Aller au contenu

bouha

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    111

  • Inscription

  • Dernière visite

Tout ce qui a été posté par bouha

  1. bouha

    connexion wifi impossible

    bouha a répondu à un(e) sujet de bouha dans Internet & Réseaux

    Bonjour morron 2 Merci de m'avoir répondu. En complément à mon post précédent voici les détails concernant ma configuration et mon profil: mon système d'exploitation: win xp service pack 2 mis à jour en pack 3 live box sagem Connexion réseau sans fil, périphérique=Dell TrueMobile 1300 WLAN Mini-PCI Card, t ype de support=Réseau local, sous-type de support=SANS FIL à+
  2. bouha
    Bonsoir à tous Sur mon pc la connexion internet wifi est impossible, alors que celle par câble Ethernet marche très bien. J'ai vérifié ma carte réseau dell true mobile, elle fonctionne normalement, l'icône de la connexion réseau envoie un signal excellent, , l'état de la connexion est figée sur '' lecture de l'adresse réseau''. J'ai essayé plusieurs trucs que j'ai trouvés sur internet pour rétablir la connexion wifi, mais ce fut en vain. Je cherche d'autres pistes... Merci d'avance de votre aide.
  3. bouha
    J'abandonne, je laisse tomber.
  4. bouha
    Bonjour Pear J'ai envoyé plusieurs messages à Mark sur ce forum mais il ne répond pas. Y a-t-il quelqu'un d'autre qui peut prendre la relève sur lui et poursuivre l'examen de mon problème?
  5. bouha
    Mark Je ne comprend pas vraiment pourquoi ce silence de ta part.
  6. bouha
    = bouhaBonjour Mark Je ne comprend pas, ça fait presqu'une semaine que tu n'as pas donné signe, qu'est ce que je dois en conclure?
  7. bouha
    Mark, ça fait quatre jours que j'attends un mot de toi!
  8. bouha
    Bonsoir Mark ca va pas du tout! Comme tu ne répondais pas j'ai foncé vers le pack 3 de windows pour tenter de l'installer mais malheureusement pour moi le fichier spécifié n'existe pas et l'installation a échoué. Je te refile le rapport look2 bat que je t'ai envoyé depuis le 3 novembre. SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 © ******************************************************************************* Folder: C:\Windows\System32 Permissions: ******************************************************************************* Username Type Permissions Inheritance ******************************************************************************* JIJIMAISON\Utilisateurs Allowed Read and Execute This Folder/File Only JIJIMAISON\Utilisateurs Allowed Special (Unknown) Subfolders and Files only JIJIMAISON\Utilisateurs avec pouvoir Allowed Modify This Folder/File Only JIJIMAISON\Utilisateurs avec pouvoir Allowed Special (A) Subfolders and Files only JIJIMAISON\Administrateurs Allowed Full Control This Folder/File Only JIJIMAISON\Administrateurs Allowed Special (Unknown) Subfolders and Files only AUTORITE NT\SYSTEM Allowed Full Control This Folder/File Only AUTORITE NT\SYSTEM Allowed Special (Unknown) Subfolders and Files only JIJIMAISON\Administrateurs Allowed Full Control This Folder/File Only \CREATEUR PROPRIETAIRE Allowed Special (Unknown) Subfolders and Files only No Auditing set Owner: Administrateurs (JIJIMAISON\Administrateurs) Dans l'attente de ta réponse à+
  9. bouha
    Alors, Mark quoi de neuf?
  10. bouha
    Bonsoir Mark Est ce que t'as reçu le rapport de look2 .bat? je te l'ai posté hier.
  11. bouha
    Bonsoir Mark voici le rapport look 2.bat SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 © ******************************************************************************* Folder: C:\Windows\System32 Permissions: ******************************************************************************* Username Type Permissions Inheritance ******************************************************************************* JIJIMAISON\Utilisateurs Allowed Read and Execute This Folder/File Only JIJIMAISON\Utilisateurs Allowed Special (Unknown) Subfolders and Files only JIJIMAISON\Utilisateurs avec pouvoir Allowed Modify This Folder/File Only JIJIMAISON\Utilisateurs avec pouvoir Allowed Special (A) Subfolders and Files only JIJIMAISON\Administrateurs Allowed Full Control This Folder/File Only JIJIMAISON\Administrateurs Allowed Special (Unknown) Subfolders and Files only AUTORITE NT\SYSTEM Allowed Full Control This Folder/File Only AUTORITE NT\SYSTEM Allowed Special (Unknown) Subfolders and Files only JIJIMAISON\Administrateurs Allowed Full Control This Folder/File Only \CREATEUR PROPRIETAIRE Allowed Special (Unknown) Subfolders and Files only No Auditing set Owner: Administrateurs (JIJIMAISON\Administrateurs) à+
  12. bouha
    Bonjour Mark Je m'impatiente. Je commence à m'inquiéter pour ne pas dire plus. à+
  13. bouha
  14. bouha
    Re-bonsoir Mark Pour la restauration à partir du XP, c'est négatif, aucune fenêtre ne s'est ouverte en cliquant sur restauration du système, déduction faite: la restauration à été vidée par l'infection, je passerai alors à la solution 3 mais pour se faire j'attends ta réponse sur la vérification de la partition du recouvrement et on verra par la suite. à+
  15. bouha
    Bonsoir Mark Merci pour tes précieux enseignements techniques. Je vais tenter les deux dernières procédures par ordre décroissant, la 4 ème, sinon, la 3ème . Si ça n'a rien donné de bon, j'opterai pour le formatage, là j'ai encore une petite question: comment vérifier la présence de la partition de recouvrement sur mon dell. à+
  16. bouha
    Bonsoir Mark Merci pour le diagnostic et les solutions proposées. C'est l'embarras du choix qui se présente à moi, quoi? Il m'a semblé que tu me pousses pour la troisième option dont la réussite n'est pas garantie. Une petite question: en cas d'échec de cette méthode, peut on revenir à l'une des deux autres options, dont personnellement je penche vers la première qui est plus sûre. Pour cette première et radicale solution qu'est le formatage, j'ai une ou deux questions:a) la nouvelle version windows sera-t-elle originale, car comme je te l'ai déjà dit, je n'ai pas un cd de récupération ou de restauration bien que la copie installée dans mon système est originale; b) pour la sauvegarde des données avant le formatage, y a-t-il des méthodes plus indiquées que d'autres et laquelle tu me conseillera? Pour répondre à ta question concernant la version d'internet explorer, je t'informe que je navigue avec mozella firefox, version 3.0.6. Voilà, je ne vais rien entreprendre avant de recevoir ta réponse. En attendant de te lire... à+
  17. bouha
    Bonjour Mark Juste un petit rappel pour que ça ne te file pas sous les yeux comme autre fois! En attendant de te lire... à+
  18. bouha
    Bonsoir Mark En lançant querySVC.exe, avira a détecté un virus que j'ai mis en quarantaine, donc j'ai fait un scan complet du système dont je te soumets le rapport, en plus j'ai fait une nouvelle analyse HijackThis dont voici la rapport. En plus tu aura subs.txt, et log 1.txt. voilà, à toi de voir. à+ 1/ scan avira Avira AntiVir Personal Report file date: mercredi 28 octobre 2009 15:25 Scanning for 1817547 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : JIJIMAISON Version information: BUILD.DAT : 9.0.0.410 18074 Bytes 25/09/2009 11:56:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 13:36:14 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 10:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 10:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 09:21:42 ANTIVIR2.VDF : 7.1.6.112 4833792 Bytes 15/10/2009 18:40:14 ANTIVIR3.VDF : 7.1.6.145 272896 Bytes 23/10/2009 18:40:21 Engineversion : 8.2.1.44 AEVDF.DLL : 8.1.1.2 106867 Bytes 23/10/2009 18:41:11 AESCRIPT.DLL : 8.1.2.40 487804 Bytes 23/10/2009 18:41:09 AESCN.DLL : 8.1.2.5 127346 Bytes 23/10/2009 18:41:05 AERDL.DLL : 8.1.3.2 479604 Bytes 23/10/2009 18:41:04 AEPACK.DLL : 8.2.0.2 422263 Bytes 23/10/2009 18:40:58 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 09:59:39 AEHEUR.DLL : 8.1.0.167 2011511 Bytes 23/10/2009 18:40:52 AEHELP.DLL : 8.1.7.0 237940 Bytes 23/10/2009 18:40:33 AEGEN.DLL : 8.1.1.68 364918 Bytes 23/10/2009 18:40:30 AEEMU.DLL : 8.1.1.0 393587 Bytes 23/10/2009 18:40:26 AECORE.DLL : 8.1.8.1 184693 Bytes 23/10/2009 18:40:23 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 23/10/2009 18:41:12 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 10:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 10:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 15:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 10:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 28 octobre 2009 15:25 Starting search for hidden objects. '34662' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'SeaPort.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 28 processes with 28 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '50' files ). Starting the file scan: Begin scan in 'C:\' <l'important !!> C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. Begin scan in 'D:\' <tout sauf la musique> D:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-D\ProPlsWW.cab [0] Archive type: CAB (Microsoft) --> MDIINK.DLL [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\MSOCache\All Users\{90120000-0019-040C-0000-0000000FF1CE}-D\PubLR.cab [0] Archive type: CAB (Microsoft) --> VBE.DEV_A_COL.HXK_1036 [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\MSOCache\All Users\{90120000-001B-040C-0000-0000000FF1CE}-D\WordLR.cab [0] Archive type: CAB (Microsoft) --> WINWORD.DEV_COL.HXT_1036 [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'E:\' End of the scan: mercredi 28 octobre 2009 18:32 Used time: 3:07:11 Hour(s) The scan has been done completely. 6036 Scanned directories 181081 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 181080 Files not concerned 1737 Archives were scanned 7 Warnings 1 Notes 34662 Objects were scanned with rootkit scan 0 Hidden objects were found 2/ rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:38:19, on 28/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe D:\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe D:\Winamp\winampa.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\dali\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\eoRezo\EoAdv\EoRezobho.dll (file missing) O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing) O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - D:\eoRezo\EoAdv\EoRezoBHO.dll (file missing) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{00483275-C0F2-4055-923B-C76A71D7867E}: NameServer = 105.77.68.100,105.68.99.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{1E039D85-4BFC-4D5E-A2BB-7B84F5A28BB5}: NameServer = 155.85.10.5,175.77.90.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{6BEA8941-E4F2-4234-A7E9-30DE2F3F8124}: NameServer = 193.95.93.77,193.95.66.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{00483275-C0F2-4055-923B-C76A71D7867E}: NameServer = 105.77.68.100,105.68.99.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: Publication FTP (MSFtpsvc) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 6154 bytes 3/ log 1 txt. SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 © ******************************************************************************* File: C:\Windows\System32\svchost.exe Permissions: ******************************************************************************* Username Type Permissions Inheritance ******************************************************************************* JIJIMAISON\IUSR_JIJIMAISON Denied Full Control This Folder/File Only JIJIMAISON\Utilisateurs Allowed Read and Execute This Folder/File Only JIJIMAISON\Utilisateurs avec pouvoir Allowed Read and Execute This Folder/File Only JIJIMAISON\Administrateurs Allowed Full Control This Folder/File Only AUTORITE NT\SYSTEM Allowed Full Control This Folder/File Only No Auditing set Owner: Administrateurs (JIJIMAISON\Administrateurs) 4/ subs txt. ------ REGISTRY: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] - LocalService - Alerter, WebClient, LmHosts, RemoteRegistry, upnphost, SSDPSRV - NetworkService - DnsCache - rpcss - RpcSs - imgsvc - StiSvc - termsvcs - TermService - HTTPFilter - HTTPFilter - DcomLaunch - DcomLaunch, TermService - WudfServiceGroup - WUDFSvc - netsvcs - 6to4, AppMgmt, AudioSrv, Browser, CryptSvc, DMServer, DHCP, ERSvc, EventSystem, FastUserSwitchingCompatibility, HidServ, Ias, Iprip, Irmon, LanmanServer, LanmanWorkstation, Messenger, Netman, Nla, Ntmssvc, NWCWorkstation, Nwsapagent, Rasauto, Rasman, Remoteaccess, Schedule, Seclogon, SENS, Sharedaccess, SRService, Tapisrv, Themes, TrkWks, W32Time, WZCSVC, Wmi, WmdmPmSp, winmgmt, TermService, wuauserv, BITS, ShellHWDetection, helpsvc, WmdmPmSN, xmlprov, wscsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch CoInitializeSecurityParam REG_DWORD 1 (0x1) DefaultRpcStackSize REG_DWORD 8 (0x8) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter CoInitializeSecurityParam REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService CoInitializeSecurityParam REG_DWORD 1 (0x1) AuthenticationCapabilities REG_DWORD 8192 (0x2000) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs CoInitializeSecurityParam REG_DWORD 1 (0x1) AuthenticationCapabilities REG_DWORD 12320 (0x3020) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth CoInitializeSecurityParam REG_DWORD 2 (0x2) AuthenticationCapabilities REG_DWORD 64 (0x40) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs CoInitializeSecurityParam REG_DWORD 1 (0x1) DefaultRpcStackSize REG_DWORD 8 (0x8) HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 ------ SVCHOST SERVICES NOT RUNNING STOPPED: AUTO_START: Browser : Explorateur d'ordinateur STOPPED: AUTO_START: srservice : Service de restauration système STOPPED: DEMAND_START: AppMgmt : Gestion d'applications STOPPED: DEMAND_START: dmserver : Gestionnaire de disque logique STOPPED: DEMAND_START: NtmsSvc : Stockage amovible STOPPED: DEMAND_START: RasAuto : Gestionnaire de connexion automatique d'accès distant STOPPED: DEMAND_START: WmdmPmSN : Portable Media Serial Number Service STOPPED: DEMAND_START: Wmi : Extensions du pilote WMI STOPPED: DEMAND_START: WudfSvc : Windows Driver Foundation - User-mode Driver Framework STOPPED: DEMAND_START: xmlprov : Service d'approvisionnement réseau STOPPED: DISABLED: Alerter : Avertissement STOPPED: DISABLED: HidServ : Accès du périphérique d'interface utilisateur STOPPED: DISABLED: Messenger : Affichage des messages STOPPED: DISABLED: RemoteAccess : Routage et accès distant ------ SVCHOST CURRENTLY RUNNING: 1216- C:\WINDOWS\system32\svchost -k DcomLaunch - DcomLaunch : Lanceur de processus serveur DCOM - TermService : Services Terminal Server 1300- C:\WINDOWS\system32\svchost -k rpcss - RpcSs : Appel de procédure distante (RPC) 1380- C:\WINDOWS\System32\svchost.exe -k netsvcs - AudioSrv : Audio Windows - BITS : Service de transfert intelligent en arrière-plan - CryptSvc : CryptSvc - Dhcp : Client DHCP - ERSvc : Service de rapport d'erreurs - EventSystem : Système d'événements de COM+ - FastUserSwitchingCompatibility : Compatibilité avec le Changement rapide d'utilisateur - helpsvc : Aide et support - lanmanserver : Serveur - lanmanworkstation : Station de travail - Netman : Connexions réseau - Nla : NLA (Network Location Awareness) - NwSapAgent : Agent SAP - RasMan : Gestionnaire de connexions d'accès distant - Schedule : Planificateur de tâches - seclogon : Secondary Logon - SENS : Notification d'événement système - SharedAccess : Pare-feu Windows / Partage de connexion Internet - ShellHWDetection : Détection matériel noyau - TapiSrv : Téléphonie - Themes : Thèmes - TrkWks : Client de suivi de lien distribué - W32Time : Horloge Windows - winmgmt : Infrastructure de gestion Windows - wscsvc : Centre de sécurité - wuauserv : Mises à jour automatiques - WZCSVC : Configuration automatique sans fil 1456- C:\WINDOWS\System32\svchost.exe -k NetworkService - Dnscache : Client DNS 1536- C:\WINDOWS\system32\svchost.exe -k LocalService - LmHosts : Assistance TCP/IP NetBIOS - RemoteRegistry : Accès à distance au Registre - SSDPSRV : Service de découvertes SSDP - upnphost : Hôte de périphérique universel Plug-and-Play 1948- C:\WINDOWS\System32\svchost.exe -k LocalService - WebClient : WebClient 548- C:\WINDOWS\System32\svchost.exe -k HTTPFilter - HTTPFilter : HTTP SSL 1096- C:\WINDOWS\System32\svchost.exe -k imgsvc - stisvc : Acquisition d'image Windows (WIA) ------ SVCHOST SUB-DEPENDENTS upnphost = 1 RUNNING: WMPNetworkSvc: Service Partage réseau du Lecteur Windows Media SSDPSRV = 2 RUNNING: upnphost: Hôte de périphérique universel Plug-and-Play RUNNING: WMPNetworkSvc: Service Partage réseau du Lecteur Windows Media DMServer = 1 STOPPED: dmadmin: Service d'administration du Gestionnaire de disque logique EventSystem = 1 RUNNING: SENS: Notification d'événement système LanmanServer = 1 STOPPED: Browser: Explorateur d'ordinateur LanmanWorkstation = 5 STOPPED: Alerter: Avertissement STOPPED: Browser: Explorateur d'ordinateur STOPPED: Messenger: Affichage des messages STOPPED: Netlogon: Ouverture de session réseau STOPPED: RpcLocator: Localisateur d'appels de procédure distante (RPC) Netman = 1 RUNNING: SharedAccess: Pare-feu Windows / Partage de connexion Internet Rasman = 1 STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant Tapisrv = 2 RUNNING: RasMan: Gestionnaire de connexions d'accès distant STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant winmgmt = 2 RUNNING: SharedAccess: Pare-feu Windows / Partage de connexion Internet RUNNING: wscsvc: Centre de sécurité TermService = 1 RUNNING: FastUserSwitchingCompatibility: Compatibilité avec le Changement rapide d'utilisateur RpcSs = 49 RUNNING: AudioSrv: Audio Windows RUNNING: BITS: Service de transfert intelligent en arrière-plan RUNNING: CryptSvc: CryptSvc RUNNING: ERSvc: Service de rapport d'erreurs RUNNING: EventSystem: Système d'événements de COM+ RUNNING: FastUserSwitchingCompatibility: Compatibilité avec le Changement rapide d'utilisateur RUNNING: helpsvc: Aide et support RUNNING: Netman: Connexions réseau RUNNING: PolicyAgent: Services IPSEC RUNNING: ProtectedStorage: Emplacement protégé RUNNING: RasMan: Gestionnaire de connexions d'accès distant RUNNING: RemoteRegistry: Accès à distance au Registre RUNNING: SamSs: Gestionnaire de comptes de sécurité RUNNING: Schedule: Planificateur de tâches RUNNING: SENS: Notification d'événement système RUNNING: SharedAccess: Pare-feu Windows / Partage de connexion Internet RUNNING: ShellHWDetection: Détection matériel noyau RUNNING: Spooler: Spouleur d'impression RUNNING: stisvc: Acquisition d'image Windows (WIA) RUNNING: TapiSrv: Téléphonie RUNNING: TermService: Services Terminal Server RUNNING: TrkWks: Client de suivi de lien distribué RUNNING: WinDefend: Windows Defender RUNNING: winmgmt: Infrastructure de gestion Windows RUNNING: wscsvc: Centre de sécurité RUNNING: WZCSVC: Configuration automatique sans fil STOPPED: CiSvc: Service d'indexation STOPPED: COMSysApp: Application système COM+ STOPPED: dmadmin: Service d'administration du Gestionnaire de disque logique STOPPED: dmserver: Gestionnaire de disque logique STOPPED: gusvc: Google Software Updater STOPPED: HidServ: Accès du périphérique d'interface utilisateur STOPPED: IISADMIN: Administration IIS STOPPED: Messenger: Affichage des messages STOPPED: MSDTC: Distributed Transaction Coordinator STOPPED: MSFtpsvc: Publication FTP STOPPED: MSIServer: Windows Installer STOPPED: NtmsSvc: Stockage amovible STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant STOPPED: RDSessMgr: Gestionnaire de session d'aide sur le Bureau à distance STOPPED: RemoteAccess: Routage et accès distant STOPPED: RSVP: QoS RSVP STOPPED: srservice: Service de restauration système STOPPED: SwPrv: MS Software Shadow Copy Provider STOPPED: TlntSvr: Telnet STOPPED: usnjsvc: Service Messenger Sharing Folders USN Journal Reader STOPPED: VSS: Cliché instantané de volume STOPPED: WmiApSrv: Carte de performance WMI STOPPED: xmlprov: Service d'approvisionnement réseau TermService = 1 RUNNING: FastUserSwitchingCompatibility: Compatibilité avec le Changement rapide d'utilisateur HTTPFilter = 1 RUNNING: WMPNetworkSvc: Service Partage réseau du Lecteur Windows Media TermService = 1 RUNNING: FastUserSwitchingCompatibility: Compatibilité avec le Changement rapide d'utilisateur J'attends tes conclusions e diagnostic. à+
  19. bouha
    Bonsoir Mark Où en es-tu avec mes derniers rapports d'avp tool et de hijackThis? J'attends toujours tes conclusions pour terminer le travail. à+
  20. bouha
    Bonjour Mark Le scan a été très long, beaucoup trop même (27 heures, 18 minutes), c'est bizarre, non? Enfin... Voici donc le résultat, un rapport de avp tool , plus un rapport de HijackThis. J'attend tes conclusions. à+ 1/Scan ---- Scanned: 404179 Detected: 0 Untreated: 0 Start time: 21/10/2009 21:52:45 Duration: 1 days 03:18:20 Finish time: 23/10/2009 01:11:05 Detected -------- Status Object ------ ------ Events ------ Time Name Status Reason ---- ---- ------ ------ 21/10/2009 22:04:46 File: C:\Documents and Settings\Agilium\Application Data\Mozilla\Profiles\default\t7l5uleu.slt\Mail\pophost.enstimac-1.fr.rar/pophost.enstimac-1.fr\Inbox processing error 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeywordHijacker.zip/sbRecovery.reg password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeywordHijacker.zip/sbRecovery.ini password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityFirewallOpenPorts.zip/sbRecovery.reg password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityFirewallOpenPorts.zip/sbRecovery.ini password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityFirewallOpenPorts1.zip/sbRecovery.reg password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityFirewallOpenPorts1.zip/sbRecovery.ini password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO.zip/sbRecovery.reg password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO.zip/sbRecovery.ini password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAutoit.zip/sbRecovery.reg password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAutoit.zip/sbRecovery.ini password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAutoit2.zip/sbRecovery.reg password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAutoit2.zip/sbRecovery.ini password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSohanadt.zip/sbRecovery.reg password protected 21/10/2009 22:17:15 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSohanadt.zip/sbRecovery.ini password protected 21/10/2009 22:17:16 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSohanadt1.zip/sbRecovery.reg password protected 21/10/2009 22:17:16 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSohanadt1.zip/sbRecovery.ini password protected 22/10/2009 08:21:37 File: E:\capture caméra\finaltouzi famille.rar/hand2.wmv processing error 22/10/2009 09:54:16 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/MSO.DLL processing error 22/10/2009 09:54:16 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/MSOICONS.EXE processing error 22/10/2009 09:54:16 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/DWDCW20.DLL processing error 22/10/2009 09:54:16 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/DW20.EXE_0001 processing error 22/10/2009 09:54:17 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/DWTRIG20.EXE processing error 22/10/2009 09:54:17 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/FL_Microsoft_VisualStudio_Zip_dll_118328_____X86.3643236F_FC70_11D3_A536_0090278 A1BB8 processing error 22/10/2009 09:54:17 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/FL_Microsoft_WizardFramework_dll_122546_____X86.3643236F_FC70_11D3_A536_0090278A 1BB8 processing error 22/10/2009 09:54:17 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/FL_msenv2p_dll_74877_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 processing error 22/10/2009 09:54:17 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/FL_msenv80p_dll_99825_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 processing error 22/10/2009 09:54:17 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/FL_microsoft_visualstudio_commonide_dll_73729_____X86.3643236F_FC70_11D3_A536_00 90278A1BB8 processing error 22/10/2009 09:54:17 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/FL_VSCryptoInfo_dll_118326_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 processing error 22/10/2009 09:54:17 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab processing error 22/10/2009 11:49:01 File: C:\Documents and Settings\Agilium\Application Data\Mozilla\Profiles\default\t7l5uleu.slt\Mail\pophost.enstimac-1.fr.rar/pophost.enstimac-1.fr\Inbox processing error 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeywordHijacker.zip/sbRecovery.reg password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeywordHijacker.zip/sbRecovery.ini password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityFirewallOpenPorts.zip/sbRecovery.reg password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityFirewallOpenPorts.zip/sbRecovery.ini password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityFirewallOpenPorts1.zip/sbRecovery.reg password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityFirewallOpenPorts1.zip/sbRecovery.ini password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO.zip/sbRecovery.reg password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO.zip/sbRecovery.ini password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAutoit.zip/sbRecovery.reg password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAutoit.zip/sbRecovery.ini password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAutoit2.zip/sbRecovery.reg password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAutoit2.zip/sbRecovery.ini password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSohanadt.zip/sbRecovery.reg password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSohanadt.zip/sbRecovery.ini password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSohanadt1.zip/sbRecovery.reg password protected 22/10/2009 12:00:35 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSohanadt1.zip/sbRecovery.ini password protected 22/10/2009 21:46:31 File: E:\capture caméra\finaltouzi famille.rar/hand2.wmv processing error 22/10/2009 23:19:26 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/BD18235 processing error 22/10/2009 23:19:26 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/BD18199 processing error 22/10/2009 23:19:26 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab/FD00544_.WMF processing error 22/10/2009 23:19:27 File: E:\MSOCache\All Users\{90120000-0011-0000-0000-0000000FF1CE}-E\ProPlsWW.cab processing error Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- 2/Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:24:28, on 23/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe D:\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE D:\Winamp\winampa.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\dali\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\eoRezo\EoAdv\EoRezobho.dll (file missing) O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing) O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - D:\eoRezo\EoAdv\EoRezoBHO.dll (file missing) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: Publication FTP (MSFtpsvc) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 5708 bytes
  21. bouha
    Bonsoir Mark j'ai entamé l'exécution de ce que tu m'as demandé, et à ce stade je souhaite te soumettre quelques remarques: 1/ la connexion internet n'as pas été rétablie: un message m'indique que la connectivité est limitée ou inexistante. En cliquant sur l'onglet support de la carte réseau, un autre message m'indique que '' vous ne pouvez peut être pas accéder à internet ou à des ressources réseau. Ce problème se produit parce que le réseau n'a pas attribué d(adresse à l'ordinateur". 2/En ce qui concerne l'AVP Tool, j'ai bien suivi la procédure de téléchargement et d'installation mais c'est un virus removal Tool que j'ai sur le bureau et non pas Kaspersky lab Tool. J'en ai déduit qu'il s'agit de la même chose, n'est ce pas? 3/ En passant à l'automatic scan, l'opération m'a semblé trop longue. Elle a commencé aujourd'hui, 21 octobre 2009 à 10.37 et selon le timing affiché elle devrait se terminer le 22 octobre 2009 à 8 heures, et au fur et à mesure que le scan progresse l'heure de la fin est davantage retardée, j'en ai déduit qu'on ne sait pas quand cela va se terminer. Est ce normal? devant cet état de choses, et vu que je ne peux pas maintenir la machine sous charge électrique aussi longtemps, peut -on procéder par étapes? 4/ Après plus de 8 heures de balayage et plus de 103 mile fichiers scanné, aucun virus n'a été détecté. j'en ai déduit qu'un léger mieux caractérise l'état de la machine. quelques indices le laissent supposer: le pare-feux est réactivé, le bureau s'affiche normalement, qu'en penses-tu? 5/ Si ça ne se termine pas dans une heure, je vais interrompre le scan pour le reprendre demain matin. à+
  22. bouha
    Bonjour Mark Merci de joindre tes efforts à ceux de Falkra pour remédier aux dommages causés par la désinfection mal réussie sur mon PC. Pour répondre à tes questions, je dirai que: 1/ j'en ai aucun des CD dont tu m'as parlés. J'ai une copie originale de windows XP professionnel, intégrée dans la machine, version 2002, Service Pack 2, enregistré sous le nom d'utilisateur: Agilium .SA, numéro de la clé du produit ( ou de la série, je ne sais pas): <retirée par Mark>. C'est tout ce que j'ai comme données en ce qui concerne mon système d'exploitation. 2/Non, j'ai toujours pas accès à internet, un témoin cilgnotant en bas du bureau à droite, indique comme état de connexion:lecture de l'adresse réseau. 3/ l'état de la machine est stationnaire: lenteur de démarrage, le bureau ne s'affiche qu'après 5 minutes, impossibilité d'activer les pare-feux, impossibilité de mettre à jour, l'anti-virus 4/Voici un nouveau rapport HijackThis à+ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:59:23, on 19/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe D:\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE D:\Winamp\winampa.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\wscntfy.exe G:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\eoRezo\EoAdv\EoRezobho.dll (file missing) O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing) O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - D:\eoRezo\EoAdv\EoRezoBHO.dll (file missing) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Broken Internet access because of LSP chain gap (#1 in chain of 1 missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{00483275-C0F2-4055-923B-C76A71D7867E}: NameServer = 193.95.93.77,193.95.66.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{00483275-C0F2-4055-923B-C76A71D7867E}: NameServer = 193.95.93.77,193.95.66.10 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: Publication FTP (MSFtpsvc) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 5893 bytes
  23. bouha
    Salut Falkra Il faisait tard mais je n'ai pas pu m'empêcher de terminer le travail que tu m'as demandé. En voici le résultat: ComboFix 09-10-16.09 - dali 17/10/2009 23:48.2.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.256 [GMT 1:00] Lancé depuis: c:\documents and settings\dali\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\dali\Bureau\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Application Data\tazebama c:\documents and settings\dali\Application Data\EoRezo c:\documents and settings\dali\Application Data\EoRezo\cmhost.cyp c:\documents and settings\dali\Application Data\EoRezo\ConfMedia.cyp c:\documents and settings\dali\Application Data\EoRezo\db\cat.cyp c:\documents and settings\dali\Application Data\EoRezo\eoDesktop\config.xml c:\documents and settings\dali\Application Data\EoRezo\eoDesktop\eoDesktop.html c:\documents and settings\dali\Application Data\EoRezo\eoDesktop\userConfig.xml c:\documents and settings\dali\Application Data\EoRezo\EoNet.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\balance.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\belier.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\cancer.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\capricorne.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_01net_actualite.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_01net_actualite.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_1201.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_abcbourse_analyse.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_abcbourse_news.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_advisto.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_advisto.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_agenda_musical.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_agenda_musical.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_aninmint.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_aninmint.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_bbc.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_bbc.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_bd_livres_krinein.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_companynewsgroup.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_companynewsgroup.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_dvd_bonus.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_EoRezo_Horoscope.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_equipe_foot.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_equipe_foot.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_eurotop_foot.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_eurotop_foot.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fcb_foot.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew1.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew2.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew20.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew3.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew4.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew44.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew56.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew6.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew60.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew8.xml c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_football365_foot.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fr_uefa_com.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fr_uefa_com.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_france2_tv.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_france2_tv.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_france3_tv.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_france3_tv.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_ft.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_ft.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_iht.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_iht.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_info_football_foot.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_jeux_france.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_jeux_video.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_l_equipe_rugby.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_l_equipe_rugby.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_latribune_investissement.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_latribune_investissement.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_le_figaro_entreprise.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_le_figaro_entreprise.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_le_monde_entreprise.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_le_monde_entreprise.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lefigaro_une.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lelombrik.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lemonde_livres.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lemonde_livres.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_conso.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_conso.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_finance.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_finance.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_patrimoine.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_patrimoine.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_liberation_actualite.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_madame_figaro_cuisine.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_mangaanime.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_msn_insolites.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_narutochaos.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_nord_cinema_box_office.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_nord_cinema_box_office.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_nord_cinema_critique.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_nosamieslesstars.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_om_live.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_parisetudiant.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_parisetudiant_job.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_actustar.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_france2.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_france2.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_madamefigaro.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_nouvelobs.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_nouvelobs.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_tf1.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_tf1.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_planet_psg.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_nouvelobs.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_nouvelobs.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_premier_ministre.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_premier_ministre.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_tv5.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_tv5.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_ptdr.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_recette_dessert_cuisine.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_rtl_foot.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_rtl_foot.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_actualite.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_actualite.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_cinema.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_cinema.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_economie.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_economie.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_insolites.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_insolites.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_umoor.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_yahoo_cuisine.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_yatahonga.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRssServer.cfg c:\documents and settings\dali\Application Data\EoRezo\EoRss\gemeaux.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\lion.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\poisson.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\sagittaire.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\taureau.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\verseau.gif c:\documents and settings\dali\Application Data\EoRezo\EoRss\vierge.gif c:\documents and settings\dali\Application Data\EoRezo\eoStats\eoStats.txt c:\documents and settings\dali\Application Data\EoRezo\host.cyp c:\documents and settings\dali\Application Data\EoRezo\install.exe c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\help_config.cyp c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\unins000.dat c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\unins000.exe c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\user_config.cyp c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp c:\documents and settings\dali\Application Data\EoRezo\tmp.exe c:\documents and settings\dali\Application Data\EoRezo\user.cyp c:\program files\AskBardis c:\program files\AskBardis\bar\Settings\prevCfg2.htm . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASKUPGRADE -------\Service_ASKUpgrade ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-17 au 2009-10-17 )))))))))))))))))))))))))))))))))))) . 2009-10-16 21:29 . 2009-10-16 21:29 -------- d-----w- c:\documents and settings\dali\Application Data\Malwarebytes 2009-10-16 21:29 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-16 21:28 . 2009-10-16 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-16 21:28 . 2009-10-16 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-16 21:28 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-16 21:08 . 2009-10-16 21:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-16 16:22 . 2009-10-16 16:22 -------- d--h--w- c:\windows\PIF 2009-10-13 21:46 . 2004-08-04 06:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys 2009-10-11 20:44 . 2009-10-11 20:44 -------- d-----r- c:\documents and settings\Agilium\Favoris 2009-10-11 20:44 . 2009-10-11 20:44 -------- d-----w- c:\documents and settings\Agilium\Bureau 2009-10-11 11:11 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-10-11 11:11 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-10-11 11:11 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-10-11 11:11 . 2009-10-11 11:11 -------- d-----w- c:\program files\Avira 2009-10-11 11:11 . 2009-10-11 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-10 22:42 . 2009-10-10 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2009-10-08 20:52 . 2009-10-08 20:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2009-10-08 17:03 . 2009-10-16 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-07 23:57 . 2009-10-10 18:52 -------- d-----w- c:\windows\system32\CatRoot 2009-10-07 23:53 . 2009-10-07 23:53 -------- d-s---w- c:\windows\system32\Microsoft 2009-10-02 17:47 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-29 17:44 . 2009-09-29 17:44 -------- d-----w- c:\program files\Fichiers communs\SourceTec 2009-09-24 23:26 . 2009-09-24 23:26 -------- d-----w- c:\documents and settings\dali\Local Settings\Application Data\Winamp Toolbar 2009-09-24 23:24 . 2009-09-24 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar 2009-09-24 23:22 . 2009-09-24 23:32 -------- d-----w- c:\documents and settings\dali\Application Data\Winamp 2009-09-24 22:39 . 2009-09-24 22:39 -------- d-----w- c:\program files\Windows Media Connect 2 2009-09-23 16:48 . 2009-09-24 22:27 -------- d-----w- c:\documents and settings\dali\Local Settings\Application Data\Yahoo! 2009-09-22 18:04 . 2009-09-22 18:04 -------- d-----w- c:\program files\Fichiers communs\NSV 2009-09-18 11:31 . 2009-09-18 11:31 -------- d-----w- c:\documents and settings\Application Data . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-10 18:03 . 2009-07-09 15:59 -------- d-----w- c:\program files\Google 2009-10-10 11:09 . 2004-11-22 13:14 91552 -c--a-w- c:\documents and settings\Agilium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-08 23:46 . 2007-03-27 20:45 -------- d-----w- c:\program files\Opera 2009-10-08 23:45 . 2005-02-20 23:37 -------- d-----w- c:\program files\Drivers 2009-10-07 22:17 . 2007-11-22 13:50 -------- d-----w- c:\documents and settings\dali\Application Data\tor 2009-10-07 15:43 . 2009-03-02 14:03 -------- d-----w- c:\documents and settings\dali\Application Data\Vidalia 2009-10-06 18:25 . 2008-02-27 21:45 -------- d-----w- c:\documents and settings\dali\Application Data\Uniblue 2009-10-01 22:01 . 2005-03-20 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-30 22:46 . 2005-02-16 14:51 -------- d-----w- c:\documents and settings\dali\Application Data\Skype 2009-09-16 19:27 . 2005-01-19 18:39 91552 -c--a-w- c:\documents and settings\dali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 14:08 . 2009-09-10 14:08 -------- d-----w- c:\documents and settings\dali\Application Data\Foxit 2009-09-10 13:36 . 2004-10-08 08:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-10 13:17 . 2004-11-04 15:10 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-09-09 04:06 . 2004-11-17 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-29 14:48 . 2009-08-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-29 14:38 . 2009-08-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-28 14:43 . 2005-10-27 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-08-26 13:57 . 2004-12-26 14:41 4240 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-26 08:03 . 2009-09-09 16:00 71680 ----a-w- c:\windows\system32\scsprembt.exe 2009-08-21 09:55 . 2003-07-22 16:07 458540 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-21 09:55 . 2003-07-22 16:07 68230 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-05 09:06 . 2004-11-19 17:03 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-28 15:33 . 2009-05-01 23:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2004-11-02 20:37 . 2004-11-02 20:37 56 -csh--r- c:\windows\system32\332BA2C6BA.sys 2004-11-02 20:37 . 2004-11-02 20:37 2098 -csha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- Erreur des Services de cryptographie !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="d:\winamp\winampa.exe" [2009-07-01 37888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled] 2009-03-10 21:18 265088 ----a-w- c:\windows\system32\WgaLogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0k\0 \0* [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\Drivers\pixmc10c.sys [2002-09-27 31232] R3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\Drivers\pixmc10a.sys [2002-10-03 28060] R3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\Drivers\pixmc10v.sys [2002-11-28 22652] R3 USTOR;U-Storage Controller;c:\windows\system32\DRIVERS\UStork.sys [2003-07-08 20258] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 WinDefend;Windows Defender;D:\MsMpEng.exe [2006-11-03 13592] . Contenu du dossier 'Tâches planifiées' 2009-10-17 c:\windows\Tasks\MP Scheduled Scan.job - D:\MpCmdRun.exe [2006-11-03 18:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://y.lo.st mStart Page = hxxp://fr.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html IE: E&xporter vers Microsoft Excel - e:\office12\EXCEL.EXE/3000 TCP: {00483275-C0F2-4055-923B-C76A71D7867E} = 193.95.93.77,193.95.66.10 TCP: {1E039D85-4BFC-4D5E-A2BB-7B84F5A28BB5} = 192.168.93.77,192.168.66.10 FF - ProfilePath - c:\documents and settings\dali\Application Data\Mozilla\Firefox\Profiles\wm1tknr3.default\ FF - prefs.js: network.proxy.http_port - 9050 FF - prefs.js: network.proxy.type - 2 ---- PARAMETRES FIREFOX ---- . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-SoftwareUpdate_is1 - c:\documents and settings\dali\Application Data\eoRezo\SoftwareUpdate\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-17 23:59 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir Desktop\avwsc.exe . ************************************************************************** . Heure de fin: 2009-10-17 0:05 - La machine a redémarré ComboFix-quarantined-files.txt 2009-10-17 23:05 ComboFix2.txt 2009-10-17 17:26 Avant-CF: 357 265 408 octets libres Après-CF: 256 507 904 octets libres 307
  24. bouha
    Bonsoir, Falkra Voilà, je suis tes instructions à la lettre et voici le rapport de CamboFix: ComboFix 09-10-16.09 - dali 17/10/2009 18:06.1.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.253 [GMT 1:00] Lancé depuis: c:\documents and settings\dali\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\dali\Application Data\tazebama c:\documents and settings\dali\Application Data\tazebama\tazebama.log c:\windows\Installer\136ed1c.msp c:\windows\Installer\14822a.msp c:\windows\Installer\1e3fac.msp c:\windows\Installer\30bcb.msp c:\windows\Installer\37ab1.msi c:\windows\Installer\42dda9.msp c:\windows\Installer\440ce8.msp c:\windows\Installer\5044ce.msp c:\windows\Installer\713c02.msp c:\windows\Installer\78aa3c.msp c:\windows\Installer\9f2597.msp c:\windows\Installer\9f25ac.msp . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-17 au 2009-10-17 )))))))))))))))))))))))))))))))))))) . 2009-10-16 21:29 . 2009-10-16 21:29 -------- d-----w- c:\documents and settings\dali\Application Data\Malwarebytes 2009-10-16 21:29 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-16 21:28 . 2009-10-16 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-16 21:28 . 2009-10-16 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-16 21:28 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-16 21:08 . 2009-10-16 21:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-16 16:22 . 2009-10-16 16:22 -------- d--h--w- c:\windows\PIF 2009-10-13 21:46 . 2004-08-04 06:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys 2009-10-11 20:44 . 2009-10-11 20:44 -------- d-----r- c:\documents and settings\Agilium\Favoris 2009-10-11 20:44 . 2009-10-11 20:44 -------- d-----w- c:\documents and settings\Agilium\Bureau 2009-10-11 11:11 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-10-11 11:11 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-10-11 11:11 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-10-11 11:11 . 2009-10-11 11:11 -------- d-----w- c:\program files\Avira 2009-10-11 11:11 . 2009-10-11 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-10 22:42 . 2009-10-10 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2009-10-08 20:52 . 2009-10-08 20:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2009-10-08 17:03 . 2009-10-16 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-08 15:33 . 2009-10-08 15:33 -------- d-----w- c:\program files\AskBardis 2009-10-07 23:57 . 2009-10-10 18:52 -------- d-----w- c:\windows\system32\CatRoot 2009-10-07 23:53 . 2009-10-07 23:53 -------- d-s---w- c:\windows\system32\Microsoft 2009-10-02 17:47 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-29 17:44 . 2009-09-29 17:44 -------- d-----w- c:\program files\Fichiers communs\SourceTec 2009-09-24 23:26 . 2009-09-24 23:26 -------- d-----w- c:\documents and settings\dali\Local Settings\Application Data\Winamp Toolbar 2009-09-24 23:24 . 2009-09-24 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar 2009-09-24 23:22 . 2009-09-24 23:32 -------- d-----w- c:\documents and settings\dali\Application Data\Winamp 2009-09-24 22:39 . 2009-09-24 22:39 -------- d-----w- c:\program files\Windows Media Connect 2 2009-09-23 16:48 . 2009-09-24 22:27 -------- d-----w- c:\documents and settings\dali\Local Settings\Application Data\Yahoo! 2009-09-22 18:04 . 2009-09-22 18:04 -------- d-----w- c:\program files\Fichiers communs\NSV 2009-09-18 11:31 . 2009-09-18 11:31 -------- d-----w- c:\documents and settings\Application Data\tazebama 2009-09-18 11:31 . 2009-09-18 11:31 -------- d-----w- c:\documents and settings\Application Data . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-10 18:03 . 2009-07-09 15:59 -------- d-----w- c:\program files\Google 2009-10-10 11:09 . 2004-11-22 13:14 91552 -c--a-w- c:\documents and settings\Agilium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-09 21:52 . 2006-01-27 21:21 -------- d-----w- c:\documents and settings\dali\Application Data\EoRezo 2009-10-08 23:46 . 2007-03-27 20:45 -------- d-----w- c:\program files\Opera 2009-10-08 23:45 . 2005-02-20 23:37 -------- d-----w- c:\program files\Drivers 2009-10-07 22:17 . 2007-11-22 13:50 -------- d-----w- c:\documents and settings\dali\Application Data\tor 2009-10-07 15:43 . 2009-03-02 14:03 -------- d-----w- c:\documents and settings\dali\Application Data\Vidalia 2009-10-06 18:25 . 2008-02-27 21:45 -------- d-----w- c:\documents and settings\dali\Application Data\Uniblue 2009-10-01 22:01 . 2005-03-20 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-30 22:46 . 2005-02-16 14:51 -------- d-----w- c:\documents and settings\dali\Application Data\Skype 2009-09-16 19:27 . 2005-01-19 18:39 91552 -c--a-w- c:\documents and settings\dali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 14:08 . 2009-09-10 14:08 -------- d-----w- c:\documents and settings\dali\Application Data\Foxit 2009-09-10 13:36 . 2004-10-08 08:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-10 13:17 . 2004-11-04 15:10 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-09-09 04:06 . 2004-11-17 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-29 14:48 . 2009-08-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-29 14:38 . 2009-08-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-28 14:43 . 2005-10-27 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-08-26 13:57 . 2004-12-26 14:41 4240 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-26 08:03 . 2009-09-09 16:00 71680 ----a-w- c:\windows\system32\scsprembt.exe 2009-08-21 09:55 . 2003-07-22 16:07 458540 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-21 09:55 . 2003-07-22 16:07 68230 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-05 09:06 . 2004-11-19 17:03 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-28 15:33 . 2009-05-01 23:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2004-11-02 20:37 . 2004-11-02 20:37 56 -csh--r- c:\windows\system32\332BA2C6BA.sys 2004-11-02 20:37 . 2004-11-02 20:37 2098 -csha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2004-08-19 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2004-08-19 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\browser.dll [-] 2004-08-19 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll [-] 2003-07-22 15:49 . !HASH: COULD NOT OPEN FILE !!!!! . 49152 . . [------] . . c:\windows\$NtServicePackUninstall$\browser.dll [-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2006-08-25 . 47ABF878B9AEC81B23BA5F89DE597B3A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [-] 2004-08-19 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [-] 2004-08-19 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2004-08-19 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\comctl32.dll [-] 2004-08-19 . 7B5D86AF13CEF261180CC0F3BF094366 . 1050624 . . [6.0] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\asms\60\msft\windows\common\controls\comctl32.dll [-] 2004-08-19 . 7B5D86AF13CEF261180CC0F3BF094366 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [-] 2003-07-22 15:50 . !HASH: COULD NOT OPEN FILE !!!!! . 557056 . . [------] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [-] 2003-07-22 . 4DB6E9BE9D620099256BA281654E1A73 . 921600 . . [6.0] . . c:\windows\WinSxS\InstallTemp\431750\comctl32.dll [-] 2003-07-22 . 241C3B9A8940FE7C3AE23B52189F9C65 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2002-08-29 . 4DB6E9BE9D620099256BA281654E1A73 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll [-] 2004-08-19 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2004-08-19 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\cryptsvc.dll [-] 2004-08-19 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll [-] 2003-07-22 15:51 . !HASH: COULD NOT OPEN FILE !!!!! . 53248 . . [------] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys [-] 2003-07-22 15:49 . !HASH: COULD NOT OPEN FILE !!!!! . 13568 . . [------] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys [-] 2003-07-22 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\kbdclass.sys [-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys [-] 2003-07-22 15:57 . !HASH: COULD NOT OPEN FILE !!!!! . 24064 . . [------] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys [-] 2003-03-06 08:30 . !HASH: COULD NOT OPEN FILE !!!!! . 162432 . . [------] . . c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ntfs.sys [-] 2003-07-22 16:05 . !HASH: COULD NOT OPEN FILE !!!!! . 561920 . . [------] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2003-07-22 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\tcpip.sys [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2003-07-22 16:14 . !HASH: COULD NOT OPEN FILE !!!!! . 332928 . . [------] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2005-07-26 04:39 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2005-07-26 04:29 . B56B69129181FF63BAED5EDE65DCC9B1 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2005-07-26 04:29 . B56B69129181FF63BAED5EDE65DCC9B1 . 243200 . . [2001.12.4414.308] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\es.dll [-] 2004-08-19 23:09 . FDE7FBE9CC9DD9484DF3E0241737C091 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2004-08-19 23:09 . FDE7FBE9CC9DD9484DF3E0241737C091 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2004-03-06 02:17 . !HASH: COULD NOT OPEN FILE !!!!! . 226816 . . [------] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2003-07-22 15:53 . !HASH: COULD NOT OPEN FILE !!!!! . 225280 . . [------] . . c:\windows\$NtUninstallKB828741$\es.dll [-] 2004-08-19 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2004-08-19 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\imm32.dll [-] 2004-08-19 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll [-] 2003-07-22 15:56 . !HASH: COULD NOT OPEN FILE !!!!! . 103936 . . [------] . . c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2009-03-21 . 534040750B9E70B156A98F5D0E8F6D2A . 1051136 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll [-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2009-03-21 . 2087E2764822A8D93A4CA7FA0FED35E8 . 1054208 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll [-] 2007-04-16 . 589A56A96F3230ED25DB6A9F2BDFA2AB . 1051136 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2006-07-05 . FB85EF2A6713E3A58A497E093626B93C . 1050112 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\kernel32.dll [-] 2004-08-19 . C88F74591579DBDE273C61312B2D3886 . 1048576 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2004-08-19 . C88F74591579DBDE273C61312B2D3886 . 1048576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2004-06-17 17:56 . !HASH: COULD NOT OPEN FILE !!!!! . 995840 . . [------] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2003-07-22 . 3F846A5513E8CC7DB6259585E60CB14D . 995328 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\kernel32.dll [-] 2005-09-01 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\linkinfo.dll [-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll [-] 2004-08-19 . 6C411ABBEEF0CA1D991F8A8F449D2B5F . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [-] 2004-08-19 . 6C411ABBEEF0CA1D991F8A8F449D2B5F . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2003-07-22 15:58 . !HASH: COULD NOT OPEN FILE !!!!! . 15360 . . [------] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2004-08-19 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2004-08-19 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\lpk.dll [-] 2004-08-19 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll [-] 2003-07-22 15:58 . !HASH: COULD NOT OPEN FILE !!!!! . 18944 . . [------] . . c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\lsass.exe [-] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe [-] 2003-07-22 15:58 . !HASH: COULD NOT OPEN FILE !!!!! . 11776 . . [------] . . c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2009-07-18 . 9D44C24BEC9060AC73E1976CFA06A634 . 3083264 . . [6.00.2900.3603] . . c:\windows\system32\mshtml.dll [-] 2009-07-18 . E0E80E9B1B3321B1AF943720AB16E7C2 . 3090432 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll [-] 2009-07-18 . 169C482CD18E2A1D80135974902F88F7 . 3090432 . . [6.00.2900.3603] . . c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll [-] 2009-07-18 . 4E816F8F7F18C2774EC5BACAC42635C0 . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll [-] 2009-04-29 . 9742B4FBDAE395046D86163C138D22ED . 3081728 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll [-] 2009-04-29 . D324BAC264319E0C1A832CBC0DCAA516 . 3089920 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll [-] 2009-04-29 . DACDAF05E6B664F8E62480182CBA2C78 . 3089920 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\mshtml.dll [-] 2009-04-29 . 96C819527CD6AB12AF4652D48F9B5196 . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll [-] 2009-02-20 . D5F02ACCD671A99D15F59DA56B2EA3EC . 3088896 . . [6.00.2900.3527] . . c:\windows\$hf_mig$\KB963027\SP2QFE\mshtml.dll [-] 2009-02-20 . D04B31EEE8EE34691EA10D323369AD06 . 3080704 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\mshtml.dll [-] 2009-02-20 . EB1C22D91F6363367656872ED813DAB5 . 3089408 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\mshtml.dll [-] 2009-02-20 . BAE9A8994957EF57BB429A7E5688EC80 . 3089408 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll [-] 2008-12-12 . C4CAE99E2AB643B25D0484D5E985960D . 3081216 . . [6.00.2900.3492] . . c:\windows\$NtUninstallKB963027$\mshtml.dll [-] 2008-12-12 . 19442577E63238262B8CA132E64FA5BE . 3088384 . . [6.00.2900.3492] . . c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll [-] 2008-12-12 . 6F69E698F11B1214F05195873B73BED4 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll [-] 2008-12-12 . A3C8A9D3F61F721FCA1A841164FB0CF2 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll [-] 2008-10-16 . BB926972223761C93BB8D41881CE4DD7 . 3080704 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB960714$\mshtml.dll [-] 2008-10-16 . 14BBFF7E52B9FF4645AB4EF9D4CE6182 . 3088384 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll [-] 2008-10-16 . 72299C6CD21801EAB5CBBC3F7B1DB195 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll [-] 2008-10-16 . CC8B4DA84F4621329ACA3F7A81584F83 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll [-] 2008-08-20 . 7CCBC169EFCB0284781139ADB7E26F51 . 3081216 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\mshtml.dll [-] 2008-08-20 . EB2B003122AA714FE93979CFA4EEAA55 . 3088384 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll [-] 2008-08-20 . E1772442035064C97BA6B4D60BDA1BB9 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll [-] 2008-08-20 . 4229C8960DE4DC5B6C326E2B65175E9F . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll [-] 2008-06-25 . 8758CE41A129C23B1A1BD7C9FEE2CCCB . 3088896 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll [-] 2008-06-23 . A9D7198AAAC327D413D7941B2C0046A4 . 3088384 . . [6.00.2900.3395] . . c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll [-] 2008-06-23 . FAA707F1143B2CB58ED7BD4F0758BADE . 3080704 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\mshtml.dll [-] 2008-06-23 . DB0D7FB7B08ED1A861ACDD3A684049DD . 3088384 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll [-] 2008-04-21 . FEACD6E84244125550219C6795348FDE . 3080704 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\mshtml.dll [-] 2008-04-21 . 57BC3BE475F34AE089878A016C2CA46E . 3087872 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll [-] 2008-04-21 . 840E79E91BCCD80B2FC3CCAD2C60B35A . 3087872 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll [-] 2008-04-21 . B3CD09A5DBD2A569ADFA8654E3C8879D . 3088384 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll [-] 2008-02-16 . 32DFD49FE02F9E6E02B979EBE1647205 . 3080704 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\mshtml.dll [-] 2008-02-16 . 7A78A2B4118A5F18B4CC93A83F157FD3 . 3087872 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll [-] 2007-12-07 . 9B740C8350EDBDD2290B89290039676C . 3080192 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\mshtml.dll [-] 2007-12-07 . 538016006E65697948DC04305FC60212 . 3087360 . . [6.00.2900.3268] . . c:\windows\$hf_mig$\KB944533\SP2QFE\mshtml.dll [-] 2007-10-30 . C9BD851330A5AE9CF42CA74F7FAB3054 . 3079680 . . [6.00.2900.3243] . . c:\windows\$NtUninstallKB944533$\mshtml.dll [-] 2007-10-30 . 1B0CD3D5B664C7786698FBB8C381A4D3 . 3086848 . . [6.00.2900.3243] . . c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll [-] 2007-08-22 . 878BCB476F8223BDA6E902B364042EB5 . 3079168 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB942615$\mshtml.dll [-] 2007-08-22 . 6B815842B4A9CDED3D7E9846639E69FA . 3085824 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll [-] 2007-06-15 . CA8215FF55022B47D6948C4BB09E8D52 . 3085312 . . [6.00.2900.3157] . . c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll [-] 2007-06-14 . 49AA1DD6240BC870C8F332840A2E8602 . 3079680 . . [6.00.2900.3157] . . c:\windows\$NtUninstallKB939653$\mshtml.dll [-] 2007-05-04 . BE930AD339B283D83030BD7E67D1CCFD . 3085312 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll [-] 2007-05-04 . 124B8EFC0167495237D40282CC06492B . 3079680 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB937143$\mshtml.dll [-] 2007-02-19 . C67A9D187092A34604FE37EF94D4C626 . 3077632 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\mshtml.dll [-] 2007-02-19 . 942AB79C4A9DDEED3FE39C424967B91B . 3084288 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll [-] 2007-01-04 . 28E7C79F82CEF8DC3189FBA5CBC3EB84 . 3083264 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll [-] 2007-01-04 . 3B65C31DD93571252D99E33D042A97C7 . 3077632 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\mshtml.dll [-] 2007-01-04 . 3B65C31DD93571252D99E33D042A97C7 . 3077632 . . [6.00.2900.3059] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\mshtml.dll [-] 2005-05-02 . D73E130276025BA9839FAB4B1A3137CA . 3012608 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll [-] 2005-05-02 . 2F0CE851CF44801A80BBCDB9F2FBCC38 . 3011072 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB928090$\mshtml.dll [-] 2005-03-10 . C44BAD9DE28B971508C136B9E9E1E1E3 . 3010560 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\mshtml.dll [-] 2005-03-10 . E908FC09D79479E827F34C7BDF5E606E . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll [-] 2005-01-27 . 502E7D81AF05AF7DA49425AA02A64F84 . 3006976 . . [6.00.2900.2604] . . c:\windows\$NtUninstallKB890923$\mshtml.dll [-] 2005-01-27 . 2003C448DA234D22A9A5F676D9BC6D13 . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll [-] 2004-09-29 . 938732076F87CDD3B6CFF39942A3A29F . 3004928 . . [6.00.2900.2523] . . c:\windows\$NtUninstallKB867282$\mshtml.dll [-] 2004-09-29 08:00 . !HASH: COULD NOT OPEN FILE !!!!! . 2805760 . . [------] . . c:\windows\$NtServicePackUninstall$\mshtml.dll [-] 2004-08-19 . 7CA9E0D2C4DCA6B710FD57F40E597337 . 3003392 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2003-07-22 . 195ECED9CA2D18CCEB5C383220D8ED44 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB834707-IE6SP1-20040929.091901$\mshtml.dll [-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 8A52DE10680A40ECD04FA2C0FBC34190 . 247808 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 4138FBDEDBC6FEAD215BB4C4B102F7DE . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2004-08-19 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2004-08-19 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2004-08-19 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\mswsock.dll [-] 2003-07-22 16:03 . !HASH: COULD NOT OPEN FILE !!!!! . 230912 . . [------] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll [-] 2004-08-19 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2004-08-19 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\netlogon.dll [-] 2004-08-19 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll [-] 2003-07-22 16:04 . !HASH: COULD NOT OPEN FILE !!!!! . 399360 . . [------] . . c:\windows\$NtServicePackUninstall$\netlogon.dll [-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\netman.dll [-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll [-] 2005-08-22 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2004-08-19 . 237F77C91B70469E3AF9F7FD0A524954 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [-] 2004-08-19 . 237F77C91B70469E3AF9F7FD0A524954 . 198144 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2003-07-22 16:04 . !HASH: COULD NOT OPEN FILE !!!!! . 154112 . . [------] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-09 . 4183ED119200F8520F5E834498AFB927 . 2182528 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2009-02-09 . 4183ED119200F8520F5E834498AFB927 . 2182528 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe [-] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe [-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe [-] 2008-08-14 . D79210549BBF09B7638E860440504299 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2008-08-14 . 449566D74B5C261A3A54AA216F0C532B . 2182400 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2008-08-14 . C6649255E51F145B6E15C505AB68E459 . 2188032 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe [-] 2008-08-14 . C8D4D5974F9671DA0A37175650912960 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe [-] 2007-02-28 . 8E244108562E0E452EB68DFF64CB08A9 . 2184192 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [-] 2007-02-28 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [-] 2006-12-19 . 1F3FA2065E6E043A1D82A487B5DA309C . 2184064 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [-] 2006-12-19 . D27929DB7B7F92F9D0F8EC9BA01C601C . 2182400 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [-] 2005-03-02 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2005-03-02 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [-] 2005-03-02 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ntoskrnl.exe [-] 2004-08-19 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2004-08-19 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2004-06-17 17:43 . !HASH: COULD NOT OPEN FILE !!!!! . 2055168 . . [------] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2003-07-22 . F58B3CE36566D6061A496DC595A8AAA3 . 2045824 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\ntoskrnl.exe [-] 2004-08-19 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2004-08-19 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\powrprof.dll [-] 2004-08-19 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll [-] 2003-07-22 16:07 . !HASH: COULD NOT OPEN FILE !!!!! . 14848 . . [------] . . c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\qmgr.dll [-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll [-] 2004-07-01 22:08 . !HASH: COULD NOT OPEN FILE !!!!! . 360960 . . [------] . . c:\windows\$NtServicePackUninstall$\qmgr.dll [-] 2003-07-22 . E1BDBEC55DF596AC4DC9FDCF6CB12832 . 223232 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll [-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll [-] 2009-02-09 . 5620353B93DD08016674E4FEE280190B . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll [-] 2005-07-26 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2005-07-26 . B38D431ACE730452CD1FEE4FB7ECD6E2 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-07-26 . B38D431ACE730452CD1FEE4FB7ECD6E2 . 398336 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\rpcss.dll [-] 2005-04-28 . FD292BFE003558F4C39AA3D44F420AC7 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . D0F724BDF4A0647F1A52985FD629EFCE . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2005-01-14 . EAB055D3580A4D7C66DA05C7160EE5C1 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2005-01-14 . 05E8F98BC17FCCE18D7DB332A81B8DDE . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll [-] 2004-08-19 . C6FE0B727A5D13419D480150631ADC09 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll [-] 2004-08-19 . C6FE0B727A5D13419D480150631ADC09 . 395776 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2004-03-06 02:17 . !HASH: COULD NOT OPEN FILE !!!!! . 263680 . . [------] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2003-07-22 16:09 . !HASH: COULD NOT OPEN FILE !!!!! . 260608 . . [------] . . c:\windows\$NtUninstallKB828741$\rpcss.dll [-] 2004-08-19 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2004-08-19 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\scecli.dll [-] 2004-08-19 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll [-] 2003-07-22 16:09 . !HASH: COULD NOT OPEN FILE !!!!! . 180736 . . [------] . . c:\windows\$NtServicePackUninstall$\scecli.dll [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe [-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2009-02-09 . 9D6BF82FE50D55F20F8E10E0F6653886 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe [-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe [-] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\services.exe [-] 2003-07-22 16:10 . !HASH: COULD NOT OPEN FILE !!!!! . 101888 . . [------] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2004-08-19 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2004-08-19 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\sfc.dll [-] 2004-08-19 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll [-] 2003-07-22 16:10 . !HASH: COULD NOT OPEN FILE !!!!! . 4096 . . [------] . . c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe [-] 2004-08-19 . DF9FC62AD51CB082B0AE371919A232CB . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2004-08-19 . DF9FC62AD51CB082B0AE371919A232CB . 57856 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2003-07-22 16:12 . !HASH: COULD NOT OPEN FILE !!!!! . 51200 . . [------] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\svchost.exe [-] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe [-] 2003-07-22 16:13 . !HASH: COULD NOT OPEN FILE !!!!! . 12800 . . [------] . . c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2005-07-08 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\tapisrv.dll [-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll [-] 2004-08-19 . 5CC2A233DAC03CAF99D20B87598675CD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [-] 2004-08-19 . 5CC2A233DAC03CAF99D20B87598675CD . 246272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2003-07-22 16:13 . !HASH: COULD NOT OPEN FILE !!!!! . 233984 . . [------] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll [-] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [-] 2004-08-19 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2004-08-19 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2004-08-19 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\user32.dll [-] 2004-06-17 17:56 . !HASH: COULD NOT OPEN FILE !!!!! . 561152 . . [------] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2003-07-22 . 0ABF2F5280940D32D1D52BD3500B0C37 . 561152 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\user32.dll [-] 2004-08-19 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2004-08-19 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\userinit.exe [-] 2004-08-19 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe [-] 2003-07-22 16:15 . !HASH: COULD NOT OPEN FILE !!!!! . 22528 . . [------] . . c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2009-06-26 . 1B086DE4AFB06F40C5949992314738D4 . 670720 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll [-] 2009-06-26 . 421625BFBCED3CCAFC30EBA47A05CECB . 672256 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll [-] 2009-06-26 . D7F5C0B6497908C84F9C1E9D2BB36396 . 672256 . . [6.00.2900.3592] . . c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll [-] 2009-04-29 . 814148D0471936ECFC8B9FC5B761A447 . 663552 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll [-] 2009-04-29 . 0A4B365061992BC4EF268229BE616F57 . 670720 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll [-] 2009-04-29 . 4C0CAC19431E83809003460D2E54F5FB . 672256 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll [-] 2009-04-29 . 2B73F48C9BD74FD54E07556B41684AC3 . 672256 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll [-] 2009-02-20 . FD1F0132A44E044C821C2B74D918D20A . 663552 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\wininet.dll [-] 2009-02-20 . AD9AB4386AE234EA5C8EED51CD934C44 . 672256 . . [6.00.2900.3527] . . c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll [-] 2009-02-20 . 273B84C3C339341F917D7DDAD0722F51 . 670208 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll [-] 2009-02-20 . 8EAE861274F3E0C00C10C871371A1A8E . 671744 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll [-] 2008-10-16 . 4BAD064ED3FB5008AF94D427DD77FDDD . 663552 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB963027$\wininet.dll [-] 2008-10-16 . F9AE6DBB4EC5B4D1A82BF2F0CB7EE200 . 671744 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll [-] 2008-10-16 . 1C6E9FDAB1F4CB983A39EFBA6F131ACC . 671232 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll [-] 2008-10-16 . 05033943FF61ABD13B93C00337D04E92 . 670208 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll [-] 2008-08-20 . ADBB0BDB81EB0013942D907E9418AB8B . 663552 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\wininet.dll [-] 2008-08-20 . AEF39AC3BCBAFE971155D0073191B5A6 . 671744 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll [-] 2008-08-20 . 50D19E569C83A9C1AE7EFAEF6A93BC50 . 670208 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll [-] 2008-08-20 . 96D50ACA60DA22ADBD253F2825C98D1A . 670720 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll [-] 2008-06-23 . 8CA18FD7CCCABFF7E84702BC1BBF5DCB . 671232 . . [6.00.2900.3395] . . c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll [-] 2008-06-23 . 95D92788889B847309C63E2EC287D1C0 . 663552 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\wininet.dll [-] 2008-06-23 . D2177655BC338A07B99913F6A4BED52D . 670208 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll [-] 2008-06-23 . 4E00327DA458BEFFEA8F4B222F466B20 . 670720 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll [-] 2008-04-21 . 355A69CC05045428CE6B9E6BFBD4B74B . 663552 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\wininet.dll [-] 2008-04-21 . F2F343D7ED0223645BA773B840EB4993 . 670720 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll [-] 2008-04-21 . 7AF7D7D178F2863E7E7C880B55C88B76 . 670208 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll [-] 2008-04-21 . 82B3264706B9921C67B196319FDA51DE . 670720 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll [-] 2008-02-16 . DCB8A9F102663D962BE60CDE38A6C1D7 . 670208 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll [-] 2008-02-16 . C9218CD3CD93586FFE9AE789282CAE63 . 663552 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\wininet.dll [-] 2007-12-07 . C5A40DE381481D288ADDEE45FC67F652 . 663552 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\wininet.dll [-] 2007-12-07 . C057D734B1951393FD07E2607513D4D9 . 670208 . . [6.00.2900.3268] . . c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll [-] 2007-10-11 . D2FD027E5D3AF96DEE6C5CC225079DF0 . 663552 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB944533$\wininet.dll [-] 2007-10-11 . 0465CDE31ADD22F6233FFB4FE4AF01CF . 670208 . . [6.00.2900.3231] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll [-] 2007-08-22 . 18048557AA56DE4B1955FDF7A21F9B24 . 663040 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB942615$\wininet.dll [-] 2007-08-22 . 4F6A45B54D26708E2C2BF2C43D83EDEA . 669696 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll [-] 2007-06-26 . 19058FBDC72F7BAE085369C6D0A7D074 . 669696 . . [6.00.2900.3164] . . c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll [-] 2007-06-26 . 889269134AF28B2142F47A337CA3A1CD . 663040 . . [6.00.2900.3164] . . c:\windows\$NtUninstallKB939653$\wininet.dll [-] 2007-04-18 . A3BF56A786B277E881FD9137F55F0B4B . 669696 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll [-] 2007-04-18 . CA6F58031096FC2509C57670129469F7 . 663040 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB937143$\wininet.dll [-] 2007-02-19 . 1BDE6D5DBA35797ECA8DB8FCB80FC015 . 669696 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll [-] 2007-02-19 . 129A4681B22150D08E35E144494240A2 . 663040 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\wininet.dll [-] 2007-01-04 . 114342601AC7EA73B0D2A0ED8505B8B9 . 669184 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll [-] 2007-01-04 . 25D38FFA2B441E326850AE4CB67D1A91 . 663040 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\wininet.dll [-] 2007-01-04 . 25D38FFA2B441E326850AE4CB67D1A91 . 663040 . . [6.00.2900.3059] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\wininet.dll [-] 2005-05-02 . 0996B57CC2ABCB271872296E98A18DB2 . 663040 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll [-] 2005-05-02 . FFE3E6FB8D52955A2DE4C6CC765B02BC . 662016 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB928090$\wininet.dll [-] 2005-03-10 . BA7CDA9917332A6E1FAA1B46BC3AB5FD . 660992 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\wininet.dll [-] 2005-03-10 . 06AD0B0F43286CD50AF283762EB56763 . 662016 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll [-] 2005-01-27 . B16B02F3C804F057DAB099CC15ED0206 . 660992 . . [6.00.2900.2577] . . c:\windows\$NtUninstallKB890923$\wininet.dll [-] 2005-01-27 . 66A10B98F18FD804236AB2D90301DE04 . 662016 . . [6.00.2900.2598] . . c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll [-] 2004-09-29 . A1F5B2FC31EF3986BCA19F72DDE0B922 . 660992 . . [6.00.2900.2518] . . c:\windows\$NtUninstallKB867282$\wininet.dll [-] 2004-08-23 19:35 . !HASH: COULD NOT OPEN FILE !!!!! . 593920 . . [------] . . c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2004-08-19 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2004-08-19 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll [-] 2003-07-22 . CBC50D46257C4A75644230507B488050 . 603136 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB834707-IE6SP1-20040929.091901$\wininet.dll [-] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\winlogon.exe [-] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2004-06-17 17:42 . !HASH: COULD NOT OPEN FILE !!!!! . 487424 . . [------] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2003-07-22 . 71820BC9EE6653C8748922459DFC384D . 520704 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\winlogon.exe [-] 2004-08-19 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2004-08-19 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ws2_32.dll [-] 2004-08-19 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll [-] 2003-07-22 16:19 . !HASH: COULD NOT OPEN FILE !!!!! . 75264 . . [------] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2004-08-19 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2004-08-19 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2004-08-19 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\explorer.exe [-] 2003-07-22 15:53 . !HASH: COULD NOT OPEN FILE !!!!! . 1008128 . . [------] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\msvcrt.dll [-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\asms\70\msft\windows\mswincrt\msvcrt.dll [-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll [-] 2004-08-19 . 75ECEFC8AB4DD9AEC9BC082D003BD90D . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll [-] 2003-07-22 16:03 . !HASH: COULD NOT OPEN FILE !!!!! . 323072 . . [------] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2003-07-22 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2002-08-28 . 1B2C477D8847E4123DD8761D2E9008F7 . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll [-] 2004-08-19 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2004-08-19 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\srsvc.dll [-] 2004-08-19 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll [-] 2003-07-22 16:12 . !HASH: COULD NOT OPEN FILE !!!!! . 159232 . . [------] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\wscntfy.exe [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\xmlprov.dll [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll [-] 2004-08-19 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2004-08-19 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\eventlog.dll [-] 2004-08-19 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll [-] 2003-07-22 15:53 . !HASH: COULD NOT OPEN FILE !!!!! . 49152 . . [------] . . c:\windows\$NtServicePackUninstall$\eventlog.dll [-] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\sfcfiles.dll [-] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2003-07-22 16:10 . !HASH: COULD NOT OPEN FILE !!!!! . 1145856 . . [------] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2004-08-19 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2004-08-19 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ctfmon.exe [-] 2004-08-19 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe [-] 2003-07-22 15:51 . !HASH: COULD NOT OPEN FILE !!!!! . 13312 . . [------] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2004-08-19 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2004-08-19 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\regsvc.dll [-] 2004-08-19 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll [-] 2003-07-22 16:08 . !HASH: COULD NOT OPEN FILE !!!!! . 51712 . . [------] . . c:\windows\$NtServicePackUninstall$\regsvc.dll [-] 2004-08-19 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2004-08-19 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\schedsvc.dll [-] 2004-08-19 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll [-] 2003-07-22 16:09 . !HASH: COULD NOT OPEN FILE !!!!! . 161280 . . [------] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll [-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll [-] 2006-12-19 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2004-08-19 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2004-08-19 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2004-08-19 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\shsvcs.dll [-] 2003-07-22 16:10 . !HASH: COULD NOT OPEN FILE !!!!! . 116736 . . [------] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2004-08-19 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2004-08-19 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ssdpsrv.dll [-] 2004-08-19 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll [-] 2003-07-22 16:12 . !HASH: COULD NOT OPEN FILE !!!!! . 43008 . . [------] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll [-] 2004-08-19 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2004-08-19 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\termsrv.dll [-] 2004-08-19 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll [-] 2003-07-22 16:14 . !HASH: COULD NOT OPEN FILE !!!!! . 202752 . . [------] . . c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2004-08-19 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\appmgmts.dll [-] 2004-08-19 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\appmgmts.dll [-] 2004-08-19 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll [-] 2003-07-22 15:49 . !HASH: COULD NOT OPEN FILE !!!!! . 165376 . . [------] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\agp440.sys [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys [-] 2001-08-17 19:58 . !HASH: COULD NOT OPEN FILE !!!!! . 25472 . . [------] . . c:\windows\$NtServicePackUninstall$\agp440.sys [-] 2003-07-22 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys [-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys [-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2002-08-28 21:16 . !HASH: COULD NOT OPEN FILE !!!!! . 142208 . . [------] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys [-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll [-] 2003-07-22 15:59 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll [-] 2003-07-22 15:59 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\mfc40u.dll [-] 2004-08-19 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2004-08-19 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\msgsvc.dll [-] 2004-08-19 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll [-] 2003-07-22 16:01 . !HASH: COULD NOT OPEN FILE !!!!! . 34304 . . [------] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2004-08-19 23:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll [-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe [-] 2009-02-09 . 663D7167ED065786EC9DCFF2569A39F7 . 2059776 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2009-02-09 . 663D7167ED065786EC9DCFF2569A39F7 . 2059776 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe [-] 2009-02-09 . 0150FE5C1E07F8AE422FEC6C8E8A0C98 . 2065024 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe [-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . 755B50949D0DBC0F0136B0DB58765331 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . F9720D61DF1E3E47614C4FC891F3FE44 . 2059776 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [-] 2008-08-14 . DCBC1A6D150B5EE1BD6257186157B0F3 . 2065024 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe [-] 2008-08-14 . 8DA71F1900721E1E4FCB5B02D55FB771 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe [-] 2007-02-28 . 7A56A64EB50399613587E90292DD2AAB . 2061440 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [-] 2006-12-19 . 8B039EFBE4C9AA23F152FFA0E238B8FA . 2061440 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [-] 2006-12-19 . 06015D137B02542F07D5CD7B144DF942 . 2059648 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [-] 2005-03-02 . 5311776074B6C13F983DC75BAEAC9C0C . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2005-03-02 . 73FA9C95D235844A36968C7852C7DBDD . 2058880 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [-] 2005-03-02 . 73FA9C95D235844A36968C7852C7DBDD . 2058880 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ntkrnlpa.exe [-] 2004-08-19 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2004-08-19 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2004-06-17 17:43 . !HASH: COULD NOT OPEN FILE !!!!! . 1958272 . . [------] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2003-07-22 . 4560381FA3425B16F5DF1A0DE4814DE7 . 1951488 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\ntkrnlpa.exe [-] 2004-08-19 23:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2004-08-19 23:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ntmssvc.dll [-] 2004-08-19 23:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll [-] 2003-07-22 16:05 . !HASH: COULD NOT OPEN FILE !!!!! . 395776 . . [------] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll [-] 2007-02-05 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll [-] 2004-08-19 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll [-] 2004-08-19 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2004-08-19 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\upnphost.dll [-] 2003-07-22 16:15 . !HASH: COULD NOT OPEN FILE !!!!! . 164864 . . [------] . . c:\windows\$NtServicePackUninstall$\upnphost.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="d:\winamp\winampa.exe" [2009-07-01 37888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled] 2009-03-10 21:18 265088 ----a-w- c:\windows\system32\WgaLogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0k\0 \0* [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/10/2009 12:11 108289] R2 WinDefend;Windows Defender;D:\MsMpEng.exe [03/11/2006 19:19 13592] S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?] S3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\drivers\pixmc10c.sys [29/12/2004 23:20 31232] S3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\drivers\pixmc10a.sys [29/12/2004 23:21 28060] S3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\drivers\pixmc10v.sys [29/12/2004 23:21 22652] S3 USTOR;U-Storage Controller;c:\windows\system32\drivers\UStork.sys [20/02/2005 15:55 20258] . Contenu du dossier 'Tâches planifiées' 2009-10-17 c:\windows\Tasks\MP Scheduled Scan.job - D:\MpCmdRun.exe [2006-11-03 18:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://y.lo.st mStart Page = hxxp://fr.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html IE: E&xporter vers Microsoft Excel - e:\office12\EXCEL.EXE/3000 TCP: {00483275-C0F2-4055-923B-C76A71D7867E} = 193.95.93.77,193.95.66.10 TCP: {1E039D85-4BFC-4D5E-A2BB-7B84F5A28BB5} = 192.168.93.77,192.168.66.10 FF - ProfilePath - c:\documents and settings\dali\Application Data\Mozilla\Firefox\Profiles\wm1tknr3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://y.lo.st FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13929&gct=&gc=1&q= FF - prefs.js: network.proxy.http_port - 9050 FF - prefs.js: network.proxy.type - 2 FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll FF - plugin: d:\divx\DivX Web Player\npdivx32.dll FF - plugin: d:\program files\plugins\np-mswmp.dll FF - plugin: d:\program files\plugins\npFoxitReaderPlugin.dll ---- PARAMETRES FIREFOX ---- . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\Winamp Toolbar\winamptb.dll BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe HKCU-Run-neufbox_reminder - c:\program files\Kit ADSL\Wizard\PostInstall_Checker.exe HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe HKCU-Run-JustVoip - d:\justvoip\JustVoip.exe HKCU-Run-E06FDXRC_392244 - e:\collection microsoft encarta 2006\EDICT.EXE HKCU-Run-Uniblue RegistryBooster 2009 - d:\uniblue\RegistryBooster\RegistryBooster.exe HKCU-Run-Uniblue RegistryBooster 2 - e:\registrybooster 2\RegistryBooster.exe HKLM-Run-Windows Defender - D:\MSASCui.exe HKLM-Run-scmru - c:\program files\SecureIT\tools\cleverassist\SCPremRbt.exe HKLM-Run-EoEngine - (no file) HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe Notify-AtiExtEvent - (no file) AddRemove-274c5407c4fa26908310cb5c1c4000b2 - c:\program files\netbeans-4.0beta2\_uninst\uninstaller.exe AddRemove-Foxit Reader - d:\program files\Foxit Software\Foxit Reader\Uninstall.exe AddRemove-Google Updater - c:\program files\Google\Google Updater\GoogleUpdater.exe AddRemove-Handy Recovery 1.0 - c:\progra~1\SOFTLO~1\HANDYR~1.0\UNWISE.EXE AddRemove-HijackThis - G:\HijackThis.exe AddRemove-Mozilla Firefox (3.0.6) - d:\program files\uninstall\helper.exe AddRemove-Privoxy - d:\vidalia bundle\Uninstall.exe AddRemove-SecureMail - e:\securemail\Uninstall.exe AddRemove-SecureMail Web Access - e:\securemail web access\WebAccessUninstall.exe AddRemove-Tor - d:\vidalia bundle\Uninstall.exe AddRemove-{7585478E9D9B42108671C12F8714CEFE} - d:\divx\DivXConverterUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-17 18:14 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Heure de fin: 2009-10-17 18:26 ComboFix-quarantined-files.txt 2009-10-17 17:26 Avant-CF: 318 070 784 octets libres Après-CF: 357 851 136 octets libres 642 A la prochaine, avec toutes mes considérations.
  25. bouha
    Bonjour, c'est déjà fait, c'est Falkra qui fait le suivi. Mais le problème pour moi, c'est comment télécharger des programmes qu'on peut me demander alors que j'ai pas accès à l'internet. C'est pourquoi, si c'est possible peut -on d'abord rétablir la connexion internet.
×
×
  • Créer...