Aller au contenu

yugm

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    61

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par yugm

  1. yugm
    Bonsoir oGu Je viens de démarrerla nouvelle procédure et ça ne semble pas fonctionner correctement. ok pour CFScript.txt et désactivation McAfee mais je n'ai pas ces 2 fichiers sur le bureau [*]ComboFix créera ces fichiers sur ton Bureau : Un fichier zippé nommé Submit [Date Time].zip Un second fichier nommé - CF-Submit.htm [*]ComboFix peut exiger un redémarrage pour compléter son travail. Accepte. . le redémarrage s'est bien fait avec le rapport COMBOFIX mais pas la nouvelle fenêtre ci-dessous et j'ai donc dû relancer mon navigateur [*]Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK" [*]Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira : Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier Submit [Date Time].zip qui est sur ton Bureau. Clique sur le fichier afin de le sélectionner. Soumets le fichier en cliquant "OK" [*]Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau. [*]Enfin, poste les deux rapports suivants dans ta prochaine réponse : - Combofix.txt - Un nouveau rapport HijackThis [/color][/color] et voici les rapports demandés en 1: Combofix ComboFix 08-04-03.3 - MAHE 2008-04-04 22:23:59.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.91 [GMT 2:00] Endroit: C:\Documents and Settings\MAHE\Accessoires\Bureau\combofix.exe Command switches used :: C:\Documents and Settings\MAHE\Accessoires\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dbmsvin.dll C:\WINDOWS\system32\drivers\arjkevag.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LVQOLSMS -------\Service_lvqolsms ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))))))) . 2008-04-03 17:36 . 2008-04-03 17:36 136 --a------ C:\WINDOWS\system32\yugm.reg 2008-04-02 14:10 . 2008-04-02 15:08 <REP> d-------- C:\Downloads 2008-04-02 14:10 . 2008-04-02 15:08 <REP> d-------- C:\Bases 2008-04-02 14:01 . 2008-04-02 15:14 <REP> d-------- C:\Kaspersky 2008-04-01 22:19 . 2008-04-01 22:19 <REP> d-------- C:\Documents and Settings\MAHE\Application Data\Malwarebytes 2008-04-01 22:18 . 2008-04-01 22:18 <REP> d-------- C:\Malwarebytes' Anti-Malware 2008-04-01 22:18 . 2008-04-01 22:18 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-03-31 21:08 . 2008-03-31 21:08 <REP> d-------- C:\VundoFix Backups 2008-03-30 18:09 . 2008-03-30 18:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools 2008-03-30 15:10 . 2008-03-30 15:10 583 --a------ C:\WINDOWS\system32\Raccourci vers notepad.exe.lnk 2008-03-30 00:35 . 2008-03-30 00:35 <REP> d-------- C:\_OTMoveIt 2008-03-27 19:49 . 2008-03-27 20:21 <REP> d-------- C:\Program Files\Navilog1 2008-03-27 19:39 . 2008-04-04 21:40 3,218 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-03-27 19:22 . 2008-03-29 23:49 1,298 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-27 12:44 . 2008-03-28 18:04 13,030 --a------ C:\PDOXUSRS.NET 2008-03-27 12:43 . 2008-03-27 12:43 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared 2008-03-27 12:43 . 1999-01-20 06:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL 2008-03-27 12:43 . 1999-11-12 06:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL 2008-03-27 12:42 . 2008-03-27 12:43 <REP> d-------- C:\Program Files\ZebHelpProcess 2 2008-03-25 11:44 . 2008-03-25 11:44 <REP> d-------- C:\Program Files\Trend Micro 2008-03-21 19:13 . 2007-12-06 17:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys 2008-03-21 19:13 . 2007-12-06 17:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys 2008-03-21 19:13 . 2008-02-12 12:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys 2008-03-21 18:07 . 2008-03-30 14:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg 2008-03-08 18:59 . 2008-03-09 11:13 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-06 20:33 . 2008-03-06 20:33 1,271,557 --------- C:\Program Files\wrar371fr.exe 2008-03-04 11:50 . 2008-03-04 11:50 <REP> d-------- C:\Documents and Settings\MAHE\Application Data\ItsLabel . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-04 20:32 --------- d-----w C:\Program Files\Wanadoo 2008-04-01 20:15 --------- d---a-w C:\Program Files\Common Files 2008-04-01 18:23 --------- d-----w C:\Documents and Settings\MAHE\Application Data\SiteAdvisor 2008-03-31 11:38 --------- d-----w C:\Program Files\jv16 PowerTools 2008-03-30 15:57 --------- d-----w C:\Program Files\Common 2008-03-26 15:15 --------- d-----w C:\Program Files\CCleaner 2008-03-22 14:10 --------- d-----w C:\Program Files\AlertInfo 2008-03-08 16:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-03-01 08:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee 2008-02-27 08:07 --------- d-----w C:\Program Files\SiteAdvisor 2008-02-26 08:01 --------- d-----w C:\Program Files\fsupport 2008-02-26 08:01 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-23 14:35 --------- d-----w C:\Program Files\McAfee 2008-02-23 09:11 --------- d-----w C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Data\SiteAdvisor 2008-02-22 14:45 --------- d-----w C:\Documents and Settings\MAHE\Application Data\AlertInfo 2008-02-22 12:42 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.001\Application Data\SiteAdvisor 2008-02-22 12:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor 2008-02-22 12:38 --------- d-----w C:\Program Files\Fichiers communs\McAfee 2008-02-22 12:37 --------- d-----w C:\Program Files\McAfee.com 2008-02-22 09:50 --------- d-----w C:\Documents and Settings\MAHE\Application Data\McAfee 2006-08-24 09:08 9,258,851 -c--a-w C:\Program Files\gestionnaire_internethd.exe 2006-08-01 15:07 1,465,856 -c--a-w C:\Program Files\DSLTest.exe 2006-07-05 16:09 5,290,525 ----a-w C:\Program Files\Photo3D.exe 2006-06-29 07:21 576 -c--a-w C:\Program Files\INSTALL.LOG 2006-06-20 13:55 2,883,214 -c--a-w C:\Program Files\UpgradeFranceOfficev9.1.zip 2006-06-03 10:18 9,663,232 -c--a-w C:\Program Files\OutlookExpress506FRA.bin 2006-02-16 13:26 12,814,336 -c--a-w C:\Program Files\mp10setup.exe 2006-01-24 08:43 3,530,812 -c--a-w C:\Program Files\looksnavigateur.exe 2006-01-07 16:47 578,560 -c--a-w C:\Program Files\wanadoo_toolbarsetup.exe 2005-11-02 13:54 11,120,472 -c--a-w C:\Program Files\DivXPlay.exe . ((((((((((((((((((((((((((((( snapshot@2008-04-03_20.12.40.92 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-03 17:30:24 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-04-04 15:53:52 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-04-03 17:30:24 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Historique\History.IE5\index.dat + 2008-04-04 15:53:52 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Historique\History.IE5\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.exe" [2007-07-25 16:10 111904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EoEngine"="" [] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "SpecifyDefaultButtons"= 0 (0x0) "Btn_Search"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ :\WINDOWS\system32\srrstr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series] --a--c--- 2006-02-21 06:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a--c--- 2004-08-05 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup] C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-04-04 16:12 77824 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --------- 2004-10-14 16:55 32768 C:\Program Files\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\WINDOWS\\explorer.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= S2 dll32;FireDaemon Service: dll32;c:\winnt\system32\os2\dll\packs\FireDaemon.EXE [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bc232cc-3035-11d9-b0e7-806d6172696f}] \Shell\AutoRun\command - C:\ATI\SUPPORT\wxp-w2k-catalyst-7-94-030917m-011434c\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605a9d26-b78e-11dc-b622-0090d0a8ed6f}] \Shell\AutoRun\command - explorer.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-01 23:04:08 C:\WINDOWS\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe.1262 7 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-04 22:32:35 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\locator.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\System32\vssvc.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-04 22:36:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-04 20:35:57 ComboFix2.txt 2008-04-03 18:13:26 Pre-Run: 10,264,514,560 octets libres Post-Run: 10,294,403,072 octets libres . 2008-03-12 20:10:50 --- E O F --- en 2 :HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:14:09, on 04/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\explorer.exe C:\Program Files\McAfee\MSC\mcuimgr.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\MGWIU3H4\BAN_72~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\IFRAME~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\HP_1_~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\AP_ADV~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\INDEX_~4.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\AP_CPL~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\ADS_9_~1.SH! O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...235/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D43F0FA3-C5C4-46FC-B5E6-76E193C76ACA}: NameServer = 81.253.149.9 80.10.246.132 O23 - Service: FireDaemon Service: dll32 (dll32) - Unknown owner - c:\winnt\system32\os2\dll\packs\FireDaemon.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6042 bytes Désolé de ne pas mieux faire 0Gu A+
  2. yugm
    Rebonjour oGu voici donc le rapport Combofix NB:j'avais programmé l'activation auto de McAfee au redémarrage de l'ordi.J'espère que cela n'a pas nui à ce rapport A+ ComboFix 08-04-03.3 - MAHE 2008-04-03 20:01:49.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.146 [GMT 2:00] Endroit: C:\Documents and Settings\MAHE\Accessoires\Bureau\combofix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TASKMON.SYS ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))))))) . 2008-04-03 17:36 . 2008-04-03 17:36 136 --a------ C:\WINDOWS\system32\yugm.reg 2008-04-02 14:10 . 2008-04-02 15:08 <REP> d-------- C:\Downloads 2008-04-02 14:10 . 2008-04-02 15:08 <REP> d-------- C:\Bases 2008-04-02 14:01 . 2008-04-02 15:14 <REP> d-------- C:\Kaspersky 2008-04-01 22:19 . 2008-04-01 22:19 <REP> d-------- C:\Documents and Settings\MAHE\Application Data\Malwarebytes 2008-04-01 22:18 . 2008-04-01 22:18 <REP> d-------- C:\Malwarebytes' Anti-Malware 2008-04-01 22:18 . 2008-04-01 22:18 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-03-31 21:08 . 2008-03-31 21:08 <REP> d-------- C:\VundoFix Backups 2008-03-30 18:09 . 2008-03-30 18:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools 2008-03-30 15:10 . 2008-03-30 15:10 583 --a------ C:\WINDOWS\system32\Raccourci vers notepad.exe.lnk 2008-03-30 00:35 . 2008-03-30 00:35 <REP> d-------- C:\_OTMoveIt 2008-03-27 19:49 . 2008-03-27 20:21 <REP> d-------- C:\Program Files\Navilog1 2008-03-27 19:39 . 2008-04-03 18:13 3,218 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-03-27 19:22 . 2008-03-29 23:49 1,298 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-27 12:44 . 2008-03-28 18:04 13,030 --a------ C:\PDOXUSRS.NET 2008-03-27 12:43 . 2008-03-27 12:43 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared 2008-03-27 12:43 . 1999-01-20 06:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL 2008-03-27 12:43 . 1999-11-12 06:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL 2008-03-27 12:42 . 2008-03-27 12:43 <REP> d-------- C:\Program Files\ZebHelpProcess 2 2008-03-25 11:44 . 2008-03-25 11:44 <REP> d-------- C:\Program Files\Trend Micro 2008-03-21 19:13 . 2007-12-06 17:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys 2008-03-21 19:13 . 2007-12-06 17:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys 2008-03-21 19:13 . 2008-02-12 12:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys 2008-03-21 18:07 . 2008-03-30 14:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg 2008-03-08 18:59 . 2008-03-09 11:13 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-06 20:33 . 2008-03-06 20:33 1,271,557 --------- C:\Program Files\wrar371fr.exe 2008-03-04 11:50 . 2008-03-04 11:50 <REP> d-------- C:\Documents and Settings\MAHE\Application Data\ItsLabel . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-03 18:09 --------- d-----w C:\Program Files\Wanadoo 2008-04-01 20:15 --------- d---a-w C:\Program Files\Common Files 2008-04-01 18:23 --------- d-----w C:\Documents and Settings\MAHE\Application Data\SiteAdvisor 2008-03-31 11:38 --------- d-----w C:\Program Files\jv16 PowerTools 2008-03-30 15:57 --------- d-----w C:\Program Files\Common 2008-03-26 15:15 --------- d-----w C:\Program Files\CCleaner 2008-03-22 14:10 --------- d-----w C:\Program Files\AlertInfo 2008-03-08 16:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-03-01 08:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee 2008-02-27 08:07 --------- d-----w C:\Program Files\SiteAdvisor 2008-02-26 08:01 --------- d-----w C:\Program Files\fsupport 2008-02-26 08:01 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-23 14:35 --------- d-----w C:\Program Files\McAfee 2008-02-23 10:29 19,584 ----a-w C:\WINDOWS\system32\drivers\arjkevag.dat 2008-02-23 09:11 --------- d-----w C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Data\SiteAdvisor 2008-02-22 14:45 --------- d-----w C:\Documents and Settings\MAHE\Application Data\AlertInfo 2008-02-22 12:42 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.001\Application Data\SiteAdvisor 2008-02-22 12:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor 2008-02-22 12:38 --------- d-----w C:\Program Files\Fichiers communs\McAfee 2008-02-22 12:37 --------- d-----w C:\Program Files\McAfee.com 2008-02-22 09:50 --------- d-----w C:\Documents and Settings\MAHE\Application Data\McAfee 2006-08-24 09:08 9,258,851 -c--a-w C:\Program Files\gestionnaire_internethd.exe 2006-08-01 15:07 1,465,856 -c--a-w C:\Program Files\DSLTest.exe 2006-07-05 16:09 5,290,525 ----a-w C:\Program Files\Photo3D.exe 2006-06-29 07:21 576 -c--a-w C:\Program Files\INSTALL.LOG 2006-06-20 13:55 2,883,214 -c--a-w C:\Program Files\UpgradeFranceOfficev9.1.zip 2006-06-03 10:18 9,663,232 -c--a-w C:\Program Files\OutlookExpress506FRA.bin 2006-02-16 13:26 12,814,336 -c--a-w C:\Program Files\mp10setup.exe 2006-01-24 08:43 3,530,812 -c--a-w C:\Program Files\looksnavigateur.exe 2006-01-07 16:47 578,560 -c--a-w C:\Program Files\wanadoo_toolbarsetup.exe 2005-11-02 13:54 11,120,472 -c--a-w C:\Program Files\DivXPlay.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{308FA211-78FE-4D86-B405-50E0361AF78F}] 2008-03-04 20:51 98048 --a------ C:\WINDOWS\system32\dbmsvin.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.exe" [2007-07-25 16:10 111904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EoEngine"="" [] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "SpecifyDefaultButtons"= 0 (0x0) "Btn_Search"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ :\WINDOWS\system32\srrstr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ajzedll] --a--c--- 2005-06-22 21:45 0 C:\WINDOWS\ajzedll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ajzeenc] --a--c--- 2005-06-22 21:45 0 C:\WINDOWS\ajzeenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series] --a--c--- 2006-02-21 06:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a--c--- 2004-08-05 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup] C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-04-04 16:12 77824 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --------- 2004-10-14 16:55 32768 C:\Program Files\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\WINDOWS\\explorer.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= R0 lvqolsms;lvqolsms;C:\WINDOWS\system32\drivers\arjkevag.dat [] S2 dll32;FireDaemon Service: dll32;c:\winnt\system32\os2\dll\packs\FireDaemon.EXE [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bc232cc-3035-11d9-b0e7-806d6172696f}] \Shell\AutoRun\command - C:\ATI\SUPPORT\wxp-w2k-catalyst-7-94-030917m-011434c\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605a9d26-b78e-11dc-b622-0090d0a8ed6f}] \Shell\AutoRun\command - explorer.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-01 23:04:08 C:\WINDOWS\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe.1262 7 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-03 20:09:48 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvqolsms] "ImagePath"="system32\drivers\arjkevag.dat" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\locator.exe C:\WINDOWS\System32\vssvc.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-03 20:13:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-03 18:13:16 Pre-Run: 10,365,497,344 octets libres Post-Run: 10,309,709,824 octets libres . 2008-03-12 20:10:50 --- E O F ---
  3. yugm
    Bjr oGu Voici donc les réponses de l'élève à son prof informatique en 1:rapport otmoveit C:\WINDOWS\system32\dbmsvin.dll unregistered successfully. File move failed. C:\WINDOWS\system32\dbmsvin.dll scheduled to be moved on reboot. OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04032008_180549 en 2 :rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:21:44, on 03/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {308FA211-78FE-4D86-B405-50E0361AF78F} - C:\WINDOWS\system32\dbmsvin.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\MGWIU3H4\BAN_72~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\IFRAME~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\HP_1_~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\AP_ADV~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\INDEX_~4.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\AP_CPL~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\ADS_9_~1.SH! O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...235/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D43F0FA3-C5C4-46FC-B5E6-76E193C76ACA}: NameServer = 80.10.246.1 81.253.149.2 O23 - Service: FireDaemon Service: dll32 (dll32) - Unknown owner - c:\winnt\system32\os2\dll\packs\FireDaemon.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6033 bytes en 3:Explicatons diverses -Regfix:fallait-il un prog?car "Impossible d'importer C:\....\bureau\yugm.reg ,le fichier spécifié n'est pas un script de Registre Vous pouvez uniqt importer des fichiers du registre binaires à partir de l'éditeur du registre" -pas d'alarmes et act démarrage + rapide A+
  4. yugm
    Raison de ne pas toucher à ton prog du jour? Simplement que je n'avais pas fait le prog n-1 en entier et qu'il pouvait te manquer des infos pour continuer Si t'es d'accord pas de prob ;pour demain sans doute A+ nGu
  5. yugm
    Bonjour oGu Pour l'instant je te poste la suite du programme du 1/04/08 que je n'avais pas terminé.J'y suis arrivé avec peine car apparemment il y avais conflit au démarrage avec "Runonce.msn/Runonce2.aspx "et "www.orange.fr".A chaque fois le premier partait et j'étais obligé de changer l'adresse par "orange".Manipe que m'avait conseillé la hot line sans plus de détails.Ensuite je démarre plusieurs fois pour EScan (car déconnections en série)mais j'y arrive enfin(je tenais à avoir ton programme en parallèle) Je te poste donc le bloc -note ci-joint NB:Depuis la dernière manipe pour ESCan (environ 3 h)je n'ai pas été déconnecté.C'est peut être bon!C'est pourquoi je ne touche à ton prog du jour .(faux -je viens à nouveau d'être déconnecté) Dans l'attente de ta réponse et encore Merci Wed Apr 02 14:02:00 2008 => ********************************************************** Wed Apr 02 14:02:00 2008 => eScan AntiVirus Toolkit Utility. Wed Apr 02 14:02:00 2008 => Copyright © 2003-2004, MicroWorld Technologies Inc. Wed Apr 02 14:02:00 2008 => ********************************************************** Wed Apr 02 14:02:00 2008 => Version 4.4.7 Wed Apr 02 14:02:00 2008 => Log File: C:\KASPER~1\mwav.log Wed Apr 02 14:02:00 2008 => Latest Date of files inside MWAV: 11 Jan 2008 17:54:58. Wed Apr 02 14:02:06 2008 => AV Library Loaded... Wed Apr 02 14:02:06 2008 => Scanning File C:\KASPER~1\kavss.exe Wed Apr 02 14:02:06 2008 => Scanning File C:\KASPER~1\Getvlist.exe Wed Apr 02 14:02:07 2008 => Scanning File C:\KASPER~1\kavss.dll Wed Apr 02 14:02:07 2008 => Scanning File C:\KASPER~1\kavssdi.dll Wed Apr 02 14:02:07 2008 => Scanning File C:\KASPER~1\kavssi.dll Wed Apr 02 14:02:07 2008 => Scanning File C:\KASPER~1\kavvlg.dll Wed Apr 02 14:02:07 2008 => Scanning File C:\KASPER~1\msvlclnt.dll Wed Apr 02 14:02:07 2008 => Scanning File C:\KASPER~1\ipc.dll Wed Apr 02 14:02:07 2008 => Scanning File C:\KASPER~1\main.avi Wed Apr 02 14:02:07 2008 => Scanning File C:\KASPER~1\virus.avi Wed Apr 02 14:02:08 2008 => Virus Database Date: 2008/01/11 Wed Apr 02 14:02:08 2008 => Virus Database Count: 507730 Wed Apr 02 15:25:34 2008 => ********************************************************** Wed Apr 02 15:25:34 2008 => eScan AntiVirus Toolkit Utility. Wed Apr 02 15:25:34 2008 => Copyright © 2003-2004, MicroWorld Technologies Inc. Wed Apr 02 15:25:34 2008 => ********************************************************** Wed Apr 02 15:25:34 2008 => Version 4.4.7 Wed Apr 02 15:25:34 2008 => Log File: C:\KASPER~1\mwav.log Wed Apr 02 15:25:40 2008 => Latest Date of files inside MWAV: 02 Apr 2008 12:00:35. Wed Apr 02 15:25:55 2008 => AV Library Loaded... Wed Apr 02 15:25:55 2008 => Scanning File C:\KASPER~1\kavss.exe Wed Apr 02 15:25:55 2008 => Scanning File C:\KASPER~1\Getvlist.exe Wed Apr 02 15:25:55 2008 => Scanning File C:\KASPER~1\kavss.dll Wed Apr 02 15:25:55 2008 => Scanning File C:\KASPER~1\kavssdi.dll Wed Apr 02 15:25:55 2008 => Scanning File C:\KASPER~1\kavssi.dll Wed Apr 02 15:25:55 2008 => Scanning File C:\KASPER~1\kavvlg.dll Wed Apr 02 15:25:55 2008 => Scanning File C:\KASPER~1\msvlclnt.dll Wed Apr 02 15:25:56 2008 => Scanning File C:\KASPER~1\ipc.dll Wed Apr 02 15:25:56 2008 => Scanning File C:\KASPER~1\main.avi Wed Apr 02 15:25:56 2008 => Scanning File C:\KASPER~1\virus.avi Wed Apr 02 15:25:56 2008 => Virus Database Date: 2008/04/02 Wed Apr 02 15:25:56 2008 => Virus Database Count: 677768 Wed Apr 02 15:26:59 2008 => ********************************************************** Wed Apr 02 15:26:59 2008 => eScan AntiVirus Toolkit Utility. Wed Apr 02 15:26:59 2008 => Copyright © 2003-2004, MicroWorld Technologies Inc. Wed Apr 02 15:26:59 2008 => Wed Apr 02 15:26:59 2008 => Support: support@mwti.net Wed Apr 02 15:26:59 2008 => Web: http://www.mwti.net Wed Apr 02 15:26:59 2008 => ********************************************************** Wed Apr 02 15:26:59 2008 => Version 4.4.7 Wed Apr 02 15:26:59 2008 => Log File: C:\KASPER~1\mwav.log Wed Apr 02 15:26:59 2008 => Latest Date of files inside MWAV: 02 Apr 2008 12:00:35. Wed Apr 02 15:26:59 2008 => Options Selected by User: Wed Apr 02 15:26:59 2008 => Memory Check: Enabled Wed Apr 02 15:26:59 2008 => Registry Check: Enabled Wed Apr 02 15:26:59 2008 => StartUp Folder Check: Enabled Wed Apr 02 15:26:59 2008 => System Folder Check: Enabled Wed Apr 02 15:26:59 2008 => System Area Check: Disabled Wed Apr 02 15:26:59 2008 => Services Check: Enabled Wed Apr 02 15:26:59 2008 => Drive Check Option Disabled Wed Apr 02 15:26:59 2008 => Scanning Type: Scan And Clean Wed Apr 02 15:26:59 2008 => Folder Check: Disabled Wed Apr 02 15:26:59 2008 => ***** Scanning Memory Files ***** Wed Apr 02 15:26:59 2008 => Scanning File C:\WINDOWS\system32\services.exe Wed Apr 02 15:26:59 2008 => Scanning File C:\WINDOWS\system32\lsass.exe Wed Apr 02 15:26:59 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:26:59 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:26:59 2008 => Scanning File C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe Wed Apr 02 15:27:00 2008 => Scanning File C:\WINDOWS\Explorer.EXE Wed Apr 02 15:27:00 2008 => Scanning File C:\PROGRA~1\McAfee.com\Agent\mcagent.exe Wed Apr 02 15:27:00 2008 => Scanning File C:\WINDOWS\Explorer.EXE Wed Apr 02 15:27:00 2008 => Scanning File C:\PROGRA~1\McAfee\MSC\mcuimgr.exe Wed Apr 02 15:27:00 2008 => Scanning File C:\Kaspersky\mwavscan.com Wed Apr 02 15:27:00 2008 => Scanning File C:\Kaspersky\kavss.exe Wed Apr 02 15:27:00 2008 => ***** Scanning Registry Files ***** Wed Apr 02 15:27:00 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Wed Apr 02 15:27:00 2008 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction *** Wed Apr 02 15:27:00 2008 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**] Wed Apr 02 15:27:00 2008 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction *** Wed Apr 02 15:27:00 2008 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**] Wed Apr 02 15:27:00 2008 => Scanning File C:\WINDOWS\system32\webcheck.dll Wed Apr 02 15:27:01 2008 => Scanning File C:\WINDOWS\system32\stobject.dll Wed Apr 02 15:27:01 2008 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll Wed Apr 02 15:27:01 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects Wed Apr 02 15:27:01 2008 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Wed Apr 02 15:27:01 2008 => Scanning File C:\PROGRA~1\FICHIE~1\Adobe\Acrobat\ActiveX\ACROIE~1.DLL Wed Apr 02 15:27:01 2008 => {089FD14D-132B-48FC-8861-0048AE113215} = C:\Program Files\SiteAdvisor\6253\SiteAdv.dll Wed Apr 02 15:27:01 2008 => Scanning File C:\PROGRA~1\SITEAD~1\6253\SiteAdv.dll Wed Apr 02 15:27:01 2008 => {7DB2D5A0-7241-4E79-B68D-6309F01C5231} = C:\Program Files\McAfee\VirusScan\scriptsn.dll Wed Apr 02 15:27:01 2008 => Scanning File C:\PROGRA~1\McAfee\VIRUSS~1\scriptsn.dll Wed Apr 02 15:27:01 2008 => {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} = C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll Wed Apr 02 15:27:01 2008 => Scanning File C:\PROGRA~1\EPSON\EPSONW~1\EPSONW~1.DLL Wed Apr 02 15:27:02 2008 => EWPP = NULL Wed Apr 02 15:27:02 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Wed Apr 02 15:27:02 2008 => Scanning File C:\WINDOWS\Explorer.exe Wed Apr 02 15:27:02 2008 => Scanning File C:\WINDOWS\system32\userinit.exe Wed Apr 02 15:27:02 2008 => Scanning HKCU\Control Panel\Desktop Wed Apr 02 15:27:02 2008 => Scanning File C:\WINDOWS\System32\logon.scr Wed Apr 02 15:27:02 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wed Apr 02 15:27:02 2008 => Scanning File C:\PROGRA~1\Wanadoo\Watch.exe Wed Apr 02 15:27:02 2008 => Scanning File C:\PROGRA~1\Wanadoo\GestMaj.exe Wed Apr 02 15:27:02 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Wed Apr 02 15:27:02 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Wed Apr 02 15:27:02 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Wed Apr 02 15:27:02 2008 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wed Apr 02 15:27:02 2008 => Scanning File C:\WINDOWS\system32\ctfmon.exe Wed Apr 02 15:27:03 2008 => Scanning File C:\PROGRA~1\McAfee\MSHR\ShrCL.EXE Wed Apr 02 15:27:03 2008 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Wed Apr 02 15:27:03 2008 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Wed Apr 02 15:27:03 2008 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Wed Apr 02 15:27:03 2008 => Scanning HKCR\txtfile\shell\open\command Wed Apr 02 15:27:03 2008 => Scanning HKCR\comfile\shell\open\command Wed Apr 02 15:27:03 2008 => Scanning HKCR\exefile\shell\open\command Wed Apr 02 15:27:03 2008 => Scanning HKCR\dllfile\shell\open\command Wed Apr 02 15:27:03 2008 => Scanning HKCR\batfile\shell\open\command Wed Apr 02 15:27:03 2008 => Scanning HKCR\piffile\shell\open\command Wed Apr 02 15:27:03 2008 => Scanning HKCR\scrfile\shell\open\command Wed Apr 02 15:27:03 2008 => Replacing Registry Value Wed Apr 02 15:27:03 2008 => Scanning HKCR\scrfile\shell\config\command Wed Apr 02 15:27:03 2008 => Scanning HKCR\regfile\shell\open\command Wed Apr 02 15:27:03 2008 => Replacing Registry Value Wed Apr 02 15:27:03 2008 => ***** Scanning StartUp Folders ***** Wed Apr 02 15:27:04 2008 => ***** Scanning C:\Documents and Settings\MAHE\Accessoires\Menu Démarrer\Démarrage Folder ***** Wed Apr 02 15:27:04 2008 => Scanning Folder: C:\Documents and Settings\MAHE\Accessoires\Menu Démarrer\Démarrage\*.* Wed Apr 02 15:27:04 2008 => Scanning File C:\Documents and Settings\MAHE\Accessoires\Menu Démarrer\Démarrage\desktop.ini Wed Apr 02 15:27:04 2008 => ***** Scanning C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage Folder ***** Wed Apr 02 15:27:04 2008 => Scanning Folder: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\*.* Wed Apr 02 15:27:04 2008 => Scanning File C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\desktop.ini Wed Apr 02 15:27:04 2008 => ***** Scanning Service Files ***** Wed Apr 02 15:27:04 2008 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Wed Apr 02 15:27:04 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys Wed Apr 02 15:27:04 2008 => Scanning File C:\WINDOWS\system32\drivers\aec.sys Wed Apr 02 15:27:04 2008 => Scanning File C:\WINDOWS\System32\drivers\afd.sys Wed Apr 02 15:27:04 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\agp440.sys Wed Apr 02 15:27:05 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\alcan5wn.sys Wed Apr 02 15:27:05 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\alcaudsl.sys Wed Apr 02 15:27:05 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:05 2008 => Scanning File C:\WINDOWS\System32\alg.exe Wed Apr 02 15:27:05 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:05 2008 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Wed Apr 02 15:27:05 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys Wed Apr 02 15:27:05 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys Wed Apr 02 15:27:05 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ati2mtag.sys Wed Apr 02 15:27:06 2008 => ERROR!!! Invalid Entry System32\DRIVERS\atimtag.sys in SYSTEM\CurrentControlSet\Services\atimtag... Wed Apr 02 15:27:06 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys Wed Apr 02 15:27:06 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:06 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys Wed Apr 02 15:27:06 2008 => Scanning File C:\WINDOWS\system32\drivers\AVFilter.sys Wed Apr 02 15:27:06 2008 => Scanning File C:\WINDOWS\system32\drivers\AVHook.sys Wed Apr 02 15:27:06 2008 => Scanning File C:\WINDOWS\system32\drivers\AVRec.sys Wed Apr 02 15:27:06 2008 => ERROR!!! Invalid Entry \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys in SYSTEM\CurrentControlSet\Services\bdfdll... Wed Apr 02 15:27:06 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:06 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:07 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys Wed Apr 02 15:27:07 2008 => Scanning File C:\WINDOWS\system32\cisvc.exe Wed Apr 02 15:27:07 2008 => Scanning File C:\WINDOWS\system32\clipsrv.exe Wed Apr 02 15:27:07 2008 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Wed Apr 02 15:27:07 2008 => Scanning File C:\WINDOWS\system32\drivers\cmaudio.sys Wed Apr 02 15:27:07 2008 => Scanning File C:\WINDOWS\system32\dllhost.exe Wed Apr 02 15:27:07 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:08 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:08 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys Wed Apr 02 15:27:08 2008 => ERROR!!! Invalid Entry c:\winnt\system32\os2\dll\packs\FireDaemon.EXE in SYSTEM\CurrentControlSet\Services\dll32... Wed Apr 02 15:27:08 2008 => Scanning File C:\WINDOWS\System32\dmadmin.exe Wed Apr 02 15:27:08 2008 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys Wed Apr 02 15:27:09 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:09 2008 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys Wed Apr 02 15:27:09 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:09 2008 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys Wed Apr 02 15:27:09 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:09 2008 => Scanning File C:\WINDOWS\system32\services.exe Wed Apr 02 15:27:09 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:09 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys Wed Apr 02 15:27:10 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys Wed Apr 02 15:27:10 2008 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys Wed Apr 02 15:27:10 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys Wed Apr 02 15:27:10 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\gameenum.sys Wed Apr 02 15:27:10 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys Wed Apr 02 15:27:10 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:10 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:10 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys Wed Apr 02 15:27:11 2008 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys Wed Apr 02 15:27:11 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:11 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys Wed Apr 02 15:27:11 2008 => Scanning File C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriverT.exe Wed Apr 02 15:27:11 2008 => Scanning File C:\WINDOWS\system32\drivers\ImapiRox.sys Wed Apr 02 15:27:11 2008 => Scanning File C:\WINDOWS\system32\ImapiRox.exe Wed Apr 02 15:27:12 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\intelide.sys Wed Apr 02 15:27:12 2008 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys Wed Apr 02 15:27:12 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys Wed Apr 02 15:27:12 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys Wed Apr 02 15:27:12 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys Wed Apr 02 15:27:12 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys Wed Apr 02 15:27:12 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys Wed Apr 02 15:27:12 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys Wed Apr 02 15:27:12 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys Wed Apr 02 15:27:13 2008 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys Wed Apr 02 15:27:13 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys Wed Apr 02 15:27:13 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\L8042mou.Sys Wed Apr 02 15:27:13 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:13 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:13 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:13 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\LMouKE.Sys Wed Apr 02 15:27:13 2008 => Scanning File C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe Wed Apr 02 15:27:13 2008 => Scanning File c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe Wed Apr 02 15:27:14 2008 => Scanning File C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe Wed Apr 02 15:27:14 2008 => Scanning File c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe Wed Apr 02 15:27:14 2008 => Scanning File C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe Wed Apr 02 15:27:14 2008 => Scanning File C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe Wed Apr 02 15:27:14 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:14 2008 => Scanning File C:\WINDOWS\system32\drivers\mfeavfk.sys Wed Apr 02 15:27:14 2008 => Scanning File C:\WINDOWS\system32\drivers\mfebopk.sys Wed Apr 02 15:27:15 2008 => Scanning File C:\WINDOWS\system32\drivers\mfehidk.sys Wed Apr 02 15:27:15 2008 => Scanning File C:\WINDOWS\system32\drivers\mferkdk.sys Wed Apr 02 15:27:15 2008 => Scanning File C:\WINDOWS\system32\drivers\mfesmfk.sys Wed Apr 02 15:27:15 2008 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe Wed Apr 02 15:27:15 2008 => Scanning File C:\WINDOWS\system32\drivers\MODEMCSA.sys Wed Apr 02 15:27:15 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys Wed Apr 02 15:27:15 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mouhid.sys Wed Apr 02 15:27:15 2008 => Scanning File C:\WINDOWS\system32\Drivers\Mpfp.sys Wed Apr 02 15:27:15 2008 => Scanning File C:\PROGRA~1\McAfee\MPF\MPFSrv.exe Wed Apr 02 15:27:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys Wed Apr 02 15:27:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Wed Apr 02 15:27:17 2008 => Scanning File C:\WINDOWS\System32\msdtc.exe Wed Apr 02 15:27:17 2008 => Scanning File C:\WINDOWS\system32\msiexec.exe Wed Apr 02 15:27:17 2008 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys Wed Apr 02 15:27:17 2008 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys Wed Apr 02 15:27:17 2008 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys Wed Apr 02 15:27:17 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys Wed Apr 02 15:27:17 2008 => Scanning File C:\WINDOWS\system32\drivers\msmpu401.sys Wed Apr 02 15:27:17 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys Wed Apr 02 15:27:17 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys Wed Apr 02 15:27:18 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys Wed Apr 02 15:27:18 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys Wed Apr 02 15:27:18 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys Wed Apr 02 15:27:18 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys Wed Apr 02 15:27:18 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys Wed Apr 02 15:27:19 2008 => Scanning File C:\WINDOWS\system32\netdde.exe Wed Apr 02 15:27:19 2008 => Scanning File C:\WINDOWS\system32\netdde.exe Wed Apr 02 15:27:19 2008 => Scanning File C:\WINDOWS\system32\lsass.exe Wed Apr 02 15:27:19 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:19 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:19 2008 => Scanning File C:\WINDOWS\system32\lsass.exe Wed Apr 02 15:27:19 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:19 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys Wed Apr 02 15:27:20 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nv4_mini.sys Wed Apr 02 15:27:20 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys Wed Apr 02 15:27:20 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys Wed Apr 02 15:27:20 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys Wed Apr 02 15:27:21 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnknb.sys Wed Apr 02 15:27:21 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys Wed Apr 02 15:27:21 2008 => Scanning File C:\WINDOWS\system32\drivers\PalmUSBD.sys Wed Apr 02 15:27:21 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys Wed Apr 02 15:27:21 2008 => ERROR!!! Invalid Entry \??\C:\WINDOWS\system32\PCAMPR5.SYS in SYSTEM\CurrentControlSet\Services\PCAMPR5... Wed Apr 02 15:27:21 2008 => Scanning File C:\WINDOWS\SYSTEM32\PCANDIS5.SYS Wed Apr 02 15:27:21 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys Wed Apr 02 15:27:21 2008 => ERROR!!! Invalid Entry "C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe" in SYSTEM\CurrentControlSet\Services\PCTAVSvc... Wed Apr 02 15:27:21 2008 => Scanning File C:\WINDOWS\system32\services.exe Wed Apr 02 15:27:21 2008 => Scanning File C:\WINDOWS\system32\lsass.exe Wed Apr 02 15:27:21 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\lsass.exe Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\Drivers\PxHelp20.sys Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys Wed Apr 02 15:27:22 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys Wed Apr 02 15:27:23 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys Wed Apr 02 15:27:23 2008 => Scanning File C:\WINDOWS\system32\sessmgr.exe Wed Apr 02 15:27:23 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\RecAgent.sys Wed Apr 02 15:27:23 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys Wed Apr 02 15:27:23 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:23 2008 => Scanning File C:\WINDOWS\system32\locator.exe Wed Apr 02 15:27:23 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:23 2008 => Scanning File C:\WINDOWS\system32\rsvp.exe Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\system32\lsass.exe Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys Wed Apr 02 15:27:24 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys Wed Apr 02 15:27:25 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:25 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:25 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\slntamr.sys Wed Apr 02 15:27:25 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\Slnthal.sys Wed Apr 02 15:27:25 2008 => Scanning File C:\WINDOWS\system32\slserv.exe Wed Apr 02 15:27:25 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys Wed Apr 02 15:27:26 2008 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys Wed Apr 02 15:27:26 2008 => Scanning File C:\WINDOWS\system32\spoolsv.exe Wed Apr 02 15:27:26 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys Wed Apr 02 15:27:26 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:26 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys Wed Apr 02 15:27:26 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:26 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\serscan.sys Wed Apr 02 15:27:26 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:26 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\system32\dllhost.exe Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\system32\smlogsvc.exe Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:27 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\System32\ups.exe Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\usbccgp.sys Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\System32\drivers\vga.sys Wed Apr 02 15:27:28 2008 => Scanning File C:\WINDOWS\System32\vssvc.exe Wed Apr 02 15:27:29 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:29 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys Wed Apr 02 15:27:29 2008 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys Wed Apr 02 15:27:29 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:29 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:29 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:29 2008 => Scanning File C:\WINDOWS\system32\wbem\wmiapsrv.exe Wed Apr 02 15:27:30 2008 => Scanning File C:\PROGRA~1\WINDOW~3\WMPNetwk.exe Wed Apr 02 15:27:30 2008 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys Wed Apr 02 15:27:30 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:30 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:30 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\WudfPf.sys Wed Apr 02 15:27:30 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:27:30 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:30 2008 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Apr 02 15:27:30 2008 => ***** Scanning System32 Folders ***** Wed Apr 02 15:27:30 2008 => Scanning C:\WINDOWS Directory Wed Apr 02 15:27:30 2008 => Scanning Folder: C:\WINDOWS\*.* Wed Apr 02 15:27:32 2008 => Scanning File C:\WINDOWS\0.log [**] Wed Apr 02 15:27:32 2008 => Scanning File C:\WINDOWS\002376_.tmp Wed Apr 02 15:27:32 2008 => Scanning File C:\WINDOWS\002386_.tmp Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\ACROREAD.INI Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\ajzedll.exe [**] Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\ajzeenc.exe [**] Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\ban.dat Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\bootstat.dat Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\CDE DX4000EFDG.ini Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\cdplayer.ini Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\CFindUninst.exe Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\CGLLIOPM.ini Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\clock.avi Wed Apr 02 15:27:33 2008 => Scanning File C:\WINDOWS\cmaudio.dat Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\cmijack.dat Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\cmuninst.dat Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\cmuninst.exe Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\control.ini [**] Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\desktop.ini Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\EPSMTL32.TXT Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\err.txt Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\EventSystem.log Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\explorer.exe Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\explorer.scf Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\FSAVUNIN.MIF Wed Apr 02 15:27:34 2008 => Scanning File C:\WINDOWS\FSMAUNIN.MIF Wed Apr 02 15:27:35 2008 => Scanning File C:\WINDOWS\FSWSS.MIF Wed Apr 02 15:27:35 2008 => Scanning File C:\WINDOWS\hh.exe Wed Apr 02 15:27:35 2008 => Scanning File C:\WINDOWS\ieuninst.exe Wed Apr 02 15:27:35 2008 => Scanning File C:\WINDOWS\ImpotRevenu.ini Wed Apr 02 15:27:35 2008 => Scanning File C:\WINDOWS\irPreferredFolders.ini Wed Apr 02 15:27:35 2008 => Scanning File C:\WINDOWS\ISSM0065.DAT Wed Apr 02 15:27:35 2008 => Scanning File C:\WINDOWS\IsUn040c.exe Wed Apr 02 15:27:35 2008 => Scanning File C:\WINDOWS\IsUninst.exe Wed Apr 02 15:27:36 2008 => Scanning File C:\WINDOWS\jautoexp.dat Wed Apr 02 15:27:36 2008 => Scanning File C:\WINDOWS\lu.dat Wed Apr 02 15:27:36 2008 => Scanning File C:\WINDOWS\lupd.dat Wed Apr 02 15:27:36 2008 => Scanning File C:\WINDOWS\mixer.exe Wed Apr 02 15:27:37 2008 => Scanning File C:\WINDOWS\mixerdef.ini Wed Apr 02 15:27:37 2008 => Scanning File C:\WINDOWS\ModemLog_Smart Link 56K Voice Modem #2.txt Wed Apr 02 15:27:37 2008 => Scanning File C:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt Wed Apr 02 15:27:37 2008 => Scanning File C:\WINDOWS\mozver.dat Wed Apr 02 15:27:37 2008 => Scanning File C:\WINDOWS\msdfmap.ini Wed Apr 02 15:27:37 2008 => Scanning File C:\WINDOWS\muninst.exe Wed Apr 02 15:27:37 2008 => Scanning File C:\WINDOWS\MyPhotosNow Screen Saver.FR Wed Apr 02 15:27:37 2008 => Scanning File C:\WINDOWS\MyPhotosNow Screen Saver.SCR Wed Apr 02 15:27:38 2008 => Scanning File C:\WINDOWS\Nero PhotoShow.scr Wed Apr 02 15:27:38 2008 => Scanning File C:\WINDOWS\notepad.exe Wed Apr 02 15:27:38 2008 => Scanning File C:\WINDOWS\nsreg.dat Wed Apr 02 15:27:38 2008 => Scanning File C:\WINDOWS\NSUninst.exe Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\ntbtlog.txt Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\nui.dat Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\nxui.dat Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\ODBC.INI Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\ODBCINST.INI Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\oeuninst.exe Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\ofxnm.dat Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\OpPrintServer.INI [**] Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\opuc.dll Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\P2kRotate.ini [**] Wed Apr 02 15:27:39 2008 => Scanning File C:\WINDOWS\POCE98.DLL Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\POCELANG.DLL Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\PROTOCOL.INI [**] Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\Q330994.exe Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\QTFont.for Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\QTFont.qfn Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\QuickInstall.INI [**] Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\regedit.exe Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\REGLOCS.OLD Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\SchedLgU.Txt Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\SET3.tmp Wed Apr 02 15:27:40 2008 => Scanning File C:\WINDOWS\SET51.tmp Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\SET52.tmp Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\SET54.tmp Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\SET5E.tmp Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\SET60.tmp Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\SET7.tmp Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\setdebug.exe Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\setupapi.log.0.old Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\setupapi.old Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\sfwv.dat Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\sfxnm.dat Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\slrundll.exe Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\Sti_Trace.log [**] Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\System.ini Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\taskman.exe Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\TEMPIadHide3.dll Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\tfxnm.dat Wed Apr 02 15:27:41 2008 => Scanning File C:\WINDOWS\Thumbs.db Wed Apr 02 15:27:42 2008 => Scanning File C:\WINDOWS\twain.dll Wed Apr 02 15:27:42 2008 => Scanning File C:\WINDOWS\twain_32.dll Wed Apr 02 15:27:42 2008 => Scanning File C:\WINDOWS\twunk_16.exe Wed Apr 02 15:27:42 2008 => Scanning File C:\WINDOWS\twunk_32.exe Wed Apr 02 15:27:42 2008 => Scanning File C:\WINDOWS\uid.dat Wed Apr 02 15:27:42 2008 => Scanning File C:\WINDOWS\uid24.key Wed Apr 02 15:27:42 2008 => Scanning File C:\WINDOWS\uid32.key Wed Apr 02 15:27:42 2008 => Scanning File C:\WINDOWS\uneng.exe Wed Apr 02 15:27:42 2008 => Scanning File C:\WINDOWS\uninst.exe Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\UPGRADE.TXT Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\vb.ini Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\vbaddin.ini Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\vmmreg32.dll Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\wiadebug.log Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\wiaservc.log Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\win.ini Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\WindowsShell.Manifest Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\WindowsUpdate.log Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\winhelp.exe Wed Apr 02 15:27:43 2008 => Scanning File C:\WINDOWS\winhlp32.exe Wed Apr 02 15:27:44 2008 => Scanning File C:\WINDOWS\wininit.ini Wed Apr 02 15:27:44 2008 => Scanning File C:\WINDOWS\winnt.bmp Wed Apr 02 15:27:44 2008 => Scanning File C:\WINDOWS\winnt256.bmp Wed Apr 02 15:27:44 2008 => Scanning File C:\WINDOWS\WMSysPr9.prx Wed Apr 02 15:27:44 2008 => Scanning File C:\WINDOWS\WMSysPrx.prx Wed Apr 02 15:27:44 2008 => Scanning File C:\WINDOWS\WRServices.dll Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\_default.pif Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\~GLC0000.TMP Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\~GLC0001.TMP Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\~GLC0002.TMP Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\~GLC0003.TMP Wed Apr 02 15:27:45 2008 => Scanning C:\WINDOWS\system32 Directory Wed Apr 02 15:27:45 2008 => Scanning Folder: C:\WINDOWS\system32\*.* Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\system32\$winnt$.inf Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\system32\12520437.cpx Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\system32\12520850.cpx Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\system32\6to4svc.dll Wed Apr 02 15:27:45 2008 => Scanning File C:\WINDOWS\system32\a15.tbl Wed Apr 02 15:27:46 2008 => Scanning File C:\WINDOWS\system32\a234.tbl Wed Apr 02 15:27:46 2008 => Scanning File C:\WINDOWS\system32\a3d.dll Wed Apr 02 15:27:46 2008 => Scanning File C:\WINDOWS\system32\aaaamon.dll Wed Apr 02 15:27:46 2008 => Scanning File C:\WINDOWS\system32\access.cpl Wed Apr 02 15:27:46 2008 => Scanning File C:\WINDOWS\system32\acctres.dll Wed Apr 02 15:27:46 2008 => Scanning File C:\WINDOWS\system32\accwiz.exe Wed Apr 02 15:27:46 2008 => Scanning File C:\WINDOWS\system32\acelpdec.ax Wed Apr 02 15:27:46 2008 => Scanning File C:\WINDOWS\system32\acledit.dll Wed Apr 02 15:27:47 2008 => Scanning File C:\WINDOWS\system32\aclui.dll Wed Apr 02 15:27:47 2008 => Scanning File C:\WINDOWS\system32\acode.tbl Wed Apr 02 15:27:47 2008 => Scanning File C:\WINDOWS\system32\activeds.dll Wed Apr 02 15:27:47 2008 => Scanning File C:\WINDOWS\system32\activeds.tlb Wed Apr 02 15:27:47 2008 => Scanning File C:\WINDOWS\system32\actmovie.exe Wed Apr 02 15:27:47 2008 => Scanning File C:\WINDOWS\system32\actxprxy.dll Wed Apr 02 15:27:47 2008 => Scanning File C:\WINDOWS\system32\admparse.dll Wed Apr 02 15:27:47 2008 => Scanning File C:\WINDOWS\system32\adptif.dll Wed Apr 02 15:27:48 2008 => Scanning File C:\WINDOWS\system32\adsldp.dll Wed Apr 02 15:27:48 2008 => Scanning File C:\WINDOWS\system32\adsldpc.dll Wed Apr 02 15:27:48 2008 => Scanning File C:\WINDOWS\system32\adsmsext.dll Wed Apr 02 15:27:48 2008 => Scanning File C:\WINDOWS\system32\adsnt.dll Wed Apr 02 15:27:48 2008 => Scanning File C:\WINDOWS\system32\advapi32.dll Wed Apr 02 15:27:48 2008 => Scanning File C:\WINDOWS\system32\advpack.dll Wed Apr 02 15:27:48 2008 => Scanning File C:\WINDOWS\system32\advpack.dll.mui Wed Apr 02 15:27:48 2008 => Scanning File C:\WINDOWS\system32\ahui.exe Wed Apr 02 15:27:49 2008 => Scanning File C:\WINDOWS\system32\alg.exe Wed Apr 02 15:27:49 2008 => Scanning File C:\WINDOWS\system32\alrsvc.dll Wed Apr 02 15:27:49 2008 => Scanning File C:\WINDOWS\system32\amcompat.tlb Wed Apr 02 15:27:49 2008 => Scanning File C:\WINDOWS\system32\amstream.dll Wed Apr 02 15:27:49 2008 => Scanning File C:\WINDOWS\system32\ansi.sys Wed Apr 02 15:27:49 2008 => Scanning File C:\WINDOWS\system32\apatch.ocx Wed Apr 02 15:27:49 2008 => Scanning File C:\WINDOWS\system32\apcups.dll Wed Apr 02 15:27:49 2008 => Scanning File C:\WINDOWS\system32\append.exe Wed Apr 02 15:27:50 2008 => Scanning File C:\WINDOWS\system32\apphelp.dll Wed Apr 02 15:27:50 2008 => Scanning File C:\WINDOWS\system32\appwiz.cpl Wed Apr 02 15:27:50 2008 => Scanning File C:\WINDOWS\system32\arp.exe Wed Apr 02 15:27:50 2008 => Scanning File C:\WINDOWS\system32\arphr.tbl Wed Apr 02 15:27:50 2008 => Scanning File C:\WINDOWS\system32\arptr.tbl Wed Apr 02 15:27:50 2008 => Scanning File C:\WINDOWS\system32\array30.tab Wed Apr 02 15:27:50 2008 => Scanning File C:\WINDOWS\system32\arrayhw.tab Wed Apr 02 15:27:50 2008 => Scanning File C:\WINDOWS\system32\asctrls.ocx Wed Apr 02 15:27:50 2008 => Scanning File C:\WINDOWS\system32\asferror.dll Wed Apr 02 15:27:51 2008 => Scanning File C:\WINDOWS\system32\asfsipc.dll Wed Apr 02 15:27:51 2008 => Scanning File C:\WINDOWS\system32\asycfilt.dll Wed Apr 02 15:27:51 2008 => Scanning File C:\WINDOWS\system32\at.exe Wed Apr 02 15:27:51 2008 => Scanning File C:\WINDOWS\system32\ati2cqag.dll Wed Apr 02 15:27:51 2008 => Scanning File C:\WINDOWS\system32\ati2dvaa.dll Wed Apr 02 15:27:51 2008 => Scanning File C:\WINDOWS\system32\ati2dvag.dll Wed Apr 02 15:27:52 2008 => Scanning File C:\WINDOWS\system32\ati3d1ag.dll Wed Apr 02 15:27:52 2008 => Scanning File C:\WINDOWS\system32\ati3duag.dll Wed Apr 02 15:27:52 2008 => Scanning File C:\WINDOWS\system32\ativdaxx.ax Wed Apr 02 15:27:52 2008 => Scanning File C:\WINDOWS\system32\ativmvxx.ax Wed Apr 02 15:27:52 2008 => Scanning File C:\WINDOWS\system32\ativtmxx.dll Wed Apr 02 15:27:52 2008 => Scanning File C:\WINDOWS\system32\ativvaxx.dll Wed Apr 02 15:27:53 2008 => Scanning File C:\WINDOWS\system32\atkctrs.dll Wed Apr 02 15:27:53 2008 => Scanning File C:\WINDOWS\system32\atl.dll Wed Apr 02 15:27:53 2008 => Scanning File C:\WINDOWS\system32\atl71.dll Wed Apr 02 15:27:53 2008 => Scanning File C:\WINDOWS\system32\atmadm.exe Wed Apr 02 15:27:53 2008 => Scanning File C:\WINDOWS\system32\atmfd.dll Wed Apr 02 15:27:53 2008 => Scanning File C:\WINDOWS\system32\atmlib.dll Wed Apr 02 15:27:54 2008 => Scanning File C:\WINDOWS\system32\atmpvcno.dll Wed Apr 02 15:27:54 2008 => Scanning File C:\WINDOWS\system32\atrace.dll Wed Apr 02 15:27:54 2008 => Scanning File C:\WINDOWS\system32\attrib.exe Wed Apr 02 15:27:54 2008 => Scanning File C:\WINDOWS\system32\Audio3D.dll Wed Apr 02 15:27:54 2008 => Scanning File C:\WINDOWS\system32\audiodev.dll Wed Apr 02 15:27:54 2008 => Scanning File C:\WINDOWS\system32\audiosrv.dll Wed Apr 02 15:27:54 2008 => Scanning File C:\WINDOWS\system32\auditusr.exe Wed Apr 02 15:27:54 2008 => Scanning File C:\WINDOWS\system32\authz.dll Wed Apr 02 15:27:55 2008 => Scanning File C:\WINDOWS\system32\autochk.exe Wed Apr 02 15:27:55 2008 => Scanning File C:\WINDOWS\system32\autoconv.exe Wed Apr 02 15:27:55 2008 => Scanning File C:\WINDOWS\system32\autodisc.dll Wed Apr 02 15:27:55 2008 => Scanning File C:\WINDOWS\system32\autofmt.exe Wed Apr 02 15:27:56 2008 => Scanning File C:\WINDOWS\system32\autolfn.exe Wed Apr 02 15:27:56 2008 => Scanning File C:\WINDOWS\system32\avicap.dll Wed Apr 02 15:27:56 2008 => Scanning File C:\WINDOWS\system32\avicap32.dll Wed Apr 02 15:27:56 2008 => Scanning File C:\WINDOWS\system32\avifil32.dll Wed Apr 02 15:27:56 2008 => Scanning File C:\WINDOWS\system32\avifile.dll Wed Apr 02 15:27:56 2008 => Scanning File C:\WINDOWS\system32\avmeter.dll Wed Apr 02 15:27:56 2008 => Scanning File C:\WINDOWS\system32\avtapi.dll Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\avwav.dll Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\basesrv.dll Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\batmeter.dll Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\batt.dll Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\BDEADMIN.CPL Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\bdod.bin Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\bidispl.dll Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\big5.nls Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\bios1.rom Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\bios4.rom Wed Apr 02 15:27:57 2008 => Scanning File C:\WINDOWS\system32\bitsprx2.dll Wed Apr 02 15:27:58 2008 => Scanning File C:\WINDOWS\system32\bitsprx3.dll Wed Apr 02 15:27:58 2008 => Scanning File C:\WINDOWS\system32\blackbox.dll Wed Apr 02 15:27:58 2008 => Scanning File C:\WINDOWS\system32\blastcln.exe Wed Apr 02 15:27:58 2008 => Scanning File C:\WINDOWS\system32\bootok.exe Wed Apr 02 15:27:58 2008 => Scanning File C:\WINDOWS\system32\bootvid.dll Wed Apr 02 15:27:58 2008 => Scanning File C:\WINDOWS\system32\bootvrfy.exe Wed Apr 02 15:27:58 2008 => Scanning File C:\WINDOWS\system32\bopomofo.nls Wed Apr 02 15:27:58 2008 => Scanning File C:\WINDOWS\system32\browselc.dll Wed Apr 02 15:27:59 2008 => Scanning File C:\WINDOWS\system32\browser.dll Wed Apr 02 15:27:59 2008 => Scanning File C:\WINDOWS\system32\browseui(2).dll Wed Apr 02 15:27:59 2008 => Scanning File C:\WINDOWS\system32\browseui.dll Wed Apr 02 15:27:59 2008 => Scanning File C:\WINDOWS\system32\browsewm.dll Wed Apr 02 15:27:59 2008 => Scanning File C:\WINDOWS\system32\bthci.dll Wed Apr 02 15:27:59 2008 => Scanning File C:\WINDOWS\system32\bthprops.cpl Wed Apr 02 15:27:59 2008 => Scanning File C:\WINDOWS\system32\bthserv.dll Wed Apr 02 15:27:59 2008 => Scanning File C:\WINDOWS\system32\btpanui.dll Wed Apr 02 15:28:00 2008 => Scanning File C:\WINDOWS\system32\bubbles-ke2.ico Wed Apr 02 15:28:00 2008 => Scanning File C:\WINDOWS\system32\bubbles-ki.ico Wed Apr 02 15:28:00 2008 => Scanning File C:\WINDOWS\system32\BUTTER~1.log Wed Apr 02 15:28:00 2008 => Scanning File C:\WINDOWS\system32\cabinet.dll Wed Apr 02 15:28:00 2008 => Scanning File C:\WINDOWS\system32\cabview.dll Wed Apr 02 15:28:00 2008 => Scanning File C:\WINDOWS\system32\cacls.exe Wed Apr 02 15:28:00 2008 => Scanning File C:\WINDOWS\system32\camocx.dll Wed Apr 02 15:28:00 2008 => Scanning File C:\WINDOWS\system32\capesnpn.dll Wed Apr 02 15:28:00 2008 => Scanning File C:\WINDOWS\system32\capicom.dll Wed Apr 02 15:28:01 2008 => Scanning File C:\WINDOWS\system32\cards.dll Wed Apr 02 15:28:01 2008 => Scanning File C:\WINDOWS\system32\catsrv.dll Wed Apr 02 15:28:01 2008 => Scanning File C:\WINDOWS\system32\catsrvps.dll Wed Apr 02 15:28:01 2008 => Scanning File C:\WINDOWS\system32\catsrvut.dll Wed Apr 02 15:28:01 2008 => Scanning File C:\WINDOWS\system32\ccfgnt.dll Wed Apr 02 15:28:01 2008 => Scanning File C:\WINDOWS\system32\ccrpftv6.ocx Wed Apr 02 15:28:02 2008 => Scanning File C:\WINDOWS\system32\cdfview.dll Wed Apr 02 15:28:02 2008 => Scanning File C:\WINDOWS\system32\cdm.dll Wed Apr 02 15:28:02 2008 => Scanning File C:\WINDOWS\system32\cdmodem.dll Wed Apr 02 15:28:02 2008 => Scanning File C:\WINDOWS\system32\cdosys.dll Wed Apr 02 15:28:02 2008 => Scanning File C:\WINDOWS\system32\cdplayer.exe.manifest Wed Apr 02 15:28:02 2008 => Scanning File C:\WINDOWS\system32\cdral.dll Wed Apr 02 15:28:02 2008 => Scanning File C:\WINDOWS\system32\cdrtc.dll Wed Apr 02 15:28:03 2008 => Scanning File C:\WINDOWS\system32\certcli.dll Wed Apr 02 15:28:03 2008 => Scanning File C:\WINDOWS\system32\certmgr.dll Wed Apr 02 15:28:03 2008 => Scanning File C:\WINDOWS\system32\certmgr.msc Wed Apr 02 15:28:03 2008 => Scanning File C:\WINDOWS\system32\cewmdm.dll Wed Apr 02 15:28:03 2008 => Scanning File C:\WINDOWS\system32\cfgbkend.dll Wed Apr 02 15:28:03 2008 => Scanning File C:\WINDOWS\system32\cfgmgr32.dll Wed Apr 02 15:28:03 2008 => Scanning File C:\WINDOWS\system32\chajei.ime Wed Apr 02 15:28:04 2008 => Scanning File C:\WINDOWS\system32\Chaînes.scf Wed Apr 02 15:28:04 2008 => Scanning File C:\WINDOWS\system32\chcp.com Wed Apr 02 15:28:04 2008 => Scanning File C:\WINDOWS\system32\chkdsk.exe Wed Apr 02 15:28:04 2008 => Scanning File C:\WINDOWS\system32\chkntfs.exe Wed Apr 02 15:28:04 2008 => Scanning File C:\WINDOWS\system32\chsbrkr.dll Wed Apr 02 15:28:04 2008 => Scanning File C:\WINDOWS\system32\chtbrkr.dll Wed Apr 02 15:28:04 2008 => Scanning File C:\WINDOWS\system32\ciadmin.dll Wed Apr 02 15:28:04 2008 => Scanning File C:\WINDOWS\system32\ciadv.msc Wed Apr 02 15:28:04 2008 => Scanning File C:\WINDOWS\system32\cic.dll Wed Apr 02 15:28:05 2008 => Scanning File C:\WINDOWS\system32\cidaemon.exe Wed Apr 02 15:28:05 2008 => Scanning File C:\WINDOWS\system32\ciodm.dll Wed Apr 02 15:28:05 2008 => Scanning File C:\WINDOWS\system32\cisvc.exe Wed Apr 02 15:28:05 2008 => Scanning File C:\WINDOWS\system32\ckcnv.exe Wed Apr 02 15:28:05 2008 => Scanning File C:\WINDOWS\system32\clb.dll Wed Apr 02 15:28:05 2008 => Scanning File C:\WINDOWS\system32\clbcatex.dll Wed Apr 02 15:28:05 2008 => Scanning File C:\WINDOWS\system32\clbcatq.dll Wed Apr 02 15:28:05 2008 => Scanning File C:\WINDOWS\system32\cleanmgr.exe Wed Apr 02 15:28:05 2008 => Scanning File C:\WINDOWS\system32\cliconf.chm Wed Apr 02 15:28:07 2008 => Scanning File C:\WINDOWS\system32\cliconfg.dll Wed Apr 02 15:28:07 2008 => Scanning File C:\WINDOWS\system32\cliconfg.exe Wed Apr 02 15:28:07 2008 => Scanning File C:\WINDOWS\system32\cliconfg.rll Wed Apr 02 15:28:08 2008 => Scanning File C:\WINDOWS\system32\clipsrv.exe Wed Apr 02 15:28:08 2008 => Scanning File C:\WINDOWS\system32\clspack.exe Wed Apr 02 15:28:08 2008 => Scanning File C:\WINDOWS\system32\clusapi.dll Wed Apr 02 15:28:08 2008 => Scanning File C:\WINDOWS\system32\cmcfg32.dll Wed Apr 02 15:28:08 2008 => Scanning File C:\WINDOWS\system32\cmd.exe Wed Apr 02 15:28:08 2008 => Scanning File C:\WINDOWS\system32\cmdial32.dll Wed Apr 02 15:28:09 2008 => Scanning File C:\WINDOWS\system32\cmdl32.exe Wed Apr 02 15:28:09 2008 => Scanning File C:\WINDOWS\system32\cmmgr32.hlp Wed Apr 02 15:28:09 2008 => Scanning File C:\WINDOWS\system32\cmmon32.exe Wed Apr 02 15:28:09 2008 => Scanning File C:\WINDOWS\system32\cmnprop.dll Wed Apr 02 15:28:09 2008 => Scanning File C:\WINDOWS\system32\cmos.ram Wed Apr 02 15:28:09 2008 => Scanning File C:\WINDOWS\system32\cmpbk32.dll Wed Apr 02 15:28:09 2008 => Scanning File C:\WINDOWS\system32\cmprops.dll Wed Apr 02 15:28:09 2008 => Scanning File C:\WINDOWS\system32\cmsetACL.dll Wed Apr 02 15:28:09 2008 => Scanning File C:\WINDOWS\system32\cmstp.exe Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\cmutil.dll Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\CNBJHLP2.CNT Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\CNBJHLP2.GID Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\CNBJHLP2.HLP Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\cnbjmon.dll Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\CNBJMON2.DLL Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\cnetcfg.dll Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\cnvfat.dll Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\coh.cache Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\colbact.dll Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\comaddin.dll Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\comcat.dll Wed Apr 02 15:28:10 2008 => Scanning File C:\WINDOWS\system32\comct232.ocx Wed Apr 02 15:28:11 2008 => Scanning File C:\WINDOWS\system32\comctl32.dll Wed Apr 02 15:28:11 2008 => Scanning File C:\WINDOWS\system32\COMCTL32.OCA Wed Apr 02 15:28:11 2008 => Scanning File C:\WINDOWS\system32\comctl32.ocx Wed Apr 02 15:28:11 2008 => Scanning File C:\WINDOWS\system32\comdlg32.dll Wed Apr 02 15:28:11 2008 => Scanning File C:\WINDOWS\system32\COMDLG32.OCA Wed Apr 02 15:28:11 2008 => Scanning File C:\WINDOWS\system32\comdlg32.ocx Wed Apr 02 15:28:11 2008 => Scanning File C:\WINDOWS\system32\comm.drv Wed Apr 02 15:28:11 2008 => Scanning File C:\WINDOWS\system32\command.com Wed Apr 02 15:28:12 2008 => Scanning File C:\WINDOWS\system32\commdlg.dll Wed Apr 02 15:28:12 2008 => Scanning File C:\WINDOWS\system32\comp.exe Wed Apr 02 15:28:12 2008 => Scanning File C:\WINDOWS\system32\compact.exe Wed Apr 02 15:28:12 2008 => Scanning File C:\WINDOWS\system32\compatUI.dll Wed Apr 02 15:28:12 2008 => Scanning File C:\WINDOWS\system32\compmgmt.msc Wed Apr 02 15:28:12 2008 => Scanning File C:\WINDOWS\system32\compobj.dll Wed Apr 02 15:28:12 2008 => Scanning File C:\WINDOWS\system32\compstui.dll Wed Apr 02 15:28:12 2008 => Scanning File C:\WINDOWS\system32\comrepl.dll Wed Apr 02 15:28:13 2008 => Scanning File C:\WINDOWS\system32\comres.dll Wed Apr 02 15:28:13 2008 => Scanning File C:\WINDOWS\system32\comsnap.dll Wed Apr 02 15:28:13 2008 => Scanning File C:\WINDOWS\system32\comsvcs.dll Wed Apr 02 15:28:13 2008 => Scanning File C:\WINDOWS\system32\comuid.dll Wed Apr 02 15:28:13 2008 => Scanning File C:\WINDOWS\system32\Config.MPF Wed Apr 02 15:28:13 2008 => Scanning File C:\WINDOWS\system32\CONFIG.NT Wed Apr 02 15:28:13 2008 => Scanning File C:\WINDOWS\system32\CONFIG.TMP Wed Apr 02 15:28:13 2008 => Scanning File C:\WINDOWS\system32\confmsp.dll Wed Apr 02 15:28:14 2008 => Scanning File C:\WINDOWS\system32\conime.exe Wed Apr 02 15:28:14 2008 => Scanning File C:\WINDOWS\system32\console.dll Wed Apr 02 15:28:14 2008 => Scanning File C:\WINDOWS\system32\control.exe Wed Apr 02 15:28:14 2008 => Scanning File C:\WINDOWS\system32\convert.exe Wed Apr 02 15:28:14 2008 => Scanning File C:\WINDOWS\system32\corpol.dll Wed Apr 02 15:28:14 2008 => Scanning File C:\WINDOWS\system32\country.sys Wed Apr 02 15:28:14 2008 => Scanning File C:\WINDOWS\system32\credui.dll Wed Apr 02 15:28:14 2008 => Scanning File C:\WINDOWS\system32\crtdll.dll Wed Apr 02 15:28:15 2008 => Scanning File C:\WINDOWS\system32\crypt32(2).dll Wed Apr 02 15:28:15 2008 => Scanning File C:\WINDOWS\system32\crypt32.dll Wed Apr 02 15:28:15 2008 => Scanning File C:\WINDOWS\system32\cryptdlg.dll Wed Apr 02 15:28:15 2008 => Scanning File C:\WINDOWS\system32\cryptdll.dll Wed Apr 02 15:28:15 2008 => Scanning File C:\WINDOWS\system32\cryptext.dll Wed Apr 02 15:28:15 2008 => Scanning File C:\WINDOWS\system32\cryptnet.dll Wed Apr 02 15:28:15 2008 => Scanning File C:\WINDOWS\system32\cryptsvc.dll Wed Apr 02 15:28:15 2008 => Scanning File C:\WINDOWS\system32\cryptui.dll Wed Apr 02 15:28:15 2008 => Scanning File C:\WINDOWS\system32\cscdll.dll Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\cscript.exe Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\cscui.dll Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\csrsrv.dll Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\csrss.exe Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\csseqchk.dll Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\ctfmon.exe Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\ctl3d32.dll Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\ctl3dv2.dll Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\ctype.nls Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\cygregex.dll Wed Apr 02 15:28:16 2008 => Scanning File C:\WINDOWS\system32\cygwin1.dll Wed Apr 02 15:28:17 2008 => Scanning File C:\WINDOWS\system32\c_037.nls Wed Apr 02 15:28:17 2008 => Scanning File C:\WINDOWS\system32\c_10000.nls Wed Apr 02 15:28:17 2008 => Scanning File C:\WINDOWS\system32\c_10001.nls Wed Apr 02 15:28:17 2008 => Scanning File C:\WINDOWS\system32\c_10002.nls Wed Apr 02 15:28:17 2008 => Scanning File C:\WINDOWS\system32\c_10003.nls Wed Apr 02 15:28:17 2008 => Scanning File C:\WINDOWS\system32\c_10006.nls Wed Apr 02 15:28:17 2008 => Scanning File C:\WINDOWS\system32\c_10007.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_10008.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_10010.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_10017.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_10029.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_10079.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_10081.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_10082.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1026.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1250.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1251.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1252.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1253.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1254.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1255.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1256.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1257.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1258.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_1361.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_20000.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_20127.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_20261.nls Wed Apr 02 15:28:18 2008 => Scanning File C:\WINDOWS\system32\c_20290.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_20866.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_20905.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_20932.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_20936.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_20949.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_21027.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_21866.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_28591.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_28592.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_28593.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\C_28594.NLS Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\C_28595.NLS Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\C_28597.NLS Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_28598.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_28599.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_28603.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_28605.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_437.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_500.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_737.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_775.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_850.nls Wed Apr 02 15:28:19 2008 => Scanning File C:\WINDOWS\system32\c_852.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_855.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_857.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_860.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_861.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_863.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_865.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_866.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_869.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_874.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_875.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_932.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_936.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_949.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_950.nls Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_g18030.dll Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\c_is2022.dll Wed Apr 02 15:28:20 2008 => Scanning File C:\WINDOWS\system32\d3d8.dll Wed Apr 02 15:28:21 2008 => Scanning File C:\WINDOWS\system32\d3d8thk.dll Wed Apr 02 15:28:21 2008 => Scanning File C:\WINDOWS\system32\d3d9.dll Wed Apr 02 15:28:21 2008 => Scanning File C:\WINDOWS\system32\d3dim.dll Wed Apr 02 15:28:21 2008 => Scanning File C:\WINDOWS\system32\d3dim700.dll Wed Apr 02 15:28:22 2008 => Scanning File C:\WINDOWS\system32\d3dpmesh.dll Wed Apr 02 15:28:22 2008 => Scanning File C:\WINDOWS\system32\d3dramp.dll Wed Apr 02 15:28:22 2008 => Scanning File C:\WINDOWS\system32\d3drm.dll Wed Apr 02 15:28:23 2008 => Scanning File C:\WINDOWS\system32\d3dxof.dll Wed Apr 02 15:28:23 2008 => Scanning File C:\WINDOWS\system32\danim.dll Wed Apr 02 15:28:23 2008 => Scanning File C:\WINDOWS\system32\dataclen.dll Wed Apr 02 15:28:23 2008 => Scanning File C:\WINDOWS\system32\datime.dll Wed Apr 02 15:28:23 2008 => Scanning File C:\WINDOWS\system32\davclnt.dll Wed Apr 02 15:28:24 2008 => Scanning File C:\WINDOWS\system32\daxctle.ocx Wed Apr 02 15:28:24 2008 => Scanning File C:\WINDOWS\system32\dayi.ime Wed Apr 02 15:28:24 2008 => Scanning File C:\WINDOWS\system32\dayiphr.tbl Wed Apr 02 15:28:24 2008 => Scanning File C:\WINDOWS\system32\dayiptr.tbl Wed Apr 02 15:28:24 2008 => Scanning File C:\WINDOWS\system32\DBCLIENT.DLL Wed Apr 02 15:28:24 2008 => Scanning File C:\WINDOWS\system32\dbgeng.dll Wed Apr 02 15:28:24 2008 => Scanning File C:\WINDOWS\system32\dbghelp.dll Wed Apr 02 15:28:25 2008 => Scanning File C:\WINDOWS\system32\dbmsadsn.dll Wed Apr 02 15:28:25 2008 => Scanning File C:\WINDOWS\system32\dbmsrpcn.dll Wed Apr 02 15:28:25 2008 => Scanning File C:\WINDOWS\system32\dbmsvin.dll Wed Apr 02 15:28:25 2008 => Scanning File C:\WINDOWS\system32\dbmsvinn.dLL Wed Apr 02 15:28:25 2008 => Scanning File C:\WINDOWS\system32\dbnetlib.dll Wed Apr 02 15:28:25 2008 => Scanning File C:\WINDOWS\system32\dbnmpntw.dll Wed Apr 02 15:28:25 2008 => Scanning File C:\WINDOWS\system32\Dcache.bin Wed Apr 02 15:28:26 2008 => Scanning File C:\WINDOWS\system32\dciman32.dll Wed Apr 02 15:28:26 2008 => Scanning File C:\WINDOWS\system32\dcomcnfg.exe Wed Apr 02 15:28:26 2008 => Scanning File C:\WINDOWS\system32\DDAO36.DLL Wed Apr 02 15:28:26 2008 => Scanning File C:\WINDOWS\system32\ddeml.dll Wed Apr 02 15:28:26 2008 => Scanning File C:\WINDOWS\system32\ddeshare.exe Wed Apr 02 15:28:26 2008 => Scanning File C:\WINDOWS\system32\ddraw.dll Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\ddrawex.dll Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\debug.exe Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\declrds.ax Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\defrag.exe Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\desk.cpl Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\deskadp.dll Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\deskmon.dll Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\deskperf.dll Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\desktop.ini Wed Apr 02 15:28:27 2008 => Scanning File C:\WINDOWS\system32\devenum.dll Wed Apr 02 15:28:28 2008 => Scanning File C:\WINDOWS\system32\devmgmt.msc Wed Apr 02 15:28:28 2008 => Scanning File C:\WINDOWS\system32\devmgr.dll Wed Apr 02 15:28:28 2008 => Scanning File C:\WINDOWS\system32\dfrg.msc Wed Apr 02 15:28:28 2008 => Scanning File C:\WINDOWS\system32\dfrgfat.exe Wed Apr 02 15:28:28 2008 => Scanning File C:\WINDOWS\system32\dfrgntfs.exe Wed Apr 02 15:28:28 2008 => Scanning File C:\WINDOWS\system32\dfrgres.dll Wed Apr 02 15:28:28 2008 => Scanning File C:\WINDOWS\system32\dfrgsnap.dll Wed Apr 02 15:28:28 2008 => Scanning File C:\WINDOWS\system32\dfrgui.dll Wed Apr 02 15:28:29 2008 => Scanning File C:\WINDOWS\system32\dfshim.dll Wed Apr 02 15:28:29 2008 => Scanning File C:\WINDOWS\system32\dfsshlex.dll Wed Apr 02 15:28:29 2008 => Scanning File C:\WINDOWS\system32\dgnet.dll Wed Apr 02 15:28:29 2008 => Scanning File C:\WINDOWS\system32\dgrpsetu.dll Wed Apr 02 15:28:29 2008 => Scanning File C:\WINDOWS\system32\dgsetup.dll Wed Apr 02 15:28:29 2008 => Scanning File C:\WINDOWS\system32\dhcpcsvc.dll Wed Apr 02 15:28:30 2008 => Scanning File C:\WINDOWS\system32\dhcpmon.dll Wed Apr 02 15:28:30 2008 => Scanning File C:\WINDOWS\system32\dhcpsapi.dll Wed Apr 02 15:28:30 2008 => Scanning File C:\WINDOWS\system32\diactfrm.dll Wed Apr 02 15:28:30 2008 => Scanning File C:\WINDOWS\system32\diantz.exe Wed Apr 02 15:28:30 2008 => Scanning File C:\WINDOWS\system32\digest.dll Wed Apr 02 15:28:30 2008 => Scanning File C:\WINDOWS\system32\dimap.dll Wed Apr 02 15:28:31 2008 => Scanning File C:\WINDOWS\system32\dinput.dll Wed Apr 02 15:28:31 2008 => Scanning File C:\WINDOWS\system32\dinput8.dll Wed Apr 02 15:28:31 2008 => Scanning File C:\WINDOWS\system32\diskcomp.com Wed Apr 02 15:28:31 2008 => Scanning File C:\WINDOWS\system32\diskcopy.com Wed Apr 02 15:28:31 2008 => Scanning File C:\WINDOWS\system32\diskcopy.dll Wed Apr 02 15:28:31 2008 => Scanning File C:\WINDOWS\system32\diskmgmt.msc Wed Apr 02 15:28:31 2008 => Scanning File C:\WINDOWS\system32\diskpart.exe Wed Apr 02 15:28:32 2008 => Scanning File C:\WINDOWS\system32\diskperf.exe Wed Apr 02 15:28:32 2008 => Scanning File C:\WINDOWS\system32\dispex.dll Wed Apr 02 15:28:32 2008 => Scanning File C:\WINDOWS\system32\dllhost.exe Wed Apr 02 15:28:32 2008 => Scanning File C:\WINDOWS\system32\dllhst3g.exe Wed Apr 02 15:28:32 2008 => Scanning File C:\WINDOWS\system32\dmadmin.exe Wed Apr 02 15:28:32 2008 => Scanning File C:\WINDOWS\system32\dmband.dll Wed Apr 02 15:28:32 2008 => Scanning File C:\WINDOWS\system32\dmcompos.dll Wed Apr 02 15:28:32 2008 => Scanning File C:\WINDOWS\system32\dmconfig.dll Wed Apr 02 15:28:33 2008 => Scanning File C:\WINDOWS\system32\dmdlgs.dll Wed Apr 02 15:28:33 2008 => Scanning File C:\WINDOWS\system32\dmdskmgr.dll Wed Apr 02 15:28:33 2008 => Scanning File C:\WINDOWS\system32\dmdskres.dll Wed Apr 02 15:28:33 2008 => Scanning File C:\WINDOWS\system32\dmime.dll Wed Apr 02 15:28:34 2008 => Scanning File C:\WINDOWS\system32\dmintf.dll Wed Apr 02 15:28:34 2008 => Scanning File C:\WINDOWS\system32\dmloader.dll Wed Apr 02 15:28:34 2008 => Scanning File C:\WINDOWS\system32\dmocx.dll Wed Apr 02 15:28:34 2008 => Scanning File C:\WINDOWS\system32\dmremote.exe Wed Apr 02 15:28:34 2008 => Scanning File C:\WINDOWS\system32\dmscript.dll Wed Apr 02 15:28:34 2008 => Scanning File C:\WINDOWS\system32\dmserver.dll Wed Apr 02 15:28:34 2008 => Scanning File C:\WINDOWS\system32\dmstyle.dll Wed Apr 02 15:28:34 2008 => Scanning File C:\WINDOWS\system32\dmsynth.dll Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\dmusic.dll Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\dmutil.dll Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\dmview.ocx Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\dnsapi.dll Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\dnsrslvr.dll Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\docprop.dll Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\docprop2.dll Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\doskey.exe Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\dosx.exe Wed Apr 02 15:28:35 2008 => Scanning File C:\WINDOWS\system32\dpcdll.dll Wed Apr 02 15:28:36 2008 => Scanning File C:\WINDOWS\system32\dplay.dll Wed Apr 02 15:28:36 2008 => Scanning File C:\WINDOWS\system32\dplaysvr.exe Wed Apr 02 15:28:36 2008 => Scanning File C:\WINDOWS\system32\dplayx.dll Wed Apr 02 15:28:36 2008 => Scanning File C:\WINDOWS\system32\dpmodemx.dll Wed Apr 02 15:28:36 2008 => Scanning File C:\WINDOWS\system32\dpnaddr.dll Wed Apr 02 15:28:36 2008 => Scanning File C:\WINDOWS\system32\dpnet.dll Wed Apr 02 15:28:36 2008 => Scanning File C:\WINDOWS\system32\dpnhpast.dll Wed Apr 02 15:28:37 2008 => Scanning File C:\WINDOWS\system32\dpnhupnp.dll Wed Apr 02 15:28:37 2008 => Scanning File C:\WINDOWS\system32\dpnlobby.dll Wed Apr 02 15:28:37 2008 => Scanning File C:\WINDOWS\system32\dpnmodem.dll Wed Apr 02 15:28:37 2008 => Scanning File C:\WINDOWS\system32\dpnsvr.exe Wed Apr 02 15:28:37 2008 => Scanning File C:\WINDOWS\system32\dpnwsock.dll Wed Apr 02 15:28:37 2008 => Scanning File C:\WINDOWS\system32\dpserial.dll Wed Apr 02 15:28:37 2008 => Scanning File C:\WINDOWS\system32\dpvacm.dll Wed Apr 02 15:28:37 2008 => Scanning File C:\WINDOWS\system32\dpvoice.dll Wed Apr 02 15:28:37 2008 => Scanning File C:\WINDOWS\system32\dpvsetup.exe Wed Apr 02 15:28:38 2008 => Scanning File C:\WINDOWS\system32\dpvvox.dll Wed Apr 02 15:28:38 2008 => Scanning File C:\WINDOWS\system32\dpwsock.dll Wed Apr 02 15:28:38 2008 => Scanning File C:\WINDOWS\system32\dpwsockx.dll Wed Apr 02 15:28:38 2008 => Scanning File C:\WINDOWS\system32\drmclien.dll Wed Apr 02 15:28:38 2008 => Scanning File C:\WINDOWS\system32\DRMServer.exe Wed Apr 02 15:28:38 2008 => Scanning File C:\WINDOWS\system32\drmstor.dll Wed Apr 02 15:28:38 2008 => Scanning File C:\WINDOWS\system32\drmupgds.exe Wed Apr 02 15:28:39 2008 => Scanning File C:\WINDOWS\system32\drmv2clt.dll Wed Apr 02 15:28:39 2008 => Scanning File C:\WINDOWS\system32\drprov.dll Wed Apr 02 15:28:39 2008 => Scanning File C:\WINDOWS\system32\drwatson.exe Wed Apr 02 15:28:39 2008 => Scanning File C:\WINDOWS\system32\drwtsn32.exe Wed Apr 02 15:28:39 2008 => Scanning File C:\WINDOWS\system32\ds16gt.dLL Wed Apr 02 15:28:39 2008 => Scanning File C:\WINDOWS\system32\ds32gt.dll Wed Apr 02 15:28:39 2008 => Scanning File C:\WINDOWS\system32\dsauth.dll Wed Apr 02 15:28:40 2008 => Scanning File C:\WINDOWS\system32\dsdmo.dll Wed Apr 02 15:28:40 2008 => Scanning File C:\WINDOWS\system32\dsdmoprp.dll Wed Apr 02 15:28:40 2008 => Scanning File C:\WINDOWS\system32\dskquota.dll Wed Apr 02 15:28:40 2008 => Scanning File C:\WINDOWS\system32\dskquoui.dll Wed Apr 02 15:28:40 2008 => Scanning File C:\WINDOWS\system32\dsound.dll Wed Apr 02 15:28:40 2008 => Scanning File C:\WINDOWS\system32\dsound.vxd Wed Apr 02 15:28:40 2008 => Scanning File C:\WINDOWS\system32\dsound3d.dll Wed Apr 02 15:28:41 2008 => Scanning File C:\WINDOWS\system32\dsprop.dll Wed Apr 02 15:28:41 2008 => Scanning File C:\WINDOWS\system32\dsprpres.dll Wed Apr 02 15:28:41 2008 => Scanning File C:\WINDOWS\system32\dsquery.dll Wed Apr 02 15:28:41 2008 => Scanning File C:\WINDOWS\system32\dssec.dat Wed Apr 02 15:28:41 2008 => Scanning File C:\WINDOWS\system32\dssec.dll Wed Apr 02 15:28:42 2008 => Scanning File C:\WINDOWS\system32\dssenh.dll Wed Apr 02 15:28:42 2008 => Scanning File C:\WINDOWS\system32\dsuiext.dll Wed Apr 02 15:28:42 2008 => Scanning File C:\WINDOWS\system32\dswave.dll Wed Apr 02 15:28:42 2008 => Scanning File C:\WINDOWS\system32\dtu_fr.qm Wed Apr 02 15:28:42 2008 => Scanning File C:\WINDOWS\system32\dumprep.exe Wed Apr 02 15:28:42 2008 => Scanning File C:\WINDOWS\system32\duser.dll Wed Apr 02 15:28:42 2008 => Scanning File C:\WINDOWS\system32\dvdplay.exe Wed Apr 02 15:28:42 2008 => Scanning File C:\WINDOWS\system32\dvdupgrd.exe Wed Apr 02 15:28:42 2008 => Scanning File C:\WINDOWS\system32\dwwin.exe Wed Apr 02 15:28:43 2008 => Scanning File C:\WINDOWS\system32\dx3j.dll Wed Apr 02 15:28:43 2008 => Scanning File C:\WINDOWS\system32\dx7vb.dll Wed Apr 02 15:28:43 2008 => Scanning File C:\WINDOWS\system32\dx8vb.dll Wed Apr 02 15:28:43 2008 => Scanning File C:\WINDOWS\system32\dxdiag.exe Wed Apr 02 15:28:44 2008 => Scanning File C:\WINDOWS\system32\dxdiagn.dll Wed Apr 02 15:28:44 2008 => Scanning File C:\WINDOWS\system32\dxmasf.dll Wed Apr 02 15:28:44 2008 => Scanning File C:\WINDOWS\system32\dxtmsft.dll Wed Apr 02 15:28:45 2008 => Scanning File C:\WINDOWS\system32\dxtmsft3.dll Wed Apr 02 15:28:45 2008 => Scanning File C:\WINDOWS\system32\dxtrans.dll Wed Apr 02 15:28:45 2008 => Scanning File C:\WINDOWS\system32\edb500.dll Wed Apr 02 15:28:45 2008 => Scanning File C:\WINDOWS\system32\edit.com Wed Apr 02 15:28:45 2008 => Scanning File C:\WINDOWS\system32\edit.hlp Wed Apr 02 15:28:45 2008 => Scanning File C:\WINDOWS\system32\edlin.exe Wed Apr 02 15:28:45 2008 => Scanning File C:\WINDOWS\system32\ega.cpi Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\els.dll Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\emptyregdb.dat Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\encapi.dll Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\encdec.dll Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_BP.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_CF.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_DU.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_EN.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_ES.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_FR.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_GE.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_IT.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_KO.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_PT.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_RU.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_SC.cfg Wed Apr 02 15:28:46 2008 => Scanning File C:\WINDOWS\system32\EPPICLocal_TC.cfg Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPicMgr.dll Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPattern1.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPattern121.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPattern131.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPattern2.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPattern3.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPattern4.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPattern5.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPattern6.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPresetData_BP.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPresetData_CF.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPresetData_DU.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPresetData_EN.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPresetData_ES.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPresetData_FR.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPresetData_GE.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPresetData_IT.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPresetData_PT.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EPPICPrinterDB.dat Wed Apr 02 15:28:47 2008 => Scanning File C:\WINDOWS\system32\EpPicPrt.dll Wed Apr 02 15:28:48 2008 => Scanning File C:\WINDOWS\system32\EqnClass.Dll Wed Apr 02 15:28:48 2008 => Scanning File C:\WINDOWS\system32\ersvc.dll Wed Apr 02 15:28:48 2008 => Scanning File C:\WINDOWS\system32\es.dll Wed Apr 02 15:28:48 2008 => Scanning File C:\WINDOWS\system32\esccmd.dll Wed Apr 02 15:28:48 2008 => Scanning File C:\WINDOWS\system32\escimgd.dll Wed Apr 02 15:28:48 2008 => Scanning File C:\WINDOWS\system32\escwiad.dll Wed Apr 02 15:28:48 2008 => Scanning File C:\WINDOWS\system32\esent.dll Wed Apr 02 15:28:48 2008 => Scanning File C:\WINDOWS\system32\esent97.dll Wed Apr 02 15:28:49 2008 => Scanning File C:\WINDOWS\system32\esentprf.dll Wed Apr 02 15:28:49 2008 => Scanning File C:\WINDOWS\system32\esentprf.hxx Wed Apr 02 15:28:49 2008 => Scanning File C:\WINDOWS\system32\esentprf.ini Wed Apr 02 15:28:49 2008 => Scanning File C:\WINDOWS\system32\esentutl.exe Wed Apr 02 15:28:49 2008 => Scanning File C:\WINDOWS\system32\eudcedit.exe Wed Apr 02 15:28:49 2008 => Scanning File C:\WINDOWS\system32\eula.txt Wed Apr 02 15:28:49 2008 => Scanning File C:\WINDOWS\system32\eventcls.dll Wed Apr 02 15:28:49 2008 => Scanning File C:\WINDOWS\system32\eventlog.dll Wed Apr 02 15:28:50 2008 => Scanning File C:\WINDOWS\system32\eventvwr.exe Wed Apr 02 15:28:50 2008 => Scanning File C:\WINDOWS\system32\eventvwr.msc Wed Apr 02 15:28:50 2008 => Scanning File C:\WINDOWS\system32\exe2bin.exe Wed Apr 02 15:28:50 2008 => Scanning File C:\WINDOWS\system32\expand.exe Wed Apr 02 15:28:50 2008 => Scanning File C:\WINDOWS\system32\expsrv.dll Wed Apr 02 15:28:50 2008 => Scanning File C:\WINDOWS\system32\EXSEC32.DLL Wed Apr 02 15:28:50 2008 => Scanning File C:\WINDOWS\system32\extmgr.dll Wed Apr 02 15:28:50 2008 => Scanning File C:\WINDOWS\system32\extrac32.exe Wed Apr 02 15:28:51 2008 => Scanning File C:\WINDOWS\system32\exts.dll Wed Apr 02 15:28:51 2008 => Scanning File C:\WINDOWS\system32\E_DCINST.DLL Wed Apr 02 15:28:51 2008 => Scanning File C:\WINDOWS\system32\E_FD4BBEE.DLL Wed Apr 02 15:28:51 2008 => Scanning File C:\WINDOWS\system32\E_FLBBEE.DLL Wed Apr 02 15:28:51 2008 => Scanning File C:\WINDOWS\system32\f3ahvoas.dll Wed Apr 02 15:28:51 2008 => Scanning File C:\WINDOWS\system32\fastopen.exe Wed Apr 02 15:28:51 2008 => Scanning File C:\WINDOWS\system32\faultrep.dll Wed Apr 02 15:28:51 2008 => Scanning File C:\WINDOWS\system32\faxpatch.exe Wed Apr 02 15:28:52 2008 => Scanning File C:\WINDOWS\system32\fc.exe Wed Apr 02 15:28:52 2008 => Scanning File C:\WINDOWS\system32\feclient.dll Wed Apr 02 15:28:52 2008 => Scanning File C:\WINDOWS\system32\filemgmt.dll Wed Apr 02 15:28:52 2008 => Scanning File C:\WINDOWS\system32\find.exe Wed Apr 02 15:28:52 2008 => Scanning File C:\WINDOWS\system32\findstr.exe Wed Apr 02 15:28:52 2008 => Scanning File C:\WINDOWS\system32\finger.exe Wed Apr 02 15:28:52 2008 => Scanning File C:\WINDOWS\system32\FireDaemon.exe.xpx Wed Apr 02 15:28:52 2008 => File C:\WINDOWS\system32\FireDaemon.exe.xpx tagged as not-a-virus:RemoteAdmin.Win32.RA.3826. No Action Taken. Wed Apr 02 15:28:52 2008 => Scanning File C:\WINDOWS\system32\firewall.cpl Wed Apr 02 15:28:53 2008 => Scanning File C:\WINDOWS\system32\fixmapi.exe Wed Apr 02 15:28:53 2008 => Scanning File C:\WINDOWS\system32\fldrclnr.dll Wed Apr 02 15:28:53 2008 => Scanning File C:\WINDOWS\system32\fltlib.dll Wed Apr 02 15:28:53 2008 => Scanning File C:\WINDOWS\system32\fltmc.exe Wed Apr 02 15:28:53 2008 => Scanning File C:\WINDOWS\system32\FM20.DLL Wed Apr 02 15:28:53 2008 => Scanning File C:\WINDOWS\system32\FM20FRA.DLL Wed Apr 02 15:28:53 2008 => Scanning File C:\WINDOWS\system32\fmifs.dll Wed Apr 02 15:28:53 2008 => Scanning File C:\WINDOWS\system32\fnfilter.dll Wed Apr 02 15:28:54 2008 => Scanning File C:\WINDOWS\system32\FNTCACHE.DAT Wed Apr 02 15:28:54 2008 => Scanning File C:\WINDOWS\system32\fontext.dll Wed Apr 02 15:28:54 2008 => Scanning File C:\WINDOWS\system32\fontsub.dll Wed Apr 02 15:28:54 2008 => Scanning File C:\WINDOWS\system32\fontview.exe Wed Apr 02 15:28:54 2008 => Scanning File C:\WINDOWS\system32\forcedos.exe Wed Apr 02 15:28:54 2008 => Scanning File C:\WINDOWS\system32\format.com Wed Apr 02 15:28:54 2008 => Scanning File C:\WINDOWS\system32\framebuf.dll Wed Apr 02 15:28:54 2008 => Scanning File C:\WINDOWS\system32\fsmgmt.msc Wed Apr 02 15:28:54 2008 => Scanning File C:\WINDOWS\system32\fsquirt.exe Wed Apr 02 15:28:55 2008 => Scanning File C:\WINDOWS\system32\fsusd.dll Wed Apr 02 15:28:55 2008 => Scanning File C:\WINDOWS\system32\fsutil.exe Wed Apr 02 15:28:55 2008 => Scanning File C:\WINDOWS\system32\ftp.exe Wed Apr 02 15:28:55 2008 => Scanning File C:\WINDOWS\system32\FTRTSVC.exe Wed Apr 02 15:28:55 2008 => Scanning File C:\WINDOWS\system32\ftsrch.dll Wed Apr 02 15:28:55 2008 => Scanning File C:\WINDOWS\system32\fwcfg.dll Wed Apr 02 15:28:55 2008 => Scanning File C:\WINDOWS\system32\g711codc.ax Wed Apr 02 15:28:55 2008 => Scanning File C:\WINDOWS\system32\gcdef.dll Wed Apr 02 15:28:56 2008 => Scanning File C:\WINDOWS\system32\gdi.exe Wed Apr 02 15:28:56 2008 => Scanning File C:\WINDOWS\system32\gdi32.dll Wed Apr 02 15:28:56 2008 => Scanning File C:\WINDOWS\system32\gdiplus.dll Wed Apr 02 15:28:56 2008 => Scanning File C:\WINDOWS\system32\geo.nls Wed Apr 02 15:28:56 2008 => Scanning File C:\WINDOWS\system32\getfile.dat Wed Apr 02 15:28:56 2008 => Scanning File C:\WINDOWS\system32\glmf32.dll Wed Apr 02 15:28:56 2008 => Scanning File C:\WINDOWS\system32\glu32.dll Wed Apr 02 15:28:56 2008 => Scanning File C:\WINDOWS\system32\gpkcsp.dll Wed Apr 02 15:28:57 2008 => Scanning File C:\WINDOWS\system32\gpkrsrc.dll Wed Apr 02 15:28:57 2008 => Scanning File C:\WINDOWS\system32\graftabl.com Wed Apr 02 15:28:57 2008 => Scanning File C:\WINDOWS\system32\graphics.com Wed Apr 02 15:28:57 2008 => Scanning File C:\WINDOWS\system32\graphics.pro Wed Apr 02 15:28:57 2008 => Scanning File C:\WINDOWS\system32\grpconv.exe Wed Apr 02 15:28:57 2008 => Scanning File C:\WINDOWS\system32\h323.tsp Wed Apr 02 15:28:57 2008 => Scanning File C:\WINDOWS\system32\h323log.txt [**] Wed Apr 02 15:28:57 2008 => Scanning File C:\WINDOWS\system32\h323msp.dll Wed Apr 02 15:28:57 2008 => Scanning File C:\WINDOWS\system32\hal.dll Wed Apr 02 15:28:58 2008 => Scanning File C:\WINDOWS\system32\hccoin.dll Wed Apr 02 15:28:58 2008 => Scanning File C:\WINDOWS\system32\hdwwiz.cpl Wed Apr 02 15:28:58 2008 => Scanning File C:\WINDOWS\system32\help.exe Wed Apr 02 15:28:58 2008 => Scanning File C:\WINDOWS\system32\hhctrl.ocx Wed Apr 02 15:28:58 2008 => Scanning File C:\WINDOWS\system32\hhsetup.dll Wed Apr 02 15:28:58 2008 => Scanning File C:\WINDOWS\system32\hid.dll Wed Apr 02 15:28:58 2008 => Scanning File C:\WINDOWS\system32\hidphone.tsp Wed Apr 02 15:28:58 2008 => Scanning File C:\WINDOWS\system32\himem.sys Wed Apr 02 15:28:58 2008 => Scanning File C:\WINDOWS\system32\hlink.dll Wed Apr 02 15:28:59 2008 => Scanning File C:\WINDOWS\system32\hnetcfg.dll Wed Apr 02 15:28:59 2008 => Scanning File C:\WINDOWS\system32\hnetmon.dll Wed Apr 02 15:28:59 2008 => Scanning File C:\WINDOWS\system32\hnetwiz.dll Wed Apr 02 15:28:59 2008 => Scanning File C:\WINDOWS\system32\homepage.inf Wed Apr 02 15:28:59 2008 => Scanning File C:\WINDOWS\system32\hostname.exe Wed Apr 02 15:28:59 2008 => Scanning File C:\WINDOWS\system32\hotplug.dll Wed Apr 02 15:28:59 2008 => Scanning File C:\WINDOWS\system32\hsfcisp2.dll Wed Apr 02 15:28:59 2008 => Scanning File C:\WINDOWS\system32\hticons.dll Wed Apr 02 15:28:59 2008 => Scanning File C:\WINDOWS\system32\html.iec Wed Apr 02 15:29:00 2008 => Scanning File C:\WINDOWS\system32\httpapi.dll Wed Apr 02 15:29:00 2008 => Scanning File C:\WINDOWS\system32\htui.dll Wed Apr 02 15:29:00 2008 => Scanning File C:\WINDOWS\system32\hypertrm.dll Wed Apr 02 15:29:00 2008 => Scanning File C:\WINDOWS\system32\iac25_32.ax Wed Apr 02 15:29:00 2008 => Scanning File C:\WINDOWS\system32\iasacct.dll Wed Apr 02 15:29:01 2008 => Scanning File C:\WINDOWS\system32\iasads.dll Wed Apr 02 15:29:01 2008 => Scanning File C:\WINDOWS\system32\iashlpr.dll Wed Apr 02 15:29:01 2008 => Scanning File C:\WINDOWS\system32\iasnap.dll Wed Apr 02 15:29:01 2008 => Scanning File C:\WINDOWS\system32\iaspolcy.dll Wed Apr 02 15:29:01 2008 => Scanning File C:\WINDOWS\system32\iasrad.dll Wed Apr 02 15:29:01 2008 => Scanning File C:\WINDOWS\system32\iasrecst.dll Wed Apr 02 15:29:01 2008 => Scanning File C:\WINDOWS\system32\iassam.dll Wed Apr 02 15:29:02 2008 => Scanning File C:\WINDOWS\system32\iassdo.dll Wed Apr 02 15:29:02 2008 => Scanning File C:\WINDOWS\system32\iassvcs.dll Wed Apr 02 15:29:02 2008 => Scanning File C:\WINDOWS\system32\icaapi.dll Wed Apr 02 15:29:02 2008 => Scanning File C:\WINDOWS\system32\icardie.dll Wed Apr 02 15:29:02 2008 => Scanning File C:\WINDOWS\system32\iccvid.dll Wed Apr 02 15:29:02 2008 => Scanning File C:\WINDOWS\system32\icfgnt5.dll Wed Apr 02 15:29:02 2008 => Scanning File C:\WINDOWS\system32\icm32.dll Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\icmp.dll Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\icmui.dll Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\icrav03.rat Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\icwdial.dll Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\icwphbk.dll Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\idndl.dll Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\idq.dll Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\ie4uinit.exe Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\ieakeng.dll Wed Apr 02 15:29:03 2008 => Scanning File C:\WINDOWS\system32\ieaksie.dll Wed Apr 02 15:29:04 2008 => Scanning File C:\WINDOWS\system32\ieakui.dll Wed Apr 02 15:29:04 2008 => Scanning File C:\WINDOWS\system32\ieapfltr.dat Wed Apr 02 15:29:04 2008 => Scanning File C:\WINDOWS\system32\ieapfltr.dll Wed Apr 02 15:29:04 2008 => Scanning File C:\WINDOWS\system32\iedkcs32.dll Wed Apr 02 15:29:04 2008 => Scanning File C:\WINDOWS\system32\ieencode.dll Wed Apr 02 15:29:04 2008 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction *** Wed Apr 02 15:29:04 2008 => Scanning File C:\WINDOWS\system32\ieframe.dll [**] Wed Apr 02 15:29:04 2008 => Scanning File C:\WINDOWS\system32\ieframe.dll.mui Wed Apr 02 15:29:07 2008 => Scanning File C:\WINDOWS\system32\iepeers.dll Wed Apr 02 15:29:07 2008 => Scanning File C:\WINDOWS\system32\iernonce.dll Wed Apr 02 15:29:07 2008 => Scanning File C:\WINDOWS\system32\iertutil.dll Wed Apr 02 15:29:07 2008 => Scanning File C:\WINDOWS\system32\iesetup.dll Wed Apr 02 15:29:07 2008 => Scanning File C:\WINDOWS\system32\ieudinit.exe Wed Apr 02 15:29:07 2008 => Scanning File C:\WINDOWS\system32\ieui.dll Wed Apr 02 15:29:07 2008 => Scanning File C:\WINDOWS\system32\ieuinit.inf Wed Apr 02 15:29:08 2008 => Scanning File C:\WINDOWS\system32\iexpress.exe Wed Apr 02 15:29:08 2008 => Scanning File C:\WINDOWS\system32\IfHelper.dll Wed Apr 02 15:29:08 2008 => Scanning File C:\WINDOWS\system32\ifmon.dll Wed Apr 02 15:29:08 2008 => Scanning File C:\WINDOWS\system32\ifsutil.dll Wed Apr 02 15:29:08 2008 => Scanning File C:\WINDOWS\system32\igmpagnt.dll Wed Apr 02 15:29:08 2008 => Scanning File C:\WINDOWS\system32\ils.dll Wed Apr 02 15:29:08 2008 => Scanning File C:\WINDOWS\system32\imaadp32.acm Wed Apr 02 15:29:08 2008 => Scanning File C:\WINDOWS\system32\imagehlp.dll Wed Apr 02 15:29:08 2008 => Scanning File C:\WINDOWS\system32\ImagX7.dll Wed Apr 02 15:29:09 2008 => Scanning File C:\WINDOWS\system32\ImagXpr7.dll Wed Apr 02 15:29:10 2008 => Scanning File C:\WINDOWS\system32\ImagXR7.dll Wed Apr 02 15:29:10 2008 => Scanning File C:\WINDOWS\system32\ImagXRA7.dll Wed Apr 02 15:29:10 2008 => Scanning File C:\WINDOWS\system32\imapi.exe Wed Apr 02 15:29:11 2008 => Scanning File C:\WINDOWS\system32\ImapiRox.exe Wed Apr 02 15:29:11 2008 => Scanning File C:\WINDOWS\system32\ImapiRoxPS.dll Wed Apr 02 15:29:11 2008 => Scanning File C:\WINDOWS\system32\imekr61.ime Wed Apr 02 15:29:11 2008 => Scanning File C:\WINDOWS\system32\imeshare.dll Wed Apr 02 15:29:11 2008 => Scanning File C:\WINDOWS\system32\imgutil.dll Wed Apr 02 15:29:11 2008 => Scanning File C:\WINDOWS\system32\imjp81.ime Wed Apr 02 15:29:11 2008 => Scanning File C:\WINDOWS\system32\imjp81k.dll Wed Apr 02 15:29:12 2008 => Scanning File C:\WINDOWS\system32\imm32.dll Wed Apr 02 15:29:12 2008 => Scanning File C:\WINDOWS\system32\IMMC.EXE Wed Apr 02 15:29:12 2008 => Scanning File C:\WINDOWS\system32\inetcfg.dll Wed Apr 02 15:29:13 2008 => Scanning File C:\WINDOWS\system32\inetcomm.dll Wed Apr 02 15:29:13 2008 => Scanning File C:\WINDOWS\system32\inetcpl.cpl Wed Apr 02 15:29:13 2008 => Scanning File C:\WINDOWS\system32\inetcplc.dll Wed Apr 02 15:29:13 2008 => Scanning File C:\WINDOWS\system32\inetmib1.dll Wed Apr 02 15:29:13 2008 => Scanning File C:\WINDOWS\system32\inetpp.dll Wed Apr 02 15:29:13 2008 => Scanning File C:\WINDOWS\system32\inetppui.dll Wed Apr 02 15:29:13 2008 => Scanning File C:\WINDOWS\system32\inetres.dll Wed Apr 02 15:29:13 2008 => Scanning File C:\WINDOWS\system32\INETWH32.dll Wed Apr 02 15:29:14 2008 => Scanning File C:\WINDOWS\system32\infosoft.dll Wed Apr 02 15:29:14 2008 => Scanning File C:\WINDOWS\system32\initpki.dll Wed Apr 02 15:29:14 2008 => Scanning File C:\WINDOWS\system32\input.dll Wed Apr 02 15:29:14 2008 => Scanning File C:\WINDOWS\system32\inseng.dll Wed Apr 02 15:29:14 2008 => Scanning File C:\WINDOWS\system32\instcat.sql Wed Apr 02 15:29:15 2008 => Scanning File C:\WINDOWS\system32\internet popup blocker1.ico Wed Apr 02 15:29:15 2008 => Scanning File C:\WINDOWS\system32\intl.cpl Wed Apr 02 15:29:15 2008 => Scanning File C:\WINDOWS\system32\iologmsg.dll Wed Apr 02 15:29:15 2008 => Scanning File C:\WINDOWS\system32\ipconf.tsp Wed Apr 02 15:29:15 2008 => Scanning File C:\WINDOWS\system32\ipconfig.exe Wed Apr 02 15:29:15 2008 => Scanning File C:\WINDOWS\system32\iphlpapi.dll Wed Apr 02 15:29:15 2008 => Scanning File C:\WINDOWS\system32\ipmontr.dll Wed Apr 02 15:29:15 2008 => Scanning File C:\WINDOWS\system32\ipnathlp.dll Wed Apr 02 15:29:15 2008 => Scanning File C:\WINDOWS\system32\ippromon.dll Wed Apr 02 15:29:16 2008 => Scanning File C:\WINDOWS\system32\iprop.dll Wed Apr 02 15:29:16 2008 => Scanning File C:\WINDOWS\system32\iprtprio.dll Wed Apr 02 15:29:16 2008 => Scanning File C:\WINDOWS\system32\iprtrmgr.dll Wed Apr 02 15:29:16 2008 => Scanning File C:\WINDOWS\system32\ipsec6.exe Wed Apr 02 15:29:16 2008 => Scanning File C:\WINDOWS\system32\ipsecsnp.dll Wed Apr 02 15:29:16 2008 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll Wed Apr 02 15:29:16 2008 => Scanning File C:\WINDOWS\system32\ipsmsnap.dll Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ipv6.exe Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ipv6mon.dll Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ipxmontr.dll Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ipxpromn.dll Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ipxrip.dll Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ipxroute.exe Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ipxrtmgr.dll Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ipxsap.dll Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ipxwan.dll Wed Apr 02 15:29:17 2008 => Scanning File C:\WINDOWS\system32\ir32_32.dll Wed Apr 02 15:29:18 2008 => Scanning File C:\WINDOWS\system32\ir41_32.ax Wed Apr 02 15:29:18 2008 => Scanning File C:\WINDOWS\system32\ir41_qc.dll Wed Apr 02 15:29:18 2008 => Scanning File C:\WINDOWS\system32\ir41_qcx.dll Wed Apr 02 15:29:18 2008 => Scanning File C:\WINDOWS\system32\ir50_32.dll Wed Apr 02 15:29:19 2008 => Scanning File C:\WINDOWS\system32\ir50_qc.dll Wed Apr 02 15:29:19 2008 => Scanning File C:\WINDOWS\system32\ir50_qcx.dll Wed Apr 02 15:29:19 2008 => Scanning File C:\WINDOWS\system32\irclass.dll Wed Apr 02 15:29:19 2008 => Scanning File C:\WINDOWS\system32\irprops.cpl Wed Apr 02 15:29:19 2008 => Scanning File C:\WINDOWS\system32\isign32.dll Wed Apr 02 15:29:19 2008 => Scanning File C:\WINDOWS\system32\isrdbg32.dll Wed Apr 02 15:29:20 2008 => Scanning File C:\WINDOWS\system32\itircl.dll Wed Apr 02 15:29:20 2008 => Scanning File C:\WINDOWS\system32\itss.dll Wed Apr 02 15:29:20 2008 => Scanning File C:\WINDOWS\system32\iuengine.dll Wed Apr 02 15:29:20 2008 => Scanning File C:\WINDOWS\system32\ivfsrc.ax Wed Apr 02 15:29:20 2008 => Scanning File C:\WINDOWS\system32\ixsso.dll Wed Apr 02 15:29:21 2008 => Scanning File C:\WINDOWS\system32\iyuv_32.dll Wed Apr 02 15:29:21 2008 => Scanning File C:\WINDOWS\system32\java.exe Wed Apr 02 15:29:21 2008 => Scanning File C:\WINDOWS\system32\javacypt.dll Wed Apr 02 15:29:21 2008 => Scanning File C:\WINDOWS\system32\javaee.dll Wed Apr 02 15:29:21 2008 => Scanning File C:\WINDOWS\system32\javaprxy.dll Wed Apr 02 15:29:21 2008 => Scanning File C:\WINDOWS\system32\javart.dll Wed Apr 02 15:29:22 2008 => Scanning File C:\WINDOWS\system32\javasup.vxd Wed Apr 02 15:29:22 2008 => Scanning File C:\WINDOWS\system32\javaw.exe Wed Apr 02 15:29:22 2008 => Scanning File C:\WINDOWS\system32\javaws.exe Wed Apr 02 15:29:22 2008 => Scanning File C:\WINDOWS\system32\jdbgmgr.exe Wed Apr 02 15:29:22 2008 => Scanning File C:\WINDOWS\system32\jet500.dll Wed Apr 02 15:29:22 2008 => Scanning File C:\WINDOWS\system32\jgaw400.dll Wed Apr 02 15:29:22 2008 => Scanning File C:\WINDOWS\system32\jgdw400.dll Wed Apr 02 15:29:23 2008 => Scanning File C:\WINDOWS\system32\jgmd400.dll Wed Apr 02 15:29:23 2008 => Scanning File C:\WINDOWS\system32\jgpl400.dll Wed Apr 02 15:29:23 2008 => Scanning File C:\WINDOWS\system32\jgsd400.dll Wed Apr 02 15:29:23 2008 => Scanning File C:\WINDOWS\system32\jgsh400.dll Wed Apr 02 15:29:23 2008 => Scanning File C:\WINDOWS\system32\jit.dll Wed Apr 02 15:29:23 2008 => Scanning File C:\WINDOWS\system32\jobexec.dll Wed Apr 02 15:29:23 2008 => Scanning File C:\WINDOWS\system32\joy.cpl Wed Apr 02 15:29:23 2008 => Scanning File C:\WINDOWS\system32\jpatchver.txt Wed Apr 02 15:29:23 2008 => Scanning File C:\WINDOWS\system32\jpicpl32.cpl Wed Apr 02 15:29:24 2008 => Scanning File C:\WINDOWS\system32\jscript(2).dll Wed Apr 02 15:29:24 2008 => Scanning File C:\WINDOWS\system32\jscript.dll Wed Apr 02 15:29:24 2008 => Scanning File C:\WINDOWS\system32\jsfr.dll Wed Apr 02 15:29:24 2008 => Scanning File C:\WINDOWS\system32\jsproxy.dll Wed Apr 02 15:29:24 2008 => Scanning File C:\WINDOWS\system32\jview.exe Wed Apr 02 15:29:24 2008 => Scanning File C:\WINDOWS\system32\kb16.com Wed Apr 02 15:29:24 2008 => Scanning File C:\WINDOWS\system32\kbd101.dll Wed Apr 02 15:29:24 2008 => Scanning File C:\WINDOWS\system32\kbd101a.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbd101b.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbd101c.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbd103.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbd106.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbd106n.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdal.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdax2.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdaze.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdazel.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdbe.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdbene.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdblr.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdbr.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdbu.dll Wed Apr 02 15:29:25 2008 => Scanning File C:\WINDOWS\system32\kbdca.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdcan.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdcr.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdcz.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdcz1.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdcz2.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdda.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbddv.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdes.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdest.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdfc.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdfi.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdfi1.dll Wed Apr 02 15:29:26 2008 => Scanning File C:\WINDOWS\system32\kbdfo.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdfr.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdgae.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdgkl.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdgr.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdgr1.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdhe.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdhe220.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdhe319.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdhela2.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdhela3.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdhept.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdhu.dll Wed Apr 02 15:29:27 2008 => Scanning File C:\WINDOWS\system32\kbdhu1.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdibm02.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdic.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdinbe1.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdinben.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdinmal.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdir.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdit.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdit142.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdjpn.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdkaz.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdkor.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdkyr.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdla.dll Wed Apr 02 15:29:28 2008 => Scanning File C:\WINDOWS\system32\kbdlk41a.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdlk41j.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdlt.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdlt1.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdlv.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdlv1.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdmac.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdmaori.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdmlt47.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdmlt48.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdmon.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdne.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdnec.dll Wed Apr 02 15:29:29 2008 => Scanning File C:\WINDOWS\system32\kbdnec95.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdnecat.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdnecnt.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdno.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdno1.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdpl.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdpl1.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdpo.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdro.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdru.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdru1.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdsf.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdsg.dll Wed Apr 02 15:29:30 2008 => Scanning File C:\WINDOWS\system32\kbdsl.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdsl1.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdsmsfi.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdsmsno.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdsp.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdsw.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdtat.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdtuf.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdtuq.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbduk.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdukx.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdur.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdus.dll Wed Apr 02 15:29:31 2008 => Scanning File C:\WINDOWS\system32\kbdusl.dll Wed Apr 02 15:29:32 2008 => Scanning File C:\WINDOWS\system32\kbdusr.dll Wed Apr 02 15:29:32 2008 => Scanning File C:\WINDOWS\system32\kbdusx.dll Wed Apr 02 15:29:32 2008 => Scanning File C:\WINDOWS\system32\kbduzb.dll Wed Apr 02 15:29:32 2008 => Scanning File C:\WINDOWS\system32\kbdycc.dll Wed Apr 02 15:29:32 2008 => Scanning File C:\WINDOWS\system32\kbdycl.dll Wed Apr 02 15:29:32 2008 => Scanning File C:\WINDOWS\system32\kd1394.dll Wed Apr 02 15:29:32 2008 => Scanning File C:\WINDOWS\system32\kdcom.dll Wed Apr 02 15:29:32 2008 => Scanning File C:\WINDOWS\system32\kerberos.dll Wed Apr 02 15:29:32 2008 => Scanning File C:\WINDOWS\system32\kernel32.dll Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\key01.sys Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\keyboard.drv Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\keyboard.sys Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\keymgr.dll Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\kmddsp.tsp Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\korwbrkr.dll Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\korwbrkr.lex Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\krnl386.exe Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\ksc.nls Wed Apr 02 15:29:33 2008 => Scanning File C:\WINDOWS\system32\ksproxy.ax Wed Apr 02 15:29:34 2008 => Scanning File C:\WINDOWS\system32\ksuser.dll Wed Apr 02 15:29:34 2008 => Scanning File C:\WINDOWS\system32\l3codeca.acm Wed Apr 02 15:29:34 2008 => Scanning File C:\WINDOWS\system32\l3codecp.acm Wed Apr 02 15:29:34 2008 => Scanning File C:\WINDOWS\system32\l3codecx.acm Wed Apr 02 15:29:34 2008 => Scanning File C:\WINDOWS\system32\l3codecx.ax Wed Apr 02 15:29:35 2008 => Scanning File C:\WINDOWS\system32\label.exe Wed Apr 02 15:29:35 2008 => Scanning File C:\WINDOWS\system32\langwrbk.dll Wed Apr 02 15:29:35 2008 => Scanning File C:\WINDOWS\system32\lanman.drv Wed Apr 02 15:29:35 2008 => Scanning File C:\WINDOWS\system32\LAPRXY.dll Wed Apr 02 15:29:35 2008 => Scanning File C:\WINDOWS\system32\lcphrase.tbl Wed Apr 02 15:29:35 2008 => Scanning File C:\WINDOWS\system32\lcptr.tbl Wed Apr 02 15:29:35 2008 => Scanning File C:\WINDOWS\system32\LegitCheckControl.dll Wed Apr 02 15:29:36 2008 => Scanning File C:\WINDOWS\system32\libeay32.dll Wed Apr 02 15:29:36 2008 => Scanning File C:\WINDOWS\system32\licdll.dll Wed Apr 02 15:29:36 2008 => Scanning File C:\WINDOWS\system32\licmgr10.dll Wed Apr 02 15:29:36 2008 => Scanning File C:\WINDOWS\system32\licwmi.dll Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\lights.exe Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\linkinfo.dll Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\lmhsvc.dll Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\lmrt.dll Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\LMRTREND.dll Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\lnkstub.exe Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\loadfix.com Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\loadperf.dll Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\locale.nls Wed Apr 02 15:29:37 2008 => Scanning File C:\WINDOWS\system32\localsec.dll Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\localspl.dll Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\localui.dll Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\locator.exe Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\lodctr.exe Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\logagent.exe Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\loghours.dll Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\logman.exe Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\logoff.exe Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\logon.scr Wed Apr 02 15:29:38 2008 => Scanning File C:\WINDOWS\system32\logonui.exe Wed Apr 02 15:29:39 2008 => Scanning File C:\WINDOWS\system32\logonui.exe.manifest Wed Apr 02 15:29:39 2008 => Scanning File C:\WINDOWS\system32\lpk.dll Wed Apr 02 15:29:39 2008 => Scanning File C:\WINDOWS\system32\lpq.exe Wed Apr 02 15:29:39 2008 => Scanning File C:\WINDOWS\system32\lpr.exe Wed Apr 02 15:29:39 2008 => Scanning File C:\WINDOWS\system32\lprhelp.dll Wed Apr 02 15:29:39 2008 => Scanning File C:\WINDOWS\system32\lprmonui.dll Wed Apr 02 15:29:39 2008 => Scanning File C:\WINDOWS\system32\lsasrv.dll Wed Apr 02 15:29:39 2008 => Scanning File C:\WINDOWS\system32\lsass.exe Wed Apr 02 15:29:39 2008 => Scanning File C:\WINDOWS\system32\LuResult.txt Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\lusrmgr.msc Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\lz32.dll Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\lzexpand.dll Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\l_except.nls Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\l_intl.nls Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\magnify.exe Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\mag_hook.dll Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\main.cpl Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\makecab.exe Wed Apr 02 15:29:40 2008 => Scanning File C:\WINDOWS\system32\MAPI.DLL Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mapi32.dll Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\MAPISRVR.EXE Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mapistub.dll Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mcastmib.dll Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mcd32.dll Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mcdsrv32.dll Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mchgrcoi.dll Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mciavi.drv Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mciavi32.dll Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mcicda.dll Wed Apr 02 15:29:41 2008 => Scanning File C:\WINDOWS\system32\mciole16.dll Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mciole32.dll Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mciqtz.drv Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mciqtz32.dll Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mciseq.dll Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mciseq.drv Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mciwave.dll Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mciwave.drv Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mdhcp.dll Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mdminst.dll Wed Apr 02 15:29:42 2008 => Scanning File C:\WINDOWS\system32\mdmxsdk.dll Wed Apr 02 15:29:43 2008 => Scanning File C:\WINDOWS\system32\MDT2FW95.DLL Wed Apr 02 15:29:43 2008 => Scanning File C:\WINDOWS\system32\mdwmdmsp.dll Wed Apr 02 15:29:43 2008 => Scanning File C:\WINDOWS\system32\mem.exe Wed Apr 02 15:29:43 2008 => Scanning File C:\WINDOWS\system32\mf3216.dll Wed Apr 02 15:29:43 2008 => Scanning File C:\WINDOWS\system32\mfc40.dll Wed Apr 02 15:29:44 2008 => Scanning File C:\WINDOWS\system32\mfc40loc.dll Wed Apr 02 15:29:44 2008 => Scanning File C:\WINDOWS\system32\mfc40u.dll Wed Apr 02 15:29:44 2008 => Scanning File C:\WINDOWS\system32\mfc42.dll Wed Apr 02 15:29:44 2008 => Scanning File C:\WINDOWS\system32\MFC42FRA.DLL Wed Apr 02 15:29:44 2008 => Scanning File C:\WINDOWS\system32\mfc42loc.dll Wed Apr 02 15:29:44 2008 => Scanning File C:\WINDOWS\system32\mfc42u.dll Wed Apr 02 15:29:45 2008 => Scanning File C:\WINDOWS\system32\mfc70.dll Wed Apr 02 15:29:45 2008 => Scanning File C:\WINDOWS\system32\mfc70u.dll Wed Apr 02 15:29:46 2008 => Scanning File C:\WINDOWS\system32\mfc71.dll Wed Apr 02 15:29:46 2008 => Scanning File C:\WINDOWS\system32\mfc71u.dll Wed Apr 02 15:29:47 2008 => Scanning File C:\WINDOWS\system32\mfcsubs.dll Wed Apr 02 15:29:47 2008 => Scanning File C:\WINDOWS\system32\MFPLAT.dll Wed Apr 02 15:29:47 2008 => Scanning File C:\WINDOWS\system32\mgmtapi.dll Wed Apr 02 15:29:47 2008 => Scanning File C:\WINDOWS\system32\mib.bin Wed Apr 02 15:29:47 2008 => Scanning File C:\WINDOWS\system32\midimap.dll Wed Apr 02 15:29:47 2008 => Scanning File C:\WINDOWS\system32\miglibnt.dll Wed Apr 02 15:29:47 2008 => Scanning File C:\WINDOWS\system32\migpwd.exe Wed Apr 02 15:29:47 2008 => Scanning File C:\WINDOWS\system32\mimefilt.dll Wed Apr 02 15:29:47 2008 => Scanning File C:\WINDOWS\system32\mindex.dll Wed Apr 02 15:29:48 2008 => Scanning File C:\WINDOWS\system32\miniime.tpl Wed Apr 02 15:29:48 2008 => Scanning File C:\WINDOWS\system32\mlang.dat Wed Apr 02 15:29:48 2008 => Scanning File C:\WINDOWS\system32\mlang.dll Wed Apr 02 15:29:48 2008 => Scanning File C:\WINDOWS\system32\mlfcache.dat Wed Apr 02 15:29:48 2008 => Scanning File C:\WINDOWS\system32\mll_hp.dll Wed Apr 02 15:29:48 2008 => Scanning File C:\WINDOWS\system32\mll_mtf.dll Wed Apr 02 15:29:48 2008 => Scanning File C:\WINDOWS\system32\mll_qic.dll Wed Apr 02 15:29:48 2008 => Scanning File C:\WINDOWS\system32\mmc.exe Wed Apr 02 15:29:49 2008 => Scanning File C:\WINDOWS\system32\mmcbase.dll Wed Apr 02 15:29:49 2008 => Scanning File C:\WINDOWS\system32\mmcndmgr.dll Wed Apr 02 15:29:49 2008 => Scanning File C:\WINDOWS\system32\mmcshext.dll Wed Apr 02 15:29:49 2008 => Scanning File C:\WINDOWS\system32\mmdriver.inf Wed Apr 02 15:29:49 2008 => Scanning File C:\WINDOWS\system32\mmdrv.dll Wed Apr 02 15:29:49 2008 => Scanning File C:\WINDOWS\system32\mmfutil.dll Wed Apr 02 15:29:49 2008 => Scanning File C:\WINDOWS\system32\mmsys.cpl Wed Apr 02 15:29:50 2008 => Scanning File C:\WINDOWS\system32\mmsystem.dll Wed Apr 02 15:29:50 2008 => Scanning File C:\WINDOWS\system32\mmtask.tsk Wed Apr 02 15:29:50 2008 => Scanning File C:\WINDOWS\system32\mmutilse.dll Wed Apr 02 15:29:50 2008 => Scanning File C:\WINDOWS\system32\mnmdd.dll Wed Apr 02 15:29:50 2008 => Scanning File C:\WINDOWS\system32\mnmsrvc.exe Wed Apr 02 15:29:50 2008 => Scanning File C:\WINDOWS\system32\mobsync.dll Wed Apr 02 15:29:50 2008 => Scanning File C:\WINDOWS\system32\mobsync.exe Wed Apr 02 15:29:51 2008 => Scanning File C:\WINDOWS\system32\mode.com Wed Apr 02 15:29:51 2008 => Scanning File C:\WINDOWS\system32\modemui.dll Wed Apr 02 15:29:51 2008 => Scanning File C:\WINDOWS\system32\modex.dll Wed Apr 02 15:29:51 2008 => Scanning File C:\WINDOWS\system32\more.com Wed Apr 02 15:29:51 2008 => Scanning File C:\WINDOWS\system32\moricons.dll Wed Apr 02 15:29:51 2008 => Scanning File C:\WINDOWS\system32\mountvol.exe Wed Apr 02 15:29:51 2008 => Scanning File C:\WINDOWS\system32\mouse.drv Wed Apr 02 15:29:51 2008 => Scanning File C:\WINDOWS\system32\MP43DECD.dll Wed Apr 02 15:29:52 2008 => Scanning File C:\WINDOWS\system32\MP43DMOD.dll Wed Apr 02 15:29:52 2008 => Scanning File C:\WINDOWS\system32\MP4SDECD.dll Wed Apr 02 15:29:52 2008 => Scanning File C:\WINDOWS\system32\MP4SDMOD.dll Wed Apr 02 15:29:52 2008 => Scanning File C:\WINDOWS\system32\mpeg2data.ax Wed Apr 02 15:29:52 2008 => Scanning File C:\WINDOWS\system32\mpg2splt.ax Wed Apr 02 15:29:52 2008 => Scanning File C:\WINDOWS\system32\MPG4DECD.dll Wed Apr 02 15:29:52 2008 => Scanning File C:\WINDOWS\system32\MPG4DMOD.dll Wed Apr 02 15:29:52 2008 => Scanning File C:\WINDOWS\system32\mpg4ds32.ax Wed Apr 02 15:29:53 2008 => Scanning File C:\WINDOWS\system32\mplay32.exe Wed Apr 02 15:29:53 2008 => Scanning File C:\WINDOWS\system32\mpnotify.exe Wed Apr 02 15:29:53 2008 => Scanning File C:\WINDOWS\system32\mpr.dll Wed Apr 02 15:29:53 2008 => Scanning File C:\WINDOWS\system32\mprapi.dll Wed Apr 02 15:29:53 2008 => Scanning File C:\WINDOWS\system32\mprddm.dll Wed Apr 02 15:29:53 2008 => Scanning File C:\WINDOWS\system32\mprdim.dll Wed Apr 02 15:29:53 2008 => Scanning File C:\WINDOWS\system32\mprmsg.dll Wed Apr 02 15:29:53 2008 => Scanning File C:\WINDOWS\system32\mprui.dll Wed Apr 02 15:29:54 2008 => Scanning File C:\WINDOWS\system32\mrinfo.exe Wed Apr 02 15:29:54 2008 => *** File C:\WINDOWS\system32\MRT.exe having Size Restriction *** Wed Apr 02 15:29:54 2008 => Scanning File C:\WINDOWS\system32\MRT.exe [**] Wed Apr 02 15:29:54 2008 => Scanning File C:\WINDOWS\system32\MRT.INI Wed Apr 02 15:29:54 2008 => Scanning File C:\WINDOWS\system32\msaatext.dll Wed Apr 02 15:29:54 2008 => Scanning File C:\WINDOWS\system32\msacm.dll Wed Apr 02 15:29:54 2008 => Scanning File C:\WINDOWS\system32\msacm32.dll Wed Apr 02 15:29:54 2008 => Scanning File C:\WINDOWS\system32\msacm32.drv Wed Apr 02 15:29:54 2008 => Scanning File C:\WINDOWS\system32\msadds32.ax Wed Apr 02 15:29:54 2008 => Scanning File C:\WINDOWS\system32\MSADODC.OCX Wed Apr 02 15:29:55 2008 => Scanning File C:\WINDOWS\system32\msadp32.acm Wed Apr 02 15:29:55 2008 => Scanning File C:\WINDOWS\system32\msafd.dll Wed Apr 02 15:29:55 2008 => Scanning File C:\WINDOWS\system32\msapsspc.dll Wed Apr 02 15:29:55 2008 => Scanning File C:\WINDOWS\system32\msasn1.dll Wed Apr 02 15:29:55 2008 => Scanning File C:\WINDOWS\system32\msaud32.acm Wed Apr 02 15:29:55 2008 => Scanning File C:\WINDOWS\system32\msaudite.dll Wed Apr 02 15:29:55 2008 => Scanning File C:\WINDOWS\system32\msawt.dll Wed Apr 02 15:29:56 2008 => Scanning File C:\WINDOWS\system32\mscat32.dll Wed Apr 02 15:29:56 2008 => Scanning File C:\WINDOWS\system32\mscdexnt.exe Wed Apr 02 15:29:56 2008 => Scanning File C:\WINDOWS\system32\mscms.dll Wed Apr 02 15:29:56 2008 => Scanning File C:\WINDOWS\system32\mscomct2.ocx Wed Apr 02 15:29:56 2008 => Scanning File C:\WINDOWS\system32\MSCOMCTL.OCX Wed Apr 02 15:29:56 2008 => Scanning File C:\WINDOWS\system32\msconf.dll Wed Apr 02 15:29:56 2008 => Scanning File C:\WINDOWS\system32\mscoree.dll Wed Apr 02 15:29:57 2008 => Scanning File C:\WINDOWS\system32\mscorier.dll Wed Apr 02 15:29:57 2008 => Scanning File C:\WINDOWS\system32\mscories.dll Wed Apr 02 15:29:57 2008 => Scanning File C:\WINDOWS\system32\mscpx32r.dLL Wed Apr 02 15:29:57 2008 => Scanning File C:\WINDOWS\system32\mscpxl32.dLL Wed Apr 02 15:29:57 2008 => Scanning File C:\WINDOWS\system32\MSCTF.dll Wed Apr 02 15:29:57 2008 => Scanning File C:\WINDOWS\system32\MSCTFIME.IME Wed Apr 02 15:29:57 2008 => Scanning File C:\WINDOWS\system32\MSCTFP.dll Wed Apr 02 15:29:57 2008 => Scanning File C:\WINDOWS\system32\msdadiag.dll Wed Apr 02 15:29:57 2008 => Scanning File C:\WINDOWS\system32\msdart.dll Wed Apr 02 15:29:58 2008 => Scanning File C:\WINDOWS\system32\MSDATGRD.OCX Wed Apr 02 15:29:58 2008 => Scanning File C:\WINDOWS\system32\msdatsrc.tlb Wed Apr 02 15:29:58 2008 => Scanning File C:\WINDOWS\system32\msdayi.tbl Wed Apr 02 15:29:58 2008 => Scanning File C:\WINDOWS\system32\msdelta.dll Wed Apr 02 15:29:58 2008 => Scanning File C:\WINDOWS\system32\msdmo.dll Wed Apr 02 15:29:58 2008 => Scanning File C:\WINDOWS\system32\msdtc.exe Wed Apr 02 15:29:58 2008 => Scanning File C:\WINDOWS\system32\msdtclog.dll Wed Apr 02 15:29:59 2008 => Scanning File C:\WINDOWS\system32\msdtcprf.h Wed Apr 02 15:29:59 2008 => Scanning File C:\WINDOWS\system32\msdtcprf.ini Wed Apr 02 15:29:59 2008 => Scanning File C:\WINDOWS\system32\msdtcprx.dll Wed Apr 02 15:29:59 2008 => Scanning File C:\WINDOWS\system32\msdtctm.dll Wed Apr 02 15:29:59 2008 => Scanning File C:\WINDOWS\system32\msdtcuiu.dll Wed Apr 02 15:30:00 2008 => Scanning File C:\WINDOWS\system32\msdvdopt.dll Wed Apr 02 15:30:00 2008 => Scanning File C:\WINDOWS\system32\msdxm.ocx Wed Apr 02 15:30:00 2008 => Scanning File C:\WINDOWS\system32\msdxmlc.dll Wed Apr 02 15:30:00 2008 => Scanning File C:\WINDOWS\system32\msencode.dll Wed Apr 02 15:30:00 2008 => Scanning File C:\WINDOWS\system32\msexch40.dll Wed Apr 02 15:30:01 2008 => Scanning File C:\WINDOWS\system32\msexcl40.dll Wed Apr 02 15:30:01 2008 => Scanning File C:\WINDOWS\system32\msfeeds.dll Wed Apr 02 15:30:01 2008 => Scanning File C:\WINDOWS\system32\msfeedsbs.dll Wed Apr 02 15:30:01 2008 => Scanning File C:\WINDOWS\system32\msfeedssync.exe Wed Apr 02 15:30:01 2008 => Scanning File C:\WINDOWS\system32\msftedit.dll Wed Apr 02 15:30:02 2008 => Scanning File C:\WINDOWS\system32\msg.exe Wed Apr 02 15:30:02 2008 => Scanning File C:\WINDOWS\system32\msg711.acm Wed Apr 02 15:30:02 2008 => Scanning File C:\WINDOWS\system32\msg723.acm Wed Apr 02 15:30:02 2008 => Scanning File C:\WINDOWS\system32\msgina.dll Wed Apr 02 15:30:02 2008 => Scanning File C:\WINDOWS\system32\msgsm32.acm Wed Apr 02 15:30:02 2008 => Scanning File C:\WINDOWS\system32\msgsvc.dll Wed Apr 02 15:30:02 2008 => Scanning File C:\WINDOWS\system32\msh261.drv Wed Apr 02 15:30:02 2008 => Scanning File C:\WINDOWS\system32\msh263.drv Wed Apr 02 15:30:03 2008 => Scanning File C:\WINDOWS\system32\mshta.exe Wed Apr 02 15:30:03 2008 => Scanning File C:\WINDOWS\system32\mshtml(2).dll Wed Apr 02 15:30:03 2008 => Scanning File C:\WINDOWS\system32\mshtml.dll Wed Apr 02 15:30:04 2008 => Scanning File C:\WINDOWS\system32\mshtml.tlb Wed Apr 02 15:30:06 2008 => Scanning File C:\WINDOWS\system32\mshtmled.dll Wed Apr 02 15:30:06 2008 => Scanning File C:\WINDOWS\system32\mshtmler.dll Wed Apr 02 15:30:06 2008 => Scanning File C:\WINDOWS\system32\msi.dll Wed Apr 02 15:30:07 2008 => Scanning File C:\WINDOWS\system32\msident.dll Wed Apr 02 15:30:07 2008 => Scanning File C:\WINDOWS\system32\msidle.dll Wed Apr 02 15:30:07 2008 => Scanning File C:\WINDOWS\system32\msidntld.dll Wed Apr 02 15:30:07 2008 => Scanning File C:\WINDOWS\system32\msieftp.dll Wed Apr 02 15:30:07 2008 => Scanning File C:\WINDOWS\system32\msiexec.exe Wed Apr 02 15:30:07 2008 => Scanning File C:\WINDOWS\system32\msihnd.dll Wed Apr 02 15:30:07 2008 => Scanning File C:\WINDOWS\system32\msimg32.dll Wed Apr 02 15:30:07 2008 => Scanning File C:\WINDOWS\system32\msimsg.dll Wed Apr 02 15:30:09 2008 => Scanning File C:\WINDOWS\system32\MSIMTF.dll Wed Apr 02 15:30:09 2008 => Scanning File C:\WINDOWS\system32\msir3jp.dll Wed Apr 02 15:30:10 2008 => Scanning File C:\WINDOWS\system32\msir3jp.lex Wed Apr 02 15:30:10 2008 => Scanning File C:\WINDOWS\system32\msiregmv.exe Wed Apr 02 15:30:10 2008 => Scanning File C:\WINDOWS\system32\msisam11.dll Wed Apr 02 15:30:10 2008 => Scanning File C:\WINDOWS\system32\msisip.dll Wed Apr 02 15:30:10 2008 => Scanning File C:\WINDOWS\system32\msjava.dll Wed Apr 02 15:30:11 2008 => Scanning File C:\WINDOWS\system32\msjdbc10.dll Wed Apr 02 15:30:11 2008 => Scanning File C:\WINDOWS\system32\msjet40.dll Wed Apr 02 15:30:11 2008 => Scanning File C:\WINDOWS\system32\msjetoledb40.dll Wed Apr 02 15:30:11 2008 => Scanning File C:\WINDOWS\system32\msjint40.dll Wed Apr 02 15:30:12 2008 => Scanning File C:\WINDOWS\system32\msjter40.dll Wed Apr 02 15:30:12 2008 => Scanning File C:\WINDOWS\system32\msjtes40.dll Wed Apr 02 15:30:12 2008 => Scanning File C:\WINDOWS\system32\mslbui.dll Wed Apr 02 15:30:12 2008 => Scanning File C:\WINDOWS\system32\MSLS2.DLL Wed Apr 02 15:30:12 2008 => Scanning File C:\WINDOWS\system32\msls31.dll Wed Apr 02 15:30:12 2008 => Scanning File C:\WINDOWS\system32\msltus40.dll Wed Apr 02 15:30:13 2008 => Scanning File C:\WINDOWS\system32\msmask32.ocx Wed Apr 02 15:30:13 2008 => Scanning File C:\WINDOWS\system32\msnetobj.dll Wed Apr 02 15:30:13 2008 => Scanning File C:\WINDOWS\system32\msnsspc.dll Wed Apr 02 15:30:13 2008 => Scanning File C:\WINDOWS\system32\msobjs.dll Wed Apr 02 15:30:13 2008 => Scanning File C:\WINDOWS\system32\msoeacct.dll Wed Apr 02 15:30:14 2008 => Scanning File C:\WINDOWS\system32\msoert2.dll Wed Apr 02 15:30:14 2008 => Scanning File C:\WINDOWS\system32\msorc32r.dll Wed Apr 02 15:30:14 2008 => Scanning File C:\WINDOWS\system32\msorcl32.dll Wed Apr 02 15:30:14 2008 => Scanning File C:\WINDOWS\system32\mspatcha.dll Wed Apr 02 15:30:14 2008 => Scanning File C:\WINDOWS\system32\mspbde40.dll Wed Apr 02 15:30:14 2008 => Scanning File C:\WINDOWS\system32\mspmsnsv.dll Wed Apr 02 15:30:15 2008 => Scanning File C:\WINDOWS\system32\mspmsp.dll Wed Apr 02 15:30:15 2008 => Scanning File C:\WINDOWS\system32\mspmspsv.dll Wed Apr 02 15:30:15 2008 => Scanning File C:\WINDOWS\system32\msports.dll Wed Apr 02 15:30:15 2008 => Scanning File C:\WINDOWS\system32\msprivs.dll Wed Apr 02 15:30:15 2008 => Scanning File C:\WINDOWS\system32\MSPRPFR.DLL Wed Apr 02 15:30:15 2008 => Scanning File C:\WINDOWS\system32\msr2c.dll Wed Apr 02 15:30:15 2008 => Scanning File C:\WINDOWS\system32\msr2cenu.dll Wed Apr 02 15:30:15 2008 => Scanning File C:\WINDOWS\system32\msratelc.dll Wed Apr 02 15:30:15 2008 => Scanning File C:\WINDOWS\system32\msrating.dll Wed Apr 02 15:30:16 2008 => Scanning File C:\WINDOWS\system32\msrclr40.dll Wed Apr 02 15:30:16 2008 => Scanning File C:\WINDOWS\system32\msrd2x40.dll Wed Apr 02 15:30:16 2008 => Scanning File C:\WINDOWS\system32\msrd3x40.dll Wed Apr 02 15:30:16 2008 => Scanning File C:\WINDOWS\system32\MSRDO20.DLL Wed Apr 02 15:30:16 2008 => Scanning File C:\WINDOWS\system32\MSRECR40.DLL Wed Apr 02 15:30:16 2008 => Scanning File C:\WINDOWS\system32\msrepl40.dll Wed Apr 02 15:30:17 2008 => Scanning File C:\WINDOWS\system32\msrle32.dll Wed Apr 02 15:30:17 2008 => Scanning File C:\WINDOWS\system32\MSRTEDIT.DLL Wed Apr 02 15:30:17 2008 => Scanning File C:\WINDOWS\system32\mssap.dll Wed Apr 02 15:30:17 2008 => Scanning File C:\WINDOWS\system32\msscds32.ax Wed Apr 02 15:30:17 2008 => Scanning File C:\WINDOWS\system32\msscp.dll Wed Apr 02 15:30:17 2008 => Scanning File C:\WINDOWS\system32\msscript.ocx Wed Apr 02 15:30:18 2008 => Scanning File C:\WINDOWS\system32\mssecadv.dll Wed Apr 02 15:30:18 2008 => Scanning File C:\WINDOWS\system32\mssign32.dll Wed Apr 02 15:30:18 2008 => Scanning File C:\WINDOWS\system32\mssip32.dll Wed Apr 02 15:30:18 2008 => Scanning File C:\WINDOWS\system32\msstdfmt.dll Wed Apr 02 15:30:18 2008 => Scanning File C:\WINDOWS\system32\MSSTKPRP.DLL Wed Apr 02 15:30:18 2008 => Scanning File C:\WINDOWS\system32\msswch.dll Wed Apr 02 15:30:18 2008 => Scanning File C:\WINDOWS\system32\msswchx.exe Wed Apr 02 15:30:18 2008 => Scanning File C:\WINDOWS\system32\mstask.dll Wed Apr 02 15:30:19 2008 => Scanning File C:\WINDOWS\system32\mstext40.dll Wed Apr 02 15:30:19 2008 => Scanning File C:\WINDOWS\system32\mstime.dll Wed Apr 02 15:30:19 2008 => Scanning File C:\WINDOWS\system32\mstinit.exe Wed Apr 02 15:30:19 2008 => Scanning File C:\WINDOWS\system32\mstlsapi.dll Wed Apr 02 15:30:19 2008 => Scanning File C:\WINDOWS\system32\mstsc.exe Wed Apr 02 15:30:19 2008 => Scanning File C:\WINDOWS\system32\mstscax.dll Wed Apr 02 15:30:20 2008 => Scanning File C:\WINDOWS\system32\mstvca.dll Wed Apr 02 15:30:20 2008 => Scanning File C:\WINDOWS\system32\mstvgs.dll Wed Apr 02 15:30:20 2008 => Scanning File C:\WINDOWS\system32\msuni11.dll Wed Apr 02 15:30:20 2008 => Scanning File C:\WINDOWS\system32\msutb.dll Wed Apr 02 15:30:20 2008 => Scanning File C:\WINDOWS\system32\msv1_0.dll Wed Apr 02 15:30:21 2008 => Scanning File C:\WINDOWS\system32\msvbvm50.dll Wed Apr 02 15:30:21 2008 => Scanning File C:\WINDOWS\system32\msvbvm60.dll Wed Apr 02 15:30:22 2008 => Scanning File C:\WINDOWS\system32\msvci70.dll Wed Apr 02 15:30:22 2008 => Scanning File C:\WINDOWS\system32\msvcirt.dll Wed Apr 02 15:30:22 2008 => Scanning File C:\WINDOWS\system32\msvcp50.dll Wed Apr 02 15:30:22 2008 => Scanning File C:\WINDOWS\system32\msvcp60.dll Wed Apr 02 15:30:22 2008 => Scanning File C:\WINDOWS\system32\msvcp70.dll Wed Apr 02 15:30:22 2008 => Scanning File C:\WINDOWS\system32\msvcp71.dll Wed Apr 02 15:30:23 2008 => Scanning File C:\WINDOWS\system32\msvcr70.dll Wed Apr 02 15:30:23 2008 => Scanning File C:\WINDOWS\system32\msvcr71.dll Wed Apr 02 15:30:23 2008 => Scanning File C:\WINDOWS\system32\msvcrt.dll Wed Apr 02 15:30:23 2008 => Scanning File C:\WINDOWS\system32\msvcrt20.dll Wed Apr 02 15:30:23 2008 => Scanning File C:\WINDOWS\system32\msvcrt40.dll Wed Apr 02 15:30:23 2008 => Scanning File C:\WINDOWS\system32\msvfw32.dll Wed Apr 02 15:30:24 2008 => Scanning File C:\WINDOWS\system32\msvidc32.dll Wed Apr 02 15:30:24 2008 => Scanning File C:\WINDOWS\system32\msvidctl.dll Wed Apr 02 15:30:24 2008 => Scanning File C:\WINDOWS\system32\msvideo.dll Wed Apr 02 15:30:24 2008 => Scanning File C:\WINDOWS\system32\msw3prt.dll Wed Apr 02 15:30:24 2008 => Scanning File C:\WINDOWS\system32\mswdat10.dll Wed Apr 02 15:30:25 2008 => Scanning File C:\WINDOWS\system32\mswebdvd.dll Wed Apr 02 15:30:25 2008 => Scanning File C:\WINDOWS\system32\MSWINSCK.OCX Wed Apr 02 15:30:25 2008 => Scanning File C:\WINDOWS\system32\mswmdm.dll Wed Apr 02 15:30:25 2008 => Scanning File C:\WINDOWS\system32\mswsock.dll Wed Apr 02 15:30:25 2008 => Scanning File C:\WINDOWS\system32\mswstr10.dll Wed Apr 02 15:30:25 2008 => Scanning File C:\WINDOWS\system32\msxbde40.dll Wed Apr 02 15:30:26 2008 => Scanning File C:\WINDOWS\system32\msxml.dll Wed Apr 02 15:30:26 2008 => Scanning File C:\WINDOWS\system32\msxml2.dll Wed Apr 02 15:30:26 2008 => Scanning File C:\WINDOWS\system32\msxml2r.dll Wed Apr 02 15:30:26 2008 => Scanning File C:\WINDOWS\system32\msxml3.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\msxml3a.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\msxml3r.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\msxml4.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\msxml4a.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\msxml4r.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\msxml6.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\msxml6r.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\msxmlr.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\msyuv.dll Wed Apr 02 15:30:27 2008 => Scanning File C:\WINDOWS\system32\mtxclu.dll Wed Apr 02 15:30:28 2008 => Scanning File C:\WINDOWS\system32\mtxdm.dll Wed Apr 02 15:30:28 2008 => Scanning File C:\WINDOWS\system32\mtxex.dll Wed Apr 02 15:30:28 2008 => Scanning File C:\WINDOWS\system32\mtxlegih.dll Wed Apr 02 15:30:28 2008 => Scanning File C:\WINDOWS\system32\mtxoci.dll Wed Apr 02 15:30:28 2008 => Scanning File C:\WINDOWS\system32\mtxparhd.dll Wed Apr 02 15:30:28 2008 => Scanning File C:\WINDOWS\system32\mycomput.dll Wed Apr 02 15:30:28 2008 => Scanning File C:\WINDOWS\system32\mydocs.dll Wed Apr 02 15:30:28 2008 => Scanning File C:\WINDOWS\system32\narrator.exe Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\narrhook.dll Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\nbtstat.exe Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\ncobjapi.dll Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\ncpa.cpl Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\ncpa.cpl.manifest Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\ncxpnt.dll Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\nddeapi.dll Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\nddeapir.exe Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\nddenb32.dll Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\ndptsp.tsp Wed Apr 02 15:30:29 2008 => Scanning File C:\WINDOWS\system32\net.exe Wed Apr 02 15:30:30 2008 => Scanning File C:\WINDOWS\system32\net.hlp Wed Apr 02 15:30:30 2008 => Scanning File C:\WINDOWS\system32\net1.exe Wed Apr 02 15:30:30 2008 => Scanning File C:\WINDOWS\system32\netapi.dll Wed Apr 02 15:30:30 2008 => Scanning File C:\WINDOWS\system32\netapi32.dll Wed Apr 02 15:30:30 2008 => Scanning File C:\WINDOWS\system32\netcfgx.dll Wed Apr 02 15:30:30 2008 => Scanning File C:\WINDOWS\system32\netdde.exe Wed Apr 02 15:30:30 2008 => Scanning File C:\WINDOWS\system32\netevent.dll Wed Apr 02 15:30:30 2008 => Scanning File C:\WINDOWS\system32\netfxperf.dll Wed Apr 02 15:30:31 2008 => Scanning File C:\WINDOWS\system32\neth.dll Wed Apr 02 15:30:31 2008 => Scanning File C:\WINDOWS\system32\netid.dll Wed Apr 02 15:30:31 2008 => Scanning File C:\WINDOWS\system32\netlogon.dll Wed Apr 02 15:30:31 2008 => Scanning File C:\WINDOWS\system32\netman.dll Wed Apr 02 15:30:31 2008 => Scanning File C:\WINDOWS\system32\netmsg.dll Wed Apr 02 15:30:31 2008 => Scanning File C:\WINDOWS\system32\netplwiz.dll Wed Apr 02 15:30:32 2008 => Scanning File C:\WINDOWS\system32\netrap.dll Wed Apr 02 15:30:32 2008 => Scanning File C:\WINDOWS\system32\netsetup.cpl Wed Apr 02 15:30:32 2008 => Scanning File C:\WINDOWS\system32\netsetup.exe Wed Apr 02 15:30:33 2008 => Scanning File C:\WINDOWS\system32\netsh.exe Wed Apr 02 15:30:33 2008 => Scanning File C:\WINDOWS\system32\netshell.dll Wed Apr 02 15:30:33 2008 => Scanning File C:\WINDOWS\system32\netstat.exe Wed Apr 02 15:30:33 2008 => Scanning File C:\WINDOWS\system32\netui0.dll Wed Apr 02 15:30:33 2008 => Scanning File C:\WINDOWS\system32\netui1.dll Wed Apr 02 15:30:33 2008 => Scanning File C:\WINDOWS\system32\netui2.dll Wed Apr 02 15:30:34 2008 => Scanning File C:\WINDOWS\system32\newdev.dll Wed Apr 02 15:30:34 2008 => Scanning File C:\WINDOWS\system32\nlhtml.dll Wed Apr 02 15:30:34 2008 => Scanning File C:\WINDOWS\system32\nlsdl.dll Wed Apr 02 15:30:34 2008 => Scanning File C:\WINDOWS\system32\nlsfunc.exe Wed Apr 02 15:30:34 2008 => Scanning File C:\WINDOWS\system32\nmevtmsg.dll Wed Apr 02 15:30:34 2008 => Scanning File C:\WINDOWS\system32\nmmkcert.dll Wed Apr 02 15:30:34 2008 => Scanning File C:\WINDOWS\system32\noise.chs Wed Apr 02 15:30:34 2008 => Scanning File C:\WINDOWS\system32\noise.cht Wed Apr 02 15:30:34 2008 => Scanning File C:\WINDOWS\system32\noise.dat Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.deu Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.eng Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.enu Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.esn Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.fra Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.ita Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.jpn Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.kor Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.nld Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.sve Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\noise.tha Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\normaliz.dll Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\normidna.nls Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\normnfc.nls Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\normnfd.nls Wed Apr 02 15:30:35 2008 => Scanning File C:\WINDOWS\system32\normnfkc.nls Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\normnfkd.nls Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\notepad.exe Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\npptools.dll Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\npwmsdrm.dll Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\nscompat.tlb Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\nslookup.exe Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\ntdll.dll Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\ntdos.sys Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\ntdos404.sys Wed Apr 02 15:30:36 2008 => Scanning File C:\WINDOWS\system32\ntdos411.sys Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntdos412.sys Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntdos804.sys Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntdsapi.dll Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntimage.gif Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntio.sys Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntio404.sys Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntio411.sys Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntio412.sys Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntio804.sys Wed Apr 02 15:30:37 2008 => Scanning File C:\WINDOWS\system32\ntkrnlpa.exe Wed Apr 02 15:30:38 2008 => Scanning File C:\WINDOWS\system32\ntlanman.dll Wed Apr 02 15:30:38 2008 => Scanning File C:\WINDOWS\system32\ntlanui.dll Wed Apr 02 15:30:38 2008 => Scanning File C:\WINDOWS\system32\ntlanui2.dll Wed Apr 02 15:30:38 2008 => Scanning File C:\WINDOWS\system32\ntlsapi.dll Wed Apr 02 15:30:38 2008 => Scanning File C:\WINDOWS\system32\ntmarta.dll Wed Apr 02 15:30:38 2008 => Scanning File C:\WINDOWS\system32\ntmsapi.dll Wed Apr 02 15:30:38 2008 => Scanning File C:\WINDOWS\system32\ntmsdba.dll Wed Apr 02 15:30:39 2008 => Scanning File C:\WINDOWS\system32\ntmsevt.dll Wed Apr 02 15:30:39 2008 => Scanning File C:\WINDOWS\system32\ntmsmgr.dll Wed Apr 02 15:30:39 2008 => Scanning File C:\WINDOWS\system32\ntmsmgr.msc Wed Apr 02 15:30:39 2008 => Scanning File C:\WINDOWS\system32\ntmsoprq.msc Wed Apr 02 15:30:39 2008 => Scanning File C:\WINDOWS\system32\ntmssvc.dll Wed Apr 02 15:30:39 2008 => Scanning File C:\WINDOWS\system32\ntoskrnl.exe Wed Apr 02 15:30:40 2008 => Scanning File C:\WINDOWS\system32\ntprint.dll Wed Apr 02 15:30:40 2008 => Scanning File C:\WINDOWS\system32\ntsd.exe Wed Apr 02 15:30:40 2008 => Scanning File C:\WINDOWS\system32\ntsdexts.dll Wed Apr 02 15:30:40 2008 => Scanning File C:\WINDOWS\system32\ntshrui.dll Wed Apr 02 15:30:41 2008 => Scanning File C:\WINDOWS\system32\ntvdm.exe Wed Apr 02 15:30:41 2008 => Scanning File C:\WINDOWS\system32\ntvdmd.dll Wed Apr 02 15:30:41 2008 => Scanning File C:\WINDOWS\system32\nusrmgr.cpl Wed Apr 02 15:30:41 2008 => Scanning File C:\WINDOWS\system32\nv4_disp.dll Wed Apr 02 15:30:41 2008 => Scanning File C:\WINDOWS\system32\nwc.cpl.manifest Wed Apr 02 15:30:41 2008 => Scanning File C:\WINDOWS\system32\nwprovau.dll Wed Apr 02 15:30:42 2008 => Scanning File C:\WINDOWS\system32\oakley.dll Wed Apr 02 15:30:42 2008 => Scanning File C:\WINDOWS\system32\objsel.dll Wed Apr 02 15:30:42 2008 => Scanning File C:\WINDOWS\system32\occache.dll Wed Apr 02 15:30:42 2008 => Scanning File C:\WINDOWS\system32\ocmanage.dll Wed Apr 02 15:30:42 2008 => Scanning File C:\WINDOWS\system32\odbc16gt.dll Wed Apr 02 15:30:42 2008 => Scanning File C:\WINDOWS\system32\odbc32(2).dll Wed Apr 02 15:30:42 2008 => Scanning File C:\WINDOWS\system32\odbc32.dll Wed Apr 02 15:30:43 2008 => Scanning File C:\WINDOWS\system32\odbc32gt.dll Wed Apr 02 15:30:43 2008 => Scanning File C:\WINDOWS\system32\odbcad32.exe Wed Apr 02 15:30:43 2008 => Scanning File C:\WINDOWS\system32\odbcbcp.dll Wed Apr 02 15:30:43 2008 => Scanning File C:\WINDOWS\system32\odbcconf.dll Wed Apr 02 15:30:43 2008 => Scanning File C:\WINDOWS\system32\odbcconf.exe Wed Apr 02 15:30:43 2008 => Scanning File C:\WINDOWS\system32\odbcconf.rsp Wed Apr 02 15:30:43 2008 => Scanning File C:\WINDOWS\system32\odbccp32.cpl Wed Apr 02 15:30:43 2008 => Scanning File C:\WINDOWS\system32\odbccp32.dll Wed Apr 02 15:30:43 2008 => Scanning File C:\WINDOWS\system32\odbccr32.dll Wed Apr 02 15:30:44 2008 => Scanning File C:\WINDOWS\system32\odbccu32.dll Wed Apr 02 15:30:44 2008 => Scanning File C:\WINDOWS\system32\odbcint.dll Wed Apr 02 15:30:44 2008 => Scanning File C:\WINDOWS\system32\odbcji32.dll Wed Apr 02 15:30:44 2008 => Scanning File C:\WINDOWS\system32\odbcjt32.dll Wed Apr 02 15:30:44 2008 => Scanning File C:\WINDOWS\system32\odbcp32r.dll Wed Apr 02 15:30:44 2008 => Scanning File C:\WINDOWS\system32\odbctrac.dll Wed Apr 02 15:30:44 2008 => Scanning File C:\WINDOWS\system32\oddbse32.dll Wed Apr 02 15:30:44 2008 => Scanning File C:\WINDOWS\system32\odexl32.dll Wed Apr 02 15:30:44 2008 => Scanning File C:\WINDOWS\system32\odfox32.dll Wed Apr 02 15:30:45 2008 => Scanning File C:\WINDOWS\system32\odpdx32.dll Wed Apr 02 15:30:45 2008 => Scanning File C:\WINDOWS\system32\odtext32.dll Wed Apr 02 15:30:45 2008 => *** File C:\WINDOWS\system32\oembios.bin having Size Restriction *** Wed Apr 02 15:30:45 2008 => Scanning File C:\WINDOWS\system32\oembios.bin [**] Wed Apr 02 15:30:45 2008 => Scanning File C:\WINDOWS\system32\oembios.dat Wed Apr 02 15:30:45 2008 => Scanning File C:\WINDOWS\system32\oembios.sig Wed Apr 02 15:30:45 2008 => Scanning File C:\WINDOWS\system32\offfilt.dll Wed Apr 02 15:30:45 2008 => Scanning File C:\WINDOWS\system32\OGACheckControl.DLL Wed Apr 02 15:30:45 2008 => Scanning File C:\WINDOWS\system32\ole2.dll Wed Apr 02 15:30:45 2008 => Scanning File C:\WINDOWS\system32\ole2disp.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\ole2nls.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\ole32.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\oleacc.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\oleaccrc.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\oleaut32.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\olecli.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\olecli32.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\olecnv32.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\oledlg.dll Wed Apr 02 15:30:46 2008 => Scanning File C:\WINDOWS\system32\oleprn.dll Wed Apr 02 15:30:47 2008 => Scanning File C:\WINDOWS\system32\olepro32.dll Wed Apr 02 15:30:47 2008 => Scanning File C:\WINDOWS\system32\olesvr.dll Wed Apr 02 15:30:47 2008 => Scanning File C:\WINDOWS\system32\olesvr32.dll Wed Apr 02 15:30:47 2008 => Scanning File C:\WINDOWS\system32\olethk32.dll Wed Apr 02 15:30:47 2008 => Scanning File C:\WINDOWS\system32\opengl32.dll Wed Apr 02 15:30:47 2008 => Scanning File C:\WINDOWS\system32\osk.exe Wed Apr 02 15:30:48 2008 => Scanning File C:\WINDOWS\system32\osuninst.dll Wed Apr 02 15:30:48 2008 => Scanning File C:\WINDOWS\system32\osuninst.exe Wed Apr 02 15:30:48 2008 => Scanning File C:\WINDOWS\system32\OUTLWAB.DLL Wed Apr 02 15:30:48 2008 => Scanning File C:\WINDOWS\system32\p2p.dll Wed Apr 02 15:30:48 2008 => Scanning File C:\WINDOWS\system32\p2pgasvc.dll Wed Apr 02 15:30:48 2008 => Scanning File C:\WINDOWS\system32\p2pgraph.dll Wed Apr 02 15:30:48 2008 => Scanning File C:\WINDOWS\system32\p2pnetsh.dll Wed Apr 02 15:30:48 2008 => Scanning File C:\WINDOWS\system32\p2psvc.dll Wed Apr 02 15:30:49 2008 => Scanning File C:\WINDOWS\system32\packager.exe Wed Apr 02 15:30:49 2008 => Scanning File C:\WINDOWS\system32\panmap.dll Wed Apr 02 15:30:49 2008 => Scanning File C:\WINDOWS\system32\paqsp.dll Wed Apr 02 15:30:49 2008 => Scanning File C:\WINDOWS\system32\patchver.txt Wed Apr 02 15:30:49 2008 => Scanning File C:\WINDOWS\system32\pathping.exe Wed Apr 02 15:30:49 2008 => Scanning File C:\WINDOWS\system32\pautoenr.dll Wed Apr 02 15:30:49 2008 => Scanning File C:\WINDOWS\system32\PCANDIS5.SYS Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\PCDLIB32.DLL Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\pcl.sep Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\pdh.dll Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\pentnt.exe Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\perfci.h Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\perfci.ini Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\perfctrs.dll Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\perfd009.dat Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\perfd00C.dat Wed Apr 02 15:30:50 2008 => Scanning File C:\WINDOWS\system32\perfdisk.dll Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perffilt.h Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perffilt.ini Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perfi009.dat Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perfi00C.dat Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perfmon.exe Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perfmon.msc Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perfnet.dll Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perfos.dll Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perfproc.dll Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\PerfStringBackup.INI Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\PerfStringBackup.TMP Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perfts.dll Wed Apr 02 15:30:51 2008 => Scanning File C:\WINDOWS\system32\perfwci.h Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\perfwci.ini Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\phon.ime Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\phon.tbl Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\phoncode.tbl Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\phonptr.tbl Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\photowiz.dll Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\PICEntry.dll Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\picn20.dll Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\PICSDK.dll Wed Apr 02 15:30:52 2008 => Scanning File C:\WINDOWS\system32\PICSDK.ini Wed Apr 02 15:30:53 2008 => Scanning File C:\WINDOWS\system32\PICSDK2.dll Wed Apr 02 15:30:53 2008 => Scanning File C:\WINDOWS\system32\pid.dll Wed Apr 02 15:30:53 2008 => Scanning File C:\WINDOWS\system32\pidgen.dll Wed Apr 02 15:30:53 2008 => Scanning File C:\WINDOWS\system32\pifmgr.dll Wed Apr 02 15:30:53 2008 => Scanning File C:\WINDOWS\system32\ping.exe Wed Apr 02 15:30:53 2008 => Scanning File C:\WINDOWS\system32\ping6.exe Wed Apr 02 15:30:53 2008 => Scanning File C:\WINDOWS\system32\pjlmon.dll Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\plustab.dll Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\pmspl.dll Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\pngfilt.dll Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\pnrpnsp.dll Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\polstore.dll Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\popupblocker231.ico Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\PortableDeviceApi.dll Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\PortableDeviceClassExtension.dll Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\PortableDeviceTypes.dll Wed Apr 02 15:30:54 2008 => Scanning File C:\WINDOWS\system32\PortableDeviceWiaCompat.dll Wed Apr 02 15:30:55 2008 => Scanning File C:\WINDOWS\system32\PortableDeviceWMDRM.dll Wed Apr 02 15:30:55 2008 => Scanning File C:\WINDOWS\system32\powercfg.cpl Wed Apr 02 15:30:55 2008 => Scanning File C:\WINDOWS\system32\powercfg.exe Wed Apr 02 15:30:55 2008 => Scanning File C:\WINDOWS\system32\powrprof.dll Wed Apr 02 15:30:55 2008 => Scanning File C:\WINDOWS\system32\prc.nls Wed Apr 02 15:30:55 2008 => Scanning File C:\WINDOWS\system32\prcp.nls Wed Apr 02 15:30:55 2008 => Scanning File C:\WINDOWS\system32\prflbmsg.dll Wed Apr 02 15:30:55 2008 => Scanning File C:\WINDOWS\system32\print.exe Wed Apr 02 15:30:55 2008 => Scanning File C:\WINDOWS\system32\printui.dll Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\proctexe.ocx Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\prodspec.ini Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\profmap.dll Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\progman.exe Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\proquota.exe Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\proxycfg.exe Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\psapi.dll Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\psbase.dll Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\pschdcnt.h Wed Apr 02 15:30:56 2008 => Scanning File C:\WINDOWS\system32\pschdprf.dll Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\pschdprf.ini Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\pscript.sep Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\psnppagn.dll Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\pstorec.dll Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\pstorsvc.dll Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\ptpusb.dll Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\ptpusd.dll Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\PUB3BRSH.ANI Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\PUBDLG.DLL Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\pubprn.vbs Wed Apr 02 15:30:57 2008 => Scanning File C:\WINDOWS\system32\px.dll Wed Apr 02 15:30:58 2008 => Scanning File C:\WINDOWS\system32\PxCpyA64.exe Wed Apr 02 15:30:58 2008 => Scanning File C:\WINDOWS\system32\PxCpyI64.exe Wed Apr 02 15:30:58 2008 => Scanning File C:\WINDOWS\system32\pxdrv.dll Wed Apr 02 15:30:58 2008 => Scanning File C:\WINDOWS\system32\pxhpinst.exe Wed Apr 02 15:30:58 2008 => Scanning File C:\WINDOWS\system32\PxInsA64.exe Wed Apr 02 15:30:58 2008 => Scanning File C:\WINDOWS\system32\PxInsI64.exe Wed Apr 02 15:30:59 2008 => Scanning File C:\WINDOWS\system32\pxmas.dll Wed Apr 02 15:30:59 2008 => Scanning File C:\WINDOWS\system32\pxsfs.dll Wed Apr 02 15:30:59 2008 => Scanning File C:\WINDOWS\system32\pxwave.dll Wed Apr 02 15:31:00 2008 => Scanning File C:\WINDOWS\system32\qappsrv.exe Wed Apr 02 15:31:00 2008 => Scanning File C:\WINDOWS\system32\qasf.dll Wed Apr 02 15:31:00 2008 => Scanning File C:\WINDOWS\system32\qcap.dll Wed Apr 02 15:31:00 2008 => Scanning File C:\WINDOWS\system32\qcut.dll Wed Apr 02 15:31:00 2008 => Scanning File C:\WINDOWS\system32\qdv.dll Wed Apr 02 15:31:00 2008 => Scanning File C:\WINDOWS\system32\qdvd.dll Wed Apr 02 15:31:01 2008 => Scanning File C:\WINDOWS\system32\qedit.dll Wed Apr 02 15:31:01 2008 => Scanning File C:\WINDOWS\system32\qedwipes.dll Wed Apr 02 15:31:02 2008 => Scanning File C:\WINDOWS\system32\qmgr.dll Wed Apr 02 15:31:02 2008 => Scanning File C:\WINDOWS\system32\qmgrprxy.dll Wed Apr 02 15:31:02 2008 => Scanning File C:\WINDOWS\system32\qosname.dll Wed Apr 02 15:31:02 2008 => Scanning File C:\WINDOWS\system32\qprocess.exe Wed Apr 02 15:31:02 2008 => Scanning File C:\WINDOWS\system32\qt-dx331.dll Wed Apr 02 15:31:03 2008 => Scanning File C:\WINDOWS\system32\quartz.dll Wed Apr 02 15:31:03 2008 => Scanning File C:\WINDOWS\system32\quartz.vxd Wed Apr 02 15:31:03 2008 => Scanning File C:\WINDOWS\system32\query.dll Wed Apr 02 15:31:03 2008 => Scanning File C:\WINDOWS\system32\quick.ime Wed Apr 02 15:31:03 2008 => Scanning File C:\WINDOWS\system32\QuickTime.qtp Wed Apr 02 15:31:03 2008 => Scanning File C:\WINDOWS\system32\qwinsta.exe Wed Apr 02 15:31:03 2008 => Scanning File C:\WINDOWS\system32\Raccourci vers notepad.exe.lnk Wed Apr 02 15:31:03 2008 => Scanning File C:\WINDOWS\system32\racpldlg.dll Wed Apr 02 15:31:03 2008 => Scanning File C:\WINDOWS\system32\rasadhlp.dll Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasapi32.dll Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasauto.dll Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasautou.exe Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\raschap.dll Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasctrnm.h Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasctrs.dll Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasctrs.ini Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasdial.exe Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasdlg.dll Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasman.dll Wed Apr 02 15:31:04 2008 => Scanning File C:\WINDOWS\system32\rasmans.dll Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rasmontr.dll Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rasmxs.dll Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rasphone.exe Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rasppp.dll Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rasrad.dll Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rassapi.dll Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rasser.dll Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rastapi.dll Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rastls.dll Wed Apr 02 15:31:05 2008 => Scanning File C:\WINDOWS\system32\rcbdyctl.dll Wed Apr 02 15:31:06 2008 => Scanning File C:\WINDOWS\system32\rcimlby.exe Wed Apr 02 15:31:06 2008 => Scanning File C:\WINDOWS\system32\rcp.exe Wed Apr 02 15:31:06 2008 => Scanning File C:\WINDOWS\system32\rdchost.dll Wed Apr 02 15:31:06 2008 => Scanning File C:\WINDOWS\system32\RDOCURS.DLL Wed Apr 02 15:31:06 2008 => Scanning File C:\WINDOWS\system32\rdpcfgex.dll Wed Apr 02 15:31:06 2008 => Scanning File C:\WINDOWS\system32\rdpclip.exe Wed Apr 02 15:31:06 2008 => Scanning File C:\WINDOWS\system32\rdpdd.dll Wed Apr 02 15:31:06 2008 => Scanning File C:\WINDOWS\system32\rdpsnd.dll Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\rdpwsx.dll Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\rdsaddin.exe Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\rdshost.exe Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\recover.exe Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\redir.exe Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\reg.exe Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\regapi.dll Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\regedt32.exe Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\regini.exe Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\regsvc.dll Wed Apr 02 15:31:07 2008 => Scanning File C:\WINDOWS\system32\regsvr32.exe Wed Apr 02 15:31:08 2008 => Scanning File C:\WINDOWS\system32\regwiz.exe Wed Apr 02 15:31:08 2008 => Scanning File C:\WINDOWS\system32\regwizc.dll Wed Apr 02 15:31:08 2008 => Scanning File C:\WINDOWS\system32\remotepg.dll Wed Apr 02 15:31:08 2008 => Scanning File C:\WINDOWS\system32\remotesp.tsp Wed Apr 02 15:31:08 2008 => Scanning File C:\WINDOWS\system32\rend.dll Wed Apr 02 15:31:08 2008 => Scanning File C:\WINDOWS\system32\replace.exe Wed Apr 02 15:31:08 2008 => Scanning File C:\WINDOWS\system32\reset.exe Wed Apr 02 15:31:08 2008 => Scanning File C:\WINDOWS\system32\resutils.dll Wed Apr 02 15:31:08 2008 => Scanning File C:\WINDOWS\system32\rexec.exe Wed Apr 02 15:31:09 2008 => Scanning File C:\WINDOWS\system32\riched20.dll Wed Apr 02 15:31:09 2008 => Scanning File C:\WINDOWS\system32\riched32.dll Wed Apr 02 15:31:09 2008 => Scanning File C:\WINDOWS\system32\Richtx32.ocx Wed Apr 02 15:31:09 2008 => Scanning File C:\WINDOWS\system32\river.log Wed Apr 02 15:31:09 2008 => Scanning File C:\WINDOWS\system32\rnaph.dll [**] Wed Apr 02 15:31:09 2008 => Scanning File C:\WINDOWS\system32\rnr20.dll Wed Apr 02 15:31:09 2008 => Scanning File C:\WINDOWS\system32\Roboex32.dll Wed Apr 02 15:31:10 2008 => Scanning File C:\WINDOWS\system32\romanime.ime Wed Apr 02 15:31:10 2008 => Scanning File C:\WINDOWS\system32\route.exe Wed Apr 02 15:31:10 2008 => Scanning File C:\WINDOWS\system32\routemon.exe Wed Apr 02 15:31:10 2008 => Scanning File C:\WINDOWS\system32\routetab.dll Wed Apr 02 15:31:10 2008 => Scanning File C:\WINDOWS\system32\rpcns4.dll Wed Apr 02 15:31:10 2008 => Scanning File C:\WINDOWS\system32\rpcrt4.dll Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rpcss.dll Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsaci.rat Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsaenh.dll Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsh.exe Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rshx32.dll Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsm.exe Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsmps.dll Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsmsink.exe Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsmui.exe Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsvp.exe Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsvp.ini Wed Apr 02 15:31:11 2008 => Scanning File C:\WINDOWS\system32\rsvpcnts.h Wed Apr 02 15:31:12 2008 => Scanning File C:\WINDOWS\system32\rsvpmsg.dll Wed Apr 02 15:31:12 2008 => Scanning File C:\WINDOWS\system32\rsvpperf.dll Wed Apr 02 15:31:12 2008 => Scanning File C:\WINDOWS\system32\rsvpsp.dll Wed Apr 02 15:31:12 2008 => Scanning File C:\WINDOWS\system32\RTCRES.dll Wed Apr 02 15:31:12 2008 => Scanning File C:\WINDOWS\system32\rtcshare.exe Wed Apr 02 15:31:12 2008 => Scanning File C:\WINDOWS\system32\rtipxmib.dll Wed Apr 02 15:31:12 2008 => Scanning File C:\WINDOWS\system32\rtl60.bpl Wed Apr 02 15:31:13 2008 => Scanning File C:\WINDOWS\system32\rtm.dll Wed Apr 02 15:31:13 2008 => Scanning File C:\WINDOWS\system32\rtutils.dll Wed Apr 02 15:31:13 2008 => Scanning File C:\WINDOWS\system32\runas.exe Wed Apr 02 15:31:13 2008 => Scanning File C:\WINDOWS\system32\rundll32.exe Wed Apr 02 15:31:13 2008 => Scanning File C:\WINDOWS\system32\runonce.exe Wed Apr 02 15:31:13 2008 => Scanning File C:\WINDOWS\system32\rwinsta.exe Wed Apr 02 15:31:13 2008 => Scanning File C:\WINDOWS\system32\s3gnb.dll Wed Apr 02 15:31:14 2008 => Scanning File C:\WINDOWS\system32\safrcdlg.dll Wed Apr 02 15:31:14 2008 => Scanning File C:\WINDOWS\system32\safrdm.dll Wed Apr 02 15:31:14 2008 => Scanning File C:\WINDOWS\system32\safrslv.dll Wed Apr 02 15:31:14 2008 => Scanning File C:\WINDOWS\system32\samlib.dll Wed Apr 02 15:31:14 2008 => Scanning File C:\WINDOWS\system32\samsrv.dll Wed Apr 02 15:31:14 2008 => Scanning File C:\WINDOWS\system32\sapi.cpl.manifest Wed Apr 02 15:31:14 2008 => Scanning File C:\WINDOWS\system32\sarehpltba.exe.xpx Wed Apr 02 15:31:14 2008 => Scanning File C:\WINDOWS\system32\savedump.exe Wed Apr 02 15:31:15 2008 => Scanning File C:\WINDOWS\system32\sbe.dll Wed Apr 02 15:31:15 2008 => Scanning File C:\WINDOWS\system32\sbeio.dll Wed Apr 02 15:31:15 2008 => Scanning File C:\WINDOWS\system32\sc.exe Wed Apr 02 15:31:15 2008 => Scanning File C:\WINDOWS\system32\scarddlg.dll Wed Apr 02 15:31:15 2008 => Scanning File C:\WINDOWS\system32\scardssp.dll Wed Apr 02 15:31:15 2008 => Scanning File C:\WINDOWS\system32\scardsvr.exe Wed Apr 02 15:31:15 2008 => Scanning File C:\WINDOWS\system32\sccbase.dll Wed Apr 02 15:31:16 2008 => Scanning File C:\WINDOWS\system32\sccsccp.dll Wed Apr 02 15:31:16 2008 => Scanning File C:\WINDOWS\system32\scecli.dll Wed Apr 02 15:31:16 2008 => Scanning File C:\WINDOWS\system32\scesrv.dll Wed Apr 02 15:31:16 2008 => Scanning File C:\WINDOWS\system32\schannel.dll Wed Apr 02 15:31:16 2008 => Scanning File C:\WINDOWS\system32\schedsvc.dll Wed Apr 02 15:31:16 2008 => Scanning File C:\WINDOWS\system32\sclgntfy.dll Wed Apr 02 15:31:16 2008 => Scanning File C:\WINDOWS\system32\scofr.dll Wed Apr 02 15:31:16 2008 => Scanning File C:\WINDOWS\system32\SCP32.DLL Wed Apr 02 15:31:16 2008 => Scanning File C:\WINDOWS\system32\scredir.dll Wed Apr 02 15:31:17 2008 => Scanning File C:\WINDOWS\system32\scripto.dll Wed Apr 02 15:31:17 2008 => Scanning File C:\WINDOWS\system32\scrnsave.scr Wed Apr 02 15:31:17 2008 => Scanning File C:\WINDOWS\system32\scrobj.dll Wed Apr 02 15:31:17 2008 => Scanning File C:\WINDOWS\system32\scrrnfr.dll Wed Apr 02 15:31:17 2008 => Scanning File C:\WINDOWS\system32\scrrun.dll Wed Apr 02 15:31:17 2008 => Scanning File C:\WINDOWS\system32\scrrun.dll.tmp Wed Apr 02 15:31:17 2008 => Scanning File C:\WINDOWS\system32\sdbinst.exe Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\sdhcinst.dll Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\sdpblb.dll Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\seclogon.dll Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\secupd.dat Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\secupd.sig Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\secur32.dll Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\security.dll Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\sendcmsg.dll Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\sendmail.dll Wed Apr 02 15:31:18 2008 => Scanning File C:\WINDOWS\system32\sens.dll Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\sensapi.dll Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\senscfg.dll Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\serialui.dll Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\servdeps.dll Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\services.exe Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\services.msc Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\serwvdrv.dll Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\sessmgr.exe Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\sethc.exe Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\setup.bmp Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\setup.exe Wed Apr 02 15:31:19 2008 => Scanning File C:\WINDOWS\system32\setupapi.dll Wed Apr 02 15:31:20 2008 => Scanning File C:\WINDOWS\system32\setupdll.dll Wed Apr 02 15:31:20 2008 => Scanning File C:\WINDOWS\system32\setver.exe Wed Apr 02 15:31:20 2008 => Scanning File C:\WINDOWS\system32\sfc.dll Wed Apr 02 15:31:20 2008 => Scanning File C:\WINDOWS\system32\sfc.exe Wed Apr 02 15:31:20 2008 => Scanning File C:\WINDOWS\system32\sfcfiles.dll Wed Apr 02 15:31:20 2008 => Scanning File C:\WINDOWS\system32\sfc_os.dll Wed Apr 02 15:31:20 2008 => Scanning File C:\WINDOWS\system32\sfmapi.dll Wed Apr 02 15:31:20 2008 => Scanning File C:\WINDOWS\system32\shadow.exe Wed Apr 02 15:31:20 2008 => Scanning File C:\WINDOWS\system32\share.exe Wed Apr 02 15:31:21 2008 => Scanning File C:\WINDOWS\system32\shdoclc(2).dll Wed Apr 02 15:31:23 2008 => Scanning File C:\WINDOWS\system32\shdoclc.dll Wed Apr 02 15:31:25 2008 => Scanning File C:\WINDOWS\system32\shdocvw(2).dll Wed Apr 02 15:31:26 2008 => Scanning File C:\WINDOWS\system32\shdocvw.dll Wed Apr 02 15:31:26 2008 => Scanning File C:\WINDOWS\system32\shell.dll Wed Apr 02 15:31:26 2008 => *** File C:\WINDOWS\system32\shell32.dll having Size Restriction *** Wed Apr 02 15:31:26 2008 => Scanning File C:\WINDOWS\system32\shell32.dll [**] Wed Apr 02 15:31:26 2008 => Scanning File C:\WINDOWS\system32\shellstyle.dll Wed Apr 02 15:31:26 2008 => Scanning File C:\WINDOWS\system32\shfolder.dll Wed Apr 02 15:31:26 2008 => Scanning File C:\WINDOWS\system32\shgina.dll Wed Apr 02 15:31:26 2008 => Scanning File C:\WINDOWS\system32\shimeng.dll Wed Apr 02 15:31:26 2008 => Scanning File C:\WINDOWS\system32\shimgvw.dll Wed Apr 02 15:31:26 2008 => Scanning File C:\WINDOWS\system32\shlwapi(2).dll Wed Apr 02 15:31:27 2008 => Scanning File C:\WINDOWS\system32\shlwapi.dll Wed Apr 02 15:31:27 2008 => Scanning File C:\WINDOWS\system32\shmedia.dll Wed Apr 02 15:31:27 2008 => Scanning File C:\WINDOWS\system32\shmgrate.exe Wed Apr 02 15:31:27 2008 => Scanning File C:\WINDOWS\system32\shrpubw.exe Wed Apr 02 15:31:27 2008 => Scanning File C:\WINDOWS\system32\shscrap.dll Wed Apr 02 15:31:27 2008 => Scanning File C:\WINDOWS\system32\shsvcs.dll Wed Apr 02 15:31:27 2008 => Scanning File C:\WINDOWS\system32\shutdown.exe Wed Apr 02 15:31:27 2008 => Scanning File C:\WINDOWS\system32\sigtab.dll Wed Apr 02 15:31:27 2008 => Scanning File C:\WINDOWS\system32\sigverif.exe Wed Apr 02 15:31:28 2008 => Scanning File C:\WINDOWS\system32\simpdata.tlb Wed Apr 02 15:31:28 2008 => Scanning File C:\WINDOWS\system32\simptcp.dll Wed Apr 02 15:31:28 2008 => Scanning File C:\WINDOWS\system32\sisbkup.dll Wed Apr 02 15:31:28 2008 => Scanning File C:\WINDOWS\system32\skdll.dll Wed Apr 02 15:31:28 2008 => Scanning File C:\WINDOWS\system32\skeys.exe Wed Apr 02 15:31:28 2008 => Scanning File C:\WINDOWS\system32\slayerxp.dll Wed Apr 02 15:31:28 2008 => Scanning File C:\WINDOWS\system32\slbcsp.dll Wed Apr 02 15:31:28 2008 => Scanning File C:\WINDOWS\system32\slbiop.dll Wed Apr 02 15:31:28 2008 => Scanning File C:\WINDOWS\system32\slbrccsp.dll Wed Apr 02 15:31:29 2008 => Scanning File C:\WINDOWS\system32\slcoinst.dll Wed Apr 02 15:31:29 2008 => Scanning File C:\WINDOWS\system32\slextspk.dll Wed Apr 02 15:31:29 2008 => Scanning File C:\WINDOWS\system32\slgen.dll Wed Apr 02 15:31:30 2008 => Scanning File C:\WINDOWS\system32\slrundll.exe Wed Apr 02 15:31:30 2008 => Scanning File C:\WINDOWS\system32\slserv.exe Wed Apr 02 15:31:30 2008 => Scanning File C:\WINDOWS\system32\sl_anet.acm Wed Apr 02 15:31:30 2008 => Scanning File C:\WINDOWS\system32\smbinst.exe Wed Apr 02 15:31:30 2008 => Scanning File C:\WINDOWS\system32\smlogcfg.dll Wed Apr 02 15:31:30 2008 => Scanning File C:\WINDOWS\system32\smlogsvc.exe Wed Apr 02 15:31:30 2008 => Scanning File C:\WINDOWS\system32\smss.exe Wed Apr 02 15:31:30 2008 => Scanning File C:\WINDOWS\system32\sndrec32.exe Wed Apr 02 15:31:31 2008 => Scanning File C:\WINDOWS\system32\sndvol32.exe Wed Apr 02 15:31:31 2008 => Scanning File C:\WINDOWS\system32\snmpapi.dll Wed Apr 02 15:31:31 2008 => Scanning File C:\WINDOWS\system32\snmpsnap.dll Wed Apr 02 15:31:31 2008 => Scanning File C:\WINDOWS\system32\softpub.dll Wed Apr 02 15:31:31 2008 => Scanning File C:\WINDOWS\system32\SONYHCY.DLL Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\sort.exe Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\sortkey.nls Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\sorttbls.nls Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\sound.drv Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\spdwnwxp.exe Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\spdwnwxp.log Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\spmsg.dll Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\spnike.dll Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\spnpinst.exe Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\spoolss.dll Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\spoolsv.exe Wed Apr 02 15:31:32 2008 => Scanning File C:\WINDOWS\system32\sprestrt.exe Wed Apr 02 15:31:33 2008 => Scanning File C:\WINDOWS\system32\sprio600.dll Wed Apr 02 15:31:33 2008 => Scanning File C:\WINDOWS\system32\sprio800.dll Wed Apr 02 15:31:33 2008 => Scanning File C:\WINDOWS\system32\spupdsvc.exe Wed Apr 02 15:31:33 2008 => Scanning File C:\WINDOWS\system32\spupdwxp.exe Wed Apr 02 15:31:33 2008 => Scanning File C:\WINDOWS\system32\spupdwxp.log Wed Apr 02 15:31:33 2008 => Scanning File C:\WINDOWS\system32\spxcoins.dll Wed Apr 02 15:31:33 2008 => Scanning File C:\WINDOWS\system32\sqlsodbc.chm Wed Apr 02 15:31:34 2008 => Scanning File C:\WINDOWS\system32\sqlsrv32.dll Wed Apr 02 15:31:34 2008 => Scanning File C:\WINDOWS\system32\sqlsrv32.rll Wed Apr 02 15:31:34 2008 => Scanning File C:\WINDOWS\system32\sqlunirl.dll Wed Apr 02 15:31:35 2008 => Scanning File C:\WINDOWS\system32\sqlwid.dll Wed Apr 02 15:31:35 2008 => Scanning File C:\WINDOWS\system32\sqlwoa.dll Wed Apr 02 15:31:35 2008 => Scanning File C:\WINDOWS\system32\srclient.dll Wed Apr 02 15:31:35 2008 => Scanning File C:\WINDOWS\system32\srrstr.dll Wed Apr 02 15:31:35 2008 => Scanning File C:\WINDOWS\system32\srsvc.dll Wed Apr 02 15:31:35 2008 => Scanning File C:\WINDOWS\system32\srusd.dll Wed Apr 02 15:31:35 2008 => Scanning File C:\WINDOWS\system32\srvsvc.dll Wed Apr 02 15:31:36 2008 => Scanning File C:\WINDOWS\system32\ss3dfo.scr Wed Apr 02 15:31:36 2008 => Scanning File C:\WINDOWS\system32\ssbezier.scr Wed Apr 02 15:31:36 2008 => Scanning File C:\WINDOWS\system32\ssdpapi.dll Wed Apr 02 15:31:36 2008 => Scanning File C:\WINDOWS\system32\ssdpsrv.dll Wed Apr 02 15:31:36 2008 => Scanning File C:\WINDOWS\system32\ssflwbox.scr Wed Apr 02 15:31:37 2008 => Scanning File C:\WINDOWS\system32\ssleay32.dll Wed Apr 02 15:31:37 2008 => Scanning File C:\WINDOWS\system32\ssmarque.scr Wed Apr 02 15:31:37 2008 => Scanning File C:\WINDOWS\system32\ssmypics.scr Wed Apr 02 15:31:37 2008 => Scanning File C:\WINDOWS\system32\ssmyst.scr Wed Apr 02 15:31:37 2008 => Scanning File C:\WINDOWS\system32\sspipes.scr Wed Apr 02 15:31:38 2008 => Scanning File C:\WINDOWS\system32\ssstars.scr Wed Apr 02 15:31:38 2008 => Scanning File C:\WINDOWS\system32\sstext3d.scr Wed Apr 02 15:31:38 2008 => Scanning File C:\WINDOWS\system32\stci.dll Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\stclient.dll Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\stdole2.tlb Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\stdole32.tlb Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\sti.dll Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\stimon.exe Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\sti_ci.dll Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\STKIT432.DLL Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\stobject.dll Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\storage.dll Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\storprop.dll Wed Apr 02 15:31:39 2008 => Scanning File C:\WINDOWS\system32\streamci.dll Wed Apr 02 15:31:40 2008 => Scanning File C:\WINDOWS\system32\strmdll.dll Wed Apr 02 15:31:40 2008 => Scanning File C:\WINDOWS\system32\strmfilt.dll Wed Apr 02 15:31:40 2008 => Scanning File C:\WINDOWS\system32\subst.exe Wed Apr 02 15:31:40 2008 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Apr 02 15:31:40 2008 => Scanning File C:\WINDOWS\system32\svcpack.dll Wed Apr 02 15:31:40 2008 => Scanning File C:\WINDOWS\system32\swprv.dll Wed Apr 02 15:31:40 2008 => Scanning File C:\WINDOWS\system32\sxs.dll Wed Apr 02 15:31:41 2008 => Scanning File C:\WINDOWS\system32\syncapp.exe Wed Apr 02 15:31:41 2008 => Scanning File C:\WINDOWS\system32\synceng.dll Wed Apr 02 15:31:41 2008 => Scanning File C:\WINDOWS\system32\syncui.dll Wed Apr 02 15:31:41 2008 => Scanning File C:\WINDOWS\system32\sysdm.cpl Wed Apr 02 15:31:41 2008 => Scanning File C:\WINDOWS\system32\sysedit.exe Wed Apr 02 15:31:41 2008 => Scanning File C:\WINDOWS\system32\sysinv.dll Wed Apr 02 15:31:41 2008 => Scanning File C:\WINDOWS\system32\syskey.exe Wed Apr 02 15:31:41 2008 => Scanning File C:\WINDOWS\system32\sysmon.ocx Wed Apr 02 15:31:42 2008 => Scanning File C:\WINDOWS\system32\sysocmgr.exe Wed Apr 02 15:31:42 2008 => Scanning File C:\WINDOWS\system32\sysprint.sep Wed Apr 02 15:31:42 2008 => Scanning File C:\WINDOWS\system32\sysprtj.sep Wed Apr 02 15:31:42 2008 => Scanning File C:\WINDOWS\system32\syssetup.dll Wed Apr 02 15:31:42 2008 => Scanning File C:\WINDOWS\system32\system.drv Wed Apr 02 15:31:42 2008 => Scanning File C:\WINDOWS\system32\systray.exe Wed Apr 02 15:31:42 2008 => Scanning File C:\WINDOWS\system32\t2embed.dll Wed Apr 02 15:31:43 2008 => Scanning File C:\WINDOWS\system32\TABCTL32.OCX Wed Apr 02 15:31:43 2008 => Scanning File C:\WINDOWS\system32\tapi.dll Wed Apr 02 15:31:43 2008 => Scanning File C:\WINDOWS\system32\tapi3.dll Wed Apr 02 15:31:43 2008 => Scanning File C:\WINDOWS\system32\tapi32.dll Wed Apr 02 15:31:43 2008 => Scanning File C:\WINDOWS\system32\tapiperf.dll Wed Apr 02 15:31:43 2008 => Scanning File C:\WINDOWS\system32\tapisrv.dll Wed Apr 02 15:31:44 2008 => Scanning File C:\WINDOWS\system32\tapiui.dll Wed Apr 02 15:31:44 2008 => Scanning File C:\WINDOWS\system32\taskman.exe Wed Apr 02 15:31:44 2008 => Scanning File C:\WINDOWS\system32\taskmgr.exe Wed Apr 02 15:31:44 2008 => Scanning File C:\WINDOWS\system32\tcmsetup.exe Wed Apr 02 15:31:44 2008 => Scanning File C:\WINDOWS\system32\tcpmib.dll Wed Apr 02 15:31:44 2008 => Scanning File C:\WINDOWS\system32\tcpmon.dll Wed Apr 02 15:31:44 2008 => Scanning File C:\WINDOWS\system32\tcpmon.ini Wed Apr 02 15:31:44 2008 => Scanning File C:\WINDOWS\system32\tcpmonui.dll Wed Apr 02 15:31:44 2008 => Scanning File C:\WINDOWS\system32\tcpsvcs.exe Wed Apr 02 15:31:45 2008 => Scanning File C:\WINDOWS\system32\tdc.ocx Wed Apr 02 15:31:45 2008 => Scanning File C:\WINDOWS\system32\telephon.cpl Wed Apr 02 15:31:45 2008 => Scanning File C:\WINDOWS\system32\telnet.exe Wed Apr 02 15:31:45 2008 => Scanning File C:\WINDOWS\system32\termmgr.dll Wed Apr 02 15:31:45 2008 => Scanning File C:\WINDOWS\system32\termsrv.dll Wed Apr 02 15:31:45 2008 => Scanning File C:\WINDOWS\system32\tftp.exe Wed Apr 02 15:31:45 2008 => Scanning File C:\WINDOWS\system32\themeui.dll Wed Apr 02 15:31:45 2008 => Scanning File C:\WINDOWS\system32\ticrf.rat Wed Apr 02 15:31:45 2008 => Scanning File C:\WINDOWS\system32\timedate.cpl Wed Apr 02 15:31:46 2008 => Scanning File C:\WINDOWS\system32\timer.drv Wed Apr 02 15:31:46 2008 => Scanning File C:\WINDOWS\system32\tm20dec.ax Wed Apr 02 15:31:46 2008 => Scanning File C:\WINDOWS\system32\tmp.reg Wed Apr 02 15:31:46 2008 => Scanning File C:\WINDOWS\system32\tmp.txt [**] Wed Apr 02 15:31:46 2008 => Scanning File C:\WINDOWS\system32\toolhelp.dll Wed Apr 02 15:31:46 2008 => Scanning File C:\WINDOWS\system32\tourstart.exe Wed Apr 02 15:31:46 2008 => Scanning File C:\WINDOWS\system32\tr.bat Wed Apr 02 15:31:46 2008 => Scanning File C:\WINDOWS\system32\tracert.exe Wed Apr 02 15:31:46 2008 => Scanning File C:\WINDOWS\system32\tracert6.exe Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\traffic.dll Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\tree.com Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\trkwks.dll Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\tsappcmp.dll Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\tsbyuv.dll Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\tscfgwmi.dll Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\tscon.exe Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\tscupgrd.exe Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\tsd32.dll Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\tsddd.dll Wed Apr 02 15:31:47 2008 => Scanning File C:\WINDOWS\system32\tsdiscon.exe Wed Apr 02 15:31:48 2008 => Scanning File C:\WINDOWS\system32\tskill.exe Wed Apr 02 15:31:48 2008 => Scanning File C:\WINDOWS\system32\tslabels.h Wed Apr 02 15:31:48 2008 => Scanning File C:\WINDOWS\system32\tslabels.ini Wed Apr 02 15:31:48 2008 => Scanning File C:\WINDOWS\system32\tsshutdn.exe Wed Apr 02 15:31:48 2008 => Scanning File C:\WINDOWS\system32\tssoft32.acm Wed Apr 02 15:31:48 2008 => Scanning File C:\WINDOWS\system32\twext.dll Wed Apr 02 15:31:48 2008 => Scanning File C:\WINDOWS\system32\TwnLib20.dll Wed Apr 02 15:31:48 2008 => Scanning File C:\WINDOWS\system32\TwnLib4.dll Wed Apr 02 15:31:49 2008 => Scanning File C:\WINDOWS\system32\txflog.dll Wed Apr 02 15:31:49 2008 => Scanning File C:\WINDOWS\system32\typelib.dll Wed Apr 02 15:31:49 2008 => Scanning File C:\WINDOWS\system32\tzchange.exe Wed Apr 02 15:31:49 2008 => Scanning File C:\WINDOWS\system32\udfrunin.exe Wed Apr 02 15:31:49 2008 => Scanning File C:\WINDOWS\system32\udhisapi.dll Wed Apr 02 15:31:49 2008 => Scanning File C:\WINDOWS\system32\ufat.dll Wed Apr 02 15:31:49 2008 => Scanning File C:\WINDOWS\system32\ulib.dll Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\umandlg.dll Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\umdmxfrm.dll Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\unam4ie.exe Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\unicdime.ime Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\unicode.nls Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\uniime.dll Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\unimdm.tsp Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\unimdmat.dll Wed Apr 02 15:31:50 2008 => Scanning File C:\WINDOWS\system32\uniplat.dll Wed Apr 02 15:31:51 2008 => Scanning File C:\WINDOWS\system32\unlodctr.exe Wed Apr 02 15:31:51 2008 => Scanning File C:\WINDOWS\system32\untfs.dll Wed Apr 02 15:31:51 2008 => Scanning File C:\WINDOWS\system32\upnp.dll Wed Apr 02 15:31:51 2008 => Scanning File C:\WINDOWS\system32\upnpcont.exe Wed Apr 02 15:31:51 2008 => Scanning File C:\WINDOWS\system32\upnphost.dll Wed Apr 02 15:31:51 2008 => Scanning File C:\WINDOWS\system32\upnpui.dll Wed Apr 02 15:31:51 2008 => Scanning File C:\WINDOWS\system32\ups.exe Wed Apr 02 15:31:51 2008 => Scanning File C:\WINDOWS\system32\ureg.dll Wed Apr 02 15:31:51 2008 => Scanning File C:\WINDOWS\system32\url(2).dll Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\url.dll Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\urlmon(2).dll Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\urlmon.dll Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\usaplatinum.ico Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\usaplatinum609.ico Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\usaplatinum61.ico Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\usbmon.dll Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\usbui.dll Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\user.exe Wed Apr 02 15:31:52 2008 => Scanning File C:\WINDOWS\system32\user32.dll Wed Apr 02 15:31:53 2008 => Scanning File C:\WINDOWS\system32\userenv.dll Wed Apr 02 15:31:53 2008 => Scanning File C:\WINDOWS\system32\userinit.exe Wed Apr 02 15:31:53 2008 => Scanning File C:\WINDOWS\system32\userlist.config Wed Apr 02 15:31:53 2008 => Scanning File C:\WINDOWS\system32\usp10.dll Wed Apr 02 15:31:53 2008 => Scanning File C:\WINDOWS\system32\usrcntra.dll Wed Apr 02 15:31:53 2008 => Scanning File C:\WINDOWS\system32\usrcoina.dll Wed Apr 02 15:31:53 2008 => Scanning File C:\WINDOWS\system32\usrdpa.dll Wed Apr 02 15:31:53 2008 => Scanning File C:\WINDOWS\system32\usrdtea.dll Wed Apr 02 15:31:54 2008 => Scanning File C:\WINDOWS\system32\usrfaxa.dll Wed Apr 02 15:31:54 2008 => Scanning File C:\WINDOWS\system32\usrlbva.dll Wed Apr 02 15:31:54 2008 => Scanning File C:\WINDOWS\system32\usrlogon.cmd Wed Apr 02 15:31:54 2008 => Scanning File C:\WINDOWS\system32\usrmlnka.exe Wed Apr 02 15:31:54 2008 => Scanning File C:\WINDOWS\system32\usrprbda.exe Wed Apr 02 15:31:54 2008 => Scanning File C:\WINDOWS\system32\usrrtosa.dll Wed Apr 02 15:31:55 2008 => Scanning File C:\WINDOWS\system32\usrsdpia.dll Wed Apr 02 15:31:55 2008 => Scanning File C:\WINDOWS\system32\usrshuta.exe Wed Apr 02 15:31:55 2008 => Scanning File C:\WINDOWS\system32\usrsvpia.dll Wed Apr 02 15:31:55 2008 => Scanning File C:\WINDOWS\system32\usrv42a.dll Wed Apr 02 15:31:55 2008 => Scanning File C:\WINDOWS\system32\usrv80a.dll Wed Apr 02 15:31:55 2008 => Scanning File C:\WINDOWS\system32\usrvoica.dll Wed Apr 02 15:31:55 2008 => Scanning File C:\WINDOWS\system32\usrvpa.dll Wed Apr 02 15:31:55 2008 => Scanning File C:\WINDOWS\system32\utildll.dll Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\utilman.exe Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\uwdf.exe Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\uxtheme.dll Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\v7vga.rom Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\VB5DB.DLL Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\VB6FR.DLL Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\VBAEN32.OLB Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\VBAEND32.OLB Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\VBAFR32.OLB Wed Apr 02 15:31:56 2008 => Scanning File C:\WINDOWS\system32\vbajet32.dll Wed Apr 02 15:31:57 2008 => Scanning File C:\WINDOWS\system32\VBAME.DLL Wed Apr 02 15:31:57 2008 => Scanning File C:\WINDOWS\system32\vbisurf.ax Wed Apr 02 15:31:57 2008 => Scanning File C:\WINDOWS\system32\vbscript(2).dll Wed Apr 02 15:31:57 2008 => Scanning File C:\WINDOWS\system32\vbscript.dll Wed Apr 02 15:31:57 2008 => Scanning File C:\WINDOWS\system32\vbsfr.dll Wed Apr 02 15:31:57 2008 => Scanning File C:\WINDOWS\system32\vcdex.dll Wed Apr 02 15:31:57 2008 => Scanning File C:\WINDOWS\system32\vcl60.bpl Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\vdmdbg.dll Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\vdmredir.dll Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\VEN2232.OLB Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\ver.dll Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\verclsid.exe Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\verifier.dll Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\verifier.exe Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\version.dll Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\vfpodbc.dll Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\vga.dll Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\vga.drv Wed Apr 02 15:31:59 2008 => Scanning File C:\WINDOWS\system32\vga256.dll Wed Apr 02 15:32:00 2008 => Scanning File C:\WINDOWS\system32\vga64k.dll Wed Apr 02 15:32:00 2008 => Scanning File C:\WINDOWS\system32\vidcap.ax Wed Apr 02 15:32:00 2008 => Scanning File C:\WINDOWS\system32\vidx16.dll Wed Apr 02 15:32:00 2008 => Scanning File C:\WINDOWS\system32\vip-card1.ico Wed Apr 02 15:32:00 2008 => Scanning File C:\WINDOWS\system32\vjoy.dll Wed Apr 02 15:32:00 2008 => Scanning File C:\WINDOWS\system32\vmhelper.dll Wed Apr 02 15:32:00 2008 => Scanning File C:\WINDOWS\system32\VSFLEX3.OCX Wed Apr 02 15:32:00 2008 => Scanning File C:\WINDOWS\system32\vssadmin.exe Wed Apr 02 15:32:00 2008 => Scanning File C:\WINDOWS\system32\vssapi.dll Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\vssvc.exe Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\vss_ps.dll Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\vxblock.dll Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\W32n50.dll Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\w32time.dll Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\w32tm.exe Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\w32topl.dll Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\w3ssl.dll Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\w95inf16.dll Wed Apr 02 15:32:01 2008 => Scanning File C:\WINDOWS\system32\w95inf32.dll Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\watchdog.sys Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wavemsp.dll Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbcache.deu Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbcache.enu Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbcache.esn Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbcache.fra Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbcache.ita Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbcache.nld Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbcache.sve Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbdbase.deu Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbdbase.enu Wed Apr 02 15:32:02 2008 => Scanning File C:\WINDOWS\system32\wbdbase.esn Wed Apr 02 15:32:03 2008 => Scanning File C:\WINDOWS\system32\wbdbase.fra Wed Apr 02 15:32:03 2008 => Scanning File C:\WINDOWS\system32\wbdbase.ita Wed Apr 02 15:32:03 2008 => Scanning File C:\WINDOWS\system32\wbdbase.nld Wed Apr 02 15:32:03 2008 => Scanning File C:\WINDOWS\system32\wbdbase.sve Wed Apr 02 15:32:03 2008 => Scanning File C:\WINDOWS\system32\wdfapi.dll Wed Apr 02 15:32:03 2008 => Scanning File C:\WINDOWS\system32\wdfmgr.exe Wed Apr 02 15:32:03 2008 => Scanning File C:\WINDOWS\system32\wdigest.dll Wed Apr 02 15:32:03 2008 => Scanning File C:\WINDOWS\system32\wdl.trm Wed Apr 02 15:32:03 2008 => Scanning File C:\WINDOWS\system32\wdmaud(2).drv Wed Apr 02 15:32:04 2008 => Scanning File C:\WINDOWS\system32\wdmaud.drv Wed Apr 02 15:32:04 2008 => Scanning File C:\WINDOWS\system32\webcheck.dll Wed Apr 02 15:32:04 2008 => Scanning File C:\WINDOWS\system32\webclnt.dll Wed Apr 02 15:32:04 2008 => Scanning File C:\WINDOWS\system32\webfldrs.msi Wed Apr 02 15:32:05 2008 => Scanning File C:\WINDOWS\system32\webhits.dll Wed Apr 02 15:32:06 2008 => Scanning File C:\WINDOWS\system32\webvw.dll Wed Apr 02 15:32:06 2008 => Scanning File C:\WINDOWS\system32\wextract.exe Wed Apr 02 15:32:06 2008 => Scanning File C:\WINDOWS\system32\wfwnet.drv Wed Apr 02 15:32:06 2008 => Scanning File C:\WINDOWS\system32\WgaLogon.dll Wed Apr 02 15:32:06 2008 => Scanning File C:\WINDOWS\system32\WgaTray.exe Wed Apr 02 15:32:06 2008 => Scanning File C:\WINDOWS\system32\wiaacmgr.exe Wed Apr 02 15:32:07 2008 => Scanning File C:\WINDOWS\system32\wiadefui.dll Wed Apr 02 15:32:07 2008 => Scanning File C:\WINDOWS\system32\wiadss.dll Wed Apr 02 15:32:07 2008 => Scanning File C:\WINDOWS\system32\wiascr.dll Wed Apr 02 15:32:07 2008 => Scanning File C:\WINDOWS\system32\wiaservc.dll Wed Apr 02 15:32:07 2008 => Scanning File C:\WINDOWS\system32\wiasf.ax Wed Apr 02 15:32:07 2008 => Scanning File C:\WINDOWS\system32\wiashext.dll Wed Apr 02 15:32:08 2008 => Scanning File C:\WINDOWS\system32\wiavideo.dll Wed Apr 02 15:32:08 2008 => Scanning File C:\WINDOWS\system32\wiavusd.dll Wed Apr 02 15:32:08 2008 => Scanning File C:\WINDOWS\system32\wifeman.dll Wed Apr 02 15:32:08 2008 => Scanning File C:\WINDOWS\system32\win.com Wed Apr 02 15:32:08 2008 => Scanning File C:\WINDOWS\system32\win32k.sys Wed Apr 02 15:32:08 2008 => Scanning File C:\WINDOWS\system32\win32spl.dll Wed Apr 02 15:32:08 2008 => Scanning File C:\WINDOWS\system32\win87em.dll Wed Apr 02 15:32:08 2008 => Scanning File C:\WINDOWS\system32\winar30.ime Wed Apr 02 15:32:08 2008 => Scanning File C:\WINDOWS\system32\winbrand.dll Wed Apr 02 15:32:09 2008 => Scanning File C:\WINDOWS\system32\winchat.exe Wed Apr 02 15:32:09 2008 => Scanning File C:\WINDOWS\system32\WindowsLogon.manifest Wed Apr 02 15:32:09 2008 => Scanning File C:\WINDOWS\system32\winfax.dll Wed Apr 02 15:32:09 2008 => Scanning File C:\WINDOWS\system32\WinFXDocObj.exe Wed Apr 02 15:32:09 2008 => Scanning File C:\WINDOWS\system32\WINGB.IME Wed Apr 02 15:32:09 2008 => Scanning File C:\WINDOWS\system32\winhelp.hlp Wed Apr 02 15:32:09 2008 => Scanning File C:\WINDOWS\system32\winhlp32.exe Wed Apr 02 15:32:10 2008 => Scanning File C:\WINDOWS\system32\winhttp.dll Wed Apr 02 15:32:10 2008 => Scanning File C:\WINDOWS\system32\winime.ime Wed Apr 02 15:32:10 2008 => Scanning File C:\WINDOWS\system32\wininet(2).dll Wed Apr 02 15:32:10 2008 => Scanning File C:\WINDOWS\system32\wininet.dll Wed Apr 02 15:32:10 2008 => Scanning File C:\WINDOWS\system32\winipsec.dll Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\winlogon.exe Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\winmm.dll Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\winmsd.exe Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\winnls.dll Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\winntbbu.dll Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\winoldap.mod Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\winpy.ime Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\WINPY.MB Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\winrnr.dll Wed Apr 02 15:32:11 2008 => Scanning File C:\WINDOWS\system32\winscard.dll Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\winshfhc.dll Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\winsock.dll Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\winsp.ime Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\WINSP.MB Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\winspool.drv Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\winspool.exe Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\winsrv.dll Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\winsta.dll Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\winstrm.dll Wed Apr 02 15:32:12 2008 => Scanning File C:\WINDOWS\system32\wintrust.dll Wed Apr 02 15:32:13 2008 => Scanning File C:\WINDOWS\system32\winver.exe Wed Apr 02 15:32:13 2008 => Scanning File C:\WINDOWS\system32\winzm.ime Wed Apr 02 15:32:13 2008 => Scanning File C:\WINDOWS\system32\WINZM.MB Wed Apr 02 15:32:13 2008 => Scanning File C:\WINDOWS\system32\wjview.exe Wed Apr 02 15:32:13 2008 => Scanning File C:\WINDOWS\system32\wkssvc.dll Wed Apr 02 15:32:13 2008 => Scanning File C:\WINDOWS\system32\wldap32.dll Wed Apr 02 15:32:13 2008 => Scanning File C:\WINDOWS\system32\wlnotify.dll Wed Apr 02 15:32:13 2008 => Scanning File C:\WINDOWS\system32\WMADMOD.dll Wed Apr 02 15:32:14 2008 => Scanning File C:\WINDOWS\system32\WMADMOE.dll Wed Apr 02 15:32:14 2008 => Scanning File C:\WINDOWS\system32\wmasf.dll Wed Apr 02 15:32:14 2008 => Scanning File C:\WINDOWS\system32\wmdmlog.dll Wed Apr 02 15:32:14 2008 => Scanning File C:\WINDOWS\system32\wmdmps.dll Wed Apr 02 15:32:14 2008 => Scanning File C:\WINDOWS\system32\wmdrmdev.dll Wed Apr 02 15:32:14 2008 => Scanning File C:\WINDOWS\system32\wmdrmnet.dll Wed Apr 02 15:32:14 2008 => Scanning File C:\WINDOWS\system32\wmdrmsdk.dll Wed Apr 02 15:32:15 2008 => Scanning File C:\WINDOWS\system32\wmerrFRA.dll Wed Apr 02 15:32:15 2008 => Scanning File C:\WINDOWS\system32\wmerror.dll Wed Apr 02 15:32:15 2008 => Scanning File C:\WINDOWS\system32\wmi.dll Wed Apr 02 15:32:15 2008 => Scanning File C:\WINDOWS\system32\wmidx.dll Wed Apr 02 15:32:15 2008 => Scanning File C:\WINDOWS\system32\wmidx.ocx Wed Apr 02 15:32:15 2008 => Scanning File C:\WINDOWS\system32\wmimgmt.msc Wed Apr 02 15:32:15 2008 => Scanning File C:\WINDOWS\system32\wmiprop.dll Wed Apr 02 15:32:15 2008 => Scanning File C:\WINDOWS\system32\wmnetmgr.dll Wed Apr 02 15:32:16 2008 => *** File C:\WINDOWS\system32\wmp.dll having Size Restriction *** Wed Apr 02 15:32:16 2008 => Scanning File C:\WINDOWS\system32\wmp.dll [**] Wed Apr 02 15:32:16 2008 => Scanning File C:\WINDOWS\system32\wmp.ocx Wed Apr 02 15:32:16 2008 => Scanning File C:\WINDOWS\system32\wmpasf.dll Wed Apr 02 15:32:16 2008 => Scanning File C:\WINDOWS\system32\wmpcd.dll Wed Apr 02 15:32:16 2008 => Scanning File C:\WINDOWS\system32\wmpcore.dll Wed Apr 02 15:32:16 2008 => Scanning File C:\WINDOWS\system32\wmpdxm.dll Wed Apr 02 15:32:16 2008 => Scanning File C:\WINDOWS\system32\wmpeffects.dll Wed Apr 02 15:32:17 2008 => Scanning File C:\WINDOWS\system32\wmpencen.dll Wed Apr 02 15:32:17 2008 => *** File C:\WINDOWS\system32\wmploc.dll having Size Restriction *** Wed Apr 02 15:32:17 2008 => Scanning File C:\WINDOWS\system32\wmploc.dll [**] Wed Apr 02 15:32:17 2008 => Scanning File C:\WINDOWS\system32\wmpmde.dll Wed Apr 02 15:32:17 2008 => Scanning File C:\WINDOWS\system32\wmpns.dll Wed Apr 02 15:32:17 2008 => Scanning File C:\WINDOWS\system32\wmpps.dll Wed Apr 02 15:32:18 2008 => Scanning File C:\WINDOWS\system32\wmpscheme.xml Wed Apr 02 15:32:18 2008 => Scanning File C:\WINDOWS\system32\wmpshell.dll Wed Apr 02 15:32:18 2008 => Scanning File C:\WINDOWS\system32\wmpsrcwp.dll Wed Apr 02 15:32:18 2008 => Scanning File C:\WINDOWS\system32\wmpstub.exe Wed Apr 02 15:32:18 2008 => Scanning File C:\WINDOWS\system32\wmpui.dll Wed Apr 02 15:32:18 2008 => Scanning File C:\WINDOWS\system32\wmsdmod.dll Wed Apr 02 15:32:18 2008 => Scanning File C:\WINDOWS\system32\wmsdmoe.dll Wed Apr 02 15:32:19 2008 => Scanning File C:\WINDOWS\system32\wmsdmoe2.dll Wed Apr 02 15:32:19 2008 => Scanning File C:\WINDOWS\system32\wmserror.dll Wed Apr 02 15:32:19 2008 => Scanning File C:\WINDOWS\system32\WMSPDMOD.dll Wed Apr 02 15:32:19 2008 => Scanning File C:\WINDOWS\system32\WMSPDMOE.dll Wed Apr 02 15:32:19 2008 => Scanning File C:\WINDOWS\system32\wmstream.dll Wed Apr 02 15:32:20 2008 => Scanning File C:\WINDOWS\system32\wmv8dmod.dll Wed Apr 02 15:32:20 2008 => Scanning File C:\WINDOWS\system32\wmv8ds32.ax Wed Apr 02 15:32:20 2008 => Scanning File C:\WINDOWS\system32\WMVADVD.dll Wed Apr 02 15:32:20 2008 => Scanning File C:\WINDOWS\system32\WMVADVE.DLL Wed Apr 02 15:32:20 2008 => Scanning File C:\WINDOWS\system32\wmvcore.dll Wed Apr 02 15:32:21 2008 => Scanning File C:\WINDOWS\system32\WMVDECOD.dll Wed Apr 02 15:32:21 2008 => Scanning File C:\WINDOWS\system32\wmvdmod.dll Wed Apr 02 15:32:21 2008 => Scanning File C:\WINDOWS\system32\wmvdmoe.dll Wed Apr 02 15:32:21 2008 => Scanning File C:\WINDOWS\system32\wmvdmoe2.dll Wed Apr 02 15:32:21 2008 => Scanning File C:\WINDOWS\system32\wmvds32.ax Wed Apr 02 15:32:21 2008 => Scanning File C:\WINDOWS\system32\WMVENCOD.dll Wed Apr 02 15:32:22 2008 => Scanning File C:\WINDOWS\system32\WMVSDECD.dll Wed Apr 02 15:32:22 2008 => Scanning File C:\WINDOWS\system32\WMVSENCD.dll Wed Apr 02 15:32:22 2008 => Scanning File C:\WINDOWS\system32\WMVXENCD.dll Wed Apr 02 15:32:22 2008 => Scanning File C:\WINDOWS\system32\WooDial2000.dll Wed Apr 02 15:32:22 2008 => Scanning File C:\WINDOWS\system32\wow32.dll Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wowdeb.exe Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wowexec.exe Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wowfax.dll Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wowfaxui.dll Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wpa.bak Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wpa.dbl Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wpabaln.exe Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wpdconns.dll Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wpdmtp.dll Wed Apr 02 15:32:23 2008 => Scanning File C:\WINDOWS\system32\wpdmtpdr.dll Wed Apr 02 15:32:24 2008 => Scanning File C:\WINDOWS\system32\wpdmtpus.dll Wed Apr 02 15:32:24 2008 => Scanning File C:\WINDOWS\system32\WpdShext.dll Wed Apr 02 15:32:24 2008 => Scanning File C:\WINDOWS\system32\wpdshextautoplay.exe Wed Apr 02 15:32:24 2008 => Scanning File C:\WINDOWS\system32\wpdshextres.dll Wed Apr 02 15:32:24 2008 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll Wed Apr 02 15:32:24 2008 => Scanning File C:\WINDOWS\system32\wpdsp.dll Wed Apr 02 15:32:24 2008 => Scanning File C:\WINDOWS\system32\wpdtrace.dll Wed Apr 02 15:32:25 2008 => Scanning File C:\WINDOWS\system32\wpd_ci.dll Wed Apr 02 15:32:25 2008 => Scanning File C:\WINDOWS\system32\wpnpinst.exe Wed Apr 02 15:32:25 2008 => Scanning File C:\WINDOWS\system32\write.exe Wed Apr 02 15:32:25 2008 => Scanning File C:\WINDOWS\system32\ws2help.dll Wed Apr 02 15:32:25 2008 => Scanning File C:\WINDOWS\system32\ws2_32.dll Wed Apr 02 15:32:25 2008 => Scanning File C:\WINDOWS\system32\wscntfy.exe Wed Apr 02 15:32:25 2008 => Scanning File C:\WINDOWS\system32\wscript.exe Wed Apr 02 15:32:25 2008 => Scanning File C:\WINDOWS\system32\wscsvc.dll Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wscui.cpl Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wshatm.dll Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wshbth.dll Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wshcon.dll Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wshext.dll Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wshfr.dll Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wship6.dll Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wshisn.dll Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wshnetbs.dll Wed Apr 02 15:32:26 2008 => Scanning File C:\WINDOWS\system32\wshom.ocx Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\WshRm.dll Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\wshtcpip.dll Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\wsnmp32.dll Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\wsock32.dll Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\wstdecod.dll Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\wtsapi32.dll Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\wuapi.dll Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\wuapi.dll.mui Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\wuauclt.exe Wed Apr 02 15:32:27 2008 => Scanning File C:\WINDOWS\system32\wuauclt1.exe Wed Apr 02 15:32:28 2008 => Scanning File C:\WINDOWS\system32\wuaucpl.cpl Wed Apr 02 15:32:28 2008 => Scanning File C:\WINDOWS\system32\wuaucpl.cpl.manifest Wed Apr 02 15:32:28 2008 => Scanning File C:\WINDOWS\system32\wuaucpl.cpl.mui Wed Apr 02 15:32:28 2008 => Scanning File C:\WINDOWS\system32\wuaueng.dll Wed Apr 02 15:32:28 2008 => Scanning File C:\WINDOWS\system32\wuaueng.dll.mui Wed Apr 02 15:32:28 2008 => Scanning File C:\WINDOWS\system32\wuaueng1.dll Wed Apr 02 15:32:29 2008 => Scanning File C:\WINDOWS\system32\wuauserv.dll Wed Apr 02 15:32:29 2008 => Scanning File C:\WINDOWS\system32\wucltui.dll Wed Apr 02 15:32:29 2008 => Scanning File C:\WINDOWS\system32\wucltui.dll.mui Wed Apr 02 15:32:29 2008 => Scanning File C:\WINDOWS\system32\WUDFCoinstaller.dll Wed Apr 02 15:32:29 2008 => Scanning File C:\WINDOWS\system32\WudfHost.exe Wed Apr 02 15:32:29 2008 => Scanning File C:\WINDOWS\system32\WudfPlatform.dll Wed Apr 02 15:32:29 2008 => Scanning File C:\WINDOWS\system32\WudfSvc.dll Wed Apr 02 15:32:30 2008 => Scanning File C:\WINDOWS\system32\WUDFx.dll Wed Apr 02 15:32:30 2008 => Scanning File C:\WINDOWS\system32\wupdmgr.exe Wed Apr 02 15:32:30 2008 => Scanning File C:\WINDOWS\system32\wups.dll Wed Apr 02 15:32:30 2008 => Scanning File C:\WINDOWS\system32\wups2.dll Wed Apr 02 15:32:30 2008 => Scanning File C:\WINDOWS\system32\wuweb.dll Wed Apr 02 15:32:30 2008 => Scanning File C:\WINDOWS\system32\wzcdlg.dll Wed Apr 02 15:32:30 2008 => Scanning File C:\WINDOWS\system32\wzcsapi.dll Wed Apr 02 15:32:30 2008 => Scanning File C:\WINDOWS\system32\wzcsvc.dll Wed Apr 02 15:32:31 2008 => Scanning File C:\WINDOWS\system32\xactsrv.dll Wed Apr 02 15:32:31 2008 => Scanning File C:\WINDOWS\system32\xcopy.exe Wed Apr 02 15:32:31 2008 => Scanning File C:\WINDOWS\system32\xenroll.dll Wed Apr 02 15:32:31 2008 => Scanning File C:\WINDOWS\system32\xjis.nls Wed Apr 02 15:32:31 2008 => Scanning File C:\WINDOWS\system32\xmllite.dll Wed Apr 02 15:32:31 2008 => Scanning File C:\WINDOWS\system32\xmlprov.dll Wed Apr 02 15:32:32 2008 => Scanning File C:\WINDOWS\system32\xmlprovi.dll Wed Apr 02 15:32:32 2008 => Scanning File C:\WINDOWS\system32\xolehlp.dll Wed Apr 02 15:32:32 2008 => Scanning File C:\WINDOWS\system32\xpob2res.dll Wed Apr 02 15:32:32 2008 => Scanning File C:\WINDOWS\system32\xpsp1hfm.exe Wed Apr 02 15:32:32 2008 => Scanning File C:\WINDOWS\system32\xpsp1res.dll Wed Apr 02 15:32:32 2008 => Scanning File C:\WINDOWS\system32\xpsp2res.dll Wed Apr 02 15:32:34 2008 => Scanning File C:\WINDOWS\system32\xpsp3res.dll Wed Apr 02 15:32:34 2008 => Scanning File C:\WINDOWS\system32\zipfldr.dll Wed Apr 02 15:32:34 2008 => Scanning File C:\WINDOWS\system32\zonedoff.reg Wed Apr 02 15:32:34 2008 => Scanning File C:\WINDOWS\system32\zonedon.reg Wed Apr 02 15:32:34 2008 => ***** Checking for specific ITW Viruses ***** Wed Apr 02 15:32:34 2008 => Checking for Welchia Virus... Wed Apr 02 15:32:35 2008 => Checking for LovGate Virus... Wed Apr 02 15:32:35 2008 => Checking for CodeRed Virus... Wed Apr 02 15:32:35 2008 => Checking for OpaServ Virus... Wed Apr 02 15:32:35 2008 => Checking for Sobig.e Virus... Wed Apr 02 15:32:35 2008 => Checking for Winupie Virus... Wed Apr 02 15:32:35 2008 => Checking for Swen Virus... Wed Apr 02 15:32:35 2008 => Checking for JS.Fortnight Virus... Wed Apr 02 15:32:35 2008 => Checking for Novarg Virus... Wed Apr 02 15:32:35 2008 => Checking for Pagabot Virus... Wed Apr 02 15:32:35 2008 => Checking for Parite.b Virus... Wed Apr 02 15:32:35 2008 => Checking for Parite.a Virus... Wed Apr 02 15:32:35 2008 => ***** Scanning complete. ***** Wed Apr 02 15:32:35 2008 => Total Number of Files Scanned: 2499 Wed Apr 02 15:32:35 2008 => Total Number of Virus(es) Found: 1 Wed Apr 02 15:32:35 2008 => Total Number of Disinfected Files: 0 Wed Apr 02 15:32:35 2008 => Total Number of Files Renamed: 0 Wed Apr 02 15:32:35 2008 => Total Number of Deleted Files: 0 Wed Apr 02 15:32:35 2008 => Total Number of Errors: 5 Wed Apr 02 15:32:36 2008 => Time Elapsed: 00:05:36 Wed Apr 02 15:32:36 2008 => Virus Database Date: 2008/04/02 Wed Apr 02 15:32:36 2008 => Virus Database Count: 677768 Wed Apr 02 15:32:36 2008 => Scan Completed.
  6. yugm
    Bonjour oGu[/color] Après beaucoup de frayeurs, je peux à nouveau me connecter au web . Est-ce de cause à effet ??car après le fix d'HijackThis et redémarrage je n'ai jamais pu me reconnecter.Ce n'est qu'après 45 mn de téléphone avec le service Orange . en réinitialisant le protocole tcpip, que je peux repartir Pour les procédures de désinfection et les bons réflexes je te remercie de me les proposer ; en souhaitant que ce ne soit pas trop compliqué .Pour l'instant je reste Orange. En espérant aller jusquau bout je commence donc par le début en 1 :rapport OTMOVEIT C:\Program Files\Fichiers Communs\PC Tools\Lsp moved successfully. C:\Program Files\Fichiers Communs\PC Tools moved successfully. OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04012008_143116 en 2:CCleaner =fait en 3:rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:41:48, on 01/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {308FA211-78FE-4D86-B405-50E0361AF78F} - C:\WINDOWS\system32\dbmsvin.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\MGWIU3H4\BAN_72~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\IFRAME~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\HP_1_~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\AP_ADV~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\INDEX_~4.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\AP_CPL~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\ADS_9_~1.SH! O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...235/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D43F0FA3-C5C4-46FC-B5E6-76E193C76ACA}: NameServer = 81.253.149.1 80.10.246.3 O23 - Service: FireDaemon Service: dll32 (dll32) - Unknown owner - c:\winnt\system32\os2\dll\packs\FireDaemon.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6107 bytes en 4 :MBAM et son rapport Malwarebytes' Anti-Malware 1.09 Version de la base de données: 580 Type de recherche: Examen complet (C:\|) Eléments examinés: 87034 Temps écoulé: 1 hour(s), 5 minute(s), 16 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 42 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 16 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Interface\{0f63d2e1-e217-43ef-aa6d-ec2f6e9683b0} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{47d5ad4f-a86c-453a-911e-3b99f391011f} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ac221aed-1003-444c-9d63-a93d5b4a2717} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d2f31bd0-0d75-4aff-9c7f-72304834bf65} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{6361a8d7-5663-4f0f-8036-921a8d392322} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{06b30a09-5760-4994-a7f2-854644f75254} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{08001fca-2c97-41e3-9f67-596f499b725f} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{10ba262b-e944-4240-a9d6-e12accfacbc7} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{13275562-0968-4428-a926-d61a67fb25a0} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1351ed54-2094-40cf-968e-3c7f704be463} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2230f9a1-dfbb-400c-85c2-fe854d3f56bc} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{51ff5e3e-f5e7-43b5-a809-fdfbbdbe4eff} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{58dd5f8a-b280-4835-8f65-d2b3383ea4e9} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5c3d449a-1737-4c87-929d-f3b33c32253d} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{62f2e72b-8fee-47cf-b337-36d61336e13e} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{658d9966-2eeb-47ca-abcf-1818db4fdc2d} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7a013512-ceaf-4f5f-af1a-8b1b472e714b} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{86ecaf8e-540c-4960-82aa-1323a5578e2d} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8882515d-7e2c-45a9-ae99-ea09a9023a07} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8fe48e13-6661-444c-8b23-07623232d1f4} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9aad0cdc-7822-4593-9e95-8c7eb256d509} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{aa8a3463-c37f-4887-b3f3-380938f89a80} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{aec39567-aa5b-4cfa-a7ea-61f4dfb15fe7} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b8e5f903-290c-4422-8ef1-89f4990cd72b} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c5bcb43c-514a-4be9-a9e5-e54629f4f131} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c7d83b29-f534-484d-9cfa-66b4484cdc53} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c8897164-1ce8-45fe-8483-e93f1681f320} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d2a39c98-0833-4581-8dc9-c7223561f656} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d725ced2-7c0e-4484-aaa4-f186c659f8b8} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d847da70-508a-480f-b91e-133d9f60ced8} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{da163414-a8e2-4907-85f4-b0ec9d4ebb78} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ee8df60b-01a8-4143-8d94-41a185a9691e} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe1ecf64-a6c0-4f3a-87f5-3135c517e4aa} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ff2de560-d35c-45d4-834f-90654d4e2e3d} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ca77a455-9f2d-4449-8c5f-1d359e70f00d} (Rogue.Antivirus.Pro) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9d19a1a9-3cdf-4f15-a5ca-ea3905febded} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AntiSpyKit.EXE (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WinAnonymous (Rogue.WinAnonymous) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Secure Delete (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\MAHE\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\MAHE\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\MAHE\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\wcscqa.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP552\A0110557.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP552\A0110607.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP552\A0110779.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP552\A0110781.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP552\A0110782.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP552\A0110783.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP553\A0111512.Dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP555\A0113834.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP555\A0113837.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP558\A0115154.exe (Rogue.PCPrivacyTool) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\MAHE\Application Data\AdwareAlert\Log\2008 Jan 29 - 03_23_47 PM_078.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\MAHE\Application Data\AdwareAlert\Log\2008 Jan 29 - 03_24_42 PM_250.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\MAHE\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully. en 5 :Ewido et son rapport __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Adviva Path: C:\Documents and Settings\MAHE\Cookies\mahe@adviva[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\MAHE\Cookies\mahe@bs.serving-sys[2].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\MAHE\Cookies\mahe@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Documents and Settings\MAHE\Cookies\mahe@m.webtrends[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\MAHE\Cookies\mahe@serving-sys[2].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\MAHE\Cookies\mahe@tribalfusion[2].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\MAHE\Cookies\mahe@tribalfusion[3].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\MAHE\Cookies\mahe@weborama[1].txt Risk: Medium Name: TrackingCookie.Abcsearch Path: C:\Documents and Settings\MAHE\Cookies\mahe@www.abcsearch[1].txt Risk: Medium Name: Not-A-Virus.Hoax.Win32.Agent.aw Path: C:\Documents and Settings\MAHE\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.38618 Risk: Low Name: Adware.BHO Path: C:\Program Files\wanadoo_toolbarsetup.exe/wanadoo_toolbar.dll Risk: Medium Name: Adware.BHO Path: C:\Program Files\wanadoo_toolbarsetup.exe/wanadoo_toolbar.dll Risk: Medium Name: Not-A-Virus.PUP.DrAntispy.bq Path: C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP552\A0111204.exe Risk: Low Name: Not-A-Virus.Adware Path: C:\System Volume Information\_restore{6D7BE497-DD36-4D90-BB45-5CDEC5349B12}\RP555\A0112657.exe Risk: Low en 6:eSCAN il me parait encore long ,donc si tu le veux bien je vais me coucher et te complèterai la réponse ds la journée A+tard et merci encore
  7. yugm
    Rebonjour 1 :vu pour fermer le service PCTools et le rapport OTMOVEIT ci-dessous C:\Program Files\PC Tools AntiVirus moved successfully. OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03312008_194416 2 :F-Secure ,je ne le vois pas du tout ,par contre PCTools n'est plus en C:\Program Files mais en C:\Program Files\Fichiers communs et tjrs indélogeable 3 :Supprimer 1 service =ok 4 :Vundofix.exe en mode sans échec n'a rien trouvé et donc pas de rapport 5 :rapport HijackThis ci-dessous Pour terminer, 2 questions si tu le permets: Je suis en "McAfee VirusScan Plus"uniquement.Me faut- il autre chose en protection spyware ou malware ou ect......+le courrier et si oui quoi ? Je suis déconnecté plusieurs fois par jour du navigateur Orange (5 à 6 fois)est ce normal ? Merci pour tout et au revoir Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:34:22, on 31/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {308FA211-78FE-4D86-B405-50E0361AF78F} - C:\WINDOWS\system32\dbmsvin.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\MGWIU3H4\BAN_72~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\IFRAME~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\HP_1_~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\AP_ADV~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\INDEX_~4.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\AP_CPL~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\ADS_9_~1.SH! O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...235/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D43F0FA3-C5C4-46FC-B5E6-76E193C76ACA}: NameServer = 81.253.149.9 80.10.246.132 O23 - Service: FireDaemon Service: dll32 (dll32) - Unknown owner - c:\winnt\system32\os2\dll\packs\FireDaemon.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5657 bytes
  8. yugm
    Bonjour 1 :PC Tools.Il n'existe pas dans "..........suppression de programmes "du p. de config mais en "Program Files" et pas possible de le déloger: -PCTools Antivirus=Impossible de supprimer engine :Accès refusé -ou PCTAVSvc.exe =id '' " "" " " Vu pour la désinstallation de Spyware Doctor 2 :F-Secure Sensation bizarre à l'activation de UITool3 .exe car à la question "Do you wish to overwrite this file?"par" no" ou" yes"=ok ; mais par " no to all "ou" yes to all "=plantage =UC à 100% 3 :Dans les cases à cocher HijackThis:pas de ligne 21 ,par contre j'ai coché en 23 une ligne PCTools Antivirus et aussi en 23 une ligne F-Secure (erreur ou pas de ma part ?) 4 :OTMOVEIT voir rapport ci-joint 5 :R-host ; ras 6 :VirusTotal; voir rapport ci-joint 7 :et enfin le rapport HijackThis Avec mes remerciements pour la suite A File/Folder C:\Program Files\Yahoo! not found. OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03312008_162020 B | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations... Fichier dbmsvin.dll reçu le 2008.03.31 16:34:07 (CET) Situation actuelle: terminé Résultat: 7/32 (21.88%) Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.4.1.0 2008.03.31 - AntiVir 7.6.0.78 2008.03.31 HEUR/Malware Authentium 4.93.8 2008.03.30 - Avast 4.7.1098.0 2008.03.30 - AVG 7.5.0.516 2008.03.31 - BitDefender 7.2 2008.03.31 - CAT-QuickHeal 9.50 2008.03.31 - ClamAV 0.92.1 2008.03.31 - DrWeb 4.44.0.09170 2008.03.31 - eSafe 7.0.15.0 2008.03.30 - eTrust-Vet 31.3.5658 2008.03.31 Win32/Kvol!generic Ewido 4.0 2008.03.31 - FileAdvisor 1 2008.03.31 - Fortinet 3.14.0.0 2008.03.31 - F-Prot 4.4.2.54 2008.03.30 - F-Secure 6.70.13260.0 2008.03.31 - Ikarus T3.1.1.20 2008.03.31 Virus.Trojan.Win32.Pakes.cdw Kaspersky 7.0.0.125 2008.03.31 - McAfee 5262 2008.03.28 - Microsoft 1.3301 2008.03.31 Trojan:Win32/Boaxxe.B NOD32v2 2986 2008.03.31 - Norman 5.80.02 2008.03.28 - Panda 9.0.0.4 2008.03.31 Suspicious file Prevx1 V2 2008.03.31 Trojan.Vundo Rising 20.38.01.00 2008.03.31 - Sophos 4.28.0 2008.03.31 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.31 - TheHacker 6.2.92.259 2008.03.30 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.31 - Webwasher-Gateway 6.6.2 2008.03.31 Heuristic.Malware Information additionnelle File size: 98048 bytes MD5: 7beb40f1389062fa1d5ea632bc9a452f SHA1: 418da5dbba0d129a519850bbb436f2cce1562855 PEiD: - packers: UPX packers: UPX packers: PE_Patch.UPX, UPX Prevx info: http://info.prevx.com/aboutprogramtext.asp...5E46B007DA7BF2F ATTENTION: VirusTotal iest un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares. VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com C Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:11, on 31/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\MAHE\Accessoires\Bureau\otmoveit2.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {308FA211-78FE-4D86-B405-50E0361AF78F} - C:\WINDOWS\system32\dbmsvin.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\MGWIU3H4\BAN_72~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\IFRAME~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\HP_1_~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\AP_ADV~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\04GXDK6S\INDEX_~4.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\AP_CPL~1.SH! C:\DOCUME~1\MAHE\LOCALS~1\TEMPOR~1\Content.IE5\PE428S8X\ADS_9_~1.SH! O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...235/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D43F0FA3-C5C4-46FC-B5E6-76E193C76ACA}: NameServer = 81.253.149.9 80.10.246.132 O23 - Service: FireDaemon Service: dll32 (dll32) - Unknown owner - c:\winnt\system32\os2\dll\packs\FireDaemon.EXE (file missing) O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure\fswsclds.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6108 bytes
  9. yugm
    bonjour oGu en 1:antivirus:je garde le Mcafee car acheté mais je n'arrive pas à supprimer PCtools(disque plein ? ou prog en utilisation)voir 1 conseil de ta part merci en 2:vu pour suppression des traces de Norton en 3:pas trouvé de Tolbar Yahoo ds + ou - programmes en 4:Smitfraudfix,j'ai fais l'option 3 puis 2(est ce une erreur,)voir rapport ci-joint en 5:Eorezo, no found ds le rapport !je l'avais supprimer avant,à voir en 6:Vundo voir rapport ci-joint et surtout gd Merci .A+ SmitFraudFix v2.309 Rapport fait à 22:49:04,35, 29/03/2008 Executé à partir de C:\Documents and Settings\MAHE\Mes documents\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 124.217.252.78 secure.isoftpay.com 124.217.252.78 secure.isoftpay.com 124.217.252.78 secure.isoftpay.com 124.217.252.78 secure.isoftpay.com 124.217.252.78 secure.isoftpay.com »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin File/Folder C:\Program Files\eoRezo not found. File/Folder C:\Documents and Settings\MAHE\Application Data\EoRezo not found. OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03292008_233524 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50:55, on 29/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\locator.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\MAHE\Accessoires\Bureau\otmoveit2.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\yugm.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {308FA211-78FE-4D86-B405-50E0361AF78F} - C:\WINDOWS\system32\dbmsvin.dll O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...235/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D43F0FA3-C5C4-46FC-B5E6-76E193C76ACA}: NameServer = 81.253.149.9 80.10.246.132 O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file) O23 - Service: FireDaemon Service: dll32 (dll32) - Unknown owner - c:\winnt\system32\os2\dll\packs\FireDaemon.EXE (file missing) O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure\fswsclds.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 7225 bytes
  10. yugm
  11. yugm
    Bonjour voici le dernier rapport.Merci de ton aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:40:38, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\system32\locator.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {308FA211-78FE-4D86-B405-50E0361AF78F} - C:\WINDOWS\system32\dbmsvin.dll O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...235/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D43F0FA3-C5C4-46FC-B5E6-76E193C76ACA}: NameServer = 80.10.246.130 81.253.149.10 O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FireDaemon Service: dll32 (dll32) - Unknown owner - c:\winnt\system32\os2\dll\packs\FireDaemon.EXE (file missing) O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure\fswsclds.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 7330 bytes
  12. yugm
    Grâce à votre forum , j'utilise donc HijackThis que je fais analyser par ZHP comme préconisé.Résultat:2infections en 1:infection SmitFraud que je contre par SmitfrauFix =pas de résultats en 2:infection Magic Control que je contre par Navilog 1=bon c'est du moins ce que me dis le dernier rapport HijackThis.Que dois-faire ? pour enlever SmitFraud Je vous joins les 2 logs hijacktis (le premier et le dernier),les 2 fichiers de navilog 1(fixnavi.txt et cleannavi2.txt) Merci de la réponse Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:43:15, on 26/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\Program Files\Wanadoo\taskbaricon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\locator.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://side.search.ke.voila.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O1 - Hosts: 124.217.252.78 secure.isoftpay.com O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {308FA211-78FE-4D86-B405-50E0361AF78F} - C:\WINDOWS\system32\dbmsvin.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [gtsaibxwu] c:\windows\system32\gtsaibxwu.exe gtsaibxwu O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...235/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D43F0FA3-C5C4-46FC-B5E6-76E193C76ACA}: NameServer = 81.253.149.1 80.10.246.3 O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FireDaemon Service: dll32 (dll32) - Unknown owner - c:\winnt\system32\os2\dll\packs\FireDaemon.EXE (file missing) O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure\fswsclds.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8566 bytes Search Navipromo version 3.5.1 commencé le 27/03/2008 à 18:55:28,39 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "MAHE" Mise à jour le 23.03.2008 à 22h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** SudoPlanet *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** C:\Program Files\SudoPlanet trouvé ! *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 *** *** Recherche dossiers dans "C:\Documents and Settings\MAHE\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\MAHE\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\MAHE\access~1\progra~1" *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1 *** ...\SudoPlanet trouvé ! *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans "C:\Documents and Settings\MAHE\locals~1\applic~1" * * Recherche dans "C:\docume~1\Administrateur\locals~1\applic~1" * *** Recherche fichiers *** C:\DOCUME~1\ALLUSE~1.WIN\Bureau\SudoPlanet.lnk trouvé ! C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\WINDOWS\system32 : sarehpltba.dat trouvé ! sarehpltba_nav.dat trouvé ! sarehpltba_navps.dat trouvé ! * Dans "C:\Documents and Settings\MAHE\locals~1\applic~1" : * Dans "C:\docume~1\Administrateur\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 27/03/2008 à 19:10:52,43 *** Clean Navipromo version 3.5.1 commencé le 27/03/2008 à 19:13:29,75 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "MAHE" Actual User Account : "MAHE" Mise à jour le 23.03.2008 à 22h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans C:\WINDOWS\System32 * * Suppression dans "C:\Documents and Settings\MAHE\locals~1\applic~1" * * Suppression dans "C:\docume~1\Administrateur\locals~1\applic~1" * *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** C:\Program Files\SudoPlanet ...suppression... C:\Program Files\SudoPlanet supprimé ! *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 *** *** Suppression dossiers dans "C:\Documents and Settings\MAHE\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\MAHE\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\MAHE\access~1\progra~1" *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1 *** ...\SudoPlanet ...suppression... ...\SudoPlanet supprimé ! *** Suppression fichiers *** C:\DOCUME~1\ALLUSE~1.WIN\Bureau\SudoPlanet.lnk supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\MAHE\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans C:\WINDOWS\system32 * sarehpltba.dat trouvé ! Copie sarehpltba.dat réalisée avec succès ! sarehpltba.dat supprimé ! sarehpltba_nav.dat trouvé ! Copie sarehpltba_nav.dat réalisée avec succès ! sarehpltba_nav.dat supprimé ! sarehpltba_navps.dat trouvé ! Copie sarehpltba_navps.dat réalisée avec succès ! sarehpltba_navps.dat supprimé ! * Dans "C:\Documents and Settings\MAHE\locals~1\applic~1" * * Dans "C:\docume~1\Administrateur\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Backupnavi *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 27/03/2008 à 19:21:01,32 ***
×
×
  • Créer...