Aller au contenu

bpa

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    22

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par bpa

  1. bpa
    Merci pour ton aide Angélique, mais j'ai laissé tomber, car le dernier point de restauration est au 1 Janv au plus tard donc pas assez éloigné pour etre sain. Je pense que je vais reformater. bp
  2. bpa
    J'ai bien rentré la commande, une fenetre s'ouvre : Restauration du systéme mais elle reste blanche, il n'y a pas les ecrans que tu as copié collé qui s'affichent
  3. bpa
    Merci, ça redemarre, mais je n'ai plus de connection Internet et j'ai pas mal de programme qui ne fonctionnent plus... Comment faire un point de restauration ? Merci pour ton aide angélique bp
  4. bpa
    Merci Angelique, pour etre sur que j'ai bien compris la manip (je crois qu'il manque un mot aprés chaque ?) Je prends par exemple le contenu de c:\windows\repair\system de mon ordinateur qui fonctionne et je le copie sur mon disque C fautif ? ou bien je copie le contenu de c:\windows\repair\system de mon ordinateur malade et je le copie le contenu dans c:\windows\system32\config\system sur ce même ordinateur malade ? je pense que c'est cette 2ieme solution mais je voulais etre sur bp
  5. bpa
    OK 1- Mais cela va t il tuer SASSER qui semble etre à l'origine du PB ? 2- Dans mon cas je peux mettre le HDD fautif sur un autre PC en USB. Dans le lien que tu m'as donné je ne vois pas comment faire dans ce cas. c'est à dire comment demarrer la console de réparation, faut il absoluement un CD de démarrage ?
  6. bpa
    Bonjour au moment du démarrrage de ma machine, aprés la mire Windowx XP Pro (SP3) je me retrouve avec le message : lsass.exe introuvable , impossible de démarrer. Que faire ? J'ai avast et antivir d'installés, ils n'ont rien detectés ! bp PS me pas tenir compte de mon message sur LASSEX
  7. bpa
    Ne pas tenier compte de ce sujet, je me suis trompé dans le nom du message il s'agit de LSASS.EXE voir mon message de 1545 bp
  8. bpa
    Bonjour au moment du démarrrage de ma machine, aprés la mire Windowx XP Pro (SP3) je me retrouve avec le message : lsass.exe introuvable , impossible de démarrer. Que faire ? J'ai avast et antivir d'installé, ils n'ont rien detectés ! bp
  9. bpa
    Ben personne ne veut me réponde ??? Merci pour votre aide et Bonne Année bp
  10. bpa
    Bonjour au moment du démarrrage de ma machine, aprés la mire Windowx XP Pro (SP3) je me retrouve avec le message : lasex.exe introuvable , impossible de démarrer. Que faire ? J'ai avast et antivir d'installé, ils n'ont rien detectés ! bp
  11. bpa
    Je viens de re demarrer avec le dernier point de restauration et ça semble fonctionner. Mais j'aimerais savoir si qq un a déjà eu ce pb ?
  12. bpa
    Bonjour, je me demande ce qui se passe. Mon PC démarre normalement, j'ai un message comme quoi qque chhose dans le registery a été réstauré avec succés, je me logge sur XP (XP Pro SP3), mon bureau commence à s'afficher et ensuite je perds le signal vidéo et l'écran est noir. Qu'ne pensez vous, j'ai bien vérifié que mon cable video (DVI) est bien branché (si il était mal branché je n'aurais pas l'affichage du logo XP et la possibilité de me logger)
  13. bpa
    Ci joint le log Highjackthis. La raison est que j'ai eu Bagle sur un de mes PCs. Je veux m'assurer que Bagle n'est pas sur les autres PCs aussi. Je fais celz sur la reco de Falkra. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:03:03, on 19/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\ATK0100\HControl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\Program Files\Asus\Power4 Gear\BatteryLife.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Asus\ATK Media\DMedia.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Razer\Habu\razerhid.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Razer\Habu\razertra.exe C:\Program Files\Razer\Habu\razerofa.exe C:\Windows\System32\mobsync.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Windows\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\PAPA\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HControl] C:\Windows\ATK0100\HControl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 10007 bytes
  14. bpa
    Merci pour ton aide. Pour l'instant pas de souci ça l'air de baigner. Ou peut on mettre sur le site que l'on est content ?? bp
  15. bpa
    Merci pour le script, sympa, ,Voici le résultat de la Chose.....Question, j'ai d'autres PC en LAN, penses-tu qu'ils auraient pu être infectés aussi par Bagle ?? Ces autres PC sont sous Vista Pro SP1 & Home Premium SP1 (2G0 de RAM et 200Go de HDD ce sonr des portables) ComboFix 08-12-15.08 - Admin 2008-12-19 13:42:06.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1535.1094 [GMT 1:00] Lancé depuis: c:\documents and settings\Admin\Bureau\killFix.exe Commutateurs utilisés :: c:\documents and settings\Admin\Bureau\CFScript.txt * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\InfoSat.txt . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-19 au 2008-12-19 )))))))))))))))))))))))))))))))))))) . 2008-12-18 19:32 . 2008-12-18 19:32 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-16 19:05 . 2008-12-16 19:05 53,771 --a------ c:\temp\ELIBAGLA.BEABB%D8%D8H.EXE 2008-12-16 18:44 . 2008-12-16 18:44 <REP> d-------- c:\program files\CCleaner 2008-12-16 17:40 . 2008-12-16 17:40 <REP> d-------- C:\New Folder 2008-12-15 23:17 . 2008-12-16 19:31 <REP> d--h----- c:\documents and settings\Admin\Application Data\drivers 2008-12-11 15:05 . 2008-12-11 15:41 92 --a------ c:\windows\Getting Started.htm 2008-12-05 13:50 . 2008-12-11 15:04 599 --a------ c:\windows\0 2008-12-05 13:50 . 2008-12-11 15:04 95 --a------ c:\windows\99999 2008-12-05 13:49 . 2008-12-05 13:49 <REP> d-------- c:\program files\Mindscape 2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a--c--- c:\windows\system32\qt-dx331.dll 2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe 2008-11-21 22:47 . 2008-11-21 22:47 9,878 --a------ c:\windows\system32\dsm_fr.qm 2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb 2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a--c--- c:\windows\system32\libdivx.dll 2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a--c--- c:\windows\system32\ssldivx.dll 2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a--c--- c:\windows\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-18 22:37 --------- d-----w c:\program files\eMule 2008-12-18 18:32 --------- d-----w c:\program files\Java 2008-12-16 18:31 --------- d-s---w c:\program files\Tweak-XP Pro 4 2008-12-16 14:24 --------- d-----w c:\program files\Norton Save and Restore 2008-12-16 14:24 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-12-16 14:16 --------- d-----w c:\program files\Symantec 2008-12-16 13:21 --------- d-----w c:\program files\Driver-Soft 2008-12-11 16:50 --------- d-----w c:\program files\DivX 2008-11-17 09:15 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT 2008-11-17 09:04 --------- d-----w c:\documents and settings\Admin\Application Data\Nikon 2008-11-17 08:49 --------- d-----w c:\program files\Fichiers communs\Nikon 2008-11-17 08:48 --------- d-----w c:\program files\Nikon 2008-11-17 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15 2008-11-17 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp 2008-11-16 23:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-16 23:10 --------- d-----w c:\program files\Yvert & Tellier 2008-11-16 23:10 --------- d-----w c:\documents and settings\All Users\Application Data\4D 2008-11-16 18:58 --------- d-----w c:\program files\Kolor 2008-11-16 18:54 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-11-16 14:46 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-11-16 14:46 --------- d-----w c:\program files\Linksys 2008-11-16 14:46 --------- d-----w c:\documents and settings\Admin\Application Data\InstallShield 2008-11-14 13:14 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT 2008-11-09 14:24 --------- d-----w c:\program files\Max Data Recovery 2008-11-09 00:34 --------- d-----w c:\program files\Ontrack 2008-11-09 00:33 --------- d-----w c:\program files\Fichiers communs\ACD Systems 2008-11-08 23:44 --------- d-----w c:\program files\Recover My Files 2008-11-08 23:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-01 09:22 --------- d-----w c:\program files\NOS 2008-11-01 09:22 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2008-10-24 12:05 --------- d-----w c:\documents and settings\Admin\Application Data\SPORE 2008-10-24 12:03 --------- d--h--r c:\documents and settings\Admin\Application Data\SecuROM 2008-10-24 12:03 --------- d-----w c:\program files\Electronic Arts 2008-10-24 11:46 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-24 11:41 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-24 11:41 --------- d-----w c:\documents and settings\Admin\Application Data\DAEMON Tools 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2005-11-25 17:04 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe 2002-07-26 16:02 153,088 -c--a-w c:\program files\UNWISE.EXE 2008-04-13 17:33 65,024 --sha-w c:\windows\system32\asycfilt.dll 2008-04-13 17:33 617,472 --sha-w c:\windows\system32\comctl32.dll 2008-04-13 17:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll 2002-09-07 00:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll 2008-04-13 17:33 413,696 --sha-w c:\windows\system32\msvcp60.dll 2008-04-13 17:33 343,040 --sha-w c:\windows\system32\msvcrt.dll 2002-09-07 00:00 253,952 -csha-w c:\windows\system32\msvcrt20.dll 2008-04-13 17:33 551,936 --sha-w c:\windows\system32\oleaut32.dll 2008-04-13 17:33 84,992 --sha-w c:\windows\system32\olepro32.dll 2008-04-13 17:33 30,749 --sha-w c:\windows\system32\vbajet32.dll 1999-04-25 15:00 368,912 -csha-w c:\windows\system32\Vbar332.dll 2008-05-08 16:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050820080509\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-16_19.37.18.56 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe + 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr + 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys + 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys + 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys + 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys + 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys + 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys + 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys - 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe + 2008-12-18 18:32:44 144,792 ----a-w c:\windows\system32\java.exe - 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe + 2008-12-18 18:32:44 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe + 2008-12-18 18:32:44 148,888 ----a-w c:\windows\system32\javaws.exe + 2008-12-19 12:46:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_28c.dat + 2008-12-19 12:46:20 16,384 ----atw c:\windows\temp\Perflib_Perfdata_75c.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "E07FXLRD_1376031"="c:\program files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" [2006-06-13 351000] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-06-10 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-17 98304] "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440] "USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-08-19 106551] "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648] "RoxioEngineUtility"="c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 868352] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600] "Habu"="c:\program files\Razer\Habu\razerhid.exe" [2006-12-06 159744] "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "Logitech Utility"="LOGI_MWX.EXE" [2003-12-11 c:\windows\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv31"= c:\windows\system32\ir32_32.dll "vidc.iv32"= c:\windows\system32\ir32_32.dll "vidc.3IV2"= 3ivxVfWCodec.dll "vidc.mpg4"= msmpeg4.dll "vidc.mp42"= msmpeg4.dll "vidc.mp43"= msmpeg4.dll "VIDC.X264"= x264vfw.dll "VIDC.DIV3"= DivXc32.dll "VIDC.DIV4"= DivXc32f.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Install Network Printer Wizard\\hpjsi.exe"= "c:\\Program Files\\FlashFXP\\flashfxp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\WINDOWS\\system32\\svchost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2004-08-27 102528] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-16 111184] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-16 20560] S3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2006-12-29 27776] S3 uisp;Freescale USB JW32 driver;c:\windows\system32\Drivers\usbicp.sys [2006-12-29 14592] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-19 13:46:47 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(968) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe c:\program files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe c:\windows\system32\WgaTray.exe c:\program files\Razer\Habu\razerofa.exe . ************************************************************************** . Heure de fin: 2008-12-19 13:49:53 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-19 12:49:50 ComboFix2.txt 2008-12-16 18:39:19 Avant-CF: 4 802 142 208 octets libres Après-CF: 4,814,077,952 octets libres 213 --- E O F --- 2008-12-14 15:08:06
  16. bpa
    Pas de souci je vais te faire ça tout de suite. bp
  17. bpa
    Voilà le contenu du Rar, qui d'ailleurs n'a pas voulu s'ouvrir, on dirait que c'est l'exe pour Capture NX2, je dois avouer que je l'avais telechargé pour l'essayer...je fais de la photo et je voulais voir ce qu'il avait de bien par rapport à Photoshop Elements V6 Ouups voici le contenu Extracting Supplements\CaptureNXExtend.exe Extracting Supplements\ProductInfoLib.dll Extracting Supplements\Items\NXParam.dll Extracting Supplements\Items Extracting Supplements\Picture Control Utility\DISK1\Setup.exe Extracting Supplements\Picture Control Utility\DISK1 Extracting Supplements\Picture Control Utility\Utilities\KR\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\KR\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\KR\Readme.rtf Extracting Supplements\Picture Control Utility\Utilities\KR\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\KR Extracting Supplements\Picture Control Utility\Utilities\NL\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\NL\readme.rtf Extracting Supplements\Picture Control Utility\Utilities\NL\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\NL\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\NL Extracting Supplements\Picture Control Utility\Utilities\IT\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\IT\readme.rtf Extracting Supplements\Picture Control Utility\Utilities\IT\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\IT\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\IT Extracting Supplements\Picture Control Utility\Utilities\JP\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\JP\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\JP\Readme.rtf Extracting Supplements\Picture Control Utility\Utilities\JP\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\JP Extracting Supplements\Picture Control Utility\Utilities\CN\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\CN\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\CN\Readme.rtf Extracting Supplements\Picture Control Utility\Utilities\CN\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\CN Extracting Supplements\Picture Control Utility\Utilities\FR\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\FR\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\FR\Readme.rtf Extracting Supplements\Picture Control Utility\Utilities\FR\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\FR Extracting Supplements\Picture Control Utility\Utilities\ES\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\ES\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\ES\Readme.rtf Extracting Supplements\Picture Control Utility\Utilities\ES\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\ES Extracting Supplements\Picture Control Utility\Utilities\SE\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\SE\readme.rtf Extracting Supplements\Picture Control Utility\Utilities\SE\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\SE\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\SE Extracting Supplements\Picture Control Utility\Utilities\DE\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\DE\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\DE\Readme.rtf Extracting Supplements\Picture Control Utility\Utilities\DE\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\DE Extracting Supplements\Picture Control Utility\Utilities\EN\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\EN\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\EN\Readme.rtf Extracting Supplements\Picture Control Utility\Utilities\EN\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\EN Extracting Supplements\Picture Control Utility\Utilities\TW\RemKeyList2.txt Extracting Supplements\Picture Control Utility\Utilities\TW\RemKeyList.txt Extracting Supplements\Picture Control Utility\Utilities\TW\Readme.rtf Extracting Supplements\Picture Control Utility\Utilities\TW\RegSweeper.exe Extracting Supplements\Picture Control Utility\Utilities\TW Extracting Supplements\Picture Control Utility\Utilities Extracting Supplements\Picture Control Utility Extracting Supplements\Applications.ini Extracting Supplements\NkMC\setup.exe Extracting Supplements\NkMC Extracting Supplements\MCARecLib.dll Extracting Supplements Extracting cnx2.exe Unexpected end of archive
  18. bpa
    Je voulais te montrer le screenshot mais je n'ai pas pu le coller Donc c'est une application de type Winrar qui contient un peu plus de 1000 fichiers , je l'ai passé à Avast qui n'a rien detecté Je peux te l'envoyer par Sendit si tu veux, mais dans ce cas il me faut ton adresse Email bp
  19. bpa
    Bonjour Falkra, j' ai pu analyser la dll mais pas l'exe car virus total me reponds qu'il n'a pas pu charge le ficheir car il est trop gros (44Mb). Je te joins l'analyse de la DLL. Fichier xwr24728.dll reçu le 2008.12.18 17:06:34 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.19.0 2008.12.18 - AntiVir 7.9.0.45 2008.12.18 - Authentium 5.1.0.4 2008.12.18 - Avast 4.8.1281.0 2008.12.18 - AVG 8.0.0.199 2008.12.18 - BitDefender 7.2 2008.12.18 - CAT-QuickHeal 10.00 2008.12.18 - ClamAV 0.94.1 2008.12.18 - Comodo 771 2008.12.17 - DrWeb 4.44.0.09170 2008.12.18 - eSafe 7.0.17.0 2008.12.17 - eTrust-Vet 31.6.6267 2008.12.18 - Ewido 4.0 2008.12.18 - F-Prot 4.4.4.56 2008.12.17 - F-Secure 8.0.14332.0 2008.12.18 - Fortinet 3.117.0.0 2008.12.18 - GData 19 2008.12.18 - Ikarus T3.1.1.45.0 2008.12.18 - K7AntiVirus 7.10.557 2008.12.18 - Kaspersky 7.0.0.125 2008.12.18 - McAfee 5467 2008.12.18 - McAfee+Artemis 5467 2008.12.18 - Microsoft 1.4205 2008.12.18 - NOD32 3703 2008.12.18 - Norman 5.80.02 2008.12.17 - Panda 9.0.0.4 2008.12.18 - PCTools 4.4.2.0 2008.12.18 - Prevx1 V2 2008.12.18 - Rising 21.08.32.00 2008.12.18 - SecureWeb-Gateway 6.7.6 2008.12.18 - Sophos 4.37.0 2008.12.18 - Sunbelt 3.2.1801.2 2008.12.11 - Symantec 10 2008.12.18 - TheHacker 6.3.1.4.191 2008.12.17 - TrendMicro 8.700.0.1004 2008.12.18 - VBA32 3.12.8.10 2008.12.18 - ViRobot 2008.12.18.1525 2008.12.18 - VirusBuster 4.5.11.0 2008.12.18 - Information additionnelle File size: 184320 bytes MD5...: eebf27428ee4c93af2c364eeadb6bf78 SHA1..: b0edb9586969ec7ea64d55847b2bfb2e51c576a8 SHA256: 4ab0f01fd475362acff33c7b6ff5597c3b776b9edfca7fe7db469c333ff0aba3 SHA512: 1fd71794565bc49e592535cd8ed506cb9897854186093ae30aa85e33300d3e96<BR>8c2a881c5a35cd907839523a1d78f916a35b925259d5f8de9003d074c6464a2f<BR> ssdeep: 3072:QN5xNc7KXXwQXvKLDWy49VewAPlir51K5bONtWaq5/gz8Ac9Cj9UN6bTYWW<BR>EuQI4:+xNIKXALLDWyUVvO8Bw/28AcEj+N29uW<BR> PEiD..: - TrID..: File type identification<BR>Unknown! PEInfo: -
  20. bpa
    OK compris. J'ai bien passé le comfix en suivant les instructions pas à pas, j'ai obtenu le log que j'ai posté dans ce topic. Depuis j'ai pu recharger Avast et j'ai refait un scan minutieux qui a trouvé et eradicé Balge dans une cinquataine de fichiers. Je n'ai pas de pb pour accéder à internet depuis le passage de CombFix. Par contre je suis trés intéréssé par ton aide sur la traduction du log pour savoir si il y a des actions supplementaires à effectuer. Merci bp
  21. bpa
    Falkra, c'est quoi cette réponse ??? Voici le site sympa (plus que ta réponse) qui m'a aidé et qui donne la procédure exacte à suivre. http://www.bleepingcomputer.com/combofix/f...iliser-combofix Il conseille une fois la procédure appliquée de se rendre sur un site dont le tien pour faire analyser le rapport. Ce que j'ai fait. Maintenant peux-tu m'aider à analyser le rapport ou dois-je aller sur un autre site?
  22. bpa
    Voici le contenu du log generé par Combfix, pouvez vous m'aider. Le pb d'origine est que lors de l'instal d'avast j'ai eu le message qu'il nétait pas un appli win32. Depuis que j'ai passé Combfix, ma machine n'est plus saturé au niv mémoire, est-ce bon signe ?? Rgds bp omboFix 08-12-15.08 - Admin 2008-12-16 19:28:55.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1535.1194 [GMT 1:00] Lancé depuis: c:\documents and settings\Admin\Bureau\killFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Admin\Application Data\drivers\downld c:\documents and settings\Admin\Application Data\drivers\downld\109015.exe c:\documents and settings\Admin\Application Data\drivers\downld\109437.exe c:\documents and settings\Admin\Application Data\drivers\downld\110125.exe c:\documents and settings\Admin\Application Data\drivers\downld\110218.exe c:\documents and settings\Admin\Application Data\drivers\downld\110468.exe c:\documents and settings\Admin\Application Data\drivers\downld\110906.exe c:\documents and settings\Admin\Application Data\drivers\downld\116250.exe c:\documents and settings\Admin\Application Data\drivers\downld\117406.exe c:\documents and settings\Admin\Application Data\drivers\downld\117656.exe c:\documents and settings\Admin\Application Data\drivers\downld\119046.exe c:\documents and settings\Admin\Application Data\drivers\downld\119578.exe c:\documents and settings\Admin\Application Data\drivers\downld\119828.exe c:\documents and settings\Admin\Application Data\drivers\downld\121046.exe c:\documents and settings\Admin\Application Data\drivers\downld\122312.exe c:\documents and settings\Admin\Application Data\drivers\downld\122328.exe c:\documents and settings\Admin\Application Data\drivers\downld\127171.exe c:\documents and settings\Admin\Application Data\drivers\downld\127890.exe c:\documents and settings\Admin\Application Data\drivers\downld\128531.exe c:\documents and settings\Admin\Application Data\drivers\downld\130921.exe c:\documents and settings\Admin\Application Data\drivers\downld\132031.exe c:\documents and settings\Admin\Application Data\drivers\downld\133140.exe c:\documents and settings\Admin\Application Data\drivers\downld\133453.exe c:\documents and settings\Admin\Application Data\drivers\downld\140375.exe c:\documents and settings\Admin\Application Data\drivers\downld\140750.exe c:\documents and settings\Admin\Application Data\drivers\downld\140906.exe c:\documents and settings\Admin\Application Data\drivers\downld\143343.exe c:\documents and settings\Admin\Application Data\drivers\downld\145000.exe c:\documents and settings\Admin\Application Data\drivers\downld\145046.exe c:\documents and settings\Admin\Application Data\drivers\downld\145843.exe c:\documents and settings\Admin\Application Data\drivers\downld\146812.exe c:\documents and settings\Admin\Application Data\drivers\downld\147562.exe c:\documents and settings\Admin\Application Data\drivers\downld\148781.exe c:\documents and settings\Admin\Application Data\drivers\downld\149187.exe c:\documents and settings\Admin\Application Data\drivers\downld\149546.exe c:\documents and settings\Admin\Application Data\drivers\downld\149828.exe c:\documents and settings\Admin\Application Data\drivers\downld\149953.exe c:\documents and settings\Admin\Application Data\drivers\downld\150156.exe c:\documents and settings\Admin\Application Data\drivers\downld\152890.exe c:\documents and settings\Admin\Application Data\drivers\downld\154156.exe c:\documents and settings\Admin\Application Data\drivers\downld\154484.exe c:\documents and settings\Admin\Application Data\drivers\downld\156203.exe c:\documents and settings\Admin\Application Data\drivers\downld\157359.exe c:\documents and settings\Admin\Application Data\drivers\downld\157390.exe c:\documents and settings\Admin\Application Data\drivers\downld\158218.exe c:\documents and settings\Admin\Application Data\drivers\downld\159171.exe c:\documents and settings\Admin\Application Data\drivers\downld\159828.exe c:\documents and settings\Admin\Application Data\drivers\downld\160078.exe c:\documents and settings\Admin\Application Data\drivers\downld\160093.exe c:\documents and settings\Admin\Application Data\drivers\downld\168000.exe c:\documents and settings\Admin\Application Data\drivers\downld\168468.exe c:\documents and settings\Admin\Application Data\drivers\downld\168906.exe c:\documents and settings\Admin\Application Data\drivers\downld\170734.exe c:\documents and settings\Admin\Application Data\drivers\downld\172500.exe c:\documents and settings\Admin\Application Data\drivers\downld\173218.exe c:\documents and settings\Admin\Application Data\drivers\downld\173359.exe c:\documents and settings\Admin\Application Data\drivers\downld\174234.exe c:\documents and settings\Admin\Application Data\drivers\downld\174703.exe c:\documents and settings\Admin\Application Data\drivers\downld\186656.exe c:\documents and settings\Admin\Application Data\drivers\downld\189640.exe c:\documents and settings\Admin\Application Data\drivers\downld\189703.exe c:\documents and settings\Admin\Application Data\drivers\downld\198812.exe c:\documents and settings\Admin\Application Data\drivers\downld\200328.exe c:\documents and settings\Admin\Application Data\drivers\downld\200359.exe c:\documents and settings\Admin\Application Data\drivers\downld\201625.exe c:\documents and settings\Admin\Application Data\drivers\downld\202656.exe c:\documents and settings\Admin\Application Data\drivers\downld\202671.exe c:\documents and settings\Admin\Application Data\drivers\downld\205468.exe c:\documents and settings\Admin\Application Data\drivers\downld\206109.exe c:\documents and settings\Admin\Application Data\drivers\downld\206156.exe c:\documents and settings\Admin\Application Data\drivers\downld\2061906.exe c:\documents and settings\Admin\Application Data\drivers\downld\2062250.exe c:\documents and settings\Admin\Application Data\drivers\downld\2077000.exe c:\documents and settings\Admin\Application Data\drivers\downld\2078406.exe c:\documents and settings\Admin\Application Data\drivers\downld\2078843.exe c:\documents and settings\Admin\Application Data\drivers\downld\2089578.exe c:\documents and settings\Admin\Application Data\drivers\downld\2090125.exe c:\documents and settings\Admin\Application Data\drivers\downld\2090406.exe c:\documents and settings\Admin\Application Data\drivers\downld\211250.exe c:\documents and settings\Admin\Application Data\drivers\downld\212000.exe c:\documents and settings\Admin\Application Data\drivers\downld\212390.exe c:\documents and settings\Admin\Application Data\drivers\downld\219625.exe c:\documents and settings\Admin\Application Data\drivers\downld\220140.exe c:\documents and settings\Admin\Application Data\drivers\downld\221125.exe c:\documents and settings\Admin\Application Data\drivers\downld\221171.exe c:\documents and settings\Admin\Application Data\drivers\downld\221359.exe c:\documents and settings\Admin\Application Data\drivers\downld\221593.exe c:\documents and settings\Admin\Application Data\drivers\downld\221671.exe c:\documents and settings\Admin\Application Data\drivers\downld\225375.exe c:\documents and settings\Admin\Application Data\drivers\downld\225421.exe c:\documents and settings\Admin\Application Data\drivers\downld\226000.exe c:\documents and settings\Admin\Application Data\drivers\downld\2272718.exe c:\documents and settings\Admin\Application Data\drivers\downld\2273765.exe c:\documents and settings\Admin\Application Data\drivers\downld\2273843.exe c:\documents and settings\Admin\Application Data\drivers\downld\229375.exe c:\documents and settings\Admin\Application Data\drivers\downld\230140.exe c:\documents and settings\Admin\Application Data\drivers\downld\230578.exe c:\documents and settings\Admin\Application Data\drivers\downld\231125.exe c:\documents and settings\Admin\Application Data\drivers\downld\232015.exe c:\documents and settings\Admin\Application Data\drivers\downld\232718.exe c:\documents and settings\Admin\Application Data\drivers\downld\233125.exe c:\documents and settings\Admin\Application Data\drivers\downld\233171.exe c:\documents and settings\Admin\Application Data\drivers\downld\2348156.exe c:\documents and settings\Admin\Application Data\drivers\downld\2349031.exe c:\documents and settings\Admin\Application Data\drivers\downld\2374781.exe c:\documents and settings\Admin\Application Data\drivers\downld\2376187.exe c:\documents and settings\Admin\Application Data\drivers\downld\2376875.exe c:\documents and settings\Admin\Application Data\drivers\downld\2377625.exe c:\documents and settings\Admin\Application Data\drivers\downld\2378187.exe c:\documents and settings\Admin\Application Data\drivers\downld\2378546.exe c:\documents and settings\Admin\Application Data\drivers\downld\2418406.exe c:\documents and settings\Admin\Application Data\drivers\downld\2421171.exe c:\documents and settings\Admin\Application Data\drivers\downld\2422390.exe c:\documents and settings\Admin\Application Data\drivers\downld\242328.exe c:\documents and settings\Admin\Application Data\drivers\downld\243218.exe c:\documents and settings\Admin\Application Data\drivers\downld\243375.exe c:\documents and settings\Admin\Application Data\drivers\downld\244562.exe c:\documents and settings\Admin\Application Data\drivers\downld\245687.exe c:\documents and settings\Admin\Application Data\drivers\downld\245781.exe c:\documents and settings\Admin\Application Data\drivers\downld\246296.exe c:\documents and settings\Admin\Application Data\drivers\downld\246406.exe c:\documents and settings\Admin\Application Data\drivers\downld\246453.exe c:\documents and settings\Admin\Application Data\drivers\downld\246968.exe c:\documents and settings\Admin\Application Data\drivers\downld\247921.exe c:\documents and settings\Admin\Application Data\drivers\downld\247953.exe c:\documents and settings\Admin\Application Data\drivers\downld\248734.exe c:\documents and settings\Admin\Application Data\drivers\downld\249453.exe c:\documents and settings\Admin\Application Data\drivers\downld\250062.exe c:\documents and settings\Admin\Application Data\drivers\downld\250156.exe c:\documents and settings\Admin\Application Data\drivers\downld\250859.exe c:\documents and settings\Admin\Application Data\drivers\downld\251078.exe c:\documents and settings\Admin\Application Data\drivers\downld\251531.exe c:\documents and settings\Admin\Application Data\drivers\downld\251984.exe c:\documents and settings\Admin\Application Data\drivers\downld\252484.exe c:\documents and settings\Admin\Application Data\drivers\downld\263453.exe c:\documents and settings\Admin\Application Data\drivers\downld\265015.exe c:\documents and settings\Admin\Application Data\drivers\downld\265953.exe c:\documents and settings\Admin\Application Data\drivers\downld\266578.exe c:\documents and settings\Admin\Application Data\drivers\downld\266765.exe c:\documents and settings\Admin\Application Data\drivers\downld\267406.exe c:\documents and settings\Admin\Application Data\drivers\downld\267828.exe c:\documents and settings\Admin\Application Data\drivers\downld\268062.exe c:\documents and settings\Admin\Application Data\drivers\downld\268687.exe c:\documents and settings\Admin\Application Data\drivers\downld\269109.exe c:\documents and settings\Admin\Application Data\drivers\downld\269406.exe c:\documents and settings\Admin\Application Data\drivers\downld\269578.exe c:\documents and settings\Admin\Application Data\drivers\downld\269906.exe c:\documents and settings\Admin\Application Data\drivers\downld\273421.exe c:\documents and settings\Admin\Application Data\drivers\downld\273921.exe c:\documents and settings\Admin\Application Data\drivers\downld\274718.exe c:\documents and settings\Admin\Application Data\drivers\downld\275406.exe c:\documents and settings\Admin\Application Data\drivers\downld\275859.exe c:\documents and settings\Admin\Application Data\drivers\downld\282265.exe c:\documents and settings\Admin\Application Data\drivers\downld\282984.exe c:\documents and settings\Admin\Application Data\drivers\downld\283296.exe c:\documents and settings\Admin\Application Data\drivers\downld\284421.exe c:\documents and settings\Admin\Application Data\drivers\downld\295437.exe c:\documents and settings\Admin\Application Data\drivers\downld\300031.exe c:\documents and settings\Admin\Application Data\drivers\downld\300828.exe c:\documents and settings\Admin\Application Data\drivers\downld\311437.exe c:\documents and settings\Admin\Application Data\drivers\downld\313125.exe c:\documents and settings\Admin\Application Data\drivers\downld\313875.exe c:\documents and settings\Admin\Application Data\drivers\downld\315140.exe c:\documents and settings\Admin\Application Data\drivers\downld\316140.exe c:\documents and settings\Admin\Application Data\drivers\downld\316812.exe c:\documents and settings\Admin\Application Data\drivers\downld\323093.exe c:\documents and settings\Admin\Application Data\drivers\downld\326125.exe c:\documents and settings\Admin\Application Data\drivers\downld\326234.exe c:\documents and settings\Admin\Application Data\drivers\downld\330250.exe c:\documents and settings\Admin\Application Data\drivers\downld\334343.exe c:\documents and settings\Admin\Application Data\drivers\downld\334687.exe c:\documents and settings\Admin\Application Data\drivers\downld\335312.exe c:\documents and settings\Admin\Application Data\drivers\downld\348843.exe c:\documents and settings\Admin\Application Data\drivers\downld\350687.exe c:\documents and settings\Admin\Application Data\drivers\downld\351328.exe c:\documents and settings\Admin\Application Data\drivers\downld\355000.exe c:\documents and settings\Admin\Application Data\drivers\downld\356109.exe c:\documents and settings\Admin\Application Data\drivers\downld\356640.exe c:\documents and settings\Admin\Application Data\drivers\downld\368906.exe c:\documents and settings\Admin\Application Data\drivers\downld\369484.exe c:\documents and settings\Admin\Application Data\drivers\downld\369687.exe c:\documents and settings\Admin\Application Data\drivers\downld\370625.exe c:\documents and settings\Admin\Application Data\drivers\downld\371625.exe c:\documents and settings\Admin\Application Data\drivers\downld\372046.exe c:\documents and settings\Admin\Application Data\drivers\downld\376625.exe c:\documents and settings\Admin\Application Data\drivers\downld\380468.exe c:\documents and settings\Admin\Application Data\drivers\downld\380718.exe c:\documents and settings\Admin\Application Data\drivers\downld\383937.exe c:\documents and settings\Admin\Application Data\drivers\downld\385250.exe c:\documents and settings\Admin\Application Data\drivers\downld\385406.exe c:\documents and settings\Admin\Application Data\drivers\downld\393000.exe c:\documents and settings\Admin\Application Data\drivers\downld\410281.exe c:\documents and settings\Admin\Application Data\drivers\downld\446671.exe c:\documents and settings\Admin\Application Data\drivers\downld\449671.exe c:\documents and settings\Admin\Application Data\drivers\downld\449796.exe c:\documents and settings\Admin\Application Data\drivers\downld\471468.exe c:\documents and settings\Admin\Application Data\drivers\downld\472375.exe c:\documents and settings\Admin\Application Data\drivers\downld\472500.exe c:\documents and settings\Admin\Application Data\drivers\downld\490953.exe c:\documents and settings\Admin\Application Data\drivers\downld\492375.exe c:\documents and settings\Admin\Application Data\drivers\downld\493062.exe c:\documents and settings\Admin\Application Data\drivers\downld\494156.exe c:\documents and settings\Admin\Application Data\drivers\downld\503812.exe c:\documents and settings\Admin\Application Data\drivers\downld\504578.exe c:\documents and settings\Admin\Application Data\drivers\downld\531343.exe c:\documents and settings\Admin\Application Data\drivers\downld\531921.exe c:\documents and settings\Admin\Application Data\drivers\downld\532562.exe c:\documents and settings\Admin\Application Data\drivers\downld\604203.exe c:\documents and settings\Admin\Application Data\drivers\downld\605718.exe c:\documents and settings\Admin\Application Data\drivers\downld\606375.exe c:\documents and settings\Admin\Application Data\drivers\downld\917437.exe c:\documents and settings\Admin\Application Data\drivers\downld\919000.exe c:\documents and settings\Admin\Application Data\drivers\downld\919187.exe c:\documents and settings\Admin\Application Data\drivers\downld\94750.exe c:\documents and settings\Admin\Application Data\drivers\downld\954375.exe c:\documents and settings\Admin\Application Data\drivers\downld\954671.exe c:\documents and settings\Admin\Application Data\drivers\downld\954734.exe c:\documents and settings\Admin\Application Data\drivers\downld\95578.exe c:\documents and settings\Admin\Application Data\drivers\downld\95625.exe c:\documents and settings\Admin\Application Data\drivers\srosa.sys c:\documents and settings\Admin\Application Data\drivers\srosa2.sys c:\documents and settings\Admin\Application Data\drivers\winupgro.exe c:\documents and settings\Admin\Application Data\m c:\documents and settings\Admin\Application Data\m\flec006.exe c:\documents and settings\Admin\Application Data\m\shared\.NET Reflector 2.01.04.zip c:\documents and settings\Admin\Application Data\m\shared\@promt English-Spanish Express Translator 7.0.zip c:\documents and settings\Admin\Application Data\m\shared\2_Kaspersky.Antivirus.2006.keygen.bis.2008.[found-on-www-bitreactor-to].zip c:\documents and settings\Admin\Application Data\m\shared\3D Seascape Screensaver 1.1.zip c:\documents and settings\Admin\Application Data\m\shared\AbyssMedia Audio Converter Plus 3.50.zip c:\documents and settings\Admin\Application Data\m\shared\Account Manager Toolbar Button 0.1.zip c:\documents and settings\Admin\Application Data\m\shared\Adobe AIR SDK 1.1.0.5790.zip c:\documents and settings\Admin\Application Data\m\shared\Agree MP3 to AMR Converter 4.1.zip c:\documents and settings\Admin\Application Data\m\shared\Alchemy Ping 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\AllyCAD 3.6 Build 3.zip c:\documents and settings\Admin\Application Data\m\shared\Aloud4ie 1.20.1.zip c:\documents and settings\Admin\Application Data\m\shared\ASPPack GroupWare 2.1.2.zip c:\documents and settings\Admin\Application Data\m\shared\AudioNUT 1.9.20.zip c:\documents and settings\Admin\Application Data\m\shared\AutoFTP Service 4.8.zip c:\documents and settings\Admin\Application Data\m\shared\avast enterprise edition v4.6.603 keygen by acme.zip c:\documents and settings\Admin\Application Data\m\shared\Batch Replacer 3.7.zip c:\documents and settings\Admin\Application Data\m\shared\Better GCal 0.3.zip c:\documents and settings\Admin\Application Data\m\shared\Bg.-.Karizma.(2006).-.Eklisiast.(By.Panda.1960).zip c:\documents and settings\Admin\Application Data\m\shared\BigAnt Messenger for Enterprise 2.43.zip c:\documents and settings\Admin\Application Data\m\shared\Blog This for Firefox.zip c:\documents and settings\Admin\Application Data\m\shared\Bluefox MP3 WAV Converter 2.10.08.1127.zip c:\documents and settings\Admin\Application Data\m\shared\BOS Calculator 1.02.zip c:\documents and settings\Admin\Application Data\m\shared\CamUpload 1.43.zip c:\documents and settings\Admin\Application Data\m\shared\Chicago Area Traffic 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\ChiliBurner 3.1.zip c:\documents and settings\Admin\Application Data\m\shared\Clipboard Extender 2.02.zip c:\documents and settings\Admin\Application Data\m\shared\Comfortable PDF to HTML 1.1.zip c:\documents and settings\Admin\Application Data\m\shared\Connection Enumerator 1.03 Build 8.5.zip c:\documents and settings\Admin\Application Data\m\shared\Contenido 4.8.3.zip c:\documents and settings\Admin\Application Data\m\shared\Convert BMP to JPG Software 7.0.zip c:\documents and settings\Admin\Application Data\m\shared\CSSTidy 1.3.zip c:\documents and settings\Admin\Application Data\m\shared\cvbFT 2.06.zip c:\documents and settings\Admin\Application Data\m\shared\CyberCubes CubeStudio 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\DevArt 2.2.zip c:\documents and settings\Admin\Application Data\m\shared\Disk Investigator 1.32.zip c:\documents and settings\Admin\Application Data\m\shared\Doll Collector Pro 5.0.zip c:\documents and settings\Admin\Application Data\m\shared\Drop To DOS 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\Easy Find 1.3.zip c:\documents and settings\Admin\Application Data\m\shared\EF Find 5.10.zip c:\documents and settings\Admin\Application Data\m\shared\EggKey Gateway 1.0.66.zip c:\documents and settings\Admin\Application Data\m\shared\Embroidery Reader 1.3.0.25.zip c:\documents and settings\Admin\Application Data\m\shared\ewido.security.suite.3.5[Todocvcd]por.Gamolama.zip c:\documents and settings\Admin\Application Data\m\shared\EZMem Optimizer 2.0.26.zip c:\documents and settings\Admin\Application Data\m\shared\F-Prot.Antivirus.for.Windows.3.14d.Retail-ROR.ShareConnector.zip c:\documents and settings\Admin\Application Data\m\shared\FaaRClock 2.0.7.zip c:\documents and settings\Admin\Application Data\m\shared\FillOut Manager 1.02.zip c:\documents and settings\Admin\Application Data\m\shared\Fireware ZIP 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\ForceDelete 0.3a.zip c:\documents and settings\Admin\Application Data\m\shared\giochi nokia_the_hulk.zip c:\documents and settings\Admin\Application Data\m\shared\Global Clock Screensaver 3.0.zip c:\documents and settings\Admin\Application Data\m\shared\gmail-mobile_1.3.1_update.zip c:\documents and settings\Admin\Application Data\m\shared\gRapid 1.2.zip c:\documents and settings\Admin\Application Data\m\shared\History Patrol 2.2.zip c:\documents and settings\Admin\Application Data\m\shared\HVM MailInfinite 0.5.0.0.zip c:\documents and settings\Admin\Application Data\m\shared\Ice Blue Antarctica.zip c:\documents and settings\Admin\Application Data\m\shared\ICFI 2.01.zip c:\documents and settings\Admin\Application Data\m\shared\IconExperience Toolbox 4.0.zip c:\documents and settings\Admin\Application Data\m\shared\Idea Knot 1.1.0.0.zip c:\documents and settings\Admin\Application Data\m\shared\Image Toolbar 0.6.5.zip c:\documents and settings\Admin\Application Data\m\shared\Insert Quick Link 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\Interactive Circle of Fifths 3.1.zip c:\documents and settings\Admin\Application Data\m\shared\Interactive Web Physics 3.0 RC1.zip c:\documents and settings\Admin\Application Data\m\shared\JavaScript PopUpMenu Builder 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\JSplitterMp3 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\Just Another Analog Clock 1.1.zip c:\documents and settings\Admin\Application Data\m\shared\Kaspersky.Anti-Virus.Personal.Pro.5.0.372+key.zip c:\documents and settings\Admin\Application Data\m\shared\MB Free Tea Leaf Reading 1.30.zip c:\documents and settings\Admin\Application Data\m\shared\MD5 Fingerprint 1.2.zip c:\documents and settings\Admin\Application Data\m\shared\MIDIFADE 1.5.zip c:\documents and settings\Admin\Application Data\m\shared\Mighty Waterfalls Screen Saver.zip c:\documents and settings\Admin\Application Data\m\shared\Millions of Light Years Screensaver 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\Mobile BRAIN Trainer Español - brain_es_m2_176_gen_adapted_adapted.zip c:\documents and settings\Admin\Application Data\m\shared\MUF Calc 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\NCP Seremo Client 8.3.zip c:\documents and settings\Admin\Application Data\m\shared\Network Programming Gear 2.6.zip c:\documents and settings\Admin\Application Data\m\shared\Night Sky Screen Saver 1.0.0.zip c:\documents and settings\Admin\Application Data\m\shared\Nile FM Widget 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\NOD32_v2.51.20_Standard_by_M0rpheuss.zip c:\documents and settings\Admin\Application Data\m\shared\Nurse Dispatchers 1.4.zip c:\documents and settings\Admin\Application Data\m\shared\Online TV Player 4.9.0.0.zip c:\documents and settings\Admin\Application Data\m\shared\Opulent Font PostScript 2.00.zip c:\documents and settings\Admin\Application Data\m\shared\Paint Express 1.31.zip c:\documents and settings\Admin\Application Data\m\shared\Palm Pad 2.0.zip c:\documents and settings\Admin\Application Data\m\shared\Plastic Flash Template 1.0 build 2007.01.11.zip c:\documents and settings\Admin\Application Data\m\shared\PMPro Mobile Phone Video Converter 2.0.zip c:\documents and settings\Admin\Application Data\m\shared\Pocket Wallpaper 1.01.zip c:\documents and settings\Admin\Application Data\m\shared\PocketExcel Password 10.1.6805.zip c:\documents and settings\Admin\Application Data\m\shared\Pod Player for Windows 1.4.0.zip c:\documents and settings\Admin\Application Data\m\shared\Poppy 5.9.1.zip c:\documents and settings\Admin\Application Data\m\shared\Product Key Manager 3.0.0.1.zip c:\documents and settings\Admin\Application Data\m\shared\Product Pricing Calculator Standard 1.0.0.zip c:\documents and settings\Admin\Application Data\m\shared\ProxyChanger 2.2.zip c:\documents and settings\Admin\Application Data\m\shared\PSP VintageMeter 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\Quickly compare 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\QWallet 2.0.zip c:\documents and settings\Admin\Application Data\m\shared\Realistic Virtual Piano 2.1.zip c:\documents and settings\Admin\Application Data\m\shared\River Past Ringtone Converter 2.7.16.1904.zip c:\documents and settings\Admin\Application Data\m\shared\RM To MP3 Converter 1.30.zip c:\documents and settings\Admin\Application Data\m\shared\RootFTP 2.43.zip c:\documents and settings\Admin\Application Data\m\shared\Scattered Flurries 1.0.2b1.zip c:\documents and settings\Admin\Application Data\m\shared\Screen Booty 1.1.zip c:\documents and settings\Admin\Application Data\m\shared\Scroll To Key 1.0.1.zip c:\documents and settings\Admin\Application Data\m\shared\Secure FTP 2.5.7.zip c:\documents and settings\Admin\Application Data\m\shared\Set Title 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\SharePoint Scanner Plug-in Pro 2.0.zip c:\documents and settings\Admin\Application Data\m\shared\Shelltelnet 2.0 Beta.zip c:\documents and settings\Admin\Application Data\m\shared\Shifting Sands Screen Saver 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\ShopAssist Point Of Sale System 5.10.zip c:\documents and settings\Admin\Application Data\m\shared\SlovoEd Deluxe Spanish-Spanish 6.4.zip c:\documents and settings\Admin\Application Data\m\shared\Snoop 1.2.0.zip c:\documents and settings\Admin\Application Data\m\shared\Sony [176x208] 1000 Words Mobile [W550i].zip c:\documents and settings\Admin\Application Data\m\shared\SP VIDEO 3.02.zip c:\documents and settings\Admin\Application Data\m\shared\Stereo Base Calculator 1.00.zip c:\documents and settings\Admin\Application Data\m\shared\SwisSQL - SQL Server to Oracle Migration Tool 3.2.zip c:\documents and settings\Admin\Application Data\m\shared\Text To Speech Gadget 1.0.0.0.zip c:\documents and settings\Admin\Application Data\m\shared\Update Rollup for Windows XP Embedded Evaluation Edition 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\VideoGIF Lib 1.2.zip c:\documents and settings\Admin\Application Data\m\shared\Virtual Screen Spy 1.2.2.zip c:\documents and settings\Admin\Application Data\m\shared\Visual Weld 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\Voix Jacques Chirac Tomtom Mobile 5.zip c:\documents and settings\Admin\Application Data\m\shared\VrokSub 1.10.zip c:\documents and settings\Admin\Application Data\m\shared\WebVocab 1.1.zip c:\documents and settings\Admin\Application Data\m\shared\WiiSearcher Stock Levels 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\Window Information 1.0.zip c:\documents and settings\Admin\Application Data\m\shared\WinPager 1.1.0.0.zip c:\documents and settings\Admin\Application Data\m\shared\WOOWEB-PRO 4.47.zip c:\documents and settings\Admin\Application Data\m\shared\Xilisoft 3GP Video Converter 5.1.17.1121.zip c:\documents and settings\Admin\Application Data\m\shared\YASA DVD Ripper Platinum 2.8.37.1997.zip c:\documents and settings\Admin\Application Data\m\shared\YourDir 2.0.zip C:\InfoSat.txt c:\program files\Tweak-XP Pro 4\transtask.exe c:\windows\IE4 Error Log.txt c:\windows\system32\mdelk.exe c:\windows\system32\rnaph.dll c:\windows\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SROSA -------\Legacy_SROSA -------\Legacy_OREANS32 -------\Legacy_SK9OU0S -------\Service_oreans32 -------\Service_sK9Ou0s ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 )))))))))))))))))))))))))))))))))))) . 2008-12-16 19:05 . 2008-12-16 19:05 53,771 --a------ c:\temp\ELIBAGLA.BEABB%D8%D8H.EXE 2008-12-16 18:44 . 2008-12-16 18:44 <REP> d-------- c:\program files\CCleaner 2008-12-16 17:40 . 2008-12-16 17:40 <REP> d-------- C:\New Folder 2008-12-15 23:17 . 2008-12-16 19:31 <REP> d--h----- c:\documents and settings\Admin\Application Data\drivers 2008-12-11 15:05 . 2008-12-11 15:41 92 --a------ c:\windows\Getting Started.htm 2008-12-05 13:50 . 2008-12-11 15:04 599 --a------ c:\windows\0 2008-12-05 13:50 . 2008-12-11 15:04 95 --a------ c:\windows\99999 2008-12-05 13:49 . 2008-12-05 13:49 <REP> d-------- c:\program files\Mindscape 2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a--c--- c:\windows\system32\qt-dx331.dll 2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe 2008-11-21 22:47 . 2008-11-21 22:47 9,878 --a------ c:\windows\system32\dsm_fr.qm 2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb 2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a--c--- c:\windows\system32\libdivx.dll 2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a--c--- c:\windows\system32\ssldivx.dll 2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a--c--- c:\windows\system32\DivXWMPExtType.dll 2008-11-17 09:47 . 2008-11-17 10:15 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT 2008-11-17 00:10 . 2008-11-17 00:10 <REP> d-------- c:\program files\Yvert & Tellier 2008-11-17 00:09 . 2008-11-17 00:09 45,572,104 --a------ c:\windows\system32\xa24452203.exe 2008-11-17 00:09 . 2008-11-17 00:09 45,572,104 --a------ c:\windows\system32\xa24447453.exe 2008-11-16 19:14 . 2008-11-16 19:14 45,572,104 --a------ c:\windows\system32\xa6757140.exe 2008-11-16 19:14 . 2008-11-16 19:14 45,572,104 --a------ c:\windows\system32\xa6751468.exe 2008-11-16 19:14 . 2008-11-16 19:14 184,320 --a------ c:\windows\system32\xwr24728.dll 2008-11-16 19:14 . 2008-11-16 19:14 184,320 --a------ c:\windows\system32\wr24728.dll 2008-11-16 16:58 . 2007-06-11 11:20 231,936 --a------ c:\windows\system32\FusionReg.dll 2008-11-16 15:46 . 2008-11-16 15:46 <REP> d-------- c:\program files\Linksys 2008-11-16 15:46 . 2008-11-16 15:46 <REP> d-------- c:\documents and settings\Admin\Application Data\InstallShield 2008-11-16 15:46 . 2006-01-12 19:46 252,928 --a------ c:\windows\system32\rt73.sys 2008-11-16 15:46 . 2006-01-12 19:46 252,928 --a------ c:\windows\system32\drivers\rt73.sys 2008-11-16 15:46 . 2003-10-13 15:30 94,208 --a------ c:\windows\system32\GTW32N50.dll 2008-11-16 15:46 . 2005-11-03 17:41 32,768 --a------ c:\windows\system32\GTGina.dll 2008-11-16 15:46 . 2003-09-25 23:28 31,930 --a------ c:\windows\system32\GTNDIS3.VXD 2008-11-16 15:46 . 2008-11-16 15:46 20,747 --a------ c:\windows\system32\drivers\AegisP.sys 2008-11-16 15:46 . 2005-02-01 18:18 17,992 --a------ c:\windows\system32\drivers\bcm42rly.sys 2008-11-16 15:46 . 2005-02-01 18:18 17,992 --a------ c:\windows\system32\bcm42rly.sys 2008-11-16 15:46 . 2005-02-01 18:18 17,992 --a------ c:\windows\bcm42rly.sys 2008-11-16 15:46 . 2003-09-25 22:15 15,872 --a------ c:\windows\system32\GTNDIS5.sys 2008-11-16 15:46 . 2008-11-16 15:46 963 --a------ c:\windows\system32\WLAN.INI 2008-11-16 15:45 . 2008-07-23 15:49 <REP> d-------- c:\temp\WUSB54GC_UTIL_3001 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-16 18:31 --------- d-s---w c:\program files\Tweak-XP Pro 4 2008-12-16 14:24 --------- d-----w c:\program files\Norton Save and Restore 2008-12-16 14:24 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-12-16 14:16 --------- d-----w c:\program files\Symantec 2008-12-16 13:21 --------- d-----w c:\program files\Driver-Soft 2008-12-15 21:49 --------- d-----w c:\program files\eMule 2008-12-11 16:50 --------- d-----w c:\program files\DivX 2008-11-17 09:04 --------- d-----w c:\documents and settings\Admin\Application Data\Nikon 2008-11-17 08:49 --------- d-----w c:\program files\Fichiers communs\Nikon 2008-11-17 08:48 --------- d-----w c:\program files\Nikon 2008-11-17 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15 2008-11-17 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp 2008-11-16 23:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-16 23:10 --------- d-----w c:\documents and settings\All Users\Application Data\4D 2008-11-16 18:58 --------- d-----w c:\program files\Kolor 2008-11-16 18:54 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-11-14 13:14 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT 2008-11-09 14:24 --------- d-----w c:\program files\Max Data Recovery 2008-11-09 00:34 --------- d-----w c:\program files\Ontrack 2008-11-09 00:33 --------- d-----w c:\program files\Fichiers communs\ACD Systems 2008-11-08 23:44 --------- d-----w c:\program files\Recover My Files 2008-11-08 23:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-01 09:22 --------- d-----w c:\program files\NOS 2008-11-01 09:22 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2008-10-24 12:05 --------- d-----w c:\documents and settings\Admin\Application Data\SPORE 2008-10-24 12:03 --------- d--h--r c:\documents and settings\Admin\Application Data\SecuROM 2008-10-24 12:03 --------- d-----w c:\program files\Electronic Arts 2008-10-24 11:46 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-24 11:41 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-24 11:41 --------- d-----w c:\documents and settings\Admin\Application Data\DAEMON Tools 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2005-11-25 17:04 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe 2002-07-26 16:02 153,088 -c--a-w c:\program files\UNWISE.EXE 2008-04-13 17:33 65,024 --sha-w c:\windows\system32\asycfilt.dll 2008-04-13 17:33 617,472 --sha-w c:\windows\system32\comctl32.dll 2008-04-13 17:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll 2002-09-07 00:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll 2008-04-13 17:33 413,696 --sha-w c:\windows\system32\msvcp60.dll 2008-04-13 17:33 343,040 --sha-w c:\windows\system32\msvcrt.dll 2002-09-07 00:00 253,952 -csha-w c:\windows\system32\msvcrt20.dll 2008-04-13 17:33 551,936 --sha-w c:\windows\system32\oleaut32.dll 2008-04-13 17:33 84,992 --sha-w c:\windows\system32\olepro32.dll 2008-04-13 17:33 30,749 --sha-w c:\windows\system32\vbajet32.dll 1999-04-25 15:00 368,912 -csha-w c:\windows\system32\Vbar332.dll 2008-05-08 16:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050820080509\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "E07FXLRD_1376031"="c:\program files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" [2006-06-13 351000] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-06-10 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-17 98304] "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440] "USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-08-19 106551] "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648] "RoxioEngineUtility"="c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 868352] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Habu"="c:\program files\Razer\Habu\razerhid.exe" [2006-12-06 159744] "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Logitech Utility"="LOGI_MWX.EXE" [2003-12-11 c:\windows\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv31"= c:\windows\system32\ir32_32.dll "vidc.iv32"= c:\windows\system32\ir32_32.dll "vidc.3IV2"= 3ivxVfWCodec.dll "vidc.mpg4"= msmpeg4.dll "vidc.mp42"= msmpeg4.dll "vidc.mp43"= msmpeg4.dll "VIDC.X264"= x264vfw.dll "VIDC.DIV3"= DivXc32.dll "VIDC.DIV4"= DivXc32f.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Install Network Printer Wizard\\hpjsi.exe"= "c:\\Program Files\\FlashFXP\\flashfxp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\WINDOWS\\system32\\svchost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2004-08-27 102528] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] S3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2006-12-29 27776] S3 uisp;Freescale USB JW32 driver;c:\windows\system32\Drivers\usbicp.sys [2006-12-29 14592] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-TransTask - c:\program files\Tweak-XP Pro 4\transtask.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-16 19:34:55 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(964) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe c:\program files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe c:\windows\system32\WgaTray.exe c:\program files\Razer\Habu\razerofa.exe . ************************************************************************** . Heure de fin: 2008-12-16 19:39:18 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-16 18:39:15 Avant-CF: 4,723,589,120 octets libres Après-CF: 4,602,978,304 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn 577 --- E O F --- 2008-12-14 15:08:06
×
×
  • Créer...