

benjifast
Membres-
Compteur de contenus
54 -
Inscription
-
Dernière visite
Autres informations
-
Mes langues
FRANCAIS
Visiteurs récents du profil
benjifast's Achievements

Member (4/12)
0
Réputation sur la communauté
-
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Rapport hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:42:51, on 13/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Panasonic\HPLSMAN\hplskey.exe C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\IDS Main Menu\IDS Main Menu2.exe C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panasonic\DispRot\IDRot.exe C:\Program Files\Panasonic\WRITING\Writing.exe C:\Program Files\Panasonic\MEISKB\meiskb.exe C:\Program Files\Panasonic\WLANSW\WLANSW.EXE C:\WINDOWS\explorer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ford.com/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPlsKey] C:\Program Files\Panasonic\HPLSMAN\hplskey.exe O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iDSMainMenu] "C:\Program Files\IDS Main Menu\IDS Main Menu2.exe" O4 - HKLM\..\Run: [iDSTechnician] "C:\Program Files\IDS\TechLocale.exe" O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [starburst] "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" O4 - HKLM\..\Run: [Feedback] "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" O4 - HKLM\..\Run: [TDSReanimator] "C:\Program Files\Common Files\Teradyne\TDSReanimator.exe" O4 - HKLM\..\Run: [ProbeTickHandler] "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Display Rotation Tool.lnk = ? O4 - Global Startup: Panasonic Hand Writing.lnk = ? O4 - Global Startup: Software Keyboard.lnk = ? O4 - Global Startup: Wireless LAN Switch.lnk = ? O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172140183305 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TDSNetSetup - Unknown owner - C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7178 bytes -
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Je n'ai que 2 fichiers et pas ceux dont tu parle: AddRemove-HijackThis.reg et tcpip (Registration Entries). J'attend tes instructions. -
trojan adatadrv.sys faux positif?
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Aucun virus trouver par ESET online scanner. A+ -
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, combofix demande sa mise à jour pour l'instant j'ai mis non, doit-je la faire? Rapport combofix: ComboFix 10-06-11.01 - IDS Administrator 13/06/2010 15:30:27.4.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1033.18.502.177 [GMT 2:00] Lancé depuis: c:\documents and settings\IDS Administrator\Desktop\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\IDS Administrator\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-13 au 2010-06-13 )))))))))))))))))))))))))))))))))))) . 2010-06-13 08:27 . 2010-06-13 08:27 -------- d-----w- C:\rsit 2010-06-13 08:22 . 2010-06-13 08:22 -------- d-----w- c:\windows\system32\LogFiles 2010-06-12 19:41 . 2010-06-12 19:41 -------- d-----w- c:\documents and settings\IDS Administrator\Application Data\CheckPoint 2010-06-12 19:41 . 2010-06-12 19:41 -------- d-----w- c:\program files\CheckPoint 2010-06-12 19:41 . 2010-06-12 19:41 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-06-12 19:40 . 2009-12-04 14:35 46472 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2010-06-12 19:40 . 2009-12-04 14:34 69000 ----a-w- c:\windows\system32\zlcomm.dll 2010-06-12 19:40 . 2009-12-04 14:34 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2010-06-12 19:40 . 2009-12-04 14:34 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2010-06-12 19:40 . 2010-06-12 19:41 -------- d-----w- c:\windows\system32\ZoneLabs 2010-06-12 19:40 . 2010-06-12 19:40 -------- d-----w- c:\program files\Zone Labs 2010-06-12 19:39 . 2010-06-13 13:27 -------- d-----w- c:\windows\Internet Logs 2010-06-12 10:40 . 2010-06-13 08:27 -------- d-----w- c:\program files\Trend Micro 2010-06-12 10:39 . 2010-06-12 10:40 -------- d-----w- C:\HJT 2010-06-12 10:03 . 2010-06-12 10:05 -------- d-----w- C:\ToolBar SD 2010-06-11 11:02 . 2010-06-11 11:02 -------- d-----w- c:\documents and settings\IDS Administrator\Application Data\Malwarebytes 2010-06-11 11:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-11 11:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-10 19:15 . 2010-06-11 10:56 -------- d-----w- c:\program files\ZHPDiag 2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-10 06:48 . 2010-06-10 07:00 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-10 06:48 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-10 06:48 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-10 06:48 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\program files\Avira 2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-08 14:34 . 2010-06-08 14:34 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-13 12:34 . 2010-06-12 22:17 3877974 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-06-09 09:49 . 2007-02-07 13:43 -------- d-----w- c:\program files\Common Files\Teradyne 2010-06-08 17:37 . 2007-02-07 13:51 -------- d-----w- c:\program files\FordEtis 2010-05-04 17:20 . 2006-02-17 16:59 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20 . 2006-02-17 16:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20 . 2006-02-17 16:56 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22 . 2006-02-17 16:59 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2006-02-17 16:56 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-03-14 222496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976] "HPlsKey"="c:\program files\Panasonic\HPLSMAN\hplskey.exe" [2005-06-01 61440] "PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2004-08-06 110592] "PCinfo"="c:\program files\Panasonic\PCINFO\SetDiag.exe" [2005-06-15 45056] "Panasonic HotKey Manager"="c:\program files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-06-14 974848] "AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-04 401408] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-04 385024] "IDSMainMenu"="c:\program files\IDS Main Menu\IDS Main Menu2.exe" [2007-02-07 360448] "IDSTechnician"="c:\program files\IDS\TechLocale.exe" [2006-04-04 32768] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032] "Starburst"="c:\program files\Ford Motor Company\IDS\Runtime\Starburst.exe" [2010-02-21 90112] "Feedback"="c:\program files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" [2010-02-21 72704] "TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-01-11 11264] "ProbeTickHandler"="c:\program files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" [2010-02-21 43008] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-12-04 1037192] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Display Rotation Tool.lnk - c:\program files\Panasonic\DispRot\IDRot.exe [2006-2-18 81920] Panasonic Hand Writing.lnk - c:\program files\Panasonic\WRITING\Writing.exe [2006-2-18 278528] Software Keyboard.lnk - c:\program files\Panasonic\MEISKB\meiskb.exe [2006-2-18 139264] Wireless LAN Switch.lnk - c:\program files\Panasonic\WLANSW\WLANSW.EXE [2006-2-28 94208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2005-10-04 06:59 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FordEtis\\etisdvd.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ManualUpdate.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\manualcalibration.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\patchapply.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdbupdate.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SWUpdWizard.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C402.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C403.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C407.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C412.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C413.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"= R1 WLANSW;Panasonic PC Wireless LAN Switch Driver;c:\program files\Panasonic\WLANSW\WLANSW.sys [28/02/2006 14:14 7680] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/06/2010 08:48 108289] R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [28/02/2006 14:13 7168] R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\Panasonic\PCINFO\PCINFO.sys [18/02/2006 04:13 7168] R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [18/02/2006 04:14 8192] R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [17/02/2006 19:03 23463] R3 HTKPLUS;Panasonic Hotkey PLUS Driver;c:\windows\system32\drivers\HTKPLUS.SYS [17/02/2006 19:03 8448] S2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [07/02/2007 15:43 17920] S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [27/10/2004 01:15 31375] S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rsmartc.sys [17/02/2006 19:03 69460] S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [07/02/2007 15:41 22016] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = hxxp://www.ford.com/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-13 15:40 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(888) c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(1824) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Heure de fin: 2010-06-13 15:44:00 ComboFix-quarantined-files.txt 2010-06-13 13:43 ComboFix2.txt 2010-06-13 12:29 ComboFix3.txt 2010-06-12 18:12 ComboFix4.txt 2010-06-12 11:55 Avant-CF: 33 068 572 672 bytes free Après-CF: 33 061 629 952 bytes free - - End Of File - - 7F6F1F4D932248462C0D214E4BF5DF21 -
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Non je ne le vois pas j'ai: TMControll.dll et tmcontrol.ini dans les noms se rapprochant. A+ -
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Il s'agit du logiciel: FORD ETIS IDS utilisé pour diagnostic et base de données sur les véhicule ford. Mes mises à jour sont bien télécharger, au moment de l'installation ça se passe normalement, puis elle reste à 11 en suspens et 0 installée, donc à chaque fois que je relance le logiciel le meme problème. Rapport combofix: ComboFix 10-06-11.01 - IDS Administrator 13/06/2010 14:16:01.3.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1033.18.502.245 [GMT 2:00] Lancé depuis: c:\documents and settings\IDS Administrator\Desktop\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\IDS Administrator\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-13 au 2010-06-13 )))))))))))))))))))))))))))))))))))) . 2010-06-13 08:27 . 2010-06-13 08:27 -------- d-----w- C:\rsit 2010-06-13 08:22 . 2010-06-13 08:22 -------- d-----w- c:\windows\system32\LogFiles 2010-06-12 19:41 . 2010-06-12 19:41 -------- d-----w- c:\documents and settings\IDS Administrator\Application Data\CheckPoint 2010-06-12 19:41 . 2010-06-12 19:41 -------- d-----w- c:\program files\CheckPoint 2010-06-12 19:41 . 2010-06-12 19:41 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-06-12 19:40 . 2009-12-04 14:35 46472 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2010-06-12 19:40 . 2009-12-04 14:34 69000 ----a-w- c:\windows\system32\zlcomm.dll 2010-06-12 19:40 . 2009-12-04 14:34 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2010-06-12 19:40 . 2009-12-04 14:34 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2010-06-12 19:40 . 2010-06-12 19:41 -------- d-----w- c:\windows\system32\ZoneLabs 2010-06-12 19:40 . 2010-06-12 19:40 -------- d-----w- c:\program files\Zone Labs 2010-06-12 19:39 . 2010-06-13 12:12 -------- d-----w- c:\windows\Internet Logs 2010-06-12 10:40 . 2010-06-13 08:27 -------- d-----w- c:\program files\Trend Micro 2010-06-12 10:39 . 2010-06-12 10:40 -------- d-----w- C:\HJT 2010-06-12 10:03 . 2010-06-12 10:05 -------- d-----w- C:\ToolBar SD 2010-06-11 11:02 . 2010-06-11 11:02 -------- d-----w- c:\documents and settings\IDS Administrator\Application Data\Malwarebytes 2010-06-11 11:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-11 11:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-10 19:15 . 2010-06-11 10:56 -------- d-----w- c:\program files\ZHPDiag 2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-10 06:48 . 2010-06-10 07:00 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-10 06:48 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-10 06:48 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-10 06:48 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\program files\Avira 2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-08 14:34 . 2010-06-08 14:34 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-12 22:23 . 2010-06-12 22:17 1945839 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-06-09 09:49 . 2007-02-07 13:43 -------- d-----w- c:\program files\Common Files\Teradyne 2010-06-08 17:37 . 2007-02-07 13:51 -------- d-----w- c:\program files\FordEtis 2010-05-04 17:20 . 2006-02-17 16:59 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20 . 2006-02-17 16:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20 . 2006-02-17 16:56 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22 . 2006-02-17 16:59 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2006-02-17 16:56 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((( SnapShot@2010-06-12_11.51.33 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-12 19:40 . 2009-12-04 14:35 12680 c:\windows\system32\ZoneLabs\zlsre_loc040c.dll + 2010-06-12 19:40 . 2009-12-04 14:34 99208 c:\windows\system32\ZoneLabs\zlquarantine.dll + 2010-06-12 19:40 . 2009-12-04 14:34 65928 c:\windows\system32\ZoneLabs\zatray.exe + 2010-06-12 19:40 . 2009-12-04 14:35 40328 c:\windows\system32\ZoneLabs\vsmon_loc040c.dll + 2010-06-12 19:40 . 2009-12-04 14:35 20872 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 43912 c:\windows\system32\ZoneLabs\lib\zfde.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 85384 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 37256 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 12680 c:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 12680 c:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 12680 c:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 18824 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 12680 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 11144 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 14216 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 12168 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 29064 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 12680 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:34 38280 c:\windows\system32\ZoneLabs\featuremap.dll + 2010-06-12 19:40 . 2009-12-04 14:34 98184 c:\windows\system32\ZoneLabs\fbl.dll + 2010-06-12 19:40 . 2009-12-04 14:34 74632 c:\windows\system32\ZoneLabs\camupd.dll + 2010-06-12 19:40 . 2009-12-04 14:34 41864 c:\windows\system32\vswmi.dll + 2010-06-12 19:40 . 2009-12-04 14:34 58248 c:\windows\system32\vsregexp.dll + 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe - 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe + 2006-02-17 16:58 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll - 2006-02-17 16:58 . 2010-03-11 12:38 44544 c:\windows\system32\pngfilt.dll + 2006-02-17 16:58 . 2010-06-12 22:03 72066 c:\windows\system32\perfc009.dat - 2006-02-17 16:58 . 2010-03-30 06:36 72066 c:\windows\system32\perfc009.dat + 2009-11-05 20:17 . 2009-11-05 20:17 11600 c:\windows\system32\mui\0409\mscorees.dll - 2007-08-13 16:54 . 2010-03-11 12:38 52224 c:\windows\system32\msfeedsbs.dll + 2007-08-13 16:54 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll + 2006-02-17 16:57 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll - 2006-02-17 16:57 . 2010-03-11 12:38 27648 c:\windows\system32\jsproxy.dll - 2007-08-13 16:39 . 2010-03-10 13:18 13824 c:\windows\system32\ieudinit.exe + 2007-08-13 16:39 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe - 2006-02-17 16:57 . 2010-03-11 12:38 44544 c:\windows\system32\iernonce.dll + 2006-02-17 16:57 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll + 2006-02-17 16:57 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe - 2006-02-17 16:57 . 2010-03-10 13:18 70656 c:\windows\system32\ie4uinit.exe + 2007-08-13 16:36 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll - 2007-08-13 16:36 . 2010-03-11 12:38 63488 c:\windows\system32\icardie.dll + 2006-02-17 16:58 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll - 2006-02-17 16:58 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\pngfilt.dll + 2008-09-23 08:08 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll - 2008-09-23 08:08 . 2010-03-11 12:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2006-02-17 16:57 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll - 2006-02-17 16:57 . 2010-03-11 12:38 27648 c:\windows\system32\dllcache\jsproxy.dll - 2008-09-23 08:08 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe + 2008-09-23 08:08 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe - 2006-02-17 16:57 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\iernonce.dll + 2006-02-17 16:57 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll + 2006-02-17 16:57 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll - 2006-02-17 16:57 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll + 2006-02-17 16:57 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2006-02-17 16:57 . 2010-03-10 13:18 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2008-09-23 08:08 . 2010-03-11 12:38 63488 c:\windows\system32\dllcache\icardie.dll + 2008-09-23 08:08 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll - 2006-02-17 16:56 . 2010-03-11 12:38 17408 c:\windows\system32\dllcache\corpol.dll + 2006-02-17 16:56 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll + 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll + 2006-02-17 16:56 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll + 2010-04-07 21:48 . 2010-04-07 21:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll - 2008-07-29 17:16 . 2008-07-29 17:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2010-03-23 03:31 . 2010-03-23 03:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2010-04-01 09:42 . 2010-04-01 09:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll - 2008-05-27 22:49 . 2008-05-27 22:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2010-03-31 12:51 . 2010-03-31 12:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2008-05-27 22:49 . 2008-05-27 22:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2010-03-31 12:51 . 2010-03-31 12:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2008-05-27 22:49 . 2008-05-27 22:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2010-03-31 12:51 . 2010-03-31 12:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2010-03-31 13:32 . 2010-03-31 13:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2008-05-27 23:30 . 2008-05-27 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2010-03-31 13:32 . 2010-03-31 13:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll - 2003-02-21 03:19 . 2003-02-21 03:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll + 2010-06-12 21:52 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll + 2010-06-12 21:52 . 2010-03-11 12:38 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll + 2010-06-12 21:52 . 2010-03-11 12:38 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll + 2010-06-12 21:52 . 2010-03-10 13:18 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe + 2010-06-12 21:52 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll + 2010-06-12 21:52 . 2010-03-11 12:38 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll + 2010-06-12 21:52 . 2010-03-10 13:18 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe + 2010-06-12 21:52 . 2010-03-11 12:38 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll + 2010-06-12 21:52 . 2010-03-11 12:38 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll + 2010-06-12 22:13 . 2010-06-12 22:13 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_56fa7e1b\System.Drawing.Design.dll + 2010-06-12 22:13 . 2010-06-12 22:13 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_64b762a9\CustomMarshalers.dll + 2010-06-13 08:16 . 2010-06-13 08:16 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll + 2010-06-12 22:10 . 2010-06-12 22:10 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe + 2010-06-12 22:07 . 2010-06-12 22:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll - 2009-10-19 08:40 . 2009-10-19 08:40 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2010-06-12 22:02 . 2010-06-12 22:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2009-08-31 09:52 . 2009-08-31 09:52 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2010-06-12 22:05 . 2010-06-12 22:05 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll - 2009-10-19 08:40 . 2009-10-19 08:40 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2010-06-12 22:02 . 2010-06-12 22:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2010-06-12 22:02 . 2010-06-12 22:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2009-10-19 08:41 . 2009-10-19 08:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2010-06-12 22:02 . 2010-06-12 22:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-10-19 08:40 . 2009-10-19 08:40 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2010-06-12 22:02 . 2010-06-12 22:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2009-10-19 08:40 . 2009-10-19 08:40 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2009-10-19 08:40 . 2009-10-19 08:40 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2010-06-12 22:02 . 2010-06-12 22:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2010-06-12 22:02 . 2010-06-12 22:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2009-10-19 08:41 . 2009-10-19 08:41 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2010-06-12 22:02 . 2010-06-12 22:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-10-19 08:41 . 2009-10-19 08:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2010-06-12 22:02 . 2010-06-12 22:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2009-10-19 08:40 . 2009-10-19 08:40 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2010-06-12 22:02 . 2010-06-12 22:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2009-10-19 08:40 . 2009-10-19 08:40 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2009-10-19 08:40 . 2009-10-19 08:40 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2010-06-12 22:02 . 2010-06-12 22:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2009-10-19 08:40 . 2009-10-19 08:40 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2010-06-12 22:02 . 2010-06-12 22:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2010-06-12 22:02 . 2010-06-12 22:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2009-10-19 08:40 . 2009-10-19 08:40 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2010-06-12 22:12 . 2010-06-12 22:12 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2010-06-12 22:02 . 2010-06-12 22:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2009-10-19 08:40 . 2009-10-19 08:40 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2010-06-12 19:40 . 2009-12-04 14:35 7048 c:\windows\system32\ZoneLabs\zlquarantine_loc040c.dll + 2010-06-12 19:40 . 2009-12-04 14:35 7048 c:\windows\system32\ZoneLabs\vsvault_loc040c.dll + 2010-06-12 19:40 . 2009-12-04 14:35 7048 c:\windows\system32\ZoneLabs\vsdb_loc040c.dll + 2010-06-12 19:40 . 2009-12-04 14:35 7048 c:\windows\system32\ZoneLabs\scheduler_loc040c.dll + 2010-06-12 19:40 . 2009-12-04 14:35 7048 c:\windows\system32\ZoneLabs\camupd_loc040c.dll + 2010-06-12 22:02 . 2010-06-12 22:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2009-10-19 08:40 . 2009-10-19 08:40 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2010-06-12 22:02 . 2010-06-12 22:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-10-19 08:41 . 2009-10-19 08:41 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2010-06-12 22:02 . 2010-06-12 22:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-10-19 08:40 . 2009-10-19 08:40 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-10-19 08:40 . 2009-10-19 08:40 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-06-12 22:02 . 2010-06-12 22:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-06-12 22:02 . 2010-06-12 22:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-10-19 08:40 . 2009-10-19 08:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2010-06-12 22:02 . 2010-06-12 22:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2009-10-19 08:40 . 2009-10-19 08:40 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2010-06-12 19:40 . 2009-12-04 14:34 141192 c:\windows\system32\ZoneLabs\zlupdate.dll + 2010-06-12 19:40 . 2009-12-04 14:34 172936 c:\windows\system32\ZoneLabs\vsvault.dll + 2010-06-12 19:40 . 2009-12-04 14:35 190856 c:\windows\system32\ZoneLabs\vsruledb_loc040c.dll + 2010-06-12 19:39 . 2009-12-04 14:34 210824 c:\windows\system32\ZoneLabs\vsdb.dll + 2010-06-12 19:40 . 2009-12-04 14:35 113544 c:\windows\system32\ZoneLabs\updClient_loc040c.dll + 2010-06-12 19:40 . 2007-10-11 14:51 832984 c:\windows\system32\ZoneLabs\updating.dll + 2010-06-12 19:40 . 2009-12-04 14:34 434568 c:\windows\system32\ZoneLabs\ssleay32.dll + 2010-06-12 19:40 . 2009-12-04 14:34 135048 c:\windows\system32\ZoneLabs\scheduler.dll + 2010-06-12 19:40 . 2009-07-13 21:58 722392 c:\windows\system32\ZoneLabs\qrbase.dll + 2010-06-12 19:40 . 2009-12-04 14:35 119688 c:\windows\system32\ZoneLabs\lib\zui.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 267656 c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 175496 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 368008 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 139144 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll + 2010-06-12 19:40 . 2009-12-04 14:35 376712 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll + 2010-06-12 19:39 . 2009-10-09 18:33 579048 c:\windows\system32\ZoneLabs\icslta.dll + 2010-06-12 19:41 . 2008-03-17 14:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll - 2006-02-17 16:59 . 2010-03-11 12:38 233472 c:\windows\system32\webcheck.dll + 2006-02-17 16:59 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll + 2010-06-12 19:40 . 2009-12-04 14:34 109960 c:\windows\system32\vsxml.dll + 2010-06-12 19:39 . 2009-12-04 14:34 621960 c:\windows\system32\vsutil.dll + 2010-06-12 19:40 . 2009-12-04 14:34 299912 c:\windows\system32\vspubapi.dll + 2010-06-12 19:40 . 2009-12-04 14:34 107912 c:\windows\system32\vsmonapi.dll + 2010-06-12 19:39 . 2009-12-04 14:34 227720 c:\windows\system32\vsinit.dll + 2010-06-12 19:40 . 2009-12-04 14:34 486280 c:\windows\system32\vsdatant.sys + 2010-06-12 19:39 . 2009-12-04 14:34 112008 c:\windows\system32\vsdata.dll - 2006-02-17 16:59 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll + 2006-02-17 16:59 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll + 2006-02-17 16:58 . 2010-06-12 22:03 442800 c:\windows\system32\perfh009.dat - 2006-02-17 16:58 . 2010-03-30 06:36 442800 c:\windows\system32\perfh009.dat - 2006-02-17 16:58 . 2010-03-11 12:38 102912 c:\windows\system32\occache.dll + 2006-02-17 16:58 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll - 2006-02-17 16:58 . 2010-03-11 12:38 671232 c:\windows\system32\mstime.dll + 2006-02-17 16:58 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll - 2006-02-17 16:58 . 2010-03-11 12:38 193024 c:\windows\system32\msrating.dll + 2006-02-17 16:58 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll + 2006-02-17 16:58 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll - 2006-02-17 16:58 . 2010-03-11 12:38 477696 c:\windows\system32\mshtmled.dll - 2007-08-13 16:54 . 2010-03-11 12:38 459264 c:\windows\system32\msfeeds.dll + 2007-08-13 16:54 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll - 2006-02-18 01:37 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll + 2006-02-18 01:37 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll + 2007-08-13 16:34 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll - 2007-08-13 16:34 . 2010-03-11 12:38 268288 c:\windows\system32\iertutil.dll - 2006-02-17 16:57 . 2010-03-11 12:38 192512 c:\windows\system32\iepeers.dll + 2006-02-17 16:57 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll + 2006-02-17 16:57 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll - 2006-02-17 16:57 . 2010-03-11 12:38 385024 c:\windows\system32\iedkcs32.dll + 2007-07-11 10:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll - 2007-07-11 10:27 . 2010-03-11 12:38 380928 c:\windows\system32\ieapfltr.dll + 2006-02-17 16:57 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll - 2006-02-17 16:57 . 2010-02-23 05:18 161792 c:\windows\system32\ieakui.dll - 2006-02-17 16:57 . 2010-03-11 12:38 230400 c:\windows\system32\ieaksie.dll + 2006-02-17 16:57 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll + 2006-02-17 16:57 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll - 2006-02-17 16:57 . 2010-03-11 12:38 153088 c:\windows\system32\ieakeng.dll + 2006-02-17 17:29 . 2010-06-12 22:17 161936 c:\windows\system32\FNTCACHE.DAT - 2006-02-17 17:29 . 2009-11-18 11:31 161936 c:\windows\system32\FNTCACHE.DAT + 2006-02-17 16:57 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll - 2006-02-17 16:57 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll + 2006-02-17 16:57 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll - 2006-02-17 16:57 . 2010-03-11 12:38 214528 c:\windows\system32\dxtrans.dll - 2006-02-17 16:57 . 2010-03-11 12:38 347136 c:\windows\system32\dxtmsft.dll + 2006-02-17 16:57 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll + 2006-02-17 16:59 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll - 2006-02-17 16:59 . 2010-03-11 12:38 832512 c:\windows\system32\dllcache\wininet.dll + 2006-02-17 16:59 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll - 2006-02-17 16:59 . 2010-03-11 12:38 233472 c:\windows\system32\dllcache\webcheck.dll + 2006-02-17 16:59 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll - 2006-02-17 16:59 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll - 2006-02-17 16:58 . 2010-03-11 12:38 102912 c:\windows\system32\dllcache\occache.dll + 2006-02-17 16:58 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll + 2006-02-17 16:58 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll - 2006-02-17 16:58 . 2010-03-11 12:38 671232 c:\windows\system32\dllcache\mstime.dll - 2006-02-17 16:58 . 2010-03-11 12:38 193024 c:\windows\system32\dllcache\msrating.dll + 2006-02-17 16:58 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll + 2006-02-17 16:58 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll - 2006-02-17 16:58 . 2010-03-11 12:38 477696 c:\windows\system32\dllcache\mshtmled.dll + 2008-09-23 08:08 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll - 2008-09-23 08:08 . 2010-03-11 12:38 459264 c:\windows\system32\dllcache\msfeeds.dll - 2008-08-25 14:10 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll + 2008-08-25 14:10 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll + 2006-02-18 01:37 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe - 2008-09-23 08:08 . 2010-03-11 12:38 268288 c:\windows\system32\dllcache\iertutil.dll + 2008-09-23 08:08 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll + 2006-02-17 16:57 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll - 2006-02-17 16:57 . 2010-03-11 12:38 192512 c:\windows\system32\dllcache\iepeers.dll + 2006-02-17 16:57 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2006-02-17 16:57 . 2010-03-11 12:38 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2008-09-23 08:08 . 2010-03-11 12:38 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2008-09-23 08:08 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll - 2006-02-17 16:57 . 2010-02-23 05:18 161792 c:\windows\system32\dllcache\ieakui.dll + 2006-02-17 16:57 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll - 2006-02-17 16:57 . 2010-03-11 12:38 230400 c:\windows\system32\dllcache\ieaksie.dll + 2006-02-17 16:57 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll + 2006-02-17 16:57 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll - 2006-02-17 16:57 . 2010-03-11 12:38 153088 c:\windows\system32\dllcache\ieakeng.dll - 2006-02-17 16:57 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll + 2006-02-17 16:57 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll - 2006-02-17 16:57 . 2010-03-11 12:38 214528 c:\windows\system32\dllcache\dxtrans.dll + 2006-02-17 16:57 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll - 2006-02-17 16:57 . 2010-03-11 12:38 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2006-02-17 16:57 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll + 2006-02-17 16:56 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll - 2006-02-17 16:56 . 2010-03-11 12:38 124928 c:\windows\system32\dllcache\advpack.dll + 2006-02-17 16:56 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll - 2006-02-17 16:56 . 2010-03-11 12:38 124928 c:\windows\system32\advpack.dll + 2010-04-07 21:48 . 2010-04-07 21:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll - 2008-07-29 17:16 . 2008-07-29 17:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2010-04-07 21:48 . 2010-04-07 21:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2010-03-23 03:31 . 2010-03-23 03:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2010-02-09 10:22 . 2010-02-09 10:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll - 2008-07-25 09:17 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll - 2008-05-27 22:49 . 2008-05-27 22:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2010-03-31 12:51 . 2010-03-31 12:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2010-03-31 12:49 . 2010-03-31 12:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2008-05-27 22:48 . 2008-05-27 22:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2008-05-27 23:30 . 2008-05-27 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2010-03-31 13:32 . 2010-03-31 13:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2010-02-24 22:14 . 2010-02-24 22:14 543232 c:\windows\Installer\f84c0f.msp + 2010-06-12 21:52 . 2010-03-11 12:38 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll + 2010-06-12 21:52 . 2010-03-11 12:38 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll + 2010-06-12 21:52 . 2010-03-11 12:38 105984 c:\windows\ie7updates\KB982381-IE7\url.dll + 2010-06-12 21:52 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll + 2010-06-12 21:52 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe + 2010-06-12 21:52 . 2010-03-11 12:38 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll + 2010-06-12 21:52 . 2010-03-11 12:38 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll + 2010-06-12 21:52 . 2010-03-11 12:38 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll + 2010-06-12 21:52 . 2010-03-11 12:38 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll + 2010-06-12 21:52 . 2010-03-11 12:38 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll + 2010-06-12 21:52 . 2010-02-23 05:20 634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe + 2010-06-12 21:52 . 2010-03-11 12:38 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll + 2010-06-12 21:52 . 2010-03-11 12:38 192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll + 2010-06-12 21:52 . 2010-03-11 12:38 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll + 2010-06-12 21:52 . 2010-03-11 12:38 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll + 2010-06-12 21:52 . 2010-02-23 05:18 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll + 2010-06-12 21:52 . 2010-03-11 12:38 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll + 2010-06-12 21:52 . 2010-03-11 12:38 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll + 2010-06-12 21:52 . 2010-03-11 12:38 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll + 2010-06-12 21:52 . 2010-03-11 12:38 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll + 2010-06-12 21:52 . 2010-03-11 12:38 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll + 2010-06-12 21:52 . 2010-03-11 12:38 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll + 2010-06-12 22:13 . 2010-06-12 22:13 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_024c3711\System.Drawing.dll + 2010-06-12 22:14 . 2010-06-12 22:14 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_143d8091\System.Drawing.Design.dll + 2010-06-12 22:13 . 2010-06-12 22:13 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_269c7f61\CustomMarshalers.dll + 2010-06-13 08:13 . 2010-06-13 08:13 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe + 2010-06-12 22:25 . 2010-06-12 22:25 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll + 2010-06-12 22:25 . 2010-06-12 22:25 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll + 2010-06-13 08:16 . 2010-06-13 08:16 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll + 2010-06-12 22:19 . 2010-06-12 22:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll + 2010-06-12 22:15 . 2010-06-12 22:15 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll + 2010-06-12 22:20 . 2010-06-12 22:20 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll + 2010-06-12 22:07 . 2010-06-12 22:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll + 2010-06-12 22:10 . 2010-06-12 22:10 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2010-06-12 22:15 . 2010-06-12 22:15 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll + 2010-06-13 08:16 . 2010-06-13 08:16 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\07da2b0e44d62f3c65d6516f4e2f94bb\System.Messaging.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll + 2010-06-13 08:12 . 2010-06-13 08:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll + 2010-06-12 22:15 . 2010-06-12 22:15 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll + 2010-06-12 22:15 . 2010-06-12 22:15 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll + 2010-06-12 22:16 . 2010-06-12 22:16 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll + 2010-06-12 22:19 . 2010-06-12 22:19 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll + 2010-06-12 22:06 . 2010-06-12 22:06 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll + 2010-06-12 22:20 . 2010-06-12 22:20 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe + 2010-06-13 08:13 . 2010-06-13 08:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe + 2010-06-12 22:24 . 2010-06-12 22:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll + 2010-06-12 22:22 . 2010-06-12 22:22 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll + 2010-06-12 22:24 . 2010-06-12 22:24 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll + 2010-06-12 22:24 . 2010-06-12 22:24 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe + 2010-06-13 08:13 . 2010-06-13 08:13 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2010-06-12 22:07 . 2010-06-12 22:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe + 2010-06-13 08:13 . 2010-06-13 08:13 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll + 2010-06-12 22:02 . 2010-06-12 22:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-10-19 08:40 . 2009-10-19 08:40 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-10-19 08:40 . 2009-10-19 08:40 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2010-06-12 22:02 . 2010-06-12 22:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2009-10-19 08:40 . 2009-10-19 08:40 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2010-06-12 22:02 . 2010-06-12 22:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2009-10-19 08:40 . 2009-10-19 08:40 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2010-06-12 22:02 . 2010-06-12 22:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2010-06-12 22:05 . 2010-06-12 22:05 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2009-10-19 08:41 . 2009-10-19 08:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-06-12 22:02 . 2010-06-12 22:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-06-12 22:02 . 2010-06-12 22:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-10-19 08:41 . 2009-10-19 08:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2010-06-12 22:02 . 2010-06-12 22:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-10-19 08:41 . 2009-10-19 08:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-10-19 08:41 . 2009-10-19 08:41 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2010-06-12 22:02 . 2010-06-12 22:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2010-06-12 22:05 . 2010-06-12 22:05 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2009-10-19 08:41 . 2009-10-19 08:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2010-06-12 22:02 . 2010-06-12 22:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2010-06-12 22:02 . 2010-06-12 22:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2009-10-19 08:40 . 2009-10-19 08:40 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2010-06-12 22:02 . 2010-06-12 22:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2009-10-19 08:40 . 2009-10-19 08:40 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2009-10-19 08:41 . 2009-10-19 08:41 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2010-06-12 22:02 . 2010-06-12 22:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2009-10-19 08:41 . 2009-10-19 08:41 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2010-06-12 22:02 . 2010-06-12 22:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2010-06-12 22:02 . 2010-06-12 22:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2009-10-19 08:41 . 2009-10-19 08:41 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2010-06-12 22:02 . 2010-06-12 22:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-10-19 08:41 . 2009-10-19 08:41 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-08-31 09:52 . 2009-08-31 09:52 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll + 2010-06-12 22:05 . 2010-06-12 22:05 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll + 2010-06-12 22:02 . 2010-06-12 22:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2009-10-19 08:40 . 2009-10-19 08:40 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2009-10-19 08:40 . 2009-10-19 08:40 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2010-06-12 22:02 . 2010-06-12 22:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2009-10-19 08:40 . 2009-10-19 08:40 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2010-06-12 22:02 . 2010-06-12 22:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2010-06-12 22:02 . 2010-06-12 22:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2009-10-19 08:40 . 2009-10-19 08:40 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2009-10-19 08:41 . 2009-10-19 08:41 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2010-06-12 22:02 . 2010-06-12 22:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2009-10-19 08:41 . 2009-10-19 08:41 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2010-06-12 22:02 . 2010-06-12 22:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2010-06-12 22:02 . 2010-06-12 22:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-10-19 08:40 . 2009-10-19 08:40 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-10-19 08:40 . 2009-10-19 08:40 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2010-06-12 22:02 . 2010-06-12 22:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2009-10-19 08:40 . 2009-10-19 08:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2010-06-12 22:02 . 2010-06-12 22:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2010-06-12 22:02 . 2010-06-12 22:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-10-19 08:40 . 2009-10-19 08:40 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-10-19 08:41 . 2009-10-19 08:41 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2010-06-12 22:02 . 2010-06-12 22:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2010-06-12 19:40 . 2009-12-04 14:34 1789320 c:\windows\system32\ZoneLabs\vsruledb.dll + 2010-06-12 19:40 . 2009-12-04 14:36 2384240 c:\windows\system32\ZoneLabs\vsmon.exe + 2010-06-12 19:40 . 2009-12-04 14:35 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll + 2006-02-17 17:01 . 2010-04-03 01:33 2365288 c:\windows\system32\WMVCore.dll - 2006-02-17 16:59 . 2010-03-11 12:38 1168384 c:\windows\system32\urlmon.dll + 2006-02-17 16:59 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll - 2006-02-17 16:58 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll + 2006-02-17 16:58 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll + 2006-02-17 16:58 . 2010-05-04 17:20 3600384 c:\windows\system32\mshtml.dll + 2007-08-13 16:54 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll - 2007-08-13 16:54 . 2010-03-11 12:38 6067200 c:\windows\system32\ieframe.dll + 2006-02-17 17:01 . 2010-04-03 01:33 2365288 c:\windows\system32\dllcache\WMVCore.dll + 2008-10-15 12:11 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys + 2006-02-17 16:59 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll - 2006-02-17 16:59 . 2010-03-11 12:38 1168384 c:\windows\system32\dllcache\urlmon.dll - 2006-02-17 16:58 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll + 2006-02-17 16:58 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll + 2006-02-18 01:37 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll - 2006-02-18 01:37 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll + 2006-02-17 16:58 . 2010-05-04 17:20 3600384 c:\windows\system32\dllcache\mshtml.dll + 2008-09-23 08:08 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll - 2008-09-23 08:08 . 2010-03-11 12:38 6067200 c:\windows\system32\dllcache\ieframe.dll + 2010-04-07 21:48 . 2010-04-07 21:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll + 2010-03-23 03:32 . 2010-03-23 03:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll - 2008-11-25 02:59 . 2008-11-25 02:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2010-03-23 03:32 . 2010-03-23 03:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll - 2008-05-27 23:35 . 2008-05-27 23:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2010-04-01 09:42 . 2010-04-01 09:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2008-05-27 23:35 . 2008-05-27 23:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2010-04-01 09:42 . 2010-04-01 09:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2010-03-31 12:50 . 2010-03-31 12:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2008-05-27 22:48 . 2008-05-27 22:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2010-03-31 12:50 . 2010-03-31 12:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2010-04-01 09:42 . 2010-04-01 09:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2008-05-27 22:43 . 2008-05-27 22:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2010-04-11 20:17 . 2010-04-11 20:17 2607104 c:\windows\Installer\f84c1b.msp + 2010-04-11 20:17 . 2010-04-11 20:17 4210688 c:\windows\Installer\f84c1a.msp + 2010-06-12 21:52 . 2010-03-11 12:38 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll + 2010-06-12 21:52 . 2010-03-11 12:38 3599872 c:\windows\ie7updates\KB982381-IE7\mshtml.dll + 2010-06-12 21:52 . 2010-03-11 12:38 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll + 2010-06-12 22:13 . 2010-06-12 22:13 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_675ecb6b\System.dll + 2010-06-12 22:13 . 2010-06-12 22:13 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_31476286\System.dll + 2010-06-12 22:14 . 2010-06-12 22:14 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a2ceb260\System.Xml.dll + 2010-06-12 22:13 . 2010-06-12 22:13 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0d2189d5\System.Xml.dll + 2010-06-12 22:14 . 2010-06-12 22:14 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ef01ec36\System.Windows.Forms.dll + 2010-06-12 22:13 . 2010-06-12 22:13 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_9d7a08fa\System.Windows.Forms.dll + 2010-06-12 22:14 . 2010-06-12 22:14 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_aa655721\System.Drawing.dll + 2010-06-12 22:13 . 2010-06-12 22:13 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c349ffbd\System.Design.dll + 2010-06-12 22:14 . 2010-06-12 22:14 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_328f1caf\System.Design.dll + 2010-06-12 22:13 . 2010-06-12 22:13 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_51807571\mscorlib.dll + 2010-06-12 22:14 . 2010-06-12 22:14 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_01df5914\mscorlib.dll + 2010-06-12 22:07 . 2010-06-12 22:07 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll + 2010-06-12 22:25 . 2010-06-12 22:25 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll + 2010-06-12 22:16 . 2010-06-12 22:16 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP343.tmp\System.Data.OracleClient.dll + 2010-06-12 22:06 . 2010-06-12 22:06 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll + 2010-06-12 22:06 . 2010-06-12 22:06 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll + 2010-06-13 08:16 . 2010-06-13 08:16 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll + 2010-06-13 08:16 . 2010-06-13 08:16 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll + 2010-06-13 08:16 . 2010-06-13 08:16 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll + 2010-06-13 08:16 . 2010-06-13 08:16 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll + 2010-06-12 22:16 . 2010-06-12 22:16 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll + 2010-06-13 08:16 . 2010-06-13 08:16 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll + 2010-06-12 22:24 . 2010-06-12 22:24 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll + 2010-06-13 08:12 . 2010-06-13 08:12 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll + 2010-06-12 22:14 . 2010-06-12 22:14 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll + 2010-06-13 08:12 . 2010-06-13 08:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll + 2010-06-12 22:09 . 2010-06-12 22:09 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll + 2010-06-12 22:14 . 2010-06-12 22:14 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll + 2010-06-12 22:09 . 2010-06-12 22:09 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll + 2010-06-12 22:14 . 2010-06-12 22:14 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll + 2010-06-12 22:07 . 2010-06-12 22:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll + 2010-06-12 22:19 . 2010-06-12 22:19 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll + 2010-06-12 22:24 . 2010-06-12 22:24 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll + 2010-06-12 22:24 . 2010-06-12 22:24 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll + 2010-06-12 22:13 . 2010-06-12 22:13 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll + 2010-06-12 22:13 . 2010-06-12 22:13 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll + 2010-06-12 22:06 . 2010-06-12 22:06 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll + 2010-06-13 08:15 . 2010-06-13 08:15 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll + 2010-06-13 08:13 . 2010-06-13 08:13 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll + 2010-06-12 22:02 . 2010-06-12 22:02 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2009-10-19 08:41 . 2009-10-19 08:41 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2010-06-12 22:02 . 2010-06-12 22:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2010-06-12 22:02 . 2010-06-12 22:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2009-10-19 08:40 . 2009-10-19 08:40 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2010-06-12 22:05 . 2010-06-12 22:05 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2010-06-12 22:02 . 2010-06-12 22:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2009-10-19 08:40 . 2009-10-19 08:40 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2009-10-19 08:40 . 2009-10-19 08:40 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2010-06-12 22:02 . 2010-06-12 22:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2009-10-19 08:41 . 2009-10-19 08:41 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2010-06-12 22:02 . 2010-06-12 22:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2009-10-19 08:41 . 2009-10-19 08:41 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2010-06-12 22:02 . 2010-06-12 22:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2010-06-12 22:12 . 2010-06-12 22:12 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2009-10-19 08:31 . 2009-10-19 08:31 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2009-10-19 08:31 . 2009-10-19 08:31 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2010-06-12 22:12 . 2010-06-12 22:12 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2007-02-16 08:41 . 2010-05-28 10:37 32472008 c:\windows\system32\MRT.exe + 2010-04-02 17:29 . 2010-04-02 17:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp + 2010-04-02 10:30 . 2010-04-02 10:30 17456640 c:\windows\Installer\f84c46.msp + 2010-04-11 20:17 . 2010-04-11 20:17 14599680 c:\windows\Installer\f84c29.msp + 2010-06-12 22:10 . 2010-06-12 22:10 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll + 2010-06-12 22:15 . 2010-06-12 22:15 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll + 2010-06-13 08:12 . 2010-06-13 08:12 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll + 2010-06-12 22:16 . 2010-06-12 22:16 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll + 2010-06-12 22:11 . 2010-06-12 22:11 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll + 2010-06-12 22:09 . 2010-06-12 22:09 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-03-14 222496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976] "HPlsKey"="c:\program files\Panasonic\HPLSMAN\hplskey.exe" [2005-06-01 61440] "PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2004-08-06 110592] "PCinfo"="c:\program files\Panasonic\PCINFO\SetDiag.exe" [2005-06-15 45056] "Panasonic HotKey Manager"="c:\program files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-06-14 974848] "AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-04 401408] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-04 385024] "IDSMainMenu"="c:\program files\IDS Main Menu\IDS Main Menu2.exe" [2007-02-07 360448] "IDSTechnician"="c:\program files\IDS\TechLocale.exe" [2006-04-04 32768] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032] "Starburst"="c:\program files\Ford Motor Company\IDS\Runtime\Starburst.exe" [2010-02-21 90112] "Feedback"="c:\program files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" [2010-02-21 72704] "TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-01-11 11264] "ProbeTickHandler"="c:\program files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" [2010-02-21 43008] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-12-04 1037192] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Display Rotation Tool.lnk - c:\program files\Panasonic\DispRot\IDRot.exe [2006-2-18 81920] Panasonic Hand Writing.lnk - c:\program files\Panasonic\WRITING\Writing.exe [2006-2-18 278528] Software Keyboard.lnk - c:\program files\Panasonic\MEISKB\meiskb.exe [2006-2-18 139264] Wireless LAN Switch.lnk - c:\program files\Panasonic\WLANSW\WLANSW.EXE [2006-2-28 94208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2005-10-04 06:59 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FordEtis\\etisdvd.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ManualUpdate.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\manualcalibration.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\patchapply.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdbupdate.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SWUpdWizard.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C402.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C403.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C407.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C412.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C413.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"= R1 WLANSW;Panasonic PC Wireless LAN Switch Driver;c:\program files\Panasonic\WLANSW\WLANSW.sys [28/02/2006 14:14 7680] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/06/2010 08:48 108289] R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [28/02/2006 14:13 7168] R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\Panasonic\PCINFO\PCINFO.sys [18/02/2006 04:13 7168] R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [18/02/2006 04:14 8192] R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [17/02/2006 19:03 23463] R3 HTKPLUS;Panasonic Hotkey PLUS Driver;c:\windows\system32\drivers\HTKPLUS.SYS [17/02/2006 19:03 8448] S2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [07/02/2007 15:43 17920] S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [27/10/2004 01:15 31375] S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rsmartc.sys [17/02/2006 19:03 69460] S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [07/02/2007 15:41 22016] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = hxxp://www.ford.com/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-13 14:25 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(888) c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(700) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Heure de fin: 2010-06-13 14:29:49 ComboFix-quarantined-files.txt 2010-06-13 12:29 ComboFix2.txt 2010-06-12 18:12 ComboFix3.txt 2010-06-12 11:55 Avant-CF: 32 702 664 704 bytes free Après-CF: 32 804 376 576 octets libres - - End Of File - - 14181B7CA62C1BFD76511A88549716B0 -
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Ok, rien de grave? J'attend tes instructions. Merci -
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Bonjour, l'erreur n'est pas revenu, les maj windows update fonctionne, mais les maj de mon logiciel bloque toujours. Rapport log et info RSIT: Logfile of random's system information tool 1.07 (written by random/random) Run by IDS Administrator at 2010-06-13 10:27:03 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 32 GB (55%) free of 57 GB Total RAM: 502 MB (29% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:27:17, on 13/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Panasonic\HPLSMAN\hplskey.exe C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\IDS Main Menu\IDS Main Menu2.exe C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panasonic\DispRot\IDRot.exe C:\Program Files\Panasonic\WRITING\Writing.exe C:\Program Files\Panasonic\MEISKB\meiskb.exe C:\Program Files\Panasonic\WLANSW\WLANSW.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\IDS Administrator\Desktop\RSIT.exe C:\Program Files\trend micro\IDS Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ford.com/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPlsKey] C:\Program Files\Panasonic\HPLSMAN\hplskey.exe O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iDSMainMenu] "C:\Program Files\IDS Main Menu\IDS Main Menu2.exe" O4 - HKLM\..\Run: [iDSTechnician] "C:\Program Files\IDS\TechLocale.exe" O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [starburst] "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" O4 - HKLM\..\Run: [Feedback] "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" O4 - HKLM\..\Run: [TDSReanimator] "C:\Program Files\Common Files\Teradyne\TDSReanimator.exe" O4 - HKLM\..\Run: [ProbeTickHandler] "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Display Rotation Tool.lnk = ? O4 - Global Startup: Panasonic Hand Writing.lnk = ? O4 - Global Startup: Software Keyboard.lnk = ? O4 - Global Startup: Wireless LAN Switch.lnk = ? O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172140183305 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TDSNetSetup - Unknown owner - C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7958 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-03-10 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-03-10 126976] "HPlsKey"=C:\Program Files\Panasonic\HPLSMAN\hplskey.exe [2005-06-01 61440] "PRunOnce"=C:\util\prunonce\PRunOnce.exe [2004-08-06 110592] "PCinfo"=C:\Program Files\Panasonic\PCINFO\SetDiag.exe [2005-06-15 45056] "Panasonic HotKey Manager"=C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE [2005-06-14 974848] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-12-20 88358] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-10-04 401408] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-10-04 385024] "IDSMainMenu"=C:\Program Files\IDS Main Menu\IDS Main Menu2.exe [2007-02-07 360448] "IDSTechnician"=C:\Program Files\IDS\TechLocale.exe [2006-04-04 32768] "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-05 44032] "Starburst"=C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe [2010-02-21 90112] "Feedback"=C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe [2010-02-21 72704] "TDSReanimator"=C:\Program Files\Common Files\Teradyne\TDSReanimator.exe [2010-01-11 11264] "ProbeTickHandler"=C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe [2010-02-21 43008] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-12-04 1037192] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [2009-03-14 222496] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Display Rotation Tool.lnk - C:\Program Files\Panasonic\DispRot\IDRot.exe Panasonic Hand Writing.lnk - C:\Program Files\Panasonic\WRITING\Writing.exe Software Keyboard.lnk - C:\Program Files\Panasonic\MEISKB\meiskb.exe Wireless LAN Switch.lnk - C:\Program Files\Panasonic\WLANSW\WLANSW.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2005-03-10 348160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2005-10-04 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\FordEtis\etisdvd.exe"="C:\Program Files\FordEtis\etisdvd.exe:*:Enabled:FordEtis IDS Application Launcher" "C:\Program Files\Ford Motor Company\IDS\Runtime\ManualUpdate.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\ManualUpdate.exe:*:Enabled:Manual Update" "C:\Program Files\Ford Motor Company\IDS\Runtime\manualcalibration.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\manualcalibration.exe:*:Enabled:Manual Update" "C:\Program Files\Ford Motor Company\IDS\Runtime\patchapply.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\patchapply.exe:*:Enabled:Apply TDS Patch" "C:\Program Files\Ford Motor Company\IDS\Runtime\rtdbupdate.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\rtdbupdate.exe:*:Enabled:Update Database" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe:*:Enabled:Tabman Executable" "C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe:*:Enabled:System Page" "C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe:*:Enabled:Testman Executable" "C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe:*:Enabled:CodeServer Daemon" "C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe:*:Enabled:XML Registry Daemon" "C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe:*:Enabled:TDS Network Configuration" "C:\Program Files\Ford Motor Company\IDS\Runtime\SWUpdWizard.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\SWUpdWizard.exe:*:Enabled:Software Update Wizard" "C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe:*:Enabled:Apply TDS Patch" "C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe:*:Enabled:Update Database" "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe:*:Enabled:StarBurst" "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe:*:Enabled:Engineering Feedback" "C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe:*:Enabled:System Diagnostic Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe:*:Enabled:VMM System Diagnostic Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C402.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C402.exe:*:Enabled:C402 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C403.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C403.exe:*:Enabled:C403 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C407.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C407.exe:*:Enabled:C407 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C412.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C412.exe:*:Enabled:C412 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C413.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C413.exe:*:Enabled:C413 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe:*:Enabled:LVP Check Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech" "C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe:*:Enabled:LAN Connectivity Activation" "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe:*:Enabled:Tabman Executable" "C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe:*:Enabled:System Page" "C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe:*:Enabled:Testman Executable" "C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe:*:Enabled:CodeServer Daemon" "C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe:*:Enabled:XML Registry Daemon" "C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe:*:Enabled:TDS Network Configuration" "C:\Program Files\Ford Motor Company\IDS\Runtime\SWUpdWizard.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\SWUpdWizard.exe:*:Enabled:Software Update Wizard" "C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe:*:Enabled:Apply TDS Patch" "C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe:*:Enabled:Update Database" "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe:*:Enabled:StarBurst" "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe:*:Enabled:Engineering Feedback" "C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe:*:Enabled:System Diagnostic Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe:*:Enabled:VMM System Diagnostic Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C402.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C402.exe:*:Enabled:C402 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C403.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C403.exe:*:Enabled:C403 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C407.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C407.exe:*:Enabled:C407 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C412.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C412.exe:*:Enabled:C412 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C413.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\probes\C413.exe:*:Enabled:C413 Cable Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe:*:Enabled:LVP Check Test Application" "C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech" "C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe:*:Enabled:LAN Connectivity Activation" "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe"="C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable" ======List of files/folders created in the last 1 months====== 2010-06-13 10:27:03 ----D---- C:\rsit 2010-06-13 10:22:44 ----D---- C:\WINDOWS\system32\LogFiles 2010-06-13 00:14:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-06-13 00:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-06-13 00:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-06-13 00:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-06-13 00:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-06-13 00:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-06-12 21:41:33 ----D---- C:\Documents and Settings\IDS Administrator\Application Data\CheckPoint 2010-06-12 21:41:09 ----D---- C:\Program Files\CheckPoint 2010-06-12 21:40:57 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll 2010-06-12 21:40:55 ----A---- C:\WINDOWS\system32\vsregexp.dll 2010-06-12 21:40:51 ----A---- C:\WINDOWS\system32\zlcommdb.dll 2010-06-12 21:40:51 ----A---- C:\WINDOWS\system32\zlcomm.dll 2010-06-12 21:40:42 ----A---- C:\WINDOWS\system32\vswmi.dll 2010-06-12 21:40:40 ----A---- C:\WINDOWS\system32\zpeng25.dll 2010-06-12 21:40:39 ----D---- C:\WINDOWS\system32\ZoneLabs 2010-06-12 21:40:39 ----A---- C:\WINDOWS\system32\vsxml.dll 2010-06-12 21:40:39 ----A---- C:\WINDOWS\system32\vspubapi.dll 2010-06-12 21:40:39 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2010-06-12 21:40:35 ----D---- C:\Program Files\Zone Labs 2010-06-12 21:39:24 ----D---- C:\WINDOWS\Internet Logs 2010-06-12 21:39:09 ----A---- C:\WINDOWS\system32\vsdata.dll 2010-06-12 21:39:08 ----A---- C:\WINDOWS\system32\vsutil.dll 2010-06-12 21:39:08 ----A---- C:\WINDOWS\system32\vsinit.dll 2010-06-12 20:12:43 ----D---- C:\WINDOWS\temp 2010-06-12 20:12:40 ----A---- C:\ComboFix.txt 2010-06-12 20:07:52 ----A---- C:\TDSNetLog.txt 2010-06-12 13:36:59 ----A---- C:\Boot.bak 2010-06-12 13:36:49 ----RASHD---- C:\cmdcons 2010-06-12 13:35:21 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-06-12 13:35:21 ----A---- C:\WINDOWS\SWSC.exe 2010-06-12 13:35:21 ----A---- C:\WINDOWS\SWREG.exe 2010-06-12 13:35:21 ----A---- C:\WINDOWS\sed.exe 2010-06-12 13:35:21 ----A---- C:\WINDOWS\PEV.exe 2010-06-12 13:35:21 ----A---- C:\WINDOWS\NIRCMD.exe 2010-06-12 13:35:21 ----A---- C:\WINDOWS\MBR.exe 2010-06-12 13:35:21 ----A---- C:\WINDOWS\grep.exe 2010-06-12 13:35:10 ----D---- C:\WINDOWS\ERDNT 2010-06-12 13:34:58 ----D---- C:\Qoobox 2010-06-12 12:40:30 ----D---- C:\Program Files\Trend Micro 2010-06-12 12:39:45 ----D---- C:\HJT 2010-06-12 12:04:36 ----A---- C:\TB.txt 2010-06-12 12:03:45 ----D---- C:\ToolBar SD 2010-06-11 13:02:03 ----D---- C:\Documents and Settings\IDS Administrator\Application Data\Malwarebytes 2010-06-11 13:01:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-06-11 13:01:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-06-11 12:56:43 ----A---- C:\ZHPExportRegistry-11-06-2010-12-56-43.txt 2010-06-10 21:15:29 ----D---- C:\Program Files\ZHPDiag 2010-06-10 11:11:43 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-06-10 11:11:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-10 08:48:50 ----D---- C:\Program Files\Avira 2010-06-10 08:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2010-06-01 09:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$ 2010-06-01 09:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ ======List of files/folders modified in the last 1 months====== 2010-06-13 10:27:16 ----D---- C:\WINDOWS\Prefetch 2010-06-13 10:25:55 ----RD---- C:\Program Files 2010-06-13 10:22:44 ----D---- C:\WINDOWS\system32 2010-06-13 10:16:52 ----D---- C:\WINDOWS\Microsoft.NET 2010-06-13 10:16:33 ----RSD---- C:\WINDOWS\assembly 2010-06-13 10:06:38 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt 2010-06-13 10:06:24 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-13 00:26:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-13 00:19:14 ----D---- C:\WINDOWS 2010-06-13 00:14:35 ----HD---- C:\WINDOWS\inf 2010-06-13 00:14:33 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-06-13 00:14:09 ----A---- C:\WINDOWS\imsins.BAK 2010-06-13 00:13:18 ----HD---- C:\WINDOWS\$hf_mig$ 2010-06-13 00:12:54 ----SHD---- C:\WINDOWS\Installer 2010-06-13 00:07:27 ----D---- C:\Program Files\Outlook Express 2010-06-13 00:03:31 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-06-13 00:02:34 ----D---- C:\WINDOWS\WinSxS 2010-06-12 23:52:33 ----D---- C:\WINDOWS\system32\en-us 2010-06-12 23:52:33 ----D---- C:\Program Files\Internet Explorer 2010-06-12 23:52:19 ----D---- C:\WINDOWS\ie7updates 2010-06-12 20:12:44 ----D---- C:\WINDOWS\system32\drivers 2010-06-12 20:08:10 ----AC---- C:\WINDOWS\ODBC.INI 2010-06-12 20:05:57 ----A---- C:\WINDOWS\system.ini 2010-06-12 19:17:13 ----D---- C:\WINDOWS\AppPatch 2010-06-12 19:17:10 ----D---- C:\Program Files\Common Files 2010-06-12 13:36:59 ----RASH---- C:\boot.ini 2010-06-09 11:49:29 ----D---- C:\Program Files\Common Files\Teradyne 2010-06-08 19:37:57 ----D---- C:\Program Files\FordEtis 2010-06-08 16:37:45 ----D---- C:\WINDOWS\system32\CatRoot 2010-06-08 16:35:12 ----D---- C:\WINDOWS\system32\config 2010-06-08 16:34:40 ----D---- C:\WINDOWS\system32\wbem 2010-06-08 16:34:30 ----D---- C:\WINDOWS\Registration 2010-06-08 16:29:31 ----D---- C:\WINDOWS\system32\Restore 2010-05-28 12:37:36 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-10 28520] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-12-04 486280] R1 WLANSW;Panasonic PC Wireless LAN Switch Driver; \??\C:\Program Files\Panasonic\WLANSW\WLANSW.SYS [] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-18 17801] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-06-10 56816] R2 brecal;Panasonic Battery Recalibration Driver; \??\C:\Program Files\Panasonic\BRECAL\Brecal.sys [] R2 pcinfo;Panasonic PC Info. Viewer Driver; \??\C:\Program Files\Panasonic\PCINFO\pcinfo.sys [] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-09-06 11354] R2 SDKEY;Panasonic SD Misc. Function Driver; \??\C:\Program Files\Panasonic\SDKEY\SDKEY.SYS [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-12-20 1271463] R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 FIDMOU;Fujitsu touchpad; C:\WINDOWS\system32\DRIVERS\Fidmou.sys [2005-04-18 23463] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HOTKEY;Panasonic Hotkey Driver; C:\WINDOWS\system32\DRIVERS\HOTKEY.SYS [2003-03-17 9216] R3 HTKPLUS;Panasonic Hotkey PLUS Driver; C:\WINDOWS\system32\DRIVERS\HTKPLUS.SYS [2003-03-17 8448] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-03-10 827100] R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-11-11 276816] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-09-12 3298432] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-06-24 60160] S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 31744] S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128] S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 MOSUMAC;USB-Ethernet Driver; C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS [2004-08-30 31375] S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 RICOH SmartCard Reader;RICOH SmartCard Reader; C:\WINDOWS\system32\DRIVERS\rsmartc.sys [2003-12-22 69460] S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-16 2851] S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-06-20 44288] S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-06-17 98944] S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-08 36531] S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-11-16 50048] S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048] S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-21 34816] S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\RTL8150.SYS [2006-08-08 22016] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-06-10 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-06-10 185089] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664] R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-10-04 86016] R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-10-04 139264] R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-10-04 372809] R2 TDSNetSetup;TDSNetSetup; C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe [2010-01-11 17920] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-12-04 2384240] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-06-13 10:27:22 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.3.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Agere Systems AC'97 Modem-->agrsmdel Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Battery Recalibration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD5C2205-7BAD-4B87-BF9A-2BAC626B29C8}\Setup.exe" Calibration-->"C:\Program Files\InstallShield Installation Information\{097FE1B7-B186-426B-A4EC-D1D9D21D3099}\setup.exe" -runfromtemp -l0x040c -removeonly Czech - Panasonic Toughbook CF-18 Configuration-->MsiExec.exe /I{D7F52D63-B1A9-4F18-A336-57E3CF8B800E} Data Access Objects (DAO) 3.5-->C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL22.isu Désinstaller l'imprimante EPSON SX110 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSFBE.EXE /R /APD /P:"EPSON SX110 Series" Display Rotation Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6A55E65-1784-4E84-8EAA-DB4386E11ACF}\Setup.exe" -l0x9 DMI Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5639BE8E-33DA-402A-B414-1FBED9CC50E1}\Setup.exe" EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R FordEtis IDS 1.1928-->C:\Program Files\FordEtis\uninstall.exe Greek - Panasonic Toughbook CF-18 Configuration-->MsiExec.exe /I{C8A5A429-8EA9-420E-B357-7B7EE5040B15} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" HotKey Appendix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D39011-AD99-4980-ADF9-B8202173668D}\Setup.exe" -l0x9 Hotkey Driver for Panasonic PC-->wscript.exe C:\WINDOWS\system32\HKUNINST.vbs Hotkey Plus Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CB41492-DF16-4100-B2F8-7E007D858AF3}\Setup.exe" -l0x9 Hotkey Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEEFA812-64A6-4083-BB38-87F68B6BA820}\Setup.exe" IC4 Interface Device by SU Enterprise, Inc.-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8718A2BC-7E23-4D23-969A-2A2EC9E45B0E}\Setup.exe" -l0x9 IC4USB32 Icon Enlarger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93994589-6A13-49BE-8AF6-12AAC9A28529}\Setup.exe" IDS Main Menu-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\IDS Main Menu\ST6UNST.LOG" IDS-->"C:\Program Files\InstallShield Installation Information\{91DE1A85-7350-458A-B674-D7C8F3476299}\setup.exe" -runfromtemp -l0x040c -removeonly Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592 Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe Loupe Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DAA0AF0-3B51-4EE0-83CC-47A3582DFA51}\Setup.exe" -l0x9 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A} mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft GB18030 Support Package-->MsiExec.exe /I{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607} Panasonic Hand Writing 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5408344D-95C0-486A-9539-36EBBACADC68}\Setup.exe" PC Information Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30348D0E-37F0-41EE-869B-F0441A87FFEC}\Setup.exe" -l0x9 Puma-->MsiExec.exe /I{BCA5A78E-DB6F-4D03-8C3C-80CBF3BE6A5B} Russian - Panasonic Toughbook CF-18 Configuration-->MsiExec.exe /I{83FC7B10-10E6-4F9C-9203-D33653EE945C} SD Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B18C20D2-A3E9-422D-9136-99B5BDD6565D}\Setup.exe" -l0x9 Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Software Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B3181-280F-409C-BCC9-C69BE63688AE}\Setup.exe" -l0x9 touchpad/touchscreen-->Fidmouu.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe" Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" USB-Ethernet Adapter Device-->MacUnInstall.exe Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Internet Explorer 7 Multilingual User Interface (MUI)-->"C:\WINDOWS\ie7updates\IE7-MUI\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10 Hotfix [see KB887626 for more information]-->C:\WINDOWS\$NtUninstallKB887626$\spuninst\spuninst.exe Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Wireless LAN Switch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF758B2C-348F-4B43-9818-08895BDCFC1C}\Setup.exe" -l0x9 ZHPDiag 1.25-->"C:\Program Files\ZHPDiag\unins000.exe" ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Security center information====== AV: AntiVir Desktop FW: ZoneAlarm Firewall ======System event log====== Computer Name: IDS_CF-18 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Remote Access Connection Manager. Record Number: 36975 Source Name: Service Control Manager Time Written: 20100409080332.000000+120 Event Type: Informations User: IDS_CF-18\IDS Administrator Computer Name: IDS_CF-18 Event Code: 7036 Message: Le service IMAPI CD-Burning COM Service est entré dans l'état : en cours d'exécution. Record Number: 36974 Source Name: Service Control Manager Time Written: 20100409080330.000000+120 Event Type: Informations User: Computer Name: IDS_CF-18 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service IMAPI CD-Burning COM Service. Record Number: 36973 Source Name: Service Control Manager Time Written: 20100409080330.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: IDS_CF-18 Event Code: 7036 Message: Le service SSDP Discovery Service est entré dans l'état : en cours d'exécution. Record Number: 36972 Source Name: Service Control Manager Time Written: 20100409080329.000000+120 Event Type: Informations User: Computer Name: IDS_CF-18 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service SSDP Discovery Service. Record Number: 36971 Source Name: Service Control Manager Time Written: 20100409080329.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: IDS_CF-18 Event Code: 2002 Message: Record Number: 2907 Source Name: EAPOL Time Written: 20090921102602.000000+120 Event Type: Informations User: Computer Name: IDS_CF-18 Event Code: 2003 Message: Record Number: 2906 Source Name: EAPOL Time Written: 20090921102602.000000+120 Event Type: Informations User: Computer Name: IDS_CF-18 Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 2905 Source Name: SecurityCenter Time Written: 20090921102524.000000+120 Event Type: Informations User: Computer Name: IDS_CF-18 Event Code: 0 Message: Record Number: 2904 Source Name: RegSrvc Time Written: 20090921102523.000000+120 Event Type: Informations User: Computer Name: IDS_CF-18 Event Code: 0 Message: Record Number: 2903 Source Name: EvtEng Time Written: 20090921102520.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Ford Motor Company\IDS\Runtime "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "tvdumpflags"=8 -----------------EOF----------------- -
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Juste une erreur ci-dessous avec envoi de rapport windows (j'ai envoyer car revenu 2 fois): XML Registry Daemon a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru. Rapport combofix: ComboFix 10-06-11.01 - IDS Administrator 12/06/2010 19:12:25.2.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1033.18.502.207 [GMT 2:00] Lancé depuis: c:\documents and settings\IDS Administrator\Desktop\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\IDS Administrator\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\program files\ford motor company\ids\runtime\tmctrlbho.dll" "c:\windows\system32\hplsntf.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\ford motor company\ids\runtime\tmctrlbho.dll c:\windows\system32\hplsntf.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-12 au 2010-06-12 )))))))))))))))))))))))))))))))))))) . 2010-06-12 10:40 . 2010-06-12 10:40 -------- d-----w- c:\program files\Trend Micro 2010-06-12 10:39 . 2010-06-12 10:40 -------- d-----w- C:\HJT 2010-06-12 10:03 . 2010-06-12 10:05 -------- d-----w- C:\ToolBar SD 2010-06-11 11:02 . 2010-06-11 11:02 -------- d-----w- c:\documents and settings\IDS Administrator\Application Data\Malwarebytes 2010-06-11 11:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-11 11:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-10 19:15 . 2010-06-11 10:56 -------- d-----w- c:\program files\ZHPDiag 2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-10 06:48 . 2010-06-10 07:00 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-10 06:48 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-10 06:48 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-10 06:48 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\program files\Avira 2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-08 14:34 . 2010-06-08 14:34 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-09 09:49 . 2007-02-07 13:43 -------- d-----w- c:\program files\Common Files\Teradyne 2010-06-08 17:37 . 2007-02-07 13:51 -------- d-----w- c:\program files\FordEtis . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-03-14 222496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976] "HPlsKey"="c:\program files\Panasonic\HPLSMAN\hplskey.exe" [2005-06-01 61440] "PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2004-08-06 110592] "PCinfo"="c:\program files\Panasonic\PCINFO\SetDiag.exe" [2005-06-15 45056] "Panasonic HotKey Manager"="c:\program files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-06-14 974848] "AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-04 401408] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-04 385024] "IDSMainMenu"="c:\program files\IDS Main Menu\IDS Main Menu2.exe" [2007-02-07 360448] "IDSTechnician"="c:\program files\IDS\TechLocale.exe" [2006-04-04 32768] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032] "Starburst"="c:\program files\Ford Motor Company\IDS\Runtime\Starburst.exe" [2010-02-21 90112] "Feedback"="c:\program files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" [2010-02-21 72704] "TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-01-11 11264] "ProbeTickHandler"="c:\program files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" [2010-02-21 43008] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Display Rotation Tool.lnk - c:\program files\Panasonic\DispRot\IDRot.exe [2006-2-18 81920] Panasonic Hand Writing.lnk - c:\program files\Panasonic\WRITING\Writing.exe [2006-2-18 278528] Software Keyboard.lnk - c:\program files\Panasonic\MEISKB\meiskb.exe [2006-2-18 139264] Wireless LAN Switch.lnk - c:\program files\Panasonic\WLANSW\WLANSW.EXE [2006-2-28 94208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2005-10-04 06:59 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FordEtis\\etisdvd.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ManualUpdate.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\manualcalibration.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\patchapply.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdbupdate.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SWUpdWizard.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C402.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C403.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C407.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C412.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C413.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"= R1 WLANSW;Panasonic PC Wireless LAN Switch Driver;c:\program files\Panasonic\WLANSW\WLANSW.sys [28/02/2006 14:14 7680] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/06/2010 08:48 108289] R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [28/02/2006 14:13 7168] R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\Panasonic\PCINFO\PCINFO.sys [18/02/2006 04:13 7168] R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [18/02/2006 04:14 8192] R2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [07/02/2007 15:43 17920] R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [17/02/2006 19:03 23463] R3 HTKPLUS;Panasonic Hotkey PLUS Driver;c:\windows\system32\drivers\HTKPLUS.SYS [17/02/2006 19:03 8448] S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [27/10/2004 01:15 31375] S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rsmartc.sys [17/02/2006 19:03 69460] S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [07/02/2007 15:41 22016] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = hxxp://www.ford.com/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-12 20:05 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(872) c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(1344) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\System32\SCardSvr.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\windows\AGRSMMSG.exe c:\windows\system32\rundll32.exe c:\program files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe c:\program files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe c:\program files\Ford Motor Company\IDS\Runtime\CodeServeD.exe c:\windows\system32\dwwin.exe . ************************************************************************** . Heure de fin: 2010-06-12 20:12:39 - La machine a redémarré ComboFix-quarantined-files.txt 2010-06-12 18:12 ComboFix2.txt 2010-06-12 11:55 Avant-CF: 34 005 868 544 bytes free Après-CF: 33 988 509 696 octets libres - - End Of File - - C23D064D3A8B09ED323D0EBE6EB333CB -
trojan adatadrv.sys faux positif?
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Rapport GMER : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-12 21:02:58 Windows 6.0.6002 Service Pack 2 Running: zwcy54gm.exe; Driver: C:\Users\benjamin\AppData\Local\Temp\ugldyfow.sys ---- System - GMER 1.0.15 ---- SSDT 9D9CC33C ZwCreateThread SSDT 9D9CC328 ZwOpenProcess SSDT 9D9CC32D ZwOpenThread SSDT 9D9CC337 ZwTerminateProcess INT 0x52 ? 87496BF8 INT 0x62 ? 87496BF8 INT 0x82 ? 85B87BF8 INT 0x82 ? 87496BF8 INT 0x82 ? 85B87BF8 INT 0x92 ? 85B88BF8 INT 0xA2 ? 85B88BF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 824F2984 4 Bytes [3C, C3, 9C, 9D] {CMP AL, 0xc3; PUSHF ; POPF } .text ntkrnlpa.exe!KeSetEvent + 3F1 824F2B54 4 Bytes [28, C3, 9C, 9D] {SUB BL, AL; PUSHF ; POPF } .text ntkrnlpa.exe!KeSetEvent + 40D 824F2B70 4 Bytes [2D, C3, 9C, 9D] .text ntkrnlpa.exe!KeSetEvent + 621 824F2D84 4 Bytes [37, C3, 9C, 9D] {AAA ; RET ; PUSHF ; POPF } ? System32\Drivers\spqp.sys Le chemin d'accès spécifié est introuvable. ! .text USBPORT.SYS!DllUnload 8AB6B41B 5 Bytes JMP 874961D8 .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F201340, 0x40AA77, 0xE8000020] .text aj0xoniq.SYS 8F981000 22 Bytes [82, A3, 41, 82, 6C, A2, 41, ...] .text aj0xoniq.SYS 8F981017 181 Bytes [00, 32, 07, 70, 80, 3D, 05, ...] .text aj0xoniq.SYS 8F9810CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX} .text aj0xoniq.SYS 8F9810DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...] .text aj0xoniq.SYS 8F9810E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] kernel32.dll!FindResourceExA 76502575 7 Bytes JMP 2806C4C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] kernel32.dll!FindResourceA 76502653 5 Bytes JMP 2806C430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] kernel32.dll!CreateEventA 765244C0 5 Bytes JMP 2806BF90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] kernel32.dll!LockResource 765268DF 5 Bytes JMP 2806C670 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] kernel32.dll!FindResourceExW 765269FD 7 Bytes JMP 2806C3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] kernel32.dll!LoadResource 76526ADB 7 Bytes JMP 2806C550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] kernel32.dll!FindResourceW 76527FA1 5 Bytes JMP 2806C330 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] kernel32.dll!SizeofResource 76527FBF 7 Bytes JMP 2806C600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] ADVAPI32.dll!CryptDeriveKey 7605FCAE 7 Bytes JMP 2806BAA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] ADVAPI32.dll!CryptDecrypt 7605FE91 7 Bytes JMP 2806BB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!CreateDialogParamW 75A172A2 5 Bytes JMP 2806FC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!SetWindowPlacement 75A17963 5 Bytes JMP 2806FB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!SetWindowRgn 75A1A221 7 Bytes JMP 2806FBD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!LoadImageW 75A1C9E5 5 Bytes JMP 280702E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!LoadIconW 75A1DA9F 5 Bytes JMP 28070460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!CreateWindowExW 75A21305 5 Bytes JMP 2806DB70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!GetWindowLongW 75A2F8BF 7 Bytes JMP 28070590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!PeekMessageW 75A3045A 5 Bytes JMP 2806E590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!TrackPopupMenuEx 75A40CE7 5 Bytes JMP 2806EC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] USER32.dll!MessageBoxIndirectW 75A6D5D3 5 Bytes JMP 2806FE80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] SHELL32.dll!Shell_NotifyIconW 76618626 5 Bytes JMP 2806D260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] ole32.dll!CoRegisterClassObject 758D7DB6 5 Bytes JMP 2806C9D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] ole32.dll!CoCreateInstance 75919EA6 5 Bytes JMP 2806CC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] ole32.dll!CoInitializeEx 7591AD63 5 Bytes JMP 2806C8D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] WININET.dll!InternetReadFile 762C654B 5 Bytes JMP 28073800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] WININET.dll!InternetCloseHandle 762C9088 5 Bytes JMP 28073940 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] WININET.dll!HttpOpenRequestA 762CD508 5 Bytes JMP 280736A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1708] WININET.dll!HttpSendRequestA 762DEE89 5 Bytes JMP 280738A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806046D6] \SystemRoot\System32\Drivers\spqp.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80604042] \SystemRoot\System32\Drivers\spqp.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80604800] \SystemRoot\System32\Drivers\spqp.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806040C0] \SystemRoot\System32\Drivers\spqp.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060413E] \SystemRoot\System32\Drivers\spqp.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80613B90] \SystemRoot\System32\Drivers\spqp.sys IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortNotification] CC358B04 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortWritePortUchar] 838F9A7F IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd) IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8F9A50 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortStallExecution] 54771129 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortInitialize] B18D0502 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8 IAT \SystemRoot\System32\Drivers\aj0xoniq.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74217817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7426A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7421BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7420F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7420E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74248395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7421DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7420FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7420FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7429CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7423C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7420D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74206853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7420687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74212AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85B8E1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{FC259DD8-B65D-47B5-879F-CF083BFE6D6C} 87B7A1F8 Device \Driver\volmgr \Device\VolMgrControl 85B8A1F8 Device \Driver\usbohci \Device\USBPDO-0 874C41F8 Device \Driver\usbehci \Device\USBPDO-1 874C31F8 Device \Driver\PCI_PNP2310 \Device\00000045 spqp.sys Device \Driver\nvstor32 \Device\00000053 85B8D1F8 Device \Driver\usbohci \Device\USBPDO-2 874C41F8 Device \Driver\nvstor32 \Device\00000054 85B8D1F8 Device \Driver\usbehci \Device\USBPDO-3 874C31F8 Device \Driver\USBSTOR \Device\00000061 87BA6500 Device \Driver\sptd \Device\1250436319 spqp.sys AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) Device \Driver\USBSTOR \Device\00000063 87BA6500 Device \Driver\volmgr \Device\HarddiskVolume1 85B8A1F8 Device \Driver\volmgr \Device\HarddiskVolume2 85B8A1F8 Device \Driver\cdrom \Device\CdRom0 874C1500 Device \Driver\volmgr \Device\HarddiskVolume3 85B8A1F8 Device \Driver\cdrom \Device\CdRom1 874C1500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85B8C1F8 Device \Driver\atapi \Device\Ide\IdePort0 85B8C1F8 Device \Driver\atapi \Device\Ide\IdePort1 85B8C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 85B8C1F8 Device \Driver\volmgr \Device\HarddiskVolume4 85B8A1F8 Device \Driver\cdrom \Device\CdRom2 874C1500 Device \Driver\netbt \Device\NetBt_Wins_Export 87B7A1F8 Device \Driver\Smb \Device\NetbiosSmb 87B8C500 Device \Driver\nvstor32 \Device\RaidPort0 85B8D1F8 Device \Driver\iScsiPrt \Device\RaidPort1 874CA1F8 Device \Driver\usbohci \Device\USBFDO-0 874C41F8 Device \Driver\usbehci \Device\USBFDO-1 874C31F8 Device \Driver\usbohci \Device\USBFDO-2 874C41F8 Device \Driver\usbehci \Device\USBFDO-3 874C31F8 Device \Driver\aj0xoniq \Device\Scsi\aj0xoniq1Port4Path0Target0Lun0 874D71F8 Device \Driver\aj0xoniq \Device\Scsi\aj0xoniq1 874D71F8 Device \FileSystem\cdfs \Cdfs 87E8A1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0x8A 0x5B 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x36 0xC1 0x67 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0x63 0x70 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x38 0x49 0xC6 0x7C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0x8A 0x5B 0xAB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x36 0xC1 0x67 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0x63 0x70 0xAD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x38 0x49 0xC6 0x7C ... ---- EOF - GMER 1.0.15 ---- -
trojan adatadrv.sys faux positif?
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Oui, MBAM il à demander le reboot, le redemarrage s'est bien passé. Je pense etre débarrasser du trojan? A+ -
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
Re, Voici le rapport combofix: ComboFix 10-06-11.01 - IDS Administrator 12/06/2010 13:41:42.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1033.18.502.230 [GMT 2:00] Lancé depuis: c:\documents and settings\IDS Administrator\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-12 au 2010-06-12 )))))))))))))))))))))))))))))))))))) . 2010-06-12 10:40 . 2010-06-12 10:40 -------- d-----w- c:\program files\Trend Micro 2010-06-12 10:39 . 2010-06-12 10:40 -------- d-----w- C:\HJT 2010-06-12 10:03 . 2010-06-12 10:05 -------- d-----w- C:\ToolBar SD 2010-06-11 11:02 . 2010-06-11 11:02 -------- d-----w- c:\documents and settings\IDS Administrator\Application Data\Malwarebytes 2010-06-11 11:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-11 11:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-10 19:15 . 2010-06-11 10:56 -------- d-----w- c:\program files\ZHPDiag 2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-10 06:48 . 2010-06-10 07:00 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-10 06:48 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-10 06:48 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-10 06:48 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\program files\Avira 2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-08 14:34 . 2010-06-08 14:34 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-09 09:49 . 2007-02-07 13:43 -------- d-----w- c:\program files\Common Files\Teradyne 2010-06-08 17:37 . 2007-02-07 13:51 -------- d-----w- c:\program files\FordEtis . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-03-14 222496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976] "HPlsKey"="c:\program files\Panasonic\HPLSMAN\hplskey.exe" [2005-06-01 61440] "PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2004-08-06 110592] "PCinfo"="c:\program files\Panasonic\PCINFO\SetDiag.exe" [2005-06-15 45056] "Panasonic HotKey Manager"="c:\program files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-06-14 974848] "AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-04 401408] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-04 385024] "IDSMainMenu"="c:\program files\IDS Main Menu\IDS Main Menu2.exe" [2007-02-07 360448] "IDSTechnician"="c:\program files\IDS\TechLocale.exe" [2006-04-04 32768] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032] "Starburst"="c:\program files\Ford Motor Company\IDS\Runtime\Starburst.exe" [2010-02-21 90112] "Feedback"="c:\program files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" [2010-02-21 72704] "TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-01-11 11264] "ProbeTickHandler"="c:\program files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" [2010-02-21 43008] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Display Rotation Tool.lnk - c:\program files\Panasonic\DispRot\IDRot.exe [2006-2-18 81920] Panasonic Hand Writing.lnk - c:\program files\Panasonic\WRITING\Writing.exe [2006-2-18 278528] Software Keyboard.lnk - c:\program files\Panasonic\MEISKB\meiskb.exe [2006-2-18 139264] Wireless LAN Switch.lnk - c:\program files\Panasonic\WLANSW\WLANSW.EXE [2006-2-28 94208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\HPLSNTF] 2005-06-01 21:02 53248 ----a-w- c:\windows\system32\HPLSNTF.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2005-10-04 06:59 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FordEtis\\etisdvd.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ManualUpdate.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\manualcalibration.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\patchapply.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdbupdate.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SWUpdWizard.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C402.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C403.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C407.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C412.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C413.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"= R1 WLANSW;Panasonic PC Wireless LAN Switch Driver;c:\program files\Panasonic\WLANSW\WLANSW.sys [28/02/2006 14:14 7680] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/06/2010 08:48 108289] R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [28/02/2006 14:13 7168] R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\Panasonic\PCINFO\PCINFO.sys [18/02/2006 04:13 7168] R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [18/02/2006 04:14 8192] R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [17/02/2006 19:03 23463] R3 HTKPLUS;Panasonic Hotkey PLUS Driver;c:\windows\system32\drivers\HTKPLUS.SYS [17/02/2006 19:03 8448] S2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [07/02/2007 15:43 17920] S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [27/10/2004 01:15 31375] S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rsmartc.sys [17/02/2006 19:03 69460] S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [07/02/2007 15:41 22016] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = hxxp://www.ford.com/ . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-\\ANTON-GN8G3KS7K\EPSON Stylus DX3800 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE AddRemove-HijackThis - c:\documents and settings\IDS Administrator\Local Settings\Temporary Internet Files\Content.IE5\PEVBO4NK\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-12 13:51 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(868) c:\windows\system32\HPLSNtf.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(972) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Heure de fin: 2010-06-12 13:55:48 ComboFix-quarantined-files.txt 2010-06-12 11:55 Avant-CF: 34 002 055 168 bytes free Après-CF: 33 969 807 360 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 9F4B09FEB07F48A09C76C25ACAF408B3 -
trojan adatadrv.sys faux positif?
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
re, Oui excuse moi j'aurais du préciser qu'il s'agissait d'un autre pc (mon pc de bureau). J'ai fixé avec MBAM et donc le fichier est introuvable ensuite? Qu'en pense tu? Merci Benji -
infection trojan virtumonde + blocage mise a jour logiciel de travail.
benjifast a répondu à un(e) sujet de benjifast dans Analyses et éradication malwares
re, je t'ai envoyé un MP sur l'autre sujet que j'ai posté car rien avoir avec celui-ci. j'avais deja fait une analyse MBAM hier, mais dit moi si tu veut que je la refasse quand meme, Rapport MBAM: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4188 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 11/06/2010 15:46:39 mbam-log-2010-06-11 (15-46-39).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 431632 Temps écoulé: 2 heure(s), 42 minute(s), 53 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -
Bonjour, Et maintenant au tour de mon pc de bureau la psychose!! Suite analyse avec malwarebytes, j'ai trouver un trojan adatadrv.sys. je pense que c'est un faux positif mais j'aimerais confirmation, pouvez-vous me confirmer? Merci benji rapport malwarebyte: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4190 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 12/06/2010 12:53:30 mbam-log-2010-06-12 (12-53-30).txt Type d'examen: Examen complet (C:\|F:\|) Elément(s) analysé(s): 286016 Temps écoulé: 1 heure(s), 19 minute(s), 47 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adatadrv (Trojan.Agent) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\System32\drivers\adatadrv.sys (Trojan.Agent) -> No action taken. C:\Windows\System32\DriverStore\FileRepository\adatadrv.inf_74447a32\adatadrv.sys (Trojan.Agent) -> No action taken.