC~1\JAM Software [02/01/2009|19:31] C:\DOCUME~1\Mouthuy\APPLIC~1\LimeWire [27/01/2007|10:31] C:\DOCUME~1\Mouthuy\APPLIC~1\Macromedia [01/09/2007|09:37] C:\DOCUME~1\Mouthuy\APPLIC~1\Magic Academy [24/11/2008|21:56] C:\DOCUME~1\Mouthuy\APPLIC~1\Malwarebytes [08/01/2009|07:38] C:\DOCUME~1\Mouthuy\APPLIC~1\mfcddash [20/05/2008|18:35] C:\DOCUME~1\Mouthuy\APPLIC~1\Microsoft [18/07/2007|08:27] C:\DOCUME~1\Mouthuy\APPLIC~1\Mindscape [03/02/2008|19:15] C:\DOCUME~1\Mouthuy\APPLIC~1\Nokia [10/02/2007|17:58] C:\DOCUME~1\Mouthuy\APPLIC~1\Opera [03/02/2008|19:15] C:\DOCUME~1\Mouthuy\APPLIC~1\PC Suite [04/09/2007|11:24] C:\DOCUME~1\Mouthuy\APPLIC~1\PlayFirst [02/01/2008|14:56] C:\DOCUME~1\Mouthuy\APPLIC~1\SecuROM [19/04/2008|09:18] C:\DOCUME~1\Mouthuy\APPLIC~1\Shareaza [27/01/2007|08:23] C:\DOCUME~1\Mouthuy\APPLIC~1\Sun [29/09/2007|14:27] C:\DOCUME~1\Mouthuy\APPLIC~1\VeniceMysteryData [23/09/2007|09:31] C:\DOCUME~1\Mouthuy\APPLIC~1\vlc [02/02/2007|22:55] C:\DOCUME~1\Mouthuy\APPLIC~1\WinRAR [27/03/2008|15:32] C:\DOCUME~1\Mouthuy\APPLIC~1\Zylom [27/01/2007|07:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [10/01/2009 20:32][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/01/2009 05:09][-rah-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [24/11/2008|22:25] C:\Program Files\Avira [07/01/2009|16:37] C:\Program Files\Fichiers communs [07/01/2009|16:32] C:\Program Files\Google [07/01/2009|16:41] C:\Program Files\Hewlett-Packard [26/09/2007|18:52] C:\Program Files\IncrediMail [16/08/2008|13:54] C:\Program Files\Internet Explorer [26/11/2008|18:04] C:\Program Files\JAM Software [10/01/2009|20:01] C:\Program Files\LogMeIn [08/01/2009|07:07] C:\Program Files\Malwarebytes' Anti-Malware [18/07/2008|12:38] C:\Program Files\Messenger Plus! Live [30/10/2008|19:20] C:\Program Files\mfcddash [27/01/2007|07:49] C:\Program Files\microsoft frontpage [07/01/2009|16:41] C:\Program Files\Microsoft Office [27/01/2007|10:26] C:\Program Files\Microsoft Visual Studio [31/07/2008|10:29] C:\Program Files\Microsoft Works [27/01/2007|10:25] C:\Program Files\Microsoft.NET [07/01/2009|16:50] C:\Program Files\Movie Maker [26/11/2008|22:02] C:\Program Files\MSECACHE [27/01/2007|07:42] C:\Program Files\MSN Gaming Zone [07/01/2009|17:17] C:\Program Files\MSN Messenger [27/01/2007|08:00] C:\Program Files\MSXML 4.0 [27/01/2007|07:44] C:\Program Files\NetMeeting [07/01/2009|16:51] C:\Program Files\Outlook Express [03/02/2008|19:13] C:\Program Files\PC Connectivity Solution [26/09/2007|18:55] C:\Program Files\QuickTime [26/03/2008|13:37] C:\Program Files\Samsung [12/01/2008|17:08] C:\Program Files\Shareaza Applications [26/09/2008|14:29] C:\Program Files\Sierra On-Line [24/11/2008|22:16] C:\Program Files\Spybot - Search & Destroy [02/02/2007|21:03] C:\Program Files\support.com [02/02/2007|21:06] C:\Program Files\Thomson [27/01/2007|07:43] C:\Program Files\Uninstall Information [27/01/2007|07:59] C:\Program Files\UTILS [27/01/2007|10:12] C:\Program Files\VIA Technologies, Inc [26/09/2007|18:36] C:\Program Files\VideoLAN [26/11/2008|22:02] C:\Program Files\Windows Installer Clean Up [26/11/2008|21:50] C:\Program Files\Windows Live [18/08/2007|09:42] C:\Program Files\Windows Live Safety Center [27/01/2007|08:21] C:\Program Files\Windows Media Connect 2 [27/01/2007|08:22] C:\Program Files\Windows Media Player [27/01/2007|07:42] C:\Program Files\Windows NT [27/01/2007|07:45] C:\Program Files\WindowsUpdate [27/09/2007|16:19] C:\Program Files\WinRAR [27/01/2007|08:22] C:\Program Files\WMV9_VCM [27/01/2007|07:59] C:\Program Files\WSTARTUP [27/01/2007|07:49] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [26/11/2008|21:45] C:\Program Files\Fichiers communs\Adobe [27/01/2007|11:10] C:\Program Files\Fichiers communs\Adobe Systems Shared [02/02/2007|22:56] C:\Program Files\Fichiers communs\Ahead [31/08/2007|15:48] C:\Program Files\Fichiers communs\BOONTY Shared [27/01/2007|10:26] C:\Program Files\Fichiers communs\DESIGNER [28/03/2007|17:37] C:\Program Files\Fichiers communs\Hewlett-Packard [23/04/2007|17:57] C:\Program Files\Fichiers communs\HP [02/04/2007|21:29] C:\Program Files\Fichiers communs\InstallShield [27/01/2007|08:24] C:\Program Files\Fichiers communs\Java [31/07/2008|10:29] C:\Program Files\Fichiers communs\Microsoft Shared [27/01/2007|07:44] C:\Program Files\Fichiers communs\MSSoap [27/01/2007|08:30] C:\Program Files\Fichiers communs\ODBC [27/01/2007|07:44] C:\Program Files\Fichiers communs\Services [27/01/2007|08:30] C:\Program Files\Fichiers communs\SpeechEngines [23/04/2007|17:57] C:\Program Files\Fichiers communs\SWF Studio [07/01/2009|16:38] C:\Program Files\Fichiers communs\System --------------------\\ Process ( 49 Processes ) IEXPLORE.EXE ~ [PID:3072] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-10 21:07:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 61 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Mouthuy\Bureau\WGA Remover OK\Windows XP Keygen.exe [F:235][D:17]-> C:\DOCUME~1\Mouthuy\LOCALS~1\Temp [F:221][D:0]-> C:\DOCUME~1\Mouthuy\Cookies [F:1056][D:4]-> C:\DOCUME~1\Mouthuy\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - jeu. 08/01/2009| 7:19 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - jeu. 08/01/2009| 7:28 - Option : [2] 3 - "C:\Lop SD\LopR_3.txt" - sam. 10/01/2009|21:08 - Option : [1] --------------------\\ Fin du rapport a 21:08:53 Pour mes problèmes vous pensez qu'il vaut mieux que je poste dans la section software? Merci encore pour votre aide. WiseWise3
  23. Wisewise3
    Bonjour, suite à l'installation d'un jeux, le pc s'est planté. Ensuite au redémarrage, un message ntldr est manquant. J'ai été en console de récupération et exécuté fixboot. Ensuite j'ai eu un ntldr is compressed, j'ai executé en console de récup attrib -c c:\ntldr Ensuite j'avais un boot.ini est endommagé mais le windows s'exécutait... J4ai réparer avec la commande bootcfg /rebuild Mais depuis j'ai un message au démarrage windows "windows installer", les icones de poste de travail, mes documents, etc avec icones générique. Je ne sais plus lancer word, etc, ccleaner, etc. MalwareByte j'ai du le désinstaller et réinstaller pour qu'il refonctionne. Quand j'essaye d'exécuter regedit , il me dit que le windows ne trouve pas la commande. Comme Avira m'a trouvé des traces de swizzor, que la date et heure se modifie (même dans le bios.... possible?) pouvez vous analyser le log d'hijackthis s'il vous plait et me dire si un virus est responsable de tout çà? Merci pour votre analyse. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:59:54, on 10/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe c:\program files\avira\antivir personaledition premium\avcenter.exe C:\Documents and Settings\Mouthuy\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-1454471165-492894223-1957994488-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-1454471165-492894223-1957994488-1008\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to AMV Converter... - D:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing) O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing) O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9649 bytes
  24. Wisewise3
    Bonjour Falkra, désolé pour la réponse tardive. Plus de symptômes. Merci pour le contrôle. Je mets résolu. Bien à vous, WiseWise3
  25. Wisewise3
    Bonjour Falkra, voici donc le rapport: Merci et bien à vous, Wisewise3 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:43, on 2008-12-15 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Documents and Settings\Me Beauraind\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-21-1583244945-2734619735-2947400508-1008\..\Run: [sonic RecordNow!] (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-1583244945-2734619735-2947400508-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game14.zylomgames.com/activex/zylomloader.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 10053 bytes
×
×
  • Créer...