Cayzer
Membres-
Compteur de contenus
5 -
Inscription
-
Dernière visite
Autres informations
-
Mes langues
Français, Anglais, Arabe
Cayzer's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Infecté par backdoor.win32.bifrose
Cayzer a répondu à un(e) sujet de Cayzer dans Analyses et éradication malwares
Voila ce que donne ComboFix2.txt : ComboFix 09-05-07.A0 - Bob_ 08/05/2009 15:06.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1015.455 [GMT 1:00] Lancé depuis: c:\documents and settings\Bob_\Bureau\downthmall\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Bob_\Bureau\downthmall\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) FILE :: c:\windows\system32\winxp.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 )))))))))))))))))))))))))))))))))))) . 2009-05-08 11:27 . 2009-05-08 11:28 -------- d-----w C:\rsit 2009-05-08 10:10 . 2008-02-15 11:49 184320 ----a-w c:\windows\system32\igfxres.dll 2009-05-08 09:54 . 2002-09-07 00:00 31360 -c--a-w c:\windows\system32\dllcache\weitekp9.sys 2009-05-08 09:54 . 2002-09-07 00:00 41600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll 2009-05-08 09:54 . 2008-04-13 17:33 53248 -c--a-w c:\windows\system32\dllcache\wamreg51.dll 2009-05-08 09:54 . 2002-09-07 00:00 9216 -c--a-w c:\windows\system32\dllcache\wamps51.dll 2009-05-08 09:54 . 2008-04-13 17:33 77824 -c--a-w c:\windows\system32\dllcache\wam51.dll 2009-05-08 09:54 . 2008-04-13 17:33 367104 -c--a-w c:\windows\system32\dllcache\w3svc.dll 2009-05-08 09:54 . 2002-09-07 00:00 5632 -c--a-w c:\windows\system32\dllcache\w3svapi.dll 2009-05-08 09:54 . 2002-09-07 00:00 74240 -c--a-w c:\windows\system32\dllcache\w3ext.dll 2009-05-08 09:54 . 2002-09-07 00:00 4608 -c--a-w c:\windows\system32\dllcache\w3ctrs51.dll 2009-05-08 09:54 . 2002-09-07 00:00 48256 -c--a-w c:\windows\system32\dllcache\w32.dll 2009-05-08 09:54 . 2008-04-13 17:32 86073 -c--a-w c:\windows\system32\dllcache\voicesub.dll 2009-05-08 09:54 . 2008-04-13 17:32 426041 -c--a-w c:\windows\system32\dllcache\voicepad.dll 2009-05-08 09:52 . 2008-04-13 17:33 23040 -c--a-w c:\windows\system32\dllcache\lpdsvc.dll 2009-05-08 09:51 . 2002-09-07 00:00 7168 -c--a-w c:\windows\system32\dllcache\wamregps.dll 2009-05-08 09:40 . 2002-09-07 00:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-05-08 09:40 . 2002-09-07 00:00 13312 ----a-w c:\windows\system32\irclass.dll 2009-05-08 09:40 . 2002-09-07 00:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-05-08 09:40 . 2002-09-07 00:00 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-05-07 22:33 . 2009-05-07 22:33 -------- d-----w c:\program files\Bazooka Scanner 2009-05-07 22:22 . 2009-05-07 22:22 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-05-01 20:59 . 2009-05-01 20:59 -------- d-----w c:\documents and settings\Bob_\Application Data\Skype 2009-05-01 20:59 . 2009-05-01 21:03 -------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-05-01 20:59 . 2009-05-01 20:59 -------- d-----w c:\program files\Skype 2009-04-27 20:25 . 2009-04-27 20:25 -------- d-----w c:\program files\WinAVI MP4 Converter 2009-04-24 11:51 . 2009-04-24 11:51 -------- d-----w c:\documents and settings\All Users\Application Data\WebacamSurveyor 2009-04-24 11:33 . 2009-04-24 11:33 230432 ----a-w C:\PA207.DAT 2009-04-23 13:35 . 2009-04-24 11:50 -------- d-----w c:\documents and settings\INTER\Application Data\GetRightToGo 2009-04-19 07:41 . 2009-04-19 07:41 -------- d-----w c:\windows\system32\config\systemprofile\Application DataPDFcreator 2009-04-18 19:32 . 2009-04-18 19:32 -------- d-----w c:\documents and settings\Bob_\Application Data\PDFCreator 2009-04-18 19:32 . 2005-04-20 19:08 196608 ----a-w c:\windows\system32\PDFSpooler.exe 2009-04-18 19:32 . 2001-10-28 16:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll 2009-04-18 19:32 . 1998-07-06 16:56 125712 ----a-w c:\windows\system32\VB6DE.DLL 2009-04-18 19:32 . 1998-07-06 16:55 158208 ----a-w c:\windows\system32\MSCMCDE.DLL 2009-04-18 19:32 . 1998-07-06 16:55 64512 ----a-w c:\windows\system32\MSCC2DE.DLL 2009-04-18 19:32 . 1998-07-06 16:55 33792 ----a-w c:\windows\system32\CMDLGDE.DLL 2009-04-18 19:32 . 1998-07-06 00:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL 2009-04-18 19:32 . 2009-04-18 19:32 -------- d-----w c:\program files\PDFCreator PL 2009-04-17 21:31 . 2009-04-17 21:31 -------- d-----w c:\program files\MagicISO 2009-04-15 16:17 . 2009-04-15 16:18 -------- d-----w c:\program files\winLAME 2009-04-13 19:51 . 2009-04-17 12:19 -------- d-----w c:\documents and settings\Bob_\Application Data\Audacity 2009-04-13 08:33 . 2009-04-21 14:59 -------- d-----w c:\windows\system32\Adobe 2009-04-12 19:17 . 2009-04-12 19:17 -------- d-----w c:\documents and settings\Bob_\Application Data\SolidWorks 2009 2009-04-12 19:15 . 2009-05-07 16:28 -------- d-----w c:\documents and settings\Bob_\Application Data\SolidWorks 2009-04-12 18:55 . 2009-04-12 19:03 -------- d-----w c:\program files\Fichiers communs\SolidWorks Shared 2009-04-12 18:55 . 2009-04-12 18:55 -------- d-----w c:\windows\system32\GroupPolicy 2009-04-12 18:55 . 2009-04-12 18:55 -------- d-----w c:\program files\Fichiers communs\eDrawings2009 2009-04-12 18:55 . 2009-04-12 19:15 -------- d-----w c:\documents and settings\All Users\Application Data\SolidWorks 2009-04-11 18:04 . 2009-04-11 18:04 -------- d-----w C:\rdm6 2009-04-11 17:10 . 2009-05-05 16:35 -------- d-----w C:\Toolbox Parts 2009-04-11 17:10 . 2009-04-12 19:19 -------- d-----w c:\program files\SolidWorks 2009-04-10 09:11 . 2009-04-10 09:14 -------- d-----w c:\documents and settings\Bob_\Local Settings\Application Data\Graphisoft 2009-04-10 09:11 . 2009-04-10 09:14 -------- d-----w c:\documents and settings\Bob_\Graphisoft 2009-04-10 09:11 . 2009-04-10 09:14 -------- d-----w c:\documents and settings\Bob_\Application Data\Graphisoft 2009-04-10 09:10 . 2009-04-10 09:10 -------- d-----w c:\documents and settings\Bob_\Application Data\Notepad++ 2009-04-10 08:51 . 2009-04-10 08:51 -------- d-----w c:\documents and settings\Bob_\Local Settings\Application Data\Identities . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-08 12:47 . 2002-09-07 00:00 80748 ----a-w c:\windows\system32\perfc00C.dat 2009-05-08 12:47 . 2002-09-07 00:00 500900 ----a-w c:\windows\system32\perfh00C.dat 2009-05-08 10:10 . 2009-03-01 13:42 96648 ----a-w c:\documents and settings\Bob_\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-08 09:50 . 2002-09-07 00:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-05-08 09:49 . 2009-03-01 12:12 23032 ----a-w c:\windows\system32\emptyregdb.dat 2009-05-05 21:23 . 2009-03-22 12:14 1210264 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-05 10:21 . 2009-03-01 14:07 96648 ----a-w c:\documents and settings\INTER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-29 10:21 . 2009-04-04 09:47 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-23 15:11 . 2009-03-02 07:30 -------- d-----w c:\program files\MSN Messenger 2009-04-23 15:10 . 2009-03-06 19:32 -------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller 2009-04-12 18:55 . 2009-03-09 18:20 -------- d-----w c:\program files\AGEIA Technologies 2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\Fichiers communs\PAC207 2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\Aitinc 2009-04-08 10:27 . 2009-03-01 13:36 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-04 09:47 . 2009-04-04 09:47 -------- d-----w c:\program files\Avira 2009-04-04 08:34 . 2009-04-04 08:34 -------- d-----w c:\program files\Kaspersky Lab 2009-04-04 08:09 . 2009-04-04 08:26 1310720 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-04-04 08:09 . 2009-04-04 08:26 8192 ----a-w c:\windows\Internet Logs\xDBE.tmp 2009-04-04 08:08 . 2009-04-04 08:09 1384960 ----a-w c:\windows\Internet Logs\xDBD.tmp 2009-04-04 08:08 . 2009-04-04 08:09 32768 ----a-w c:\windows\Internet Logs\xDBC.tmp 2009-04-04 07:52 . 2009-04-04 08:05 1326592 ----a-w c:\windows\Internet Logs\xDBB.tmp 2009-04-04 07:52 . 2009-04-04 08:05 1326592 ----a-w c:\windows\Internet Logs\xDBA.tmp 2009-04-04 07:51 . 2009-04-04 08:05 15360 ----a-w c:\windows\Internet Logs\xDB9.tmp 2009-04-04 07:49 . 2009-04-04 07:51 1355264 ----a-w c:\windows\Internet Logs\xDB8.tmp 2009-04-04 07:49 . 2009-04-04 07:51 27136 ----a-w c:\windows\Internet Logs\xDB7.tmp 2009-04-04 07:44 . 2009-04-04 07:46 13824 ----a-w c:\windows\Internet Logs\xDB5.tmp 2009-04-04 07:44 . 2009-04-04 07:46 1328640 ----a-w c:\windows\Internet Logs\xDB6.tmp 2009-04-04 07:43 . 2009-04-04 07:44 43008 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-04-04 07:43 . 2009-04-04 07:44 1871872 ----a-w c:\windows\Internet Logs\xDB3.tmp 2009-04-04 07:41 . 2009-04-04 07:42 1875968 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-04-04 07:38 . 2009-04-04 07:44 1870848 ----a-w c:\windows\Internet Logs\xDB4.tmp 2009-04-04 07:38 . 2009-04-04 07:36 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-03 18:43 . 2009-04-03 18:43 -------- d-----w c:\program files\Zone Labs 2009-04-02 17:49 . 2009-04-02 17:49 83008 ----a-w c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-02 15:32 . 2009-04-02 15:32 155648 ----a-w c:\windows\system32\SDCtrls.dll 2009-04-01 21:37 . 2009-04-01 21:37 290816 ------w c:\windows\Setup1.exe 2009-04-01 21:37 . 2009-04-01 21:37 74752 ----a-w c:\windows\ST6UNST.EXE 2009-04-01 11:28 . 2009-04-01 11:27 -------- d-----w c:\program files\QuickTime 2009-04-01 11:23 . 2009-03-31 09:41 -------- d-----w c:\program files\Graphisoft 2009-03-31 18:02 . 2009-03-31 18:00 -------- d-----w c:\program files\Fichiers communs\Ahead 2009-03-31 18:00 . 2009-03-31 18:00 -------- d-----w c:\program files\Nero 2009-03-31 11:16 . 2009-03-31 11:16 -------- d-----w c:\program files\WIBUKEY 2009-03-31 11:11 . 2009-03-31 11:17 57552 ----a-w c:\windows\system32\WkDos.exe 2009-03-31 11:11 . 2009-03-31 11:17 516096 ----a-w c:\windows\system32\WibuXpm4J32.dll 2009-03-31 11:11 . 2009-03-31 11:17 479232 ----a-w c:\windows\system32\wibuKJni.dll 2009-03-31 11:11 . 2009-03-31 11:17 348160 ----a-w c:\windows\system32\WkExt32.dll 2009-03-31 11:11 . 2009-03-31 11:17 16384 ----a-w c:\windows\system32\drivers\Wibukey2.sys 2009-03-31 11:11 . 2009-03-31 11:17 72704 ----a-w c:\windows\system32\drivers\WibuKey.sys 2009-03-31 11:11 . 2009-03-31 11:17 159744 ----a-w c:\windows\system32\WkWin32.dll 2009-03-31 09:45 . 2009-03-31 09:45 -------- d-----w c:\program files\WIBU-SYSTEMS 2009-03-31 09:44 . 2009-03-31 09:44 -------- d-----w c:\program files\Apple Software Update 2009-03-30 17:31 . 2009-03-30 17:31 -------- d-----w c:\program files\Java 2009-03-30 17:31 . 2009-03-30 17:31 -------- d-----w c:\program files\Fichiers communs\Java 2009-03-26 15:11 . 2009-03-26 15:11 -------- d-----w c:\program files\EnGenius 2009-03-25 12:28 . 2009-03-25 12:28 -------- d-----w c:\program files\EPSON 2009-03-25 11:06 . 2009-03-25 11:06 -------- d-----w c:\program files\ma-config.com 2009-03-25 11:06 . 2009-03-25 11:06 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-03-24 17:10 . 2009-03-24 17:10 -------- d-----w c:\program files\DigitalPeers 2009-03-22 12:14 . 2009-03-22 12:14 -------- d-----w c:\program files\MSBuild 2009-03-22 12:13 . 2009-03-22 12:13 -------- d-----w c:\program files\Reference Assemblies 2009-03-18 10:55 . 2009-03-02 07:42 -------- d-----w c:\program files\Messenger Plus! Live 2009-03-16 11:53 . 2009-03-16 11:53 -------- d-----w c:\program files\GIMP-2.0 2009-03-10 18:26 . 2009-03-10 18:26 -------- d-----w c:\program files\EA GAMES 2009-03-10 12:22 . 2009-03-02 07:08 -------- d-----w c:\program files\Winamp 2009-03-10 12:19 . 2009-03-10 12:19 -------- d-----w c:\program files\Fichiers communs\Macromedia 2009-03-10 12:19 . 2009-03-10 12:19 -------- d-----w c:\program files\Macromedia 2009-03-10 12:19 . 2009-03-02 07:16 -------- d-----w c:\program files\Fichiers communs\InstallShield 2009-03-09 18:19 . 2009-03-09 18:19 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-03-09 18:19 . 2009-03-09 18:19 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys 2009-03-05 12:34 . 2009-03-05 12:34 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-03 12:25 . 2009-03-01 12:14 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-03-03 11:05 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-03-02 07:16 . 2009-03-02 07:16 319488 ----a-w c:\windows\HideWin.exe 2009-03-02 07:06 . 2009-03-02 07:04 10368 ----a-w c:\windows\system32\drivers\pfc.sys 2009-03-01 17:12 . 2009-03-01 17:12 0 ----a-w c:\windows\nsreg.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-03 206088] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352] "EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-09 17021440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\Bob_\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\eMule\\emule.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/04/2009 10:47 108289] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592] R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [08/04/2009 11:27 616064] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [09/09/2008 06:01 79144] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 216232] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11ee89ea-1ab8-11de-86e2-001fd010b3e5}] \Shell\AutoRun\command - J:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47a257c-1783-11de-86d3-001fd010b3e5}] \Shell\AutoRun\command - L:\setupSNK.exe . Contenu du dossier 'Tâches planifiées' 2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{2B1D3B09-E8BC-440A-B3B4-3034D81396A8}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] 2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{EDE16183-2AE1-4BAA-90A1-170567949D30}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Examen supplémentaire ------- . IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm IE: &Tout télécharger avec FlashGet - k:\progra~1\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - k:\progra~1\FlashGet\jc_link.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {F5D79831-1767-4B49-8D11-11492C360F56} = 208.67.222.222 193.55.10.102 FF - ProfilePath - c:\documents and settings\Bob_\Application Data\Mozilla\Firefox\Profiles\wyo4od69.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.fr FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-08 15:07 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1177238915-1500820517-1606980848-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009\\shortlists" "ScreenshotsDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="c:\\Documents and Settings\\Bob_\\Bureau\\fm\\FM-Genie-Scout-1.0-b103\\History Points" "LangDB"="" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000067 "UniqueID"="34-8400-E71F" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "Currency"=dword:0000001c . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2452) c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2009-05-08 15:08 ComboFix-quarantined-files.txt 2009-05-08 14:08 ComboFix2.txt 2009-05-08 13:38 Avant-CF: 12 791 652 352 octets libres Après-CF: 12 787 544 064 octets libres 283 --- E O F --- 2009-03-06 17:43 Merci pour ton aide pour Flashget, je m'en débarasse tout de suite je te crois sur parole MBAM est en cour de mise a jour (avec la connection que j'ai ça devrait prendre du temps) je t'envoi le rapport dés que je l'ai.. Encore une fois Merci pour tout -
Infecté par backdoor.win32.bifrose
Cayzer a répondu à un(e) sujet de Cayzer dans Analyses et éradication malwares
Ah j'avais oublié de le poster désolé, Voila : --- ComboFix 09-05-07.A0 - Bob_ 08/05/2009 15:40.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1015.475 [GMT 1:00] Lancé depuis: c:\documents and settings\Bob_\Bureau\downthmall\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Bob_\Bureau\downthmall\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) FILE :: c:\windows\system32\winxp.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 )))))))))))))))))))))))))))))))))))) . 2009-05-08 11:27 . 2009-05-08 11:28 -------- d-----w C:\rsit 2009-05-08 10:10 . 2008-02-15 11:49 184320 ----a-w c:\windows\system32\igfxres.dll 2009-05-08 09:54 . 2002-09-07 00:00 31360 -c--a-w c:\windows\system32\dllcache\weitekp9.sys 2009-05-08 09:54 . 2002-09-07 00:00 41600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll 2009-05-08 09:54 . 2008-04-13 17:33 53248 -c--a-w c:\windows\system32\dllcache\wamreg51.dll 2009-05-08 09:54 . 2002-09-07 00:00 9216 -c--a-w c:\windows\system32\dllcache\wamps51.dll 2009-05-08 09:54 . 2008-04-13 17:33 77824 -c--a-w c:\windows\system32\dllcache\wam51.dll 2009-05-08 09:54 . 2008-04-13 17:33 367104 -c--a-w c:\windows\system32\dllcache\w3svc.dll 2009-05-08 09:54 . 2002-09-07 00:00 5632 -c--a-w c:\windows\system32\dllcache\w3svapi.dll 2009-05-08 09:54 . 2002-09-07 00:00 74240 -c--a-w c:\windows\system32\dllcache\w3ext.dll 2009-05-08 09:54 . 2002-09-07 00:00 4608 -c--a-w c:\windows\system32\dllcache\w3ctrs51.dll 2009-05-08 09:54 . 2002-09-07 00:00 48256 -c--a-w c:\windows\system32\dllcache\w32.dll 2009-05-08 09:54 . 2008-04-13 17:32 86073 -c--a-w c:\windows\system32\dllcache\voicesub.dll 2009-05-08 09:54 . 2008-04-13 17:32 426041 -c--a-w c:\windows\system32\dllcache\voicepad.dll 2009-05-08 09:52 . 2008-04-13 17:33 23040 -c--a-w c:\windows\system32\dllcache\lpdsvc.dll 2009-05-08 09:51 . 2002-09-07 00:00 7168 -c--a-w c:\windows\system32\dllcache\wamregps.dll 2009-05-08 09:40 . 2002-09-07 00:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-05-08 09:40 . 2002-09-07 00:00 13312 ----a-w c:\windows\system32\irclass.dll 2009-05-08 09:40 . 2002-09-07 00:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-05-08 09:40 . 2002-09-07 00:00 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-05-07 22:33 . 2009-05-07 22:33 -------- d-----w c:\program files\Bazooka Scanner 2009-05-07 22:22 . 2009-05-07 22:22 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-05-01 20:59 . 2009-05-01 20:59 -------- d-----w c:\documents and settings\Bob_\Application Data\Skype 2009-05-01 20:59 . 2009-05-01 21:03 -------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-05-01 20:59 . 2009-05-01 20:59 -------- d-----w c:\program files\Skype 2009-04-27 20:25 . 2009-04-27 20:25 -------- d-----w c:\program files\WinAVI MP4 Converter 2009-04-24 11:51 . 2009-04-24 11:51 -------- d-----w c:\documents and settings\All Users\Application Data\WebacamSurveyor 2009-04-24 11:33 . 2009-04-24 11:33 230432 ----a-w C:\PA207.DAT 2009-04-23 13:35 . 2009-04-24 11:50 -------- d-----w c:\documents and settings\INTER\Application Data\GetRightToGo 2009-04-19 07:41 . 2009-04-19 07:41 -------- d-----w c:\windows\system32\config\systemprofile\Application DataPDFcreator 2009-04-18 19:32 . 2009-04-18 19:32 -------- d-----w c:\documents and settings\Bob_\Application Data\PDFCreator 2009-04-18 19:32 . 2005-04-20 19:08 196608 ----a-w c:\windows\system32\PDFSpooler.exe 2009-04-18 19:32 . 2001-10-28 16:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll 2009-04-18 19:32 . 1998-07-06 16:56 125712 ----a-w c:\windows\system32\VB6DE.DLL 2009-04-18 19:32 . 1998-07-06 16:55 158208 ----a-w c:\windows\system32\MSCMCDE.DLL 2009-04-18 19:32 . 1998-07-06 16:55 64512 ----a-w c:\windows\system32\MSCC2DE.DLL 2009-04-18 19:32 . 1998-07-06 16:55 33792 ----a-w c:\windows\system32\CMDLGDE.DLL 2009-04-18 19:32 . 1998-07-06 00:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL 2009-04-18 19:32 . 2009-04-18 19:32 -------- d-----w c:\program files\PDFCreator PL 2009-04-17 21:31 . 2009-04-17 21:31 -------- d-----w c:\program files\MagicISO 2009-04-15 16:17 . 2009-04-15 16:18 -------- d-----w c:\program files\winLAME 2009-04-13 19:51 . 2009-04-17 12:19 -------- d-----w c:\documents and settings\Bob_\Application Data\Audacity 2009-04-13 08:33 . 2009-04-21 14:59 -------- d-----w c:\windows\system32\Adobe 2009-04-12 19:17 . 2009-04-12 19:17 -------- d-----w c:\documents and settings\Bob_\Application Data\SolidWorks 2009 2009-04-12 19:15 . 2009-05-07 16:28 -------- d-----w c:\documents and settings\Bob_\Application Data\SolidWorks 2009-04-12 18:55 . 2009-04-12 19:03 -------- d-----w c:\program files\Fichiers communs\SolidWorks Shared 2009-04-12 18:55 . 2009-04-12 18:55 -------- d-----w c:\windows\system32\GroupPolicy 2009-04-12 18:55 . 2009-04-12 18:55 -------- d-----w c:\program files\Fichiers communs\eDrawings2009 2009-04-12 18:55 . 2009-04-12 19:15 -------- d-----w c:\documents and settings\All Users\Application Data\SolidWorks 2009-04-11 18:04 . 2009-04-11 18:04 -------- d-----w C:\rdm6 2009-04-11 17:10 . 2009-05-05 16:35 -------- d-----w C:\Toolbox Parts 2009-04-11 17:10 . 2009-04-12 19:19 -------- d-----w c:\program files\SolidWorks 2009-04-10 09:11 . 2009-04-10 09:14 -------- d-----w c:\documents and settings\Bob_\Local Settings\Application Data\Graphisoft 2009-04-10 09:11 . 2009-04-10 09:14 -------- d-----w c:\documents and settings\Bob_\Graphisoft 2009-04-10 09:11 . 2009-04-10 09:14 -------- d-----w c:\documents and settings\Bob_\Application Data\Graphisoft 2009-04-10 09:10 . 2009-04-10 09:10 -------- d-----w c:\documents and settings\Bob_\Application Data\Notepad++ 2009-04-10 08:51 . 2009-04-10 08:51 -------- d-----w c:\documents and settings\Bob_\Local Settings\Application Data\Identities . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-08 12:47 . 2002-09-07 00:00 80748 ----a-w c:\windows\system32\perfc00C.dat 2009-05-08 12:47 . 2002-09-07 00:00 500900 ----a-w c:\windows\system32\perfh00C.dat 2009-05-08 10:10 . 2009-03-01 13:42 96648 ----a-w c:\documents and settings\Bob_\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-08 09:50 . 2002-09-07 00:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-05-08 09:49 . 2009-03-01 12:12 23032 ----a-w c:\windows\system32\emptyregdb.dat 2009-05-05 21:23 . 2009-03-22 12:14 1210264 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-05 10:21 . 2009-03-01 14:07 96648 ----a-w c:\documents and settings\INTER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-29 10:21 . 2009-04-04 09:47 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-23 15:11 . 2009-03-02 07:30 -------- d-----w c:\program files\MSN Messenger 2009-04-23 15:10 . 2009-03-06 19:32 -------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller 2009-04-12 18:55 . 2009-03-09 18:20 -------- d-----w c:\program files\AGEIA Technologies 2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\Fichiers communs\PAC207 2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\Aitinc 2009-04-08 10:27 . 2009-03-01 13:36 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-04 09:47 . 2009-04-04 09:47 -------- d-----w c:\program files\Avira 2009-04-04 08:34 . 2009-04-04 08:34 -------- d-----w c:\program files\Kaspersky Lab 2009-04-04 08:09 . 2009-04-04 08:26 1310720 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-04-04 08:09 . 2009-04-04 08:26 8192 ----a-w c:\windows\Internet Logs\xDBE.tmp 2009-04-04 08:08 . 2009-04-04 08:09 1384960 ----a-w c:\windows\Internet Logs\xDBD.tmp 2009-04-04 08:08 . 2009-04-04 08:09 32768 ----a-w c:\windows\Internet Logs\xDBC.tmp 2009-04-04 07:52 . 2009-04-04 08:05 1326592 ----a-w c:\windows\Internet Logs\xDBB.tmp 2009-04-04 07:52 . 2009-04-04 08:05 1326592 ----a-w c:\windows\Internet Logs\xDBA.tmp 2009-04-04 07:51 . 2009-04-04 08:05 15360 ----a-w c:\windows\Internet Logs\xDB9.tmp 2009-04-04 07:49 . 2009-04-04 07:51 1355264 ----a-w c:\windows\Internet Logs\xDB8.tmp 2009-04-04 07:49 . 2009-04-04 07:51 27136 ----a-w c:\windows\Internet Logs\xDB7.tmp 2009-04-04 07:44 . 2009-04-04 07:46 13824 ----a-w c:\windows\Internet Logs\xDB5.tmp 2009-04-04 07:44 . 2009-04-04 07:46 1328640 ----a-w c:\windows\Internet Logs\xDB6.tmp 2009-04-04 07:43 . 2009-04-04 07:44 43008 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-04-04 07:43 . 2009-04-04 07:44 1871872 ----a-w c:\windows\Internet Logs\xDB3.tmp 2009-04-04 07:41 . 2009-04-04 07:42 1875968 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-04-04 07:38 . 2009-04-04 07:44 1870848 ----a-w c:\windows\Internet Logs\xDB4.tmp 2009-04-04 07:38 . 2009-04-04 07:36 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-03 18:43 . 2009-04-03 18:43 -------- d-----w c:\program files\Zone Labs 2009-04-02 17:49 . 2009-04-02 17:49 83008 ----a-w c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-02 15:32 . 2009-04-02 15:32 155648 ----a-w c:\windows\system32\SDCtrls.dll 2009-04-01 21:37 . 2009-04-01 21:37 290816 ------w c:\windows\Setup1.exe 2009-04-01 21:37 . 2009-04-01 21:37 74752 ----a-w c:\windows\ST6UNST.EXE 2009-04-01 11:28 . 2009-04-01 11:27 -------- d-----w c:\program files\QuickTime 2009-04-01 11:23 . 2009-03-31 09:41 -------- d-----w c:\program files\Graphisoft 2009-03-31 18:02 . 2009-03-31 18:00 -------- d-----w c:\program files\Fichiers communs\Ahead 2009-03-31 18:00 . 2009-03-31 18:00 -------- d-----w c:\program files\Nero 2009-03-31 11:16 . 2009-03-31 11:16 -------- d-----w c:\program files\WIBUKEY 2009-03-31 11:11 . 2009-03-31 11:17 57552 ----a-w c:\windows\system32\WkDos.exe 2009-03-31 11:11 . 2009-03-31 11:17 516096 ----a-w c:\windows\system32\WibuXpm4J32.dll 2009-03-31 11:11 . 2009-03-31 11:17 479232 ----a-w c:\windows\system32\wibuKJni.dll 2009-03-31 11:11 . 2009-03-31 11:17 348160 ----a-w c:\windows\system32\WkExt32.dll 2009-03-31 11:11 . 2009-03-31 11:17 16384 ----a-w c:\windows\system32\drivers\Wibukey2.sys 2009-03-31 11:11 . 2009-03-31 11:17 72704 ----a-w c:\windows\system32\drivers\WibuKey.sys 2009-03-31 11:11 . 2009-03-31 11:17 159744 ----a-w c:\windows\system32\WkWin32.dll 2009-03-31 09:45 . 2009-03-31 09:45 -------- d-----w c:\program files\WIBU-SYSTEMS 2009-03-31 09:44 . 2009-03-31 09:44 -------- d-----w c:\program files\Apple Software Update 2009-03-30 17:31 . 2009-03-30 17:31 -------- d-----w c:\program files\Java 2009-03-30 17:31 . 2009-03-30 17:31 -------- d-----w c:\program files\Fichiers communs\Java 2009-03-26 15:11 . 2009-03-26 15:11 -------- d-----w c:\program files\EnGenius 2009-03-25 12:28 . 2009-03-25 12:28 -------- d-----w c:\program files\EPSON 2009-03-25 11:06 . 2009-03-25 11:06 -------- d-----w c:\program files\ma-config.com 2009-03-25 11:06 . 2009-03-25 11:06 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-03-24 17:10 . 2009-03-24 17:10 -------- d-----w c:\program files\DigitalPeers 2009-03-22 12:14 . 2009-03-22 12:14 -------- d-----w c:\program files\MSBuild 2009-03-22 12:13 . 2009-03-22 12:13 -------- d-----w c:\program files\Reference Assemblies 2009-03-18 10:55 . 2009-03-02 07:42 -------- d-----w c:\program files\Messenger Plus! Live 2009-03-16 11:53 . 2009-03-16 11:53 -------- d-----w c:\program files\GIMP-2.0 2009-03-10 18:26 . 2009-03-10 18:26 -------- d-----w c:\program files\EA GAMES 2009-03-10 12:22 . 2009-03-02 07:08 -------- d-----w c:\program files\Winamp 2009-03-10 12:19 . 2009-03-10 12:19 -------- d-----w c:\program files\Fichiers communs\Macromedia 2009-03-10 12:19 . 2009-03-10 12:19 -------- d-----w c:\program files\Macromedia 2009-03-10 12:19 . 2009-03-02 07:16 -------- d-----w c:\program files\Fichiers communs\InstallShield 2009-03-09 18:19 . 2009-03-09 18:19 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-03-09 18:19 . 2009-03-09 18:19 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys 2009-03-05 12:34 . 2009-03-05 12:34 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-03 12:25 . 2009-03-01 12:14 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-03-03 11:05 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-03-02 07:16 . 2009-03-02 07:16 319488 ----a-w c:\windows\HideWin.exe 2009-03-02 07:06 . 2009-03-02 07:04 10368 ----a-w c:\windows\system32\drivers\pfc.sys 2009-03-01 17:12 . 2009-03-01 17:12 0 ----a-w c:\windows\nsreg.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-03 206088] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352] "EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-09 17021440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\Bob_\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\eMule\\emule.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/04/2009 10:47 108289] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592] R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [08/04/2009 11:27 616064] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [09/09/2008 06:01 79144] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 216232] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11ee89ea-1ab8-11de-86e2-001fd010b3e5}] \Shell\AutoRun\command - J:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47a257c-1783-11de-86d3-001fd010b3e5}] \Shell\AutoRun\command - L:\setupSNK.exe . Contenu du dossier 'Tâches planifiées' 2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{2B1D3B09-E8BC-440A-B3B4-3034D81396A8}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] 2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{EDE16183-2AE1-4BAA-90A1-170567949D30}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Examen supplémentaire ------- . IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm IE: &Tout télécharger avec FlashGet - k:\progra~1\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - k:\progra~1\FlashGet\jc_link.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {F5D79831-1767-4B49-8D11-11492C360F56} = 208.67.222.222 193.55.10.102 FF - ProfilePath - c:\documents and settings\Bob_\Application Data\Mozilla\Firefox\Profiles\wyo4od69.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.fr FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-08 15:41 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1177238915-1500820517-1606980848-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009\\shortlists" "ScreenshotsDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="c:\\Documents and Settings\\Bob_\\Bureau\\fm\\FM-Genie-Scout-1.0-b103\\History Points" "LangDB"="" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000067 "UniqueID"="34-8400-E71F" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "Currency"=dword:0000001c . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3972) c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA c:\program files\WIBU-SYSTEMS\System\WibuShellExt.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Graphisoft\ArchiCAD 12\GSShellX32.dll c:\windows\system32\igfxpph.dll c:\windows\system32\hccutils.DLL . Heure de fin: 2009-05-08 15:42 ComboFix-quarantined-files.txt 2009-05-08 14:42 ComboFix2.txt 2009-05-08 14:08 ComboFix3.txt 2009-05-08 13:38 Avant-CF: 12 789 465 088 octets libres Après-CF: 12 776 800 256 octets libres 292 --- E O F --- 2009-03-06 17:43 -
Infecté par backdoor.win32.bifrose
Cayzer a répondu à un(e) sujet de Cayzer dans Analyses et éradication malwares
le lecteur F est une partition (NTFS) que j'ai crée pour y installer Ubuntu il est installé depuis le livecd sous windows, je te post ce que me renvoi Systeme look tout de suite.. EDIT: Voila : SystemLook v1.0 by jpshortstuff (24.04.09) Log created at 15:13 on 08/05/2009 by Bob_ (Administrator - Elevation successful) ========== filefind ========== Searching for "winfile.jpg" No files found. Searching for "*winfile.jpg*" No files found. -=End Of File=- -
Infecté par backdoor.win32.bifrose
Cayzer a répondu à un(e) sujet de Cayzer dans Analyses et éradication malwares
Merci pour la rapidité de la reponse j'arrive déja a acceder au gestionnaire des taches et autres je n'ai plus que le message au démarrage sinon ça semble déja aller mieux lol, pour le rapport voila ce que ça donne: ComboFix 09-05-07.A0 - Bob_ 08/05/2009 14:30.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1015.374 [GMT 1:00] Lancé depuis: c:\documents and settings\Bob_\Bureau\downthmall\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Bob_\Application Data\BITS c:\documents and settings\Bob_\Application Data\BITS\BITS.ini c:\documents and settings\Bob_\Application Data\BITS\DHTTable.dat c:\documents and settings\Bob_\Application Data\BITS\ProxyList.ini c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304120347.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304120347.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304120347.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304120347.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304132029.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304132029.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304132029.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304132029.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304132029.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090304132029.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072907.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072907.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072907.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072907.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072907.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072907.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072931.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072931.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072931.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072931.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072931.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305072931.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305162604.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305162901.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305164341.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305164341.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305164341.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305164341.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090305164341.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090306134007.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090306134007.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090306134007.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090306134007.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090306134007.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090306134007.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090312102055.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090312102055.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090312102055.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090312102055.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314080642.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314080642.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314080642.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314080642.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314080642.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314081200.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314081200.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314081200.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314081200.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314133559.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314133559.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314133559.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314133559.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182318.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182318.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182318.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182318.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182318.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182704.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182712.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182712.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182712.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182712.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090314182712.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090315130414.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090315130414.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090315130414.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180816.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180816.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180816.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180816.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180831.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180831.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180831.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180831.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180838.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180838.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180838.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180838.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090316180838.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090321142914.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090321142914.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090321142914.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090321142914.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090321142914.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090325142032.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090325142032.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090325142032.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090325142032.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090327111932.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090327111932.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090327111932.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090327111932.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090327111932.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090330100917.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090330100917.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090330100917.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090330100917.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090331123411.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090331123411.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090401171329.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090401171329.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090401181329.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090401181329.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090401181329.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090401181329.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090401181329.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090403161702.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090403161702.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090403171702.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090403171702.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090404071558.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090404071558.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090404071558.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090404071558.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090404071558.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090404071558.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090411191800.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090411191800.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090411191800.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090411191800.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131857.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131857.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131857.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131857.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131901.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131901.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131901.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131901.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131901.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131904.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131904.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131904.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131904.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090414131904.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090415132844.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090415132844.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090415132844.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090415132844.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090415192217.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090415192217.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090415192217.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090415192217.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090415192217.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090416073349.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090416073349.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090416073349.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090416073349.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090417103514.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090417103514.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090417103514.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090417103514.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090417103554.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090417103554.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090417103554.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090417103554.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090418194626.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090418194626.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090418194626.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090422105251.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090422105251.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090422105251.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090422105251.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090422105251.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090422105251.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423072833.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423072833.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423072833.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423072833.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423072836.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423072836.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423072836.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423072836.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423072836.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423073136.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423073136.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423073136.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090423073136.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090424111951.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090424111951.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090424111951.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090424111951.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090424111951.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090425174240.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090425174240.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090425174240.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090425174240.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090425174240.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090427072516.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090427072516.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090427072516.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090427072516.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090427072711.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090427072711.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090427072711.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090427072711.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428191223.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428191223.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428191223.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428191223.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428191223.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428222738.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428222738.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428222738.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428222738.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090428222738.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090430072020.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090430072020.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090430072020.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090430072020.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090501153125.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090501153125.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090501153125.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090501153125.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090501153125.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502075948.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502075948.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502075948.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502075948.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192106.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192106.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192106.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192106.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192106.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192110.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192110.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192110.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192110.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090502192110.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503084550.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503084550.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503084550.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503084550.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503084550.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503232955.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503232955.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503232955.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503232955.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233001.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233001.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233001.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233024.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233024.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233024.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233024.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233024.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233028.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233028.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233028.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233028.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233028.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233032.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233032.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233032.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090503233032.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506080004.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506080004.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506080004.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506080004.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506080004.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506222828.torrent c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506222828.torrent.~tmp c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506222828.torrent.bits c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506222828.torrent.filelist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506222828.torrent.hybridlist c:\documents and settings\Bob_\Application Data\BITS\Torrent\20090506222828.torrent.seeds c:\documents and settings\Bob_\Application Data\BITS\UPnP.ini c:\documents and settings\INTER\Application Data\BITS c:\documents and settings\INTER\Application Data\BITS\BITS.ini c:\documents and settings\INTER\Application Data\BITS\DHTTable.dat c:\documents and settings\INTER\Application Data\BITS\ProxyList.ini c:\documents and settings\INTER\Application Data\BITS\Torrent\20090302110017.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090302110017.torrent.~tmp c:\documents and settings\INTER\Application Data\BITS\Torrent\20090302110017.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090302110017.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090302110017.torrent.seeds c:\documents and settings\INTER\Application Data\BITS\Torrent\20090304120347.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090304120347.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090312102055.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090312102055.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314080642.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314080642.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314081200.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314081200.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314182318.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314182318.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314182318.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314182704.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314182704.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314182712.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314182712.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314182712.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090314182712.torrent.hybridlist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090315130414.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090315130414.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090316180816.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090316180816.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090316180831.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090316180831.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090316180838.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090316180838.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090321142914.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090321142914.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090325142032.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090325142032.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090325142032.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090325142032.torrent.hybridlist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090325142032.torrent.seeds c:\documents and settings\INTER\Application Data\BITS\Torrent\20090327111932.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090327111932.torrent.~tmp c:\documents and settings\INTER\Application Data\BITS\Torrent\20090327111932.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090327111932.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090331123411.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090331123411.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090331123411.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090331123411.torrent.hybridlist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090401171329.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090401171329.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090401181329.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090401181329.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090403161702.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090403161702.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090403171702.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090403171702.torrent.~tmp c:\documents and settings\INTER\Application Data\BITS\Torrent\20090403171702.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090403171702.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090403171702.torrent.hybridlist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090403171702.torrent.seeds c:\documents and settings\INTER\Application Data\BITS\Torrent\20090411191800.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090411191800.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090414131857.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090414131857.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090414131901.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090414131901.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090414131904.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090414131904.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090415132844.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090415132844.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090415192217.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090415192217.torrent.~tmp c:\documents and settings\INTER\Application Data\BITS\Torrent\20090415192217.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090415192217.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090415192217.torrent.hybridlist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090415192217.torrent.seeds c:\documents and settings\INTER\Application Data\BITS\Torrent\20090416073349.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090416073349.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090416214636.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090416214636.torrent.~tmp c:\documents and settings\INTER\Application Data\BITS\Torrent\20090416214636.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090416214636.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090416214636.torrent.hybridlist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090417103514.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090417103514.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090417103554.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090417103554.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090418194626.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090418194626.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090422105251.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090422105251.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090422105251.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090422105251.torrent.hybridlist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090423072833.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090423072833.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090423072836.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090423072836.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090423073136.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090423073136.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090424111951.torrent c:\documents and settings\INTER\Application Data\BITS\Torrent\20090424111951.torrent.~tmp c:\documents and settings\INTER\Application Data\BITS\Torrent\20090424111951.torrent.bits c:\documents and settings\INTER\Application Data\BITS\Torrent\20090424111951.torrent.filelist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090424111951.torrent.hybridlist c:\documents and settings\INTER\Application Data\BITS\Torrent\20090424111951.torrent.seeds c:\documents and settings\INTER\Application Data\BITS\UPnP.ini c:\program files\FlashGet Network c:\program files\FlashGet Network\FlashGet universal\btcore.dll c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49abae31.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49ae6013.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49ae720d.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49af7133.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49af714b.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49afef0c.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49afefbd.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49aff32d.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49b119a7.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49b8d3f7.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49bb5782.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49bb58c0.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49bba4af.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49bbe806.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49bbe8e8.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49bbe8f0.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49bceebe.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49be8780.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49be878f.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49be8796.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49c4ebaa.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49ca2fa0.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49cca834.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49d07e2d.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49d1f1a3.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49d392a9.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49d6286e.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49d6ed0e.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e0ded8.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e47f31.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e47f35.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e47f38.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e5d2fc.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e625d9.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e6d14d.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e7992c.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e84d52.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49e84d7a.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49ea2002.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49eee8f3.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f00a91.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f00a94.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f00b48.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f19247.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f33d80.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f54fcc.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f5503f.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f74707.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f774ca.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49f94324.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fb07bd.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fbef64.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fc8f12.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fc8f16.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fd4bae.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fe1ae3.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fe1ae9.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fe1b00.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fe1b04.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49fe1b08.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4a013574.torrent c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4a0200fc.torrent c:\program files\FlashGet Network\FlashGet universal\btwrap.dll c:\program files\FlashGet Network\FlashGet universal\BugReport.dll c:\program files\FlashGet Network\FlashGet universal\BugReport.exe c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll c:\program files\FlashGet Network\FlashGet universal\fgoption.ini c:\program files\FlashGet Network\FlashGet universal\FGVer.dll c:\program files\FlashGet Network\FlashGet universal\flashget.exe c:\program files\FlashGet Network\FlashGet universal\gt.exe c:\program files\FlashGet Network\FlashGet universal\hashgen.dll c:\program files\FlashGet Network\FlashGet universal\Help\license.txt c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini c:\program files\FlashGet Network\FlashGet universal\libupnp.dll c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_0.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_1.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_2.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_3.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_4.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_5.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_6.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_7.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_8.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\9D3C46095AA7C034A6109F3C26B776E74A5F6CF7_9.jpg c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\Skins\Water Yubo.ini c:\program files\FlashGet Network\FlashGet universal\Skins\Water Yubo.jpg c:\program files\FlashGet Network\FlashGet universal\Skins\Water Yubo.zip c:\program files\FlashGet Network\FlashGet universal\Skins\Water Yubo\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\storage.dll c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe c:\program files\FlashGet Network\FlashGet universal\transaction.log c:\program files\FlashGet Network\FlashGet universal\uninst.exe c:\program files\FlashGet Network\FlashGet universal\zlib.dll F:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 )))))))))))))))))))))))))))))))))))) . 2009-05-08 11:27 . 2009-05-08 11:28 -------- d-----w C:\rsit 2009-05-08 10:10 . 2008-02-15 11:49 184320 ----a-w c:\windows\system32\igfxres.dll 2009-05-08 09:54 . 2002-09-07 00:00 31360 -c--a-w c:\windows\system32\dllcache\weitekp9.sys 2009-05-08 09:54 . 2002-09-07 00:00 41600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll 2009-05-08 09:54 . 2008-04-13 17:33 53248 -c--a-w c:\windows\system32\dllcache\wamreg51.dll 2009-05-08 09:54 . 2002-09-07 00:00 9216 -c--a-w c:\windows\system32\dllcache\wamps51.dll 2009-05-08 09:54 . 2008-04-13 17:33 77824 -c--a-w c:\windows\system32\dllcache\wam51.dll 2009-05-08 09:54 . 2008-04-13 17:33 367104 -c--a-w c:\windows\system32\dllcache\w3svc.dll 2009-05-08 09:54 . 2002-09-07 00:00 5632 -c--a-w c:\windows\system32\dllcache\w3svapi.dll 2009-05-08 09:54 . 2002-09-07 00:00 74240 -c--a-w c:\windows\system32\dllcache\w3ext.dll 2009-05-08 09:54 . 2002-09-07 00:00 4608 -c--a-w c:\windows\system32\dllcache\w3ctrs51.dll 2009-05-08 09:54 . 2002-09-07 00:00 48256 -c--a-w c:\windows\system32\dllcache\w32.dll 2009-05-08 09:54 . 2008-04-13 17:32 86073 -c--a-w c:\windows\system32\dllcache\voicesub.dll 2009-05-08 09:54 . 2008-04-13 17:32 426041 -c--a-w c:\windows\system32\dllcache\voicepad.dll 2009-05-08 09:52 . 2008-04-13 17:33 23040 -c--a-w c:\windows\system32\dllcache\lpdsvc.dll 2009-05-08 09:51 . 2002-09-07 00:00 7168 -c--a-w c:\windows\system32\dllcache\wamregps.dll 2009-05-08 09:40 . 2002-09-07 00:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-05-08 09:40 . 2002-09-07 00:00 13312 ----a-w c:\windows\system32\irclass.dll 2009-05-08 09:40 . 2002-09-07 00:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-05-08 09:40 . 2002-09-07 00:00 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-05-07 22:33 . 2009-05-07 22:33 -------- d-----w c:\program files\Bazooka Scanner 2009-05-07 22:22 . 2009-05-07 22:22 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-05-01 20:59 . 2009-05-01 20:59 -------- d-----w c:\documents and settings\Bob_\Application Data\Skype 2009-05-01 20:59 . 2009-05-01 21:03 -------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-05-01 20:59 . 2009-05-01 20:59 -------- d-----w c:\program files\Skype 2009-04-27 20:25 . 2009-04-27 20:25 -------- d-----w c:\program files\WinAVI MP4 Converter 2009-04-24 11:51 . 2009-04-24 11:51 -------- d-----w c:\documents and settings\All Users\Application Data\WebacamSurveyor 2009-04-24 11:33 . 2009-04-24 11:33 230432 ----a-w C:\PA207.DAT 2009-04-23 13:35 . 2009-04-24 11:50 -------- d-----w c:\documents and settings\INTER\Application Data\GetRightToGo 2009-04-19 07:41 . 2009-04-19 07:41 -------- d-----w c:\windows\system32\config\systemprofile\Application DataPDFcreator 2009-04-18 19:32 . 2009-04-18 19:32 -------- d-----w c:\documents and settings\Bob_\Application Data\PDFCreator 2009-04-18 19:32 . 2005-04-20 19:08 196608 ----a-w c:\windows\system32\PDFSpooler.exe 2009-04-18 19:32 . 2001-10-28 16:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll 2009-04-18 19:32 . 1998-07-06 16:56 125712 ----a-w c:\windows\system32\VB6DE.DLL 2009-04-18 19:32 . 1998-07-06 16:55 158208 ----a-w c:\windows\system32\MSCMCDE.DLL 2009-04-18 19:32 . 1998-07-06 16:55 64512 ----a-w c:\windows\system32\MSCC2DE.DLL 2009-04-18 19:32 . 1998-07-06 16:55 33792 ----a-w c:\windows\system32\CMDLGDE.DLL 2009-04-18 19:32 . 1998-07-06 00:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL 2009-04-18 19:32 . 2009-04-18 19:32 -------- d-----w c:\program files\PDFCreator PL 2009-04-17 21:31 . 2009-04-17 21:31 -------- d-----w c:\program files\MagicISO 2009-04-15 16:17 . 2009-04-15 16:18 -------- d-----w c:\program files\winLAME 2009-04-13 19:51 . 2009-04-17 12:19 -------- d-----w c:\documents and settings\Bob_\Application Data\Audacity 2009-04-13 08:33 . 2009-04-21 14:59 -------- d-----w c:\windows\system32\Adobe 2009-04-12 19:17 . 2009-04-12 19:17 -------- d-----w c:\documents and settings\Bob_\Application Data\SolidWorks 2009 2009-04-12 19:15 . 2009-05-07 16:28 -------- d-----w c:\documents and settings\Bob_\Application Data\SolidWorks 2009-04-12 18:55 . 2009-04-12 19:03 -------- d-----w c:\program files\Fichiers communs\SolidWorks Shared 2009-04-12 18:55 . 2009-04-12 18:55 -------- d-----w c:\windows\system32\GroupPolicy 2009-04-12 18:55 . 2009-04-12 18:55 -------- d-----w c:\program files\Fichiers communs\eDrawings2009 2009-04-12 18:55 . 2009-04-12 19:15 -------- d-----w c:\documents and settings\All Users\Application Data\SolidWorks 2009-04-11 18:04 . 2009-04-11 18:04 -------- d-----w C:\rdm6 2009-04-11 17:10 . 2009-05-05 16:35 -------- d-----w C:\Toolbox Parts 2009-04-11 17:10 . 2009-04-12 19:19 -------- d-----w c:\program files\SolidWorks 2009-04-10 09:11 . 2009-04-10 09:14 -------- d-----w c:\documents and settings\Bob_\Local Settings\Application Data\Graphisoft 2009-04-10 09:11 . 2009-04-10 09:14 -------- d-----w c:\documents and settings\Bob_\Graphisoft 2009-04-10 09:11 . 2009-04-10 09:14 -------- d-----w c:\documents and settings\Bob_\Application Data\Graphisoft 2009-04-10 09:10 . 2009-04-10 09:10 -------- d-----w c:\documents and settings\Bob_\Application Data\Notepad++ 2009-04-10 08:51 . 2009-04-10 08:51 -------- d-----w c:\documents and settings\Bob_\Local Settings\Application Data\Identities . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-08 13:34 . 2009-04-04 07:34 32 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-08 12:47 . 2002-09-07 00:00 80748 ----a-w c:\windows\system32\perfc00C.dat 2009-05-08 12:47 . 2002-09-07 00:00 500900 ----a-w c:\windows\system32\perfh00C.dat 2009-05-08 10:10 . 2009-03-01 13:42 96648 ----a-w c:\documents and settings\Bob_\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-08 09:50 . 2002-09-07 00:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-05-08 09:49 . 2009-03-01 12:12 23032 ----a-w c:\windows\system32\emptyregdb.dat 2009-05-05 21:23 . 2009-03-22 12:14 1210264 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-05 10:21 . 2009-03-01 14:07 96648 ----a-w c:\documents and settings\INTER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-29 10:21 . 2009-04-04 09:47 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-23 15:11 . 2009-03-02 07:30 -------- d-----w c:\program files\MSN Messenger 2009-04-23 15:10 . 2009-03-06 19:32 -------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller 2009-04-12 18:55 . 2009-03-09 18:20 -------- d-----w c:\program files\AGEIA Technologies 2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\Fichiers communs\PAC207 2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\Aitinc 2009-04-08 10:27 . 2009-03-01 13:36 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-04 09:47 . 2009-04-04 09:47 -------- d-----w c:\program files\Avira 2009-04-04 08:34 . 2009-04-04 08:34 -------- d-----w c:\program files\Kaspersky Lab 2009-04-04 08:09 . 2009-04-04 08:26 1310720 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-04-04 08:09 . 2009-04-04 08:26 8192 ----a-w c:\windows\Internet Logs\xDBE.tmp 2009-04-04 08:08 . 2009-04-04 08:09 1384960 ----a-w c:\windows\Internet Logs\xDBD.tmp 2009-04-04 08:08 . 2009-04-04 08:09 32768 ----a-w c:\windows\Internet Logs\xDBC.tmp 2009-04-04 07:52 . 2009-04-04 08:05 1326592 ----a-w c:\windows\Internet Logs\xDBB.tmp 2009-04-04 07:52 . 2009-04-04 08:05 1326592 ----a-w c:\windows\Internet Logs\xDBA.tmp 2009-04-04 07:51 . 2009-04-04 08:05 15360 ----a-w c:\windows\Internet Logs\xDB9.tmp 2009-04-04 07:49 . 2009-04-04 07:51 1355264 ----a-w c:\windows\Internet Logs\xDB8.tmp 2009-04-04 07:49 . 2009-04-04 07:51 27136 ----a-w c:\windows\Internet Logs\xDB7.tmp 2009-04-04 07:44 . 2009-04-04 07:46 13824 ----a-w c:\windows\Internet Logs\xDB5.tmp 2009-04-04 07:44 . 2009-04-04 07:46 1328640 ----a-w c:\windows\Internet Logs\xDB6.tmp 2009-04-04 07:43 . 2009-04-04 07:44 43008 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-04-04 07:43 . 2009-04-04 07:44 1871872 ----a-w c:\windows\Internet Logs\xDB3.tmp 2009-04-04 07:41 . 2009-04-04 07:42 1875968 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-04-04 07:38 . 2009-04-04 07:44 1870848 ----a-w c:\windows\Internet Logs\xDB4.tmp 2009-04-04 07:38 . 2009-04-04 07:36 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-03 18:43 . 2009-04-03 18:43 -------- d-----w c:\program files\Zone Labs 2009-04-02 17:49 . 2009-04-02 17:49 83008 ----a-w c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-02 15:32 . 2009-04-02 15:32 155648 ----a-w c:\windows\system32\SDCtrls.dll 2009-04-01 21:37 . 2009-04-01 21:37 290816 ------w c:\windows\Setup1.exe 2009-04-01 21:37 . 2009-04-01 21:37 74752 ----a-w c:\windows\ST6UNST.EXE 2009-04-01 11:28 . 2009-04-01 11:27 -------- d-----w c:\program files\QuickTime 2009-04-01 11:23 . 2009-03-31 09:41 -------- d-----w c:\program files\Graphisoft 2009-03-31 18:02 . 2009-03-31 18:00 -------- d-----w c:\program files\Fichiers communs\Ahead 2009-03-31 18:00 . 2009-03-31 18:00 -------- d-----w c:\program files\Nero 2009-03-31 11:16 . 2009-03-31 11:16 -------- d-----w c:\program files\WIBUKEY 2009-03-31 11:11 . 2009-03-31 11:17 57552 ----a-w c:\windows\system32\WkDos.exe 2009-03-31 11:11 . 2009-03-31 11:17 516096 ----a-w c:\windows\system32\WibuXpm4J32.dll 2009-03-31 11:11 . 2009-03-31 11:17 479232 ----a-w c:\windows\system32\wibuKJni.dll 2009-03-31 11:11 . 2009-03-31 11:17 348160 ----a-w c:\windows\system32\WkExt32.dll 2009-03-31 11:11 . 2009-03-31 11:17 16384 ----a-w c:\windows\system32\drivers\Wibukey2.sys 2009-03-31 11:11 . 2009-03-31 11:17 72704 ----a-w c:\windows\system32\drivers\WibuKey.sys 2009-03-31 11:11 . 2009-03-31 11:17 159744 ----a-w c:\windows\system32\WkWin32.dll 2009-03-31 09:45 . 2009-03-31 09:45 -------- d-----w c:\program files\WIBU-SYSTEMS 2009-03-31 09:44 . 2009-03-31 09:44 -------- d-----w c:\program files\Apple Software Update 2009-03-30 17:31 . 2009-03-30 17:31 -------- d-----w c:\program files\Java 2009-03-30 17:31 . 2009-03-30 17:31 -------- d-----w c:\program files\Fichiers communs\Java 2009-03-26 15:11 . 2009-03-26 15:11 -------- d-----w c:\program files\EnGenius 2009-03-25 12:28 . 2009-03-25 12:28 -------- d-----w c:\program files\EPSON 2009-03-25 11:06 . 2009-03-25 11:06 -------- d-----w c:\program files\ma-config.com 2009-03-25 11:06 . 2009-03-25 11:06 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-03-24 17:10 . 2009-03-24 17:10 -------- d-----w c:\program files\DigitalPeers 2009-03-22 12:14 . 2009-03-22 12:14 -------- d-----w c:\program files\MSBuild 2009-03-22 12:13 . 2009-03-22 12:13 -------- d-----w c:\program files\Reference Assemblies 2009-03-18 10:55 . 2009-03-02 07:42 -------- d-----w c:\program files\Messenger Plus! Live 2009-03-16 11:53 . 2009-03-16 11:53 -------- d-----w c:\program files\GIMP-2.0 2009-03-10 18:26 . 2009-03-10 18:26 -------- d-----w c:\program files\EA GAMES 2009-03-10 12:22 . 2009-03-02 07:08 -------- d-----w c:\program files\Winamp 2009-03-10 12:19 . 2009-03-10 12:19 -------- d-----w c:\program files\Fichiers communs\Macromedia 2009-03-10 12:19 . 2009-03-10 12:19 -------- d-----w c:\program files\Macromedia 2009-03-10 12:19 . 2009-03-02 07:16 -------- d-----w c:\program files\Fichiers communs\InstallShield 2009-03-09 18:19 . 2009-03-09 18:19 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-03-09 18:19 . 2009-03-09 18:19 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys 2009-03-05 12:34 . 2009-03-05 12:34 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-03 12:25 . 2009-03-01 12:14 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-03-03 11:05 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-03-02 07:16 . 2009-03-02 07:16 319488 ----a-w c:\windows\HideWin.exe 2009-03-02 07:06 . 2009-03-02 07:04 10368 ----a-w c:\windows\system32\drivers\pfc.sys 2009-03-01 17:12 . 2009-03-01 17:12 0 ----a-w c:\windows\nsreg.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-03 206088] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352] "EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "CTFMON"="c:\windows\system32\wscript.exe" [2008-04-13 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-09 17021440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\Bob_\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\eMule\\emule.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/04/2009 10:47 108289] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592] R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [08/04/2009 11:27 616064] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [09/09/2008 06:01 79144] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 216232] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11ee89ea-1ab8-11de-86e2-001fd010b3e5}] \Shell\AutoRun\command - J:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9814a31e-3b02-11de-a7e3-001fd010b3e5}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47a257c-1783-11de-86d3-001fd010b3e5}] \Shell\AutoRun\command - L:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8CD3B31D-716D-5F87-05D4-10885C63CAA1}] c:\windows\system32\winxp.exe . Contenu du dossier 'Tâches planifiées' 2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{2B1D3B09-E8BC-440A-B3B4-3034D81396A8}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] 2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{EDE16183-2AE1-4BAA-90A1-170567949D30}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Examen supplémentaire ------- . IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm IE: &Tout télécharger avec FlashGet - k:\progra~1\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - k:\progra~1\FlashGet\jc_link.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {F5D79831-1767-4B49-8D11-11492C360F56} = 208.67.222.222 193.55.10.102 FF - ProfilePath - c:\documents and settings\Bob_\Application Data\Mozilla\Firefox\Profiles\wyo4od69.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.fr FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-08 14:36 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1177238915-1500820517-1606980848-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009\\shortlists" "ScreenshotsDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\Bob_\\Mes documents\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="c:\\Documents and Settings\\Bob_\\Bureau\\fm\\FM-Genie-Scout-1.0-b103\\History Points" "LangDB"="" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000067 "UniqueID"="34-8400-E71F" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "Currency"=dword:0000001c . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(316) c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\WIBU-SYSTEMS\System\WibuShellExt.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA c:\program files\Graphisoft\ArchiCAD 12\GSShellX32.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\PAStiSvc.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-05-08 14:38 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-08 13:38 Avant-CF: 11 913 191 424 octets libres Après-CF: 12 805 779 456 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect c:\wubildr.mbr="Ubuntu" 1006 --- E O F --- 2009-03-06 17:43 -
Bonjour, Mon pc a été infecté par le (Cheval de troie?) backdoor.win32.bifrose et depuis je ne peux plus : Restaurer mon systeme, acceder au gestionnaire des taches... etc.. a chaque fois que j'essay j'ai un message d'erreur "Impossible de trouver le fichier script... ". J'ai visiter une topic traitant du meme sujet ici : http://forum.zebulon.fr/infection-backdoorwin32bifrose-resolu-t159232.html&pid=1349286&mode=threaded#entry1349286 Voila mon info.txt: info.txt logfile of random's system information tool 1.06 2009-05-08 12:28:17 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->MsiExec /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C} -->MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee Pro-->MsiExec.exe /I{F99F74B4-972B-4B06-B893-6B3B0DB0128B} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe AGEIA PhysX v6.10.25-->MsiExec.exe /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C} AP Tuner 3.08-->"D:\Program Files\AP Tuner\AP Tuner 3.08\uninstall.exe" Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ArchiCAD 12 FRA-->C:\Program Files\Graphisoft\ArchiCAD 12\Uninstall.AC\uninstaller.exe ASIO4ALL-->D:\Program Files\ASIO4ALL v2\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Audacity 1.3.5 (Unicode)-->"D:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Bazooka Scanner-->"C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log" Blender (remove only)-->"D:\Program Files\Blender Foundation\Blender\uninstall.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe CursorXP-->C:\Program Files\CursorXP\CurXPUtil.exe -u EasyPHP 2.0b1-->"D:\Program Files\EasyPHP 2.0b1\unins000.exe" eMulev0.49a.-MorphXTv11.0-->"D:\eMule\unins000.exe" EnGenius Wireless LAN-->C:\Program Files\InstallShield Installation Information\{34CD65DD-3271-4C7B-B029-1670A65DA381}\setup.exe -runfromtemp -l0x0009 -removeonly EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R FileZilla Client 3.2.2.1-->D:\Program Files\FileZilla FTP Client\uninstall.exe FL Studio 8-->D:\Program Files\Image-Line\FL Studio 8\uninstall.exe FlashGet 2.0-->C:\Program Files\FlashGet Network\FlashGet universal\uninst.exe GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly Guitar Pro 5.0-->"D:\Program Files\Guitar Pro 5\unins000.exe" HijackThis 2.0.2-->"C:\Documents and Settings\BoB\Bureau\Downloads\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} K-Lite Codec Pack 2.89 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe Loop12 V2-->D:\Program Files\Loop12 V2\Uninstal.exe Ma-Config.com-->MsiExec.exe /X{560BD6E0-0BA6-43AF-B423-E1DF4D2EB3C3} Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D} Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Notepad++-->C:\Program Files\Notepad++\uninstall.exe PC Camera-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}\setup.exe" -l0x9 -removeonly PDFCreator PL 0.8.0-->C:\Program Files\PDFCreator PL\unins000.exe PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x040c -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 Skype 1.1-->"C:\Program Files\Skype\Phone\unins000.exe" SolidWorks 2009 SP0-->MsiExec.exe /I{95317473-83DB-4E17-9848-353924D66813} The Sims 2 University - Crack-->D:\Program Files\EA GAMES\Les Sims 2 Académie\crack_uninst.exe Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe Ubuntu-->F:\ubuntu\Uninstall-Ubuntu.exe VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE} VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe Webcam Surveyor 1.7.5-->"D:\Program Files\Webcam Surveyor\unins000.exe" WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\Setup32.exe /R:{00060000-0000-1004-8002-0000C06B5161} Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" winLAME prerelease4-->MsiExec.exe /I{062BFFA1-0CCC-400B-B840-F162328D8C00} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Security center information====== AV: AntiVir Desktop AV: Kaspersky Anti-Virus (disabled) ======System event log====== Computer Name: BOB Event Code: 20158 Message: L'utilisateur hamzalyes a établi une connexion à Easy Adsl en utilisant le périphérique PPPoE4-0. Record Number: 7840 Source Name: RemoteAccess Time Written: 20090415110733.000000+060 Event Type: Informations User: Computer Name: BOB Event Code: 7036 Message: Le service HTTP SSL est entré dans l'état : en cours d'exécution. Record Number: 7839 Source Name: Service Control Manager Time Written: 20090415110729.000000+060 Event Type: Informations User: Computer Name: BOB Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL. Record Number: 7838 Source Name: Service Control Manager Time Written: 20090415110729.000000+060 Event Type: Informations User: AUTORITE NT\SERVICE LOCAL Computer Name: BOB Event Code: 7036 Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution. Record Number: 7837 Source Name: Service Control Manager Time Written: 20090415110729.000000+060 Event Type: Informations User: Computer Name: BOB Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Hôte de périphérique universel Plug-and-Play. Record Number: 7836 Source Name: Service Control Manager Time Written: 20090415110729.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: BOB Event Code: 101 Message: msnmsgr (2544) Le moteur de base de données est arrêté. Record Number: 2120 Source Name: ESENT Time Written: 20090424211802.000000+060 Event Type: Informations User: Computer Name: BOB Event Code: 103 Message: msnmsgr (2544) \\.\C:\Documents and Settings\Bob_\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_E41C_DAB0_1CDA_7D4C\dfsr.db: Le moteur de base de données a arrêté une instance (0). Record Number: 2119 Source Name: ESENT Time Written: 20090424211802.000000+060 Event Type: Informations User: Computer Name: BOB Event Code: 7 Message: Récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie réussie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> Record Number: 2118 Source Name: crypt32 Time Written: 20090424164823.000000+060 Event Type: Informations User: Computer Name: BOB Event Code: 102 Message: msnmsgr (2544) \\.\C:\Documents and Settings\Bob_\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_E41C_DAB0_1CDA_7D4C\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0). Record Number: 2117 Source Name: ESENT Time Written: 20090424164805.000000+060 Event Type: Informations User: Computer Name: BOB Event Code: 100 Message: msnmsgr (2544) Le moteur de base de données 5.01.2600.5512 est démarré. Record Number: 2116 Source Name: ESENT Time Written: 20090424164805.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip -----------------EOF----------------- et log.txt -------------------------------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Bob_ at 2009-05-08 12:27:55 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 11 GB (29%) free of 38 GB Total RAM: 1015 MB (24% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:15, on 08/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\Avira\AntiVir Desktop\avnotify.exe D:\eMule\emule.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Bob_\Bureau\downthmall\RSIT.exe C:\Documents and Settings\BoB\Bureau\Downloads\Bob_.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - K:\PROGRA~1\FlashGet\jccatch.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg O4 - HKLM\..\Run: [svchost2] C:\WINDOWS\system32\winxp.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - K:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - K:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F5D79831-1767-4B49-8D11-11492C360F56}: NameServer = 208.67.222.222 193.55.10.102 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 8428 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\User_Feed_Synchronization-{2B1D3B09-E8BC-440A-B3B4-3034D81396A8}.job C:\WINDOWS\tasks\User_Feed_Synchronization-{EDE16183-2AE1-4BAA-90A1-170567949D30}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}] FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - K:\PROGRA~1\FlashGet\jccatch.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-03-03 206088] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-01 36352] "EPSON Stylus C45 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE [2004-01-14 99840] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488] "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488] "regdiit"=C:\WINDOWS\system32\winxp.exe [] "CTFMON"=C:\WINDOWS\system32\wscript.exe [2008-04-13 155648] "svchost2"=C:\WINDOWS\system32\winxp.exe [] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-09 17021440] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872] C:\Documents and Settings\Bob_\Menu Démarrer\Programmes\Démarrage Moteur du Planificateur de tâches SolidWorks.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMuleMorphXT" "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2" "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate" "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx" "K:\Program Files\FlashGet\flashget.exe"="K:\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11ee89ea-1ab8-11de-86e2-001fd010b3e5}] shell\AutoRun\command - J:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9814a31e-3b02-11de-a7e3-001fd010b3e5}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a406b914-22da-11de-a780-806d6172696f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47a257c-1783-11de-86d3-001fd010b3e5}] shell\AutoRun\command - L:\setupSNK.exe ======File associations====== .reg - open - "regedit.exe" "%1" ======List of files/folders created in the last 1 months====== 2009-05-08 12:27:55 ----D---- C:\rsit 2009-05-08 11:10:19 ----A---- C:\WINDOWS\system32\igfxres.dll 2009-05-08 11:08:26 ----D---- C:\WINDOWS\Prefetch 2009-05-08 10:51:30 ----A---- C:\AUTOEXEC.BAT 2009-05-08 10:51:20 ----A---- C:\WINDOWS\OEWABLog.txt 2009-05-08 10:50:23 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-05-08 10:40:01 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-05-08 10:40:01 ----A---- C:\WINDOWS\system32\irclass.dll 2009-05-08 10:39:38 ----RA---- C:\WINDOWS\SET89.tmp 2009-05-08 10:39:36 ----RA---- C:\WINDOWS\SET7D.tmp 2009-05-08 10:39:34 ----RA---- C:\WINDOWS\SET7A.tmp 2009-05-08 10:38:59 ----A---- C:\WINDOWS\setuplog.txt 2009-05-08 01:14:09 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-07 23:33:44 ----D---- C:\Program Files\Bazooka Scanner 2009-05-02 16:23:08 ----N---- C:\rs422.txt 2009-05-02 16:22:32 ----N---- C:\rs422.txt~ 2009-05-01 21:59:26 ----D---- C:\Documents and Settings\Bob_\Application Data\Skype 2009-05-01 21:59:26 ----D---- C:\Documents and Settings\All Users\Application Data\Skype 2009-05-01 21:59:17 ----D---- C:\Program Files\Skype 2009-04-27 21:25:34 ----D---- C:\Program Files\WinAVI MP4 Converter 2009-04-24 12:51:19 ----D---- C:\Documents and Settings\All Users\Application Data\WebacamSurveyor 2009-04-18 20:32:23 ----D---- C:\Documents and Settings\Bob_\Application Data\PDFCreator 2009-04-18 20:32:23 ----A---- C:\WINDOWS\system32\PDFSpooler.exe 2009-04-18 20:32:23 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll 2009-04-18 20:32:22 ----D---- C:\Program Files\PDFCreator PL 2009-04-18 20:32:22 ----A---- C:\WINDOWS\system32\VB6DE.DLL 2009-04-18 20:32:22 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL 2009-04-18 20:32:22 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL 2009-04-18 20:32:22 ----A---- C:\WINDOWS\system32\MSCC2DE.DLL 2009-04-18 20:32:22 ----A---- C:\WINDOWS\system32\CMDLGDE.DLL 2009-04-17 22:31:10 ----D---- C:\Program Files\MagicISO 2009-04-15 17:17:59 ----D---- C:\Program Files\winLAME 2009-04-13 20:51:17 ----D---- C:\Documents and Settings\Bob_\Application Data\Audacity 2009-04-13 09:33:35 ----D---- C:\WINDOWS\system32\Adobe 2009-04-12 20:17:29 ----D---- C:\Documents and Settings\Bob_\Application Data\SolidWorks 2009 2009-04-12 20:15:01 ----D---- C:\Documents and Settings\Bob_\Application Data\SolidWorks 2009-04-12 19:55:36 ----D---- C:\Program Files\Fichiers communs\SolidWorks Shared 2009-04-12 19:55:22 ----D---- C:\WINDOWS\system32\GroupPolicy 2009-04-12 19:55:21 ----D---- C:\Program Files\Fichiers communs\eDrawings2009 2009-04-12 19:55:17 ----D---- C:\Documents and Settings\All Users\Application Data\SolidWorks 2009-04-11 19:04:07 ----D---- C:\rdm6 2009-04-11 18:29:28 ----D---- C:\Documents and Settings\Bob_\Application Data\Sun 2009-04-11 18:10:17 ----D---- C:\Toolbox Parts 2009-04-11 18:10:17 ----D---- C:\Program Files\SolidWorks 2009-04-10 10:11:40 ----D---- C:\Documents and Settings\Bob_\Application Data\Graphisoft 2009-04-10 10:10:15 ----D---- C:\Documents and Settings\Bob_\Application Data\Notepad++ ======List of files/folders modified in the last 1 months====== 2009-05-08 12:06:07 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-05-08 11:37:02 ----D---- C:\WINDOWS\system 2009-05-08 11:37:01 ----D---- C:\WINDOWS\system32\Setup 2009-05-08 11:37:00 ----D---- C:\WINDOWS\Help 2009-05-08 11:36:55 ----D---- C:\WINDOWS\L2Schemas 2009-05-08 11:36:54 ----D---- C:\WINDOWS\system32\usmt 2009-05-08 11:36:54 ----D---- C:\WINDOWS\system32\drivers 2009-05-08 11:36:44 ----D---- C:\WINDOWS\AppPatch 2009-05-08 11:36:43 ----D---- C:\WINDOWS\ehome 2009-05-08 11:36:42 ----D---- C:\WINDOWS\ime 2009-05-08 11:36:41 ----RSD---- C:\WINDOWS\Fonts 2009-05-08 11:36:41 ----D---- C:\WINDOWS\Media 2009-05-08 11:36:40 ----D---- C:\WINDOWS\Network Diagnostic 2009-05-08 11:36:38 ----D---- C:\WINDOWS\system32\fr-fr 2009-05-08 11:36:29 ----D---- C:\WINDOWS\PeerNet 2009-05-08 11:36:18 ----D---- C:\WINDOWS\system32\npp 2009-05-08 11:36:11 ----D---- C:\WINDOWS\msagent 2009-05-08 11:36:07 ----D---- C:\WINDOWS\system32\fr 2009-05-08 11:34:26 ----D---- C:\WINDOWS\system32\1036 2009-05-08 11:34:20 ----D---- C:\WINDOWS\twain_32 2009-05-08 11:34:11 ----D---- C:\WINDOWS\system32\icsxml 2009-05-08 11:33:49 ----D---- C:\WINDOWS\system32\1033 2009-05-08 11:32:56 ----D---- C:\WINDOWS\WinSxS 2009-05-08 11:32:56 ----D---- C:\WINDOWS\Driver Cache 2009-05-08 11:24:23 ----D---- C:\Program Files\Mozilla Firefox 2009-05-08 11:23:35 ----D---- C:\WINDOWS\Temp 2009-05-08 11:10:27 ----D---- C:\WINDOWS\Registration 2009-05-08 11:10:19 ----D---- C:\WINDOWS\system32 2009-05-08 11:10:03 ----HD---- C:\WINDOWS\inf 2009-05-08 11:09:36 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-08 11:09:34 ----SHD---- C:\System Volume Information 2009-05-08 11:09:34 ----D---- C:\WINDOWS\system32\Restore 2009-05-08 11:08:26 ----D---- C:\WINDOWS 2009-05-08 10:56:54 ----D---- C:\WINDOWS\system32\config 2009-05-08 10:54:59 ----D---- C:\WINDOWS\repair 2009-05-08 10:54:17 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-08 10:51:15 ----A---- C:\WINDOWS\ODBCINST.INI 2009-05-08 10:51:08 ----D---- C:\WINDOWS\Debug 2009-05-08 10:50:50 ----D---- C:\WINDOWS\system32\ias 2009-05-08 10:50:26 ----RD---- C:\WINDOWS\Web 2009-05-08 10:50:26 ----RD---- C:\Program Files 2009-05-08 10:50:17 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-05-08 10:50:06 ----A---- C:\WINDOWS\win.ini 2009-05-08 10:49:57 ----D---- C:\Program Files\Windows Media Player 2009-05-08 10:49:52 ----D---- C:\WINDOWS\system32\oobe 2009-05-08 10:49:47 ----D---- C:\Program Files\Internet Explorer 2009-05-08 10:49:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-08 10:49:11 ----D---- C:\WINDOWS\system32\Com 2009-05-08 10:48:45 ----D---- C:\WINDOWS\system32\wbem 2009-05-08 10:48:43 ----SHD---- C:\WINDOWS\Installer 2009-05-08 10:47:48 ----D---- C:\WINDOWS\security 2009-05-08 10:47:26 ----SH---- C:\boot.ini 2009-05-08 10:40:07 ----A---- C:\WINDOWS\system.ini 2009-05-08 10:39:54 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-05-08 10:39:40 ----D---- C:\WINDOWS\system32\CatRoot 2009-05-08 09:54:16 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-07 20:30:47 ----D---- C:\Documents and Settings\Bob_\Application Data\BITS 2009-05-07 18:25:20 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-07 17:55:50 ----D---- C:\Downloads 2009-04-25 17:39:21 ----D---- C:\Documents and Settings\Bob_\Application Data\dvdcss 2009-04-23 16:12:25 ----SHD---- C:\Config.Msi 2009-04-23 16:12:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-04-23 16:12:24 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-04-23 16:11:30 ----D---- C:\Program Files\MSN Messenger 2009-04-23 16:11:19 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-04-23 16:10:25 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2009-04-23 15:20:21 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller 2009-04-21 15:58:46 ----D---- C:\Documents and Settings\Bob_\Application Data\Adobe 2009-04-21 15:58:41 ----D---- C:\WINDOWS\system32\Macromed 2009-04-13 18:52:02 ----D---- C:\Documents and Settings\Bob_\Application Data\BraCa_Soft 2009-04-12 20:06:24 ----RSD---- C:\WINDOWS\assembly 2009-04-12 20:03:35 ----D---- C:\WINDOWS\system32\ShellExt 2009-04-12 19:55:36 ----D---- C:\Program Files\Fichiers communs 2009-04-12 19:55:21 ----D---- C:\Program Files\AGEIA Technologies 2009-04-11 18:12:53 ----D---- C:\Program Files\Fichiers communs\DESIGNER 2009-04-11 18:10:41 ----D---- C:\Program Files\Microsoft Office 2009-04-10 09:51:22 ----SD---- C:\Documents and Settings\Bob_\Application Data\Microsoft 2009-04-09 11:06:13 ----SHD---- C:\RECYCLER ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-29 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-03 226832] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-04-29 55640] R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2009-03-31 72704] R3 dptrackerd;Tracker Driver; C:\WINDOWS\system32\drivers\dptrackerd.sys [2005-12-18 44416] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-13 4879360] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-07 12288] R3 PAC207;PC Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2007-10-25 616064] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-03-02 10368] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-11-09 452480] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-29 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248] R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-03-03 206088] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-04-12 79360] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Voila ! Merci d'avance. PS : je suis sous Winxp Pro SP3, j'ai Avira Antivir comme antivirus et Ubuntu 8.1 en dualboot