Aller au contenu
tdanny6

( résolu )aide pour virus backdoor trojan et w32 spybot worm

Messages recommandés

Bonjour ,

voila je suis nouveau sur le forum ,en informatique aussi , un vrai débutant !! ( soyez indulgent SVP , merci ).

Bon voila mon problème ; il ya trois jours ,norton me signale un virus W32 spybot.worm et comme quoi il n'a pas été transmis .La même annonce est revenue plusieur fois, après recherches et différent logiciel plus rien pour l'instant ( détruit ou ??)

mais aujourd'hui vlan rebelote norton me signal un virus bakdoor trojan , 18 fois sur cet après midi. J' ai de nouveau testé avec quelques logiciels mais la rien a faire!! d'ou mon appel a l'aide .J'ai pu voir que l'on demandais souvent un rapport hijackhis, j'ai donc charger le programme ( j'espére ne pas avoir déjà fais une bêtise ? ) et analysé mon ordinateur , voici le résultat:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:21:11, on 21/01/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\ezNTSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\htpatch.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\WINDOWS\TEMP\B8CF.tmp

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\System32\prodsrvs.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skynet.be

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

R3 - URLSearchHook: nuls Toolbar - {4acca1a7-ecc8-4c89-be52-b11919042bbf} - C:\Program Files\nuls\tbnuls.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll

O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: nuls Toolbar - {4acca1a7-ecc8-4c89-be52-b11919042bbf} - C:\Program Files\nuls\tbnuls.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sDR6V_Check] "C:\Documents and Settings\ok\Mes documents\SDRmon.exe"

O4 - HKCU\..\Run: [system Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\System32\prodsrvs.exe /res

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab

O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137956595296

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127471785543

O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4..._1070_em_XP.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0....0/Installer.exe

O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.asian-x.org/acces/237/asian-x_an.exe

O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/cd/1,0,3,8...AccesMembre.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...942/mcfscan.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup...er/imloader.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{12C8F930-42F1-4562-B0BE-78A1B34985C6}: NameServer = 195.238.2.22 195.238.2.21

O17 - HKLM\System\CS1\Services\Tcpip\..\{12C8F930-42F1-4562-B0BE-78A1B34985C6}: NameServer = 195.238.2.22 195.238.2.21

O17 - HKLM\System\CS2\Services\Tcpip\..\{12C8F930-42F1-4562-B0BE-78A1B34985C6}: NameServer = 195.238.2.22 195.238.2.21

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\System32\ezNTSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\ok\LOCALS~1\Temp\ieupdate.exe (file missing)

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

 

Voila si quelqu'un pouvais m'aidé car moi j'y comprend absolument rien.

En remerciant déjà toutes personne qui pourrais m'éclairez dans tous sa.

Merci. :P

Danny

Modifié par tdanny6

Partager ce message


Lien à poster
Partager sur d’autres sites

salut et bienvenue

 

* Télécharge DiagHelp.exe sur ton bureau

  • quitte toutes les applications en cours, il va y avoir un redémarrage de ton pc.
  • Double-clique sur DiagHelp.exe : une fenêtre cmd va s'ouvrir, choisis l'option 1
  • On te demandera d'appuyer sur une touche lorsque le scan est terminé: le pc va alors redémarrer.
  • au redémarrage du pc copie/colle le contenu du bloc-note qui vient de s'ouvrir, dans ton prochain post.

Télécharge Blacklight (de F-Secure); clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

 

Double-clique blbeta.exe et accepte la licence; clique Scan puis Next

 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

 

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

 

Le pc est infecté par Magic Control Agent entre autres. Poste stp ces rapports

Partager ce message


Lien à poster
Partager sur d’autres sites

Un grand merci pour l'aide et surtout pour la rapidité.

Voila pour diaghelp.exe pas de redémarrage mais ouverture du bloc note, voici le contenu;

 

C:\WINDOWS\System32\nvapps.xml -->21/01/2007 23:40:24

C:\WINDOWS\System32\wpa.dbl -->21/01/2007 20:25:03

C:\WINDOWS\System32\i -->19/01/2007 21:56:24

C:\WINDOWS\System32\Uninstall.ico -->19/01/2007 16:02:50

C:\WINDOWS\System32\pavas.ico -->19/01/2007 16:02:50

C:\WINDOWS\System32\Help.ico -->19/01/2007 16:02:50

C:\WINDOWS\System32\update77526596.exe -->19/01/2007 0:06:30

C:\WINDOWS\System32\RunOnce.t__ -->19/01/2007 0:06:30

C:\WINDOWS\System32\crypts.dll -->19/01/2007 0:06:27

C:\WINDOWS\System32\update00822631.exe -->19/01/2007 0:06:24

C:\WINDOWS\System32\RunOnce.tm_ -->19/01/2007 0:06:15

C:\WINDOWS\System32\nvs2.inf -->17/01/2007 15:27:32

C:\WINDOWS\System32\prodsrvs.exe -->10/01/2007 10:35:26

C:\WINDOWS\System32\mmc.exe.config -->9/01/2007 14:13:32

C:\WINDOWS\System32\MRT.exe -->3/01/2007 0:19:44

C:\WINDOWS\System32\ElbyCDIO.dll -->13/12/2006 21:24:42

C:\WINDOWS\System32\WgaTray.exe -->17/11/2006 21:08:28

C:\WINDOWS\System32\WgaLogon.dll -->17/11/2006 21:08:28

C:\WINDOWS\System32\LegitCheckControl.DLL -->30/10/2006 11:25:08

C:\WINDOWS\System32\PerfStringBackup.INI -->29/10/2006 12:02:47

C:\WINDOWS\System32\perfh00C.dat -->29/10/2006 12:02:47

C:\WINDOWS\System32\perfh009.dat -->29/10/2006 12:02:47

C:\WINDOWS\System32\perfc00C.dat -->29/10/2006 12:02:47

C:\WINDOWS\System32\perfc009.dat -->29/10/2006 12:02:47

C:\WINDOWS\System32\QuickTimeVR.qtx -->25/10/2006 19:15:06

 

C:\WINDOWS.log -->21/01/2007 23:39:31

C:\WINDOWS\WindowsUpdate.log -->21/01/2007 23:39:29

C:\WINDOWS\wiadebug.log -->21/01/2007 23:39:28

C:\WINDOWS\wiaservc.log -->21/01/2007 23:39:27

C:\WINDOWS\bootstat.dat -->21/01/2007 23:39:24

C:\WINDOWS\tmlpcert2007 -->21/01/2007 21:15:40

C:\WINDOWS\setupapi.log -->21/01/2007 21:06:16

C:\WINDOWS\NeroDigital.ini -->21/01/2007 20:52:49

C:\WINDOWS\SchedLgU.Txt -->21/01/2007 20:23:43

C:\WINDOWS\AUTOLNCH.REG -->21/01/2007 18:32:12

C:\WINDOWS\MEMORY.DMP -->19/01/2007 21:43:16

C:\WINDOWS\pavsig.txt -->19/01/2007 16:02:56

C:\WINDOWS\9129837.exe -->19/01/2007 0:06:28

C:\WINDOWS\pack.epk -->17/01/2007 15:27:19

C:\WINDOWS\Ulead32.ini -->17/01/2007 1:05:28

 

C:\WINDOWS\9129837.exe |19/01/2007 00:06:35

C:\WINDOWS\htpatch.exe |02/09/2003 15:11:48

C:\WINDOWS\InstIt.exe |13/10/2004 10:35:41

C:\WINDOWS\IsUn040c.exe |02/09/2003 15:11:18

C:\WINDOWS\IsUninst.exe |11/09/2003 20:27:33

C:\WINDOWS\mHotkey.exe |13/10/2004 10:35:41

C:\WINDOWS\NuNinst.exe |27/11/2003 13:11:25

C:\WINDOWS\PATCH.EXE |08/06/2004 23:30:51

C:\WINDOWS\runtsckl.exe |24/03/2004 17:22:16

C:\WINDOWS\SkyCancel.exe |09/09/2004 23:16:22

C:\WINDOWS\SkyEnd.exe |09/09/2004 23:16:21

C:\WINDOWS\SkyEnd2.exe |09/09/2004 23:16:21

C:\WINDOWS\SkyGoOn.exe |09/09/2004 23:16:20

C:\WINDOWS\SynCor.exe |02/09/2003 15:12:08

C:\WINDOWS\tsc.exe |08/06/2004 23:31:19

C:\WINDOWS\twunk_16.exe |30/09/2001 11:49:06

C:\WINDOWS\twunk_32.exe |30/09/2001 11:49:06

C:\WINDOWS\UNIDRV.exe |28/12/2003 19:01:30

C:\WINDOWS\unin040c.exe |05/09/2003 08:16:01

C:\WINDOWS\uninst.exe |02/09/2003 22:00:44

C:\WINDOWS\UNNERO.exe |28/12/2003 18:53:07

C:\WINDOWS\UNNeroNET.exe |27/11/2003 14:33:14

C:\WINDOWS\UNNeroVision.exe |25/11/2005 05:33:14

C:\WINDOWS\UNNMIX.exe |12/11/2006 22:20:23

C:\WINDOWS\UNNMP.exe |08/01/2005 12:58:47

C:\WINDOWS\UNNVEContent.exe |21/10/2006 22:39:16

C:\WINDOWS\UnSiSUSB.exe |07/04/2004 21:06:17

C:\WINDOWS\unvise32.exe |02/12/2003 10:56:02

C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20

C:\WINDOWS\BPMNT.dll |08/06/2004 23:31:19

C:\WINDOWS\HCExtOutput.dll |08/06/2004 23:31:19

C:\WINDOWS\HIDMNT.dll |13/10/2004 10:35:41

C:\WINDOWS\loadhttp.dll |15/10/2002 13:29:40

C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46

C:\WINDOWS\SynthCoreA.Dll |02/09/2003 15:12:08

C:\WINDOWS\TMUPDATE.DLL |08/06/2004 23:30:52

C:\WINDOWS\twain.dll |30/09/2001 11:49:06

C:\WINDOWS\twain_32.dll |30/09/2001 11:49:06

C:\WINDOWS\UNZIP.DLL |08/06/2004 23:30:51

C:\WINDOWS\vsapi32.dll |08/06/2004 23:31:19

C:\WINDOWS\winio.dll |02/09/2003 15:11:48

C:\WINDOWS\system32\append.exe |30/09/2001 11:47:50

C:\WINDOWS\system32\asuninst.exe |19/01/2007 15:36:17

C:\WINDOWS\system32\CleanUp.exe |02/09/2003 15:12:03

C:\WINDOWS\system32\debug.exe |30/09/2001 11:47:58

C:\WINDOWS\system32\DivXsm.exe |23/11/2005 05:00:00

C:\WINDOWS\system32\dms4UVCon.exe |20/08/2005 12:49:48

C:\WINDOWS\system32\dosx.exe |30/09/2001 11:48:00

C:\WINDOWS\system32\DSndUp.exe |02/09/2003 15:12:03

C:\WINDOWS\system32\dvdplay.exe |23/08/2001 18:47:34

C:\WINDOWS\system32\edlin.exe |30/09/2001 11:48:12

C:\WINDOWS\system32\exe2bin.exe |30/09/2001 11:48:14

C:\WINDOWS\system32\ezMAPIHelper.exe |06/07/2005 20:55:30

C:\WINDOWS\system32\ezntsvc.exe |06/07/2005 20:55:30

C:\WINDOWS\system32\ezSetup.exe |06/07/2005 20:55:30

C:\WINDOWS\system32\ezShellStart.exe |06/07/2005 20:55:29

C:\WINDOWS\system32\ezUninst.exe |06/07/2005 20:55:30

C:\WINDOWS\system32\fastopen.exe |30/09/2001 11:48:14

C:\WINDOWS\system32\keystone.exe |20/09/2006 16:25:00

C:\WINDOWS\system32\mem.exe |30/09/2001 11:48:26

C:\WINDOWS\system32\mscdexnt.exe |30/09/2001 11:48:30

C:\WINDOWS\system32\NeroCheck.exe |11/11/2003 13:28:12

C:\WINDOWS\system32\nlsfunc.exe |30/09/2001 11:48:40

C:\WINDOWS\system32\nvappbar.exe |20/09/2006 16:25:00

C:\WINDOWS\system32\nvcolor.exe |20/09/2006 16:25:00

C:\WINDOWS\system32\nvcplui.exe |20/09/2006 16:25:00

C:\WINDOWS\system32\nvdspsch.exe |20/09/2006 16:25:00

C:\WINDOWS\system32\nvsvc32(2).exe |02/09/2003 15:15:40

C:\WINDOWS\system32\nvsvc32(4).exe |06/10/2003 14:16:00

C:\WINDOWS\system32\nvsvc32.exe |20/09/2006 16:25:00

C:\WINDOWS\system32\nvudisp.exe |08/12/2003 02:07:00

C:\WINDOWS\system32\NVUNINST.EXE |16/11/2006 08:48:43

C:\WINDOWS\system32\nwiz.exe |20/09/2006 16:25:00

C:\WINDOWS\system32\prodsrvs.exe |21/01/2007 21:06:15

C:\WINDOWS\system32\redir.exe |30/09/2001 11:48:54

C:\WINDOWS\system32\setver.exe |30/09/2001 11:48:58

C:\WINDOWS\system32\share.exe |30/09/2001 11:48:58

C:\WINDOWS\system32\SymTdiRg.exe |07/09/2003 14:54:44

C:\WINDOWS\system32\update00822631.exe |19/01/2007 00:06:21

C:\WINDOWS\system32\update77526596.exe |19/01/2007 00:06:30

C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 18:47:48

C:\WINDOWS\system32\usrprbda.exe |23/08/2001 18:47:48

C:\WINDOWS\system32\usrshuta.exe |23/08/2001 18:47:48

C:\WINDOWS\system32\a3d.dll |02/09/2003 15:12:04

C:\WINDOWS\system32\AcubeStrE.dll |20/08/2005 12:49:48

C:\WINDOWS\system32\AcubeStrK.dll |20/08/2005 12:49:48

C:\WINDOWS\system32\amstream.dll |10/11/2003 01:11:02

C:\WINDOWS\system32\atmfd.dll |30/09/2001 11:47:52

C:\WINDOWS\system32\atmlib.dll |30/09/2001 11:47:52

C:\WINDOWS\system32\Audio3d.dll |02/09/2003 15:12:05

C:\WINDOWS\system32\Camext30.dll |26/11/2003 20:28:17

C:\WINDOWS\system32\CamUsd30.dll |13/11/2003 20:52:24

C:\WINDOWS\system32\CCPASSWD.DLL |07/09/2003 22:14:59

C:\WINDOWS\system32\CCTRUST.DLL |07/09/2003 22:14:59

C:\WINDOWS\system32\compatUI.dll |30/09/2001 11:47:56

C:\WINDOWS\system32\CryptoSeed.dll |20/08/2005 12:49:48

C:\WINDOWS\system32\crypts.dll |19/01/2007 00:06:27

C:\WINDOWS\system32\dgrpsetu.dll |02/09/2003 14:36:23

C:\WINDOWS\system32\dgsetup.dll |02/09/2003 14:36:23

C:\WINDOWS\system32\DivX.dll |07/12/2005 18:05:50

C:\WINDOWS\system32\DivXc32.dll |01/04/2000 04:35:00

C:\WINDOWS\system32\DivXc32f.dll |01/04/2000 04:35:00

C:\WINDOWS\system32\divxdec_0407.dll |26/10/2004 23:38:18

C:\WINDOWS\system32\divxdec_040c.dll |26/10/2004 23:38:18

C:\WINDOWS\system32\divxdec_0411.dll |26/10/2004 23:38:18

C:\WINDOWS\system32\divx_xx07.dll |07/12/2005 18:05:49

C:\WINDOWS\system32\divx_xx0c.dll |07/12/2005 18:05:49

C:\WINDOWS\system32\divx_xx11.dll |07/12/2005 18:05:48

C:\WINDOWS\system32\dpl100.dll |27/10/2005 20:37:44

C:\WINDOWS\system32\dpu10.dll |27/10/2005 20:37:43

C:\WINDOWS\system32\dpu11.dll |27/10/2005 20:37:43

C:\WINDOWS\system32\dpuGUI10.dll |27/10/2005 20:37:47

C:\WINDOWS\system32\dpuGUI11.dll |27/10/2005 20:37:44

C:\WINDOWS\system32\dpus10.dll |13/08/2004 23:24:57

C:\WINDOWS\system32\dpus11.dll |27/10/2005 20:37:43

C:\WINDOWS\system32\dpv10.dll |13/08/2004 23:24:57

C:\WINDOWS\system32\dpv11.dll |27/10/2005 20:37:43

C:\WINDOWS\system32\dtu100.dll |27/10/2005 20:37:43

C:\WINDOWS\system32\dunzip32.dll |13/11/2005 06:47:54

C:\WINDOWS\system32\dzip32.dll |13/11/2005 06:47:54

C:\WINDOWS\system32\EDCode.dll |20/08/2005 12:49:48

C:\WINDOWS\system32\EDCodeCom.dll |20/08/2005 12:49:49

C:\WINDOWS\system32\EGDHTML_1024.dll |13/11/2003 11:54:08

C:\WINDOWS\system32\ElbyCDIO.dll |13/12/2006 21:24:42

C:\WINDOWS\system32\EqnClass.Dll |02/09/2003 14:36:22

C:\WINDOWS\system32\ezBook.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezEMail.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezFileImport.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezHints.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezLicPrompt.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezMenu.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezPrint.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezRas.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezScore.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezShell.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezSubs.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezUPBHook.dll |06/07/2005 20:55:29

C:\WINDOWS\system32\ezUtils.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\ezWizard.dll |13/06/2005 11:00:00

C:\WINDOWS\system32\GEARAspi.dll |19/09/2006 15:43:58

C:\WINDOWS\system32\GZIPLibMinorEx.dll |20/08/2005 12:49:48

C:\WINDOWS\system32\hpfinst.dll |12/09/2001 17:46:47

C:\WINDOWS\system32\hpgmastr.dll |03/09/2003 19:31:02

C:\WINDOWS\system32\hpgmatk.dll |03/09/2003 19:31:02

C:\WINDOWS\system32\hpgmausd.dll |03/09/2003 19:31:01

C:\WINDOWS\system32\hpgreg32.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\HPODXPAT.DLL |27/05/2004 15:00:52

C:\WINDOWS\system32\HPptp02.dll |07/11/2003 13:54:51

C:\WINDOWS\system32\HPptp03.dll |20/03/2003 10:57:22

C:\WINDOWS\system32\hpsj32.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\hpsjvset.dll |03/09/2003 19:31:01

C:\WINDOWS\system32\hpzcoi03.dll |23/07/2001 19:01:39

C:\WINDOWS\system32\hpzcoi04.dll |12/09/2001 17:47:20

C:\WINDOWS\system32\hpzcon03.dll |23/07/2001 19:01:40

C:\WINDOWS\system32\hpzcon04.dll |12/09/2001 17:47:20

C:\WINDOWS\system32\hpzlnt03.dll |25/10/2003 01:25:39

C:\WINDOWS\system32\hpzlnt04.dll |12/09/2001 17:47:22

C:\WINDOWS\system32\hticons.dll |02/09/2003 08:03:37

C:\WINDOWS\system32\hypertrm.dll |02/09/2003 08:03:37

C:\WINDOWS\system32\ic32.dll |05/09/2003 08:10:21

C:\WINDOWS\system32\iccvid.dll |30/09/2001 11:48:20

C:\WINDOWS\system32\IDEproperty.dll |02/09/2003 15:11:29

C:\WINDOWS\system32\imagr5.dll |28/10/2003 22:47:27

C:\WINDOWS\system32\imagx5.dll |28/10/2003 22:47:27

C:\WINDOWS\system32\ImagX7.dll |08/01/2005 12:52:03

C:\WINDOWS\system32\ImagXpr5.dll |28/10/2003 22:47:27

C:\WINDOWS\system32\ImagXpr7.dll |08/01/2005 12:52:04

C:\WINDOWS\system32\ImagXR7.dll |08/01/2005 12:52:05

C:\WINDOWS\system32\ImagXRA7.dll |08/01/2005 12:52:06

C:\WINDOWS\system32\ipeapi12.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\ipebase12.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\ipeistor12.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\ir32_32.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\ir41_qc.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\ir41_qcx.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\ir50_32.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\ir50_qc.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\ir50_qcx.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\isrdbg32.dll |02/09/2003 08:05:08

C:\WINDOWS\system32\Iticheck.dll |10/10/1998 23:07:38

C:\WINDOWS\system32\itidat.dll |21/05/1999 21:37:16

C:\WINDOWS\system32\itidib.dll |21/05/1999 21:37:28

C:\WINDOWS\system32\itiimg2.dll |15/07/1998 20:40:50

C:\WINDOWS\system32\Jgar500.dll |07/11/2003 13:56:39

C:\WINDOWS\system32\jgaw400.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\jgdw400.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\Jgdw500.dll |07/11/2003 13:56:39

C:\WINDOWS\system32\Jgid500.dll |07/11/2003 13:56:39

C:\WINDOWS\system32\jgmd400.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\Jgme500.dll |07/11/2003 13:56:39

C:\WINDOWS\system32\jgpl400.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\Jgpl500.dll |07/11/2003 13:56:39

C:\WINDOWS\system32\jgsd400.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\jgsh400.dll |30/09/2001 11:48:22

C:\WINDOWS\system32\Jgst500.dll |07/11/2003 13:56:39

C:\WINDOWS\system32\LCodcCMP.dll |07/11/2003 13:54:29

C:\WINDOWS\system32\ldf252.dll |07/11/2003 13:56:40

C:\WINDOWS\system32\lfavi11n.dll |26/11/2003 20:42:38

C:\WINDOWS\system32\lfbmp11n.dll |26/11/2003 20:29:19

C:\WINDOWS\system32\lfbmp13n.dll |14/01/2005 15:41:59

C:\WINDOWS\system32\LFCMP11n.DLL |26/11/2003 20:29:19

C:\WINDOWS\system32\lfcmp13n.dll |14/01/2005 15:41:59

C:\WINDOWS\system32\LFCMP70n.DLL |03/09/2003 19:31:53

C:\WINDOWS\system32\lffax11n.dll |26/11/2003 20:29:19

C:\WINDOWS\system32\lffax70n.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\lffpx11n.dll |26/11/2003 20:29:19

C:\WINDOWS\system32\Lffpx7.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\lffpx70n.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\lfgif13n.dll |14/01/2005 15:42:00

C:\WINDOWS\system32\lfgif70n.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\Lfkodak.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\lfpct11n.dll |26/11/2003 20:42:36

C:\WINDOWS\system32\lfpcx11n.dll |26/11/2003 20:42:36

C:\WINDOWS\system32\lfpcx70n.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\Lfpng11n.dll |26/11/2003 20:42:36

C:\WINDOWS\system32\lfpng70n.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\lfpsd11n.dll |26/11/2003 20:42:36

C:\WINDOWS\system32\lftga11n.dll |26/11/2003 20:42:36

C:\WINDOWS\system32\lftif11n.dll |26/11/2003 20:42:36

C:\WINDOWS\system32\lftif70n.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\lfwfx11n.dll |26/11/2003 20:42:36

C:\WINDOWS\system32\libdivx.dll |28/09/2005 19:50:04

C:\WINDOWS\system32\LTDIS11n.dll |26/11/2003 20:42:36

C:\WINDOWS\system32\ltdis13n.dll |14/01/2005 15:41:59

C:\WINDOWS\system32\ltefx11n.dll |26/11/2003 20:42:38

C:\WINDOWS\system32\ltefx13n.dll |14/01/2005 15:41:59

C:\WINDOWS\system32\ltfil11n.DLL |26/11/2003 20:29:19

C:\WINDOWS\system32\ltfil13n.dll |14/01/2005 15:41:59

C:\WINDOWS\system32\ltfil70n.DLL |03/09/2003 19:31:53

C:\WINDOWS\system32\ltimg11n.dll |26/11/2003 20:42:38

C:\WINDOWS\system32\ltimg13n.dll |14/01/2005 15:41:59

C:\WINDOWS\system32\ltkrn11n.dll |26/11/2003 20:42:38

C:\WINDOWS\system32\ltkrn13n.dll |14/01/2005 15:41:59

C:\WINDOWS\system32\ltkrn70n.dll |03/09/2003 19:31:53

C:\WINDOWS\system32\lttwn11n.dll |26/11/2003 20:42:38

C:\WINDOWS\system32\lwf214p.dll |07/11/2003 13:56:40

C:\WINDOWS\system32\lyc_language.dll |29/09/2004 19:57:20

C:\WINDOWS\system32\mciqtz32.dll |10/11/2003 01:11:02

C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 18:47:06

C:\WINDOWS\system32\msdmo.dll |02/09/2003 15:16:35

C:\WINDOWS\system32\msencode.dll |30/08/2002 18:24:06

C:\WINDOWS\system32\msssc.dll |02/09/2003 15:12:01

C:\WINDOWS\system32\nv4_disp(3).dll |02/09/2003 15:15:40

C:\WINDOWS\system32\nv4_disp(4).dll |06/10/2003 14:16:00

C:\WINDOWS\system32\nv4_disp.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvapi.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvcod(3).dll |06/10/2003 14:16:00

C:\WINDOWS\system32\nvcod.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvcodins.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvcpl.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvcpluir.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvdisps.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvdispsr.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvexpbar.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvgames.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvgamesr.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvhwvid.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nview.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvmccs.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvmccsrs.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvmccss.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvmccssr.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvmctray.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvmobls.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvmoblsr.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvnt4cpl.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvoglnt.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvrsar.dll |28/10/2003 22:57:16

C:\WINDOWS\system32\nvrscs.dll |28/10/2003 22:57:19

C:\WINDOWS\system32\nvrsda.dll |28/10/2003 22:57:20

C:\WINDOWS\system32\nvrsde.dll |28/10/2003 22:57:21

C:\WINDOWS\system32\nvrsel.dll |28/10/2003 22:57:22

C:\WINDOWS\system32\nvrseng.dll |28/10/2003 22:57:23

C:\WINDOWS\system32\nvrses.dll |28/10/2003 22:57:23

C:\WINDOWS\system32\nvrsesm.dll |28/10/2003 22:57:24

C:\WINDOWS\system32\nvrsfi.dll |28/10/2003 22:57:25

C:\WINDOWS\system32\nvrsfr.dll |28/10/2003 22:57:26

C:\WINDOWS\system32\nvrshe.dll |28/10/2003 22:57:27

C:\WINDOWS\system32\nvrshu.dll |28/10/2003 22:57:30

C:\WINDOWS\system32\nvrsit.dll |28/10/2003 22:57:31

C:\WINDOWS\system32\nvrsja.dll |28/10/2003 22:57:32

C:\WINDOWS\system32\nvrsko.dll |28/10/2003 22:57:34

C:\WINDOWS\system32\nvrsnl.dll |28/10/2003 22:57:37

C:\WINDOWS\system32\nvrsno.dll |28/10/2003 22:57:38

C:\WINDOWS\system32\nvrspl.dll |28/10/2003 22:57:39

C:\WINDOWS\system32\nvrspt.dll |28/10/2003 22:57:40

C:\WINDOWS\system32\nvrsptb.dll |28/10/2003 22:57:40

C:\WINDOWS\system32\nvrsru.dll |28/10/2003 22:57:41

C:\WINDOWS\system32\nvrssk.dll |28/10/2003 22:57:42

C:\WINDOWS\system32\nvrssl.dll |28/10/2003 22:57:43

C:\WINDOWS\system32\nvrssv.dll |28/10/2003 22:57:44

C:\WINDOWS\system32\nvrstr.dll |28/10/2003 22:57:45

C:\WINDOWS\system32\nvrszhc.dll |28/10/2003 22:57:46

C:\WINDOWS\system32\nvrszht.dll |28/10/2003 22:57:47

C:\WINDOWS\system32\nvshell.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvvitvs.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvvitvsr.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvwddi.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvwdmcpl.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvwimg.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvwrsar.dll |28/10/2003 22:57:19

C:\WINDOWS\system32\nvwrscs.dll |28/10/2003 22:57:19

C:\WINDOWS\system32\nvwrsda.dll |28/10/2003 22:57:20

C:\WINDOWS\system32\nvwrsde.dll |28/10/2003 22:57:21

C:\WINDOWS\system32\nvwrsel.dll |28/10/2003 22:57:22

C:\WINDOWS\system32\nvwrseng.dll |28/10/2003 22:57:23

C:\WINDOWS\system32\nvwrses.dll |28/10/2003 22:57:24

C:\WINDOWS\system32\nvwrsesm.dll |28/10/2003 22:57:25

C:\WINDOWS\system32\nvwrsfi.dll |28/10/2003 22:57:26

C:\WINDOWS\system32\nvwrsfr.dll |28/10/2003 22:57:27

C:\WINDOWS\system32\nvwrshe.dll |28/10/2003 22:57:29

C:\WINDOWS\system32\nvwrshu.dll |28/10/2003 22:57:30

C:\WINDOWS\system32\nvwrsit.dll |28/10/2003 22:57:31

C:\WINDOWS\system32\nvwrsja.dll |28/10/2003 22:57:34

C:\WINDOWS\system32\nvwrsko.dll |28/10/2003 22:57:36

C:\WINDOWS\system32\nvwrsnl.dll |28/10/2003 22:57:37

C:\WINDOWS\system32\nvwrsno.dll |28/10/2003 22:57:38

C:\WINDOWS\system32\nvwrspl.dll |28/10/2003 22:57:39

C:\WINDOWS\system32\nvwrspt.dll |28/10/2003 22:57:40

C:\WINDOWS\system32\nvwrsptb.dll |28/10/2003 22:57:41

C:\WINDOWS\system32\nvwrsru.dll |28/10/2003 22:57:42

C:\WINDOWS\system32\nvwrssk.dll |28/10/2003 22:57:43

C:\WINDOWS\system32\nvwrssl.dll |28/10/2003 22:57:44

C:\WINDOWS\system32\nvwrssv.dll |28/10/2003 22:57:45

C:\WINDOWS\system32\nvwrstr.dll |28/10/2003 22:57:45

C:\WINDOWS\system32\nvwrszhc.dll |28/10/2003 22:57:46

C:\WINDOWS\system32\nvwrszht.dll |28/10/2003 22:57:47

C:\WINDOWS\system32\nvwss.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\nvwssr.dll |20/09/2006 16:25:00

C:\WINDOWS\system32\ODBCSTF.DLL |05/09/2003 08:11:44

C:\WINDOWS\system32\ogg.dll |14/12/2002 21:46:04

C:\WINDOWS\system32\oggDS.dll |14/12/2002 21:46:04

C:\WINDOWS\system32\paqsp.dll |23/08/2001 18:47:16

C:\WINDOWS\system32\PCDLIB32.DLL |31/01/1998 23:00:00

C:\WINDOWS\system32\picn20.dll |28/10/2003 22:47:27

C:\WINDOWS\system32\pncrt.dll |24/07/2002 18:34:55

C:\WINDOWS\system32\PSIKey.dll |26/10/2004 23:38:24

C:\WINDOWS\system32\psisdecd.dll |10/11/2003 01:11:04

C:\WINDOWS\system32\qedwipes.dll |10/11/2003 01:11:02

C:\WINDOWS\system32\qt-dx331.dll |12/08/2005 22:57:09

C:\WINDOWS\system32\qt-mt331.dll |13/08/2004 23:24:57

C:\WINDOWS\system32\Roboex32.dll |07/11/2003 13:56:39

C:\WINDOWS\system32\S11thk32.dll |02/09/2003 15:12:07

C:\WINDOWS\system32\S32EVNT1.DLL |07/09/2003 14:53:24

C:\WINDOWS\system32\SftpApi.dll |20/08/2005 12:49:48

C:\WINDOWS\system32\ShttpApi.dll |20/08/2005 12:49:48

C:\WINDOWS\system32\SIMONW32.dll |05/08/2002 19:22:18

C:\WINDOWS\system32\slbcsp.dll |30/09/2001 11:48:58

C:\WINDOWS\system32\slbiop.dll |30/09/2001 11:48:58

C:\WINDOWS\system32\slbrccsp.dll |30/09/2001 11:48:58

C:\WINDOWS\system32\SMMedia.dll |02/09/2003 15:12:09

C:\WINDOWS\system32\spnike.dll |23/08/2001 18:47:18

C:\WINDOWS\system32\sprio600.dll |23/08/2001 18:47:18

C:\WINDOWS\system32\sprio800.dll |23/08/2001 18:47:18

C:\WINDOWS\system32\spxcoins.dll |02/09/2003 14:36:22

C:\WINDOWS\system32\ssldivx.dll |28/09/2005 19:50:03

C:\WINDOWS\system32\stci.dll |11/11/2003 18:37:01

C:\WINDOWS\system32\SymNeti.dll |05/04/2005 10:17:04

C:\WINDOWS\system32\SymRedir.dll |05/04/2005 10:17:04

C:\WINDOWS\system32\SymStore.dll |22/08/2004 18:01:55

C:\WINDOWS\system32\Syncor11.dll |02/09/2003 15:12:07

C:\WINDOWS\system32\SynthCore11Resources.dll |02/09/2003 15:12:07

C:\WINDOWS\system32\tsd32.dll |30/09/2001 11:49:06

C:\WINDOWS\system32\TwnLib20.dll |29/10/2003 19:06:58

C:\WINDOWS\system32\TwnLib4.dll |08/01/2005 12:52:07

C:\WINDOWS\system32\Tx32.dll |05/09/2003 08:10:21

C:\WINDOWS\system32\txobj32.dll |05/09/2003 08:10:21

C:\WINDOWS\system32\txtls32.dll |05/09/2003 08:10:21

C:\WINDOWS\system32\tx_htm32.dll |05/09/2003 08:10:21

C:\WINDOWS\system32\tx_rtf32.dll |05/09/2003 08:10:21

C:\WINDOWS\system32\tx_word.dll |05/09/2003 08:10:21

C:\WINDOWS\system32\unzip32.dll |15/07/2005 00:20:09

C:\WINDOWS\system32\usrcntra.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrcoina.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrdpa.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrdtea.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrlbva.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrv42a.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrv80a.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrvoica.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrvpa.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\virtear.dll |02/09/2003 15:12:05

C:\WINDOWS\system32\vorbis.dll |14/12/2002 21:46:04

C:\WINDOWS\system32\vorbisenc.dll |14/12/2002 21:46:04

C:\WINDOWS\system32\wdmioctl.dll |02/09/2003 15:12:09

C:\WINDOWS\system32\win87em.dll |30/09/2001 11:49:12

C:\WINDOWS\system32\WNASPI32.DLL |10/09/1999 12:06:00

C:\WINDOWS\system32\wndtls32.dll |05/09/2003 08:10:21

C:\WINDOWS\system32\xvid.dll |05/04/2003 17:17:52

C:\WINDOWS\system32\ZPORT4AS.dll |19/01/2007 15:36:17

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 70B9-610B

 

Répertoire de C:\WINDOWS\system

 

10/09/1999 12:06 4.672 WOWPOST.EXE

1 fichier(s) 4.672 octets

0 Rép(s) 67.471.908.864 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 70B9-610B

 

Répertoire de C:\WINDOWS\system32

 

30/09/2001 11:47 4.096 csrss.exe

1 fichier(s) 4.096 octets

0 Rép(s) 67.471.908.864 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 70B9-610B

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

21/01/2007 21:06 <REP> .

21/01/2007 21:06 <REP> ..

02/07/2003 18:17 244 AccesMembre.inf

24/08/2006 08:28 141.424 asinst.dll

22/08/2006 09:06 537 asinst.inf

17/05/2006 13:32 231.072 avsniff.dll

17/05/2006 14:29 878 avsniff.inf

23/08/2005 09:39 198.256 avsniffdlgs.dll

17/05/2006 13:26 537.704 AXXPEE.dll

17/05/2006 13:29 241 CabSA.inf

12/01/2007 01:00 2.504 catalog.dat

19/01/2007 19:19 <REP> CONFLICT.1

13/12/2003 06:59 <REP> CONFLICT.2

20/03/2005 16:48 65 desktop.ini

28/10/2003 08:51 7.424 DjVuLite.inf

09/11/2006 11:01 227 driveragent.inf

09/11/2006 11:01 428.032 driveragent.ocx

12/01/2007 01:00 6.899 ecbootil.vxd

23/08/2005 09:32 42.112 ecmldr32.dll

12/01/2007 01:00 272.040 ecmsvr32.dll

15/06/2006 18:33 1.132.192 EPUWALcontrol.dll

28/03/2002 15:05 1.268 erma.inf

08/08/2006 13:28 1.563 hardwaredetection.inf

11/11/2004 21:52 113.408 HMAtchmt.ocx

23/10/2005 01:11 88.136 HPGetDownloadManager.ocx

20/10/2005 16:02 671.336 hpobjinstaller_gmn.dll

30/09/2005 11:04 714 hpobjinstaller_gmn.inf

16/05/2006 09:14 248 IaLdr32.inf

03/03/2004 14:59 393.216 imloader.exe

10/04/2001 14:25 24.576 iSetupML.dll

10/04/2001 14:24 356.352 iSetupML.exe

10/04/2001 14:25 423 isetupML.inf

25/08/2003 18:12 1.096 iuctl.inf

08/08/2006 11:45 576 kavwebscan.inf

30/12/2006 00:25 284.488 KooPlayer.ocx

24/10/2006 17:15 367 LegitCheckControl.inf

09/10/2003 18:25 225 loader.inf

18/12/2006 10:02 882 mcfscan.inf

29/05/2003 14:00 160.864 messengerstatsclient.dll

20/01/2000 15:25 1.162 Microsoft XML Parser for Java.osd

01/09/2003 11:10 2.295 MSC3.inf

29/05/2003 14:00 77.408 msgrchkr.dll

30/06/2005 14:19 227 MsnMessengerSetupDownloader.inf

13/08/2005 23:26 113.664 MsnMessengerSetupDownloader.ocx

08/10/2004 16:01 372.736 MsnPUpld.dll

17/03/2003 10:57 90.112 msway.dll

23/09/2002 14:06 304 msway.inf

26/05/2005 03:19 293 muweb.inf

11/08/2004 18:20 6.854 navapi.vxd

11/08/2004 18:20 208.896 navapi32.dll

12/01/2007 01:00 124.584 naveng32.dll

12/01/2007 01:00 882.344 navex32a.dll

17/05/2005 16:27 300.032 npwwg.dll

27/06/2001 09:37 220 npwwg.inf

29/06/2005 16:17 227 opuc.inf

17/05/2004 15:26 35.584 ProductIDGatherer.dll

25/05/2004 10:05 2.735 ProductIDGatherer.INF

22/09/2004 15:59 110.592 PURen-us.dll

31/05/2002 08:20 117.328 PURfr-be.dll

15/10/2004 07:59 110.592 PURfr-xx.dll

30/07/2003 03:45 728 qdiagh.inf

08/03/2005 15:29 <REP> rave

18/04/2003 20:11 6.638 ravllio.vxd

04/09/2003 15:00 200.704 ravonline.dll

04/09/2003 15:02 583 ravonline.inf

04/09/2003 14:33 167.936 ravscan.dll

04/09/2003 14:34 290.816 ravupdt.dll

05/03/2003 20:27 381 ravupdt.ini

17/05/2006 13:32 161.480 rufsi.dll

03/05/2004 14:39 118.784 SassCln.dll

03/05/2004 14:40 306 SASSCLN.INF

12/01/2007 01:00 97.712 scrauth.dat

06/12/2004 17:01 116.880 setup.exe

24/07/2005 18:16 16 speedup.fic

26/09/2003 10:31 53.784 SSCHECK.DLL

28/09/2003 23:33 60.072 SublimAnal.exe

27/08/2005 13:30 5.065 swflash.inf

12/01/2007 01:00 9.237 symaveng.cat

12/01/2007 01:00 1.061 symaveng.inf

07/08/2003 14:00 266 systemsoappro.inf

12/01/2007 01:00 187.905 tcdefs.dat

12/01/2007 01:00 1.196.629 tcscan7.dat

12/01/2007 01:00 325.348 tcscan8.dat

12/01/2007 01:00 736.279 tcscan9.dat

02/08/2000 12:33 224 tdserver.inf

02/08/2000 12:26 372.736 tdserver.ocx

12/01/2007 01:00 453 tinf.dat

12/01/2007 01:00 148 tinfidx.dat

12/01/2007 01:00 1.957 tinfl.dat

12/01/2007 01:00 64.232 tscan1.dat

12/01/2007 01:00 3.072 tscan1hd.dat

19/11/2006 17:24 23.600 tvichw32.sys

07/09/2006 12:15 142.848 UDC6V_0001_D19M0709NetInstaller.exe

07/09/2006 12:15 227 UDC6V_0001_D19M0709NetInstaller.inf

15/10/2005 09:28 44.137 update.log

12/01/2007 01:00 4.778 v.grd

12/01/2007 01:00 2.269 v.sig

24/07/2005 18:16 16 validate.rdb

12/01/2007 01:00 106.244 virscan.inf

12/01/2007 01:00 975.798 virscan1.dat

12/01/2007 01:00 570.042 virscan2.dat

12/01/2007 01:00 147.512 virscan3.dat

12/01/2007 01:00 320.186 virscan4.dat

12/01/2007 01:00 3.179.218 virscan5.dat

12/01/2007 01:00 390.197 virscan6.dat

12/01/2007 01:00 5.890.358 virscan7.dat

12/01/2007 01:00 1.662.499 virscan8.dat

12/01/2007 01:00 4.008.519 virscan9.dat

12/01/2007 01:00 32 virscant.dat

19/01/2007 19:35 2.072 vscanmsx.dat

06/04/2006 11:48 3.748.256 WebCleaner.dll

06/04/2006 14:44 318 WebCleaner.inf

02/03/2001 13:43 2.244 wmv8dmo.inf

27/10/2002 18:32 3.036 wmv9dmo.inf

30/06/2003 21:41 1.689 WMV9VCM.inf

26/05/2005 04:19 291 wuweb.inf

24/03/2004 17:17 1.777 xscan.inf

24/03/2004 17:22 435.712 xscan53.ocx

15/05/2002 02:25 538 Yahoo! Blackjack.osd

17/12/2004 09:55 530 Yahoo! Poker.osd

12/01/2007 01:00 224 zdone.dat

116 fichier(s) 33.506.377 octets

 

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

 

19/01/2007 19:19 <REP> .

19/01/2007 19:19 <REP> ..

31/03/2004 15:40 393.216 imloader.exe

15/07/2005 00:19 116.880 setup.exe

2 fichier(s) 510.096 octets

 

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.2

 

13/12/2003 06:59 <REP> .

13/12/2003 06:59 <REP> ..

0 fichier(s) 0 octets

 

Répertoire de C:\WINDOWS\Downloaded Program Files\rave

 

08/03/2005 15:29 <REP> .

08/03/2005 15:29 <REP> ..

30/03/2005 17:08 305.189 avirexe.vdm

17/06/2003 18:31 119.120 avirscr.vdm

06/05/2003 17:51 98.350 base.vdm

11/06/2005 18:50 214.150 daily.vdm

11/06/2005 18:50 42.893 daily.vdt

25/02/2003 16:54 19.135 filters.vdm

24/06/2003 09:34 49.628 kernel.vdk

30/10/2002 17:35 265 keyring.vdk

25/02/2003 16:54 1.956 mapi_vdm.vdm

30/10/2002 17:35 265 modules.vdk

17/05/2005 13:35 1.959.486 rav8def.vdm

06/12/2004 20:18 22.482 rufs.vdm

04/06/2003 17:24 64.967 rufsplg.vdm

06/05/2003 13:01 112.783 unarch.vdm

24/06/2003 09:34 45.209 unmail.vdm

07/05/2004 12:50 158.229 unpack.vdm

16 fichier(s) 3.214.107 octets

 

Total des fichiers listés :

134 fichier(s) 37.230.580 octets

11 Rép(s) 67.471.900.672 octets libres

 

Recherche de rootkit! (Merci S!Ri)

infection possible Magic.Control : un scan F-Secure BlackLight est recommandé

 

Recherche d'infections connues

 

 

 

 

Liste des programmes installes

 

[ KKE+ - Ver:1.0 ]

a-squared Free 2.1

ACDSee

Ad-Aware SE Personal

Adobe Acrobat 5.0

Adobe Flash Player 9 ActiveX

Adobe Photoshop Album 2.0 Edition Découverte

Adobe Reader 7.0.9 - Français

Ahead NeroMIX

Ahead NeroNET

Alien Sky

AnyDVD

Apple Software Update

Archiveur WinRAR

Assistant Publication de sites Web 1.52 de Microsoft

AutoUpdate

Barre d'outils MSN

CleanUp!

CloneDVD

CloneDVD2

Compel Adaptec WinASPI

Complément MSN pour Windows Messenger

Correctif pour DirectX 9 - KB839643

Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]

Correctif Windows XP - Article Base de Connaissances 834707

Correctif Windows XP - KB823559

Correctif Windows XP - KB824141

Correctif Windows XP - KB824146

Correctif Windows XP - KB825119

Correctif Windows XP - KB828028

Correctif Windows XP - KB828035

Correctif Windows XP - KB828741

Correctif Windows XP - KB829558

Correctif Windows XP - KB833987

Correctif Windows XP - KB835732

Correctif Windows XP - KB837001

Correctif Windows XP - KB839645

Correctif Windows XP - KB840315

Correctif Windows XP - KB840374

Correctif Windows XP - KB840987

Correctif Windows XP - KB841356

Correctif Windows XP - KB841533

Correctif Windows XP - KB841873

Correctif Windows XP - KB842773

Correctif Windows XP - KB873376

Correctif Windows XP - KB883357

Correctif Windows XP - KB887822

Disque de souvenirs HP

DivX

DivX Player

DVD Shrink 3.2

eMule

EVEREST Home Edition v2.20

Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP

Futuremark Measurement Services Client

Google Toolbar for Internet Explorer

HardwareDetection

HijackThis 1.99.1

hp deskjet 920c series

hp deskjet 920c series (Supprimer uniquement)

HP Photo and Imaging 2.0 - Photosmart Cameras

HP Photo and Imaging 2.0 - Photosmart Cameras

HP Photosmart Essential

HP PrecisionScan LTX

HP Software Update

ImageDrive (Ahead Software)

IncrediMail Xe

Instant Access

iTunes

Java 2 Runtime Environment, SE v1.4.2_01

Kaspersky Online Scanner

Language pack for Ad-Aware SE

Lecteur Windows Media 10

LiveReg (Symantec Corporation)

LiveUpdate 2.6 (Symantec Corporation)

Logitech Gaming Software

Macromedia Shockwave Player

Media Library Management Wizard

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft Data Access Components KB870669

Microsoft IntelliPoint 6.01

Microsoft IntelliType Pro 6.01

Microsoft Internet Explorer 6 SP1

Microsoft Office PowerPoint Viewer 2003

Mise à jour de licences personnelles

Movie Maker Background Music Files

Movie Maker Sound Effects

Movie Maker Title Images

MSN Messenger 7.5

Music Manager

Nero Digital

Nero Suite

NeroVision Express Content

Norton AntiVirus 2003

Norton WMI Update

nuls Toolbar

NVIDIA Drivers

Outlook Express Q823353

Package du correctif Windows XP [voir Q329115 pour plus de détails]

Panda ActiveScan

PCFriendly

Personal License Update Wizard for Windows Media Player

Plus! MP3 Audio Converter LE

PowerDVD

QuickTime

SafeCast Shared Components

Shockwave

SiS 900 PCI Fast Ethernet Adapter Driver

Skype 3.0

Skype Plugin Manager

SLD CODEC PACK 1.5.3

SoundMAX

SpeedTouch USB Software

SpotLife

Spybot - Search & Destroy 1.4

Symantec Network Drivers Update

TomTom HOME

Ulead Photo Express 3.0 SE

USB EHCI Driver

USB Multimedia keyboard driver Ver1.02

VideoLink Mail

Visionneuse Journal Windows Microsoft

Weather tool

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Media Bonus Pack for Windows XP

Windows Media Format Runtime

Windows Media Player Playlist Import to Excel Wizard

Windows Media Player Skin Importer

Windows Media Player Tray Control

Windows XP Application Compatibility Update[Q319580]

Windows XP Hotfix - KB821253

Windows XP Hotfix - KB821557

Windows XP Hotfix - KB823182

Windows XP Hotfix - KB823980

Windows XP Hotfix - KB824105

Windows XP Hotfix (SP1) [see Q307869 for more information]

Windows XP Hotfix (SP1) [see Q308210 for more information]

Windows XP Hotfix (SP1) [see Q309521 for more information]

Windows XP Hotfix (SP1) [see Q310437 for more information]

Windows XP Hotfix (SP1) [see Q310510 for more information]

Windows XP Hotfix (SP1) [see Q311542 for more information]

Windows XP Hotfix (SP1) [see Q311889 for more information]

Windows XP Hotfix (SP1) [see Q311967 for more information]

Windows XP Hotfix (SP1) [see Q313450 for more information]

Windows XP Hotfix (SP1) [see Q314862 for more information]

Windows XP Hotfix (SP1) [see Q315000 for more information]

Windows XP Hotfix (SP1) [see Q315403 for more information]

Windows XP Hotfix (SP1) [see Q316397 for more information]

Windows XP Hotfix (SP1) [see Q317277 for more information]

Windows XP Hotfix (SP1) [see Q318138 for more information]

Windows XP Hotfix (SP1) [see Q318388 for more information]

Windows XP Hotfix (SP1) [see Q318966 for more information]

Windows XP Hotfix (SP1) [see Q319322 for more information]

Windows XP Hotfix (SP1) [see Q320174 for more information]

Windows XP Hotfix (SP1) [see Q320552 for more information]

Windows XP Hotfix (SP1) [see Q320678 for more information]

Windows XP Hotfix (SP1) [see Q320914 for more information]

Windows XP Hotfix (SP1) [see Q323172 for more information]

Windows XP Hotfix (SP1) [see Q323322 for more information]

Windows XP Hotfix (SP1) [see Q324096 for more information]

Windows XP Hotfix (SP1) [see Q324380 for more information]

Windows XP Hotfix (SP1) [see Q326830 for more information]

Windows XP Hotfix (SP1) [see Q328940 for more information]

Windows XP Hotfix (SP1) [see Q329048 for more information]

Windows XP Hotfix (SP1) [see Q329390 for more information]

Windows XP Hotfix (SP1) [see Q329441 for more information]

Windows XP Hotfix (SP1) [see Q329834 for more information]

Windows XP Hotfix (SP1) Q328310

Windows XP Hotfix (SP1) Q329170

Windows XP Hotfix (SP1) Q331953

Windows XP Hotfix (SP1) Q810577

Windows XP Hotfix (SP1) Q810833

Windows XP Hotfix (SP1) Q811493

Windows XP Hotfix (SP1) Q815021

Windows XP Hotfix (SP1) Q817606

WinISO 5.3

WOWpapers utility

Yahoo! Toolbar

Yahoo! Toolbar

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 70B9-610B

 

Répertoire de C:\Program Files

 

21/01/2007 23:43 <REP> .

21/01/2007 23:43 <REP> ..

08/03/2005 20:14 <REP> a2

10/11/2003 01:00 <REP> ACD Systems

29/11/2006 21:59 <REP> Adobe

12/11/2006 22:20 <REP> Ahead

07/09/2003 14:43 <REP> Alcatel

02/09/2003 15:12 <REP> Analog Devices

02/01/2007 16:54 <REP> Apple Software Update

19/01/2007 19:18 <REP> a-squared Free

19/01/2007 21:57 <REP> AxBx

24/09/2006 09:34 <REP> CartaGoGo

09/10/2006 00:46 <REP> ChEditorII(Flash2M,4000CH,Favorite4)

12/09/2005 01:32 <REP> CleanUp!

27/10/2003 20:41 <REP> Common Files

02/09/2003 08:04 <REP> ComPlus Applications

02/09/2003 15:37 <REP> CyberLink

05/09/2003 08:09 <REP> directx

21/01/2006 11:42 <REP> DivX

29/05/2006 18:19 <REP> DVD Shrink

15/02/2006 08:08 <REP> EasyBits For Kids

19/09/2005 18:13 <REP> eBay

21/01/2006 08:33 <REP> Elaborate Bytes

21/01/2007 18:46 <REP> eMule

26/10/2003 20:21 <REP> EuroTool

21/01/2007 23:40 <REP> Fichiers communs

19/01/2007 16:18 <REP> Google

10/11/2003 02:20 <REP> Grisoft

15/11/2006 20:15 <REP> HardwareDetection

17/11/2006 23:17 <REP> Hewlett-Packard

19/01/2007 15:39 <REP> HighMAT CD Writing Wizard

17/11/2006 23:17 <REP> HP

13/11/2005 07:55 <REP> hp deskjet 920c series

21/11/2005 23:52 <REP> IncrediMail

21/01/2007 21:06 <REP> Instant Access

17/12/2005 17:04 <REP> InstantTouch

30/12/2005 14:22 <REP> InterActual

19/01/2007 16:20 <REP> Internet Explorer

02/01/2007 16:57 <REP> iPod

19/01/2007 15:39 <REP> iTunes

15/09/2003 21:43 <REP> Java

29/11/2006 21:47 <REP> KKE+

13/10/2004 10:35 <REP> KYE

17/11/2006 22:50 <REP> Lavalys

13/09/2006 07:29 <REP> Lavasoft

14/02/2005 00:46 <REP> LizardTech

15/11/2006 20:17 <REP> Logitech

19/01/2007 16:20 <REP> Messenger

19/01/2007 22:03 <REP> MessengerSkinner

26/09/2006 08:13 <REP> Micro Application

02/09/2003 08:07 <REP> microsoft frontpage

19/01/2007 16:20 <REP> Microsoft IntelliPoint

26/12/2006 01:37 <REP> Microsoft IntelliPoint 5.5

21/01/2007 17:17 <REP> Microsoft IntelliType Pro

06/04/2005 19:43 <REP> Microsoft Office

18/11/2003 00:19 <REP> Movie Maker

02/03/2004 16:10 <REP> MSN

03/08/2004 07:26 <REP> MSN Apps

02/09/2003 08:03 <REP> MSN Gaming Zone

19/01/2007 16:21 <REP> MSN Messenger

15/07/2005 00:20 <REP> Music Manager

14/04/2004 12:06 <REP> NetMeeting

19/01/2007 22:07 <REP> Norton AntiVirus

10/11/2006 20:35 <REP> nuls

16/09/2006 12:15 <REP> OfficeUpdate11

25/04/2005 21:29 <REP> Outlook Express

16/01/2006 00:25 <REP> PCFriendly

14/09/2003 18:11 <REP> Publication Web

03/01/2007 20:11 <REP> QuickTime

15/09/2006 22:37 <REP> QuickZip4

23/10/2006 17:20 <REP> Radiac Tools

19/09/2005 21:33 <REP> ReflexiveArcade

13/09/2006 08:24 <REP> RegCleaner

20/08/2005 12:49 <REP> SAMSUNG SDS

20/03/2006 22:13 <REP> SereneScreen

02/09/2003 08:06 <REP> Services en ligne

20/10/2006 21:27 <REP> SetEditKaon

10/11/2003 02:20 226.067 setup.lns

07/04/2004 21:11 <REP> SiSLan

26/12/2006 01:14 <REP> Skype

28/11/2003 03:56 <REP> SLD CODEC PACK 1.5.3

25/04/2005 09:23 <REP> SlySoft

19/01/2007 16:22 <REP> Spybot - Search & Destroy

26/09/2006 06:43 <REP> Sybex

18/09/2006 20:19 <REP> Symantec

27/02/2005 02:54 <REP> SymNetDrv

22/11/2006 20:39 <REP> TomTom DesktopSuite

18/11/2006 10:18 <REP> TomTom HOME

29/05/2006 18:16 <REP> tradfr.com

16/01/2006 00:25 <REP> Ubi Soft

29/05/2006 17:20 <REP> Ulead Systems

26/09/2006 07:37 <REP> Uninstall Information

30/12/2003 22:24 <REP> video

12/12/2006 20:47 <REP> VideoLAN

26/11/2003 20:45 <REP> VideoLink Mail

05/12/2003 21:08 <REP> Virtools Web Player 2.0

29/12/2003 18:58 <REP> WinASPI

14/11/2003 19:41 <REP> Windows Journal Viewer

13/11/2005 06:47 <REP> Windows Media Bonus Pack for Windows XP

19/01/2007 16:24 <REP> Windows Media Player

24/09/2006 11:22 <REP> Windows NT

22/01/2006 20:06 <REP> WindowsUpdate

21/10/2006 22:17 <REP> WinISO

19/01/2007 15:39 <REP> WinRAR

13/11/2005 05:55 <REP> WMV9_VCM

02/09/2003 08:07 <REP> xerox

1 fichier(s) 226.067 octets

105 Rép(s) 67.472.793.600 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 70B9-610B

 

Répertoire de C:\Program Files\fichiers communs

 

21/01/2007 23:40 <REP> .

21/01/2007 23:40 <REP> ..

11/12/2006 13:57 <REP> Adobe

08/01/2005 12:57 <REP> Ahead

17/11/2006 23:06 <REP> HP

15/07/2005 00:19 <REP> InstallShield

15/09/2003 21:42 <REP> Java

16/11/2006 08:51 <REP> Logitech

15/10/2005 02:22 <REP> Macrovision Shared

26/09/2006 07:37 <REP> Microsoft Shared

02/09/2003 08:04 <REP> MSSoap

18/12/2004 11:53 <REP> Oberon Media

02/09/2003 14:36 <REP> ODBC

02/12/2003 10:55 <REP> Real

20/03/2005 16:48 <REP> Services

26/12/2006 01:14 <REP> Skype

26/11/2003 20:44 <REP> Smith Micro Shared

02/09/2003 14:36 <REP> SpeechEngines

21/01/2007 23:41 <REP> Symantec Shared

13/12/2005 00:02 <REP> System

0 fichier(s) 0 octets

20 Rép(s) 67.472.793.600 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 70B9-610B

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

02/09/2003 08:16 <REP> .

02/09/2003 08:16 <REP> ..

18/05/2001 16:57 561.209 MSONSEXT.DLL

03/06/1999 13:09 122.937 MSOWS409.DLL

07/03/2001 08:00 127.033 MSOWS40c.DLL

3 fichier(s) 811.179 octets

2 Rép(s) 67.472.789.504 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 70B9-610B

 

Répertoire de C:\Program Files\common files

 

27/10/2003 20:41 <REP> .

27/10/2003 20:41 <REP> ..

27/10/2003 20:41 <REP> Microsoft Shared

03/08/2004 07:42 <REP> System

0 fichier(s) 0 octets

4 Rép(s) 67.472.789.504 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 70B9-610B

 

Répertoire de C:\

 

11/11/2001 00:00 68.096 diff.exe

27/08/2006 14:10 103.424 grep.exe

2 fichier(s) 171.520 octets

0 Rép(s) 67.472.789.504 octets libres

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe

c:\Documents and Settings\All Users\Menu Démarrer\Programmes\IDEUtil\SISIDE.exe

c:\Documents and Settings\ok\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe

c:\Documents and Settings\ok\Application Data\Dossier de téléchargement Share-to-Web \eMule0.30c-Installer.exe

c:\Documents and Settings\ok\Application Data\Image Zone Express\HPSoftwareUpdate.exe

c:\Documents and Settings\ok\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

c:\Documents and Settings\ok\Bureau\DiagHelp.exe

c:\Documents and Settings\ok\Bureau\diff.exe

c:\Documents and Settings\ok\Bureau\FilesInfoCmd.exe

c:\Documents and Settings\ok\Bureau\Fport.exe

c:\Documents and Settings\ok\Bureau\grep.exe

c:\Documents and Settings\ok\Bureau\LFiles.exe

c:\Documents and Settings\ok\Bureau\LISTDLLS.exe

c:\Documents and Settings\ok\Bureau\pslist.exe

c:\Documents and Settings\ok\Bureau\streams.exe

c:\Documents and Settings\ok\Bureau\swreg.exe

c:\Documents and Settings\ok\Mes documents\divers fichier\AUTORUN.EXE

c:\Documents and Settings\ok\Mes documents\divers fichier\msjavx86.exe

c:\Documents and Settings\ok\Mes documents\divers fichier\PPVIEWER.EXE

c:\Documents and Settings\ok\Mes documents\divers fichier\winaspi.exe

c:\Documents and Settings\ok\Mes documents\divers fichier\WindowsXP-KB823980-x86-FRA.exe

c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\GetA3S.exe

c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\KeyLoader.exe

c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\KeyLoader1341.exe

c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\MSoftcam_575.exe

c:\Documents and Settings\ok\Mes documents\GetA3S_v2.0\vbrun60sp6.exe

c:\Documents and Settings\ok\Mes documents\kaon\Kaon - BOOT - 2.1.9.V4.exe

c:\Documents and Settings\ok\Mes documents\kaon\convertiseur firm\BinUpdate.exe

c:\Documents and Settings\ok\Mes documents\kaon\convertiseur firm\fichier conversion\awk.exe

c:\Documents and Settings\ok\Mes documents\kaon\firm desat.fr\Kup V3.1XP - Kaon Upgrade - Engineer Patch FR -- SatelliteFR.com.exe

c:\Documents and Settings\ok\Mes documents\kaon\generateur de code kkk\KKEditor_kaon_instuctie_filmpje.exe

c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Chaines Editeur - V3.0 - FR.exe

c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Install\_ISDEL.EXE

c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Install\Chaines Editeur - V3.0 - FR.exe

c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Install\ChEditorII.exe

c:\Documents and Settings\ok\Mes documents\kaon\pour les stream ,classement a jour\Install\Install - SETUP.EXE

c:\Documents and Settings\ok\Mes documents\Languages\French.exe

c:\Documents and Settings\ok\Mes documents\Languages\German.exe

c:\Documents and Settings\ok\Mes documents\Languages\Italian.exe

c:\Documents and Settings\ok\Mes documents\Languages\Japanese.exe

c:\Documents and Settings\ok\Mes documents\Languages\Korean.exe

c:\Documents and Settings\ok\Mes documents\Languages\Simplified Chinese.exe

c:\Documents and Settings\ok\Mes documents\Languages\Spanish.exe

c:\Documents and Settings\ok\Mes documents\Languages\Traditional Chinese.exe

c:\Documents and Settings\ok\Mes documents\Mes fichiers reçus\eMule0.30c-Installer.exe

c:\Documents and Settings\ok\Mes documents\Mes photos\redeye.exe

c:\Documents and Settings\ok\Mes documents\nero 6.30\NBR6300fra.exe

c:\Documents and Settings\ok\Mes documents\nero 6.30\nero6300.exe

c:\Documents and Settings\ok\Mes documents\Readme\Skins\_ISDel.exe

c:\Documents and Settings\ok\Mes documents\Readme\Skins\Setup.exe

c:\Documents and Settings\ok\Mes documents\Super cartes de visite 2003.fr\Visiten.exe

c:\Documents and Settings\ok\Mes documents\TomTom\copie tomtom original\InstallTomTomHOME.exe

c:\Documents and Settings\ok\Mes documents\TomTom\HOME\Backups\GO\Backup03\Storage\installtomtomhome.exe

c:\Documents and Settings\ok\Mes documents\TomTom\HOME\Downloads\Download Cache\v1_3_308_win.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\autorun.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\hpzglu04.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\setup.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\fra\nt4\Disk1\setup.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\fra\nt4\Disk1\nt4\hpfinstx.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\fra\nt4\Disk1\nt4\hpfldr.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\fra\nt4\Disk1\nt4\hpfsplsh.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\util\common\hpfpdi04.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\util\common\hpzghl04.exe

c:\Documents and Settings\ok\Mes documents\win2k_xp\util\common\hpzpin04.exe

c:\Documents and Settings\ok\WINDOWS\system\dxwebsetup.exe

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

c:\Documents and Settings\ok\Application Data\Adobe\Acrobat\Whapi\WHA Library.dll

c:\Documents and Settings\ok\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

 

 

Pour le second blacklight , voici.

 

01/21/07 23:56:59 [info]: BlackLight Engine 1.0.55 initialized

01/21/07 23:56:59 [info]: OS: 5.1 build 2600 ()

01/21/07 23:57:00 [Note]: 7019 4

01/21/07 23:57:00 [Note]: 7005 0

01/21/07 23:57:05 [Note]: 7006 0

01/21/07 23:57:06 [Note]: 7011 1904

01/21/07 23:57:06 [Note]: 7026 0

01/21/07 23:57:06 [Note]: 7026 0

01/21/07 23:57:06 [Note]: 7024 3

01/21/07 23:57:06 [info]: Hidden process: C:\windows\system32\erixmcyhdt.exe

01/21/07 23:57:20 [Note]: FSRAW library version 1.7.1021

01/22/07 00:03:04 [info]: Hidden file: c:\WINDOWS\system32\erixmcyhdt.dat

01/22/07 00:03:04 [Note]: 10002 1

01/22/07 00:03:04 [info]: Hidden file: C:\windows\system32\erixmcyhdt.exe

01/22/07 00:03:04 [Note]: 10002 1

01/22/07 00:03:05 [info]: Hidden file: c:\WINDOWS\system32\erixmcyhdt_nav.dat

01/22/07 00:03:05 [Note]: 10002 1

01/22/07 00:03:05 [info]: Hidden file: c:\WINDOWS\system32\erixmcyhdt_navps.dat

01/22/07 00:03:05 [Note]: 10002 1

01/22/07 00:05:41 [Note]: 7007 0

Voila j'espére que tu y vera un peut plus clair.

Merci

Partager ce message


Lien à poster
Partager sur d’autres sites

ok on va procéder par ordre!

 

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

Double clique sur SDFix.exe et choisis Install pour l'extraire dans le dossier C:\SDFix.

Fermer la fenêtre du Bloc-notes qui s'est ouverte.

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.

Déroule la liste des instructions ci-dessous :

  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Modifié par charles ingals

Partager ce message


Lien à poster
Partager sur d’autres sites

voila c'est fait peut être un peu plus long que prevu.

Pour sdfix contenu:

 

 

SDFix: Version 1.60

 

lun. 22/01/2007 - 1:45:31,84

 

Microsoft Windows XP [version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

Name:

Microsoft IE Updater

new_drv

 

Path:

C:\DOCUME~1\ok\LOCALS~1\Temp\ieupdate.exe /start

\??\C:\WINDOWS\new_drv.sys

 

Microsoft IE Updater Deleted

new_drv Deleted

 

Restoring Windows Registry Entries

Restoring Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Files will be copied to Backups folder and removed:

 

C:\WINDOWS\9129837.exe - Deleted

C:\WINDOWS\system32\i - Deleted

 

 

 

Alternate Streams Check:

 

C:\WINDOWS\system32

No streams found.

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

 

Checking For Files with Hidden Attributes :

 

C:\NTDETECT.COM

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\lpaccodec.dll

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\lpac_codec_api.dll

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PNCRT.dll

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\IA32MATH.DLL

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Shorten\CYGWIN1.DLL

C:\Program Files\Fichiers communs\MSSoap\Binaries\wisc10.dll

C:\WINDOWS\twain.dll

C:\WINDOWS\twain_32.dll

C:\WINDOWS\LastGood\System32\OLEPRO32.DLL

C:\WINDOWS\system32\olepro32.dll

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\AACMP4.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\OFR.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\RMADEC.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\MusePack\MPPDEC.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\MusePack\MPPENC.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\AACENC.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\AACMP4.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\FASTENC.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Shorten\SHORTEN.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Speex\SPEEXDEC.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Speex\SPEEXENC.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\WavPack\WAVPACK.EXE

C:\Program Files\Fichiers communs\Ahead\AudioPlugins\WavPack\WVUNPACK.EXE

C:\WINDOWS\system32\cdplayer.exe.manifest

C:\WINDOWS\system32\logonui.exe.manifest

C:\IO.SYS

C:\MSDOS.SYS

C:\pagefile.sys

C:\WINDOWS\LastGood.Tmp\INF\oem13.inf

C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF

 

Finished

et pour hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 1:52:34, on 22/01/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\ezNTSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\htpatch.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skynet.be

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

R3 - URLSearchHook: nuls Toolbar - {4acca1a7-ecc8-4c89-be52-b11919042bbf} - C:\Program Files\nuls\tbnuls.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll

O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: nuls Toolbar - {4acca1a7-ecc8-4c89-be52-b11919042bbf} - C:\Program Files\nuls\tbnuls.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sDR6V_Check] "C:\Documents and Settings\ok\Mes documents\SDRmon.exe"

O4 - HKCU\..\Run: [system Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\System32\prodsrvs.exe /res

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab

O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137956595296

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127471785543

O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4..._1070_em_XP.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0....0/Installer.exe

O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.asian-x.org/acces/237/asian-x_an.exe

O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/cd/1,0,3,8...AccesMembre.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...942/mcfscan.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup...er/imloader.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CS1\Services\Tcpip\..\{12C8F930-42F1-4562-B0BE-78A1B34985C6}: NameServer = 195.238.2.22 195.238.2.21

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\System32\ezNTSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

 

voila encore merci de ta patience.

Partager ce message


Lien à poster
Partager sur d’autres sites

ce qui freine également ma connection, c'est une ou deux page du centre de sécurité d'internet - microsoft internet explorer qui s'ouvre sans raison pour me proposé win anti spyware 2006 et anti virus 2006.

Partager ce message


Lien à poster
Partager sur d’autres sites

Oui: ces messages sont affichés par le spyware Magic Control Agent, une fois l'infection éliminée, la connexion sera plus rapide!

 

Très bien!SDFix a fait son nettoyage!

 

On va a présent utiliser un programme très simple pour éliminer les infections >

 

Télécharge WinPFind3U.exesur ton bureau.

  • Double clique sur le fichier téléchargé : un dossier nommé WinPFind3U va apparaitre sur ton bureau.
  • Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
  • Sous le groupe Files Created Within sélectionne 30 days
  • Sous le groupe Files Modified Within sélectionne 30 days
  • Sous le groupe String Search sélectionne Non-Microsoft
  • A présent clique sur le bouton Run Scan dans la barre d'outils
  • Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
  • Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
  • Copie/Colle le contenu du rapport dans ta prochaine réponse.

Partager ce message


Lien à poster
Partager sur d’autres sites

Voila , j'ai du recommancer 4 fois deux fois bloqué sur scanning schell extensions... une fois sur scanning file c:/windows/systeme32/nvwrsno.dll et enfin la 4éme la bonne :

 

WinPFind3 logfile created on: 22/01/2007 2:34:05

WinPFind3U by OldTimer - Version 1.0.11 Folder = C:\Documents and Settings\ok\Bureau\WinPFind3u\

Microsoft Windows XP (Version = 5.1.2600)

Internet Explorer (Version = 6.0.2800.1106)

 

523808 Kb Total Physical Memory | 195552 Kb Available Physical Memory | 37,33% Memory free

1280560 Kb Paging File | 986120 Kb Available in Paging File | 77,01% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 80027764 Kb Total Space | 65877384 Kb Free Space | 82,32% Space Free

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

 

 

[Processes - Non-Microsoft Only]

549b.tmp -> %SystemRoot%\Temp\549B.tmp -> [Ver = | Size = 70144 bytes | Modified Date = 22/01/2007 2:14:02 | Attr = ]

ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 1.08.01 | Size = 54512 bytes | Modified Date = 15/07/2003 13:36:36 | Attr = ]

ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 1.03.4 | Size = 317128 bytes | Modified Date = 13/11/2002 15:44:02 | Attr = ]

cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 15/10/2005 2:22:50 | Attr = ]

ebaytbdaemon.exe -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTBDaemon.exe -> eBay [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:54 | Attr = ]

ezntsvc.exe -> %System32%\ezntsvc.exe -> EasyBits Software Corp. [Ver = 2.0.0.101 | Size = 32768 bytes | Modified Date = 6/07/2005 20:55:32 | Attr = ]

googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 28/10/2006 15:17:16 | Attr = ]

hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 17/04/2002 9:42:56 | Attr = ]

hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe -> [Ver = 2, 6, 0, 162 | Size = 77824 bytes | Modified Date = 17/04/2002 9:49:16 | Attr = ]

hpqcmon.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 6/10/2002 23:23:20 | Attr = ]

hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 16/02/2005 23:11:42 | Attr = ]

hpztsb04.exe -> %System32%\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 19/11/2001 15:37:36 | Attr = ]

htpatch.exe -> %SystemRoot%\htpatch.exe -> [Ver = | Size = 28672 bytes | Modified Date = 30/10/2002 10:40:34 | Attr = R ]

imapp.exe -> %ProgramFiles%\IncrediMail\bin\IMApp.exe -> IncrediMail, Ltd. [Ver = 4, 0, 0, 1930 | Size = 131113 bytes | Modified Date = 25/05/2005 12:07:46 | Attr = ]

navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 9.05.1015 | Size = 116320 bytes | Modified Date = 19/11/2002 13:09:48 | Attr = ]

nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 168003 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.11.0 | Size = 306176 bytes | Modified Date = 18/01/2007 18:01:14 | Attr = ]

 

[Win32 Services - Non-Microsoft Only]

(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 15/10/2005 2:22:50 | Attr = ]

(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 1.03.4 | Size = 317128 bytes | Modified Date = 13/11/2002 15:44:02 | Attr = ]

(ccPwdSvc) Symantec Password Validation Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 1.08.01 | Size = 99568 bytes | Modified Date = 15/07/2003 13:37:18 | Attr = ]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 205312 bytes | Modified Date = 30/09/2001 11:47:58 | Attr = ]

(ezntsvc) EasyBits Magic Desktop Services for Windows NT [Win32_Own | Auto | Running] -> %System32%\ezntsvc.exe -> EasyBits Software Corp. [Ver = 2.0.0.101 | Size = 32768 bytes | Modified Date = 6/07/2005 20:55:32 | Attr = ]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/04/2005 0:41:10 | Attr = ]

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30/10/2006 9:36:32 | Attr = ]

(navapsvc) Service Norton AntiVirus Auto-Protect [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 9.05.1015 | Size = 116320 bytes | Modified Date = 19/11/2002 13:09:48 | Attr = ]

(NeroNET) NeroNET [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\NeroNET\NeroNET.exe -> File not found

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 168003 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 0, 126 | Size = 54408 bytes | Modified Date = 13/08/2001 22:18:36 | Attr = ]

(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 5/04/2005 10:17:22 | Attr = ]

(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]

(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 2/11/2004 16:59:50 | Attr = ]

 

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

CamMonitor -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 6/10/2002 23:23:20 | Attr = ]

ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 1.08.01 | Size = 54512 bytes | Modified Date = 15/07/2003 13:36:36 | Attr = ]

ccRegVfy -> %CommonProgramFiles%\Symantec Shared\CCREGVFY.EXE -> Symantec Corporation [Ver = 1.08.01 | Size = 60344 bytes | Modified Date = 15/07/2003 13:42:36 | Attr = ]

HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 16/02/2005 23:11:42 | Attr = ]

HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 19/11/2001 15:37:36 | Attr = ]

HTpatch -> %SystemRoot%\htpatch.exe -> [Ver = | Size = 28672 bytes | Modified Date = 30/10/2002 10:40:34 | Attr = R ]

NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9/07/2001 11:50:42 | Attr = ]

NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 7680000 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 86016 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1617920 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

SDR6V_Check -> %UserDocuments%\SDRmon.exe -> File not found

Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 17/04/2002 9:42:56 | Attr = ]

SpeedTouch USB Diagnostics -> %ProgramFiles%\Alcatel\SpeedTouch USB\dragdiag.exe -> THOMSON [Ver = 300.7.0.2 | Size = 878080 bytes | Modified Date = 5/09/2003 6:59:20 | Attr = ]

SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240 bytes | Modified Date = 10/11/2004 11:57:02 | Attr = ]

Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 7/06/2005 22:47:10 | Attr = ]

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

IncrediMail -> %ProgramFiles%\IncrediMail\bin\IncMail.exe -> IncrediMail, Ltd. [Ver = 4, 0, 0, 1930 | Size = 188459 bytes | Modified Date = 25/05/2005 12:07:56 | Attr = ]

Instant Access -> %System32%\prodsrvs.exe -> [Ver = 1, 0, 0, 1 | Size = 144896 bytes | Modified Date = 10/01/2007 10:35:26 | Attr = ]

NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 25 | Size = 1871872 bytes | Modified Date = 7/09/2004 12:55:20 | Attr = ]

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -> File not found

System Soap Pro -> %SystemDrive%\PROGRA~1\SYSTEM~1\soap.exe -> File not found

< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

%AllUsersStartup%\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 22:05:26 | Attr = ]

< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\

AnyDVD -> %SystemDrive%\DOCUME~1\ok\LOCALS~1\Temp\Rar$EX02.031\Crack\AnyDVD.exe -> File not found

CHotkey -> %SystemRoot%\mHotkey.exe -> Chicony [Ver = 2, 0, 3, 0 | Size = 493056 bytes | Modified Date = 9/10/2002 10:56:56 | Attr = ]

eBayToolbar -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTBDaemon.exe -> eBay [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:54 | Attr = ]

lycosInside -> %ProgramFiles%\lycos\Lyc_SysTray.exe -> File not found

seekmo -> %ProgramFiles%\seekmo\seekmo.exe -> File not found

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->

Control_RunDLL -> -> File not found

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword -> 0 ->

-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->

< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\

0 -> [Key] ->

0 -> FriendlyName = Ma page d'accueil ->

0 -> Source = About:Home ->

0 -> SubscribedURL = About:Home ->

< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts

< Internet Explorer Settings > ->

HKLM: Default_Page_URL -> http://www.skynet.be ->

HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->

HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->

HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->

HKLM: SearchAssistant -> http://www.google.com/ie ->

HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->

HKCU: Search Bar -> http://www.google.com/ie ->

HKCU: Search Page -> http://www.google.com ->

HKCU: Start Page -> http://be.msn.com/ ->

HKCU: SearchAssistant -> http://www.google.com/ie ->

HKCU: URLSearchHooks\\{4acca1a7-ecc8-4c89-be52-b11919042bbf} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar] -> Conduit Ltd. [Ver = 4, 5, 125, 0 | Size = 1182744 bytes | Modified Date = 2/11/2006 11:12:24 | Attr = ]

HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

HKCU: ProxyEnable -> 0 ->

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 | Attr = ]

{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} [HKLM] -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll [eBay Toolbar Helper] -> [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:46 | Attr = ]

{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 1:04:00 | Attr = ]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 3054 | Size = 2153536 bytes | Modified Date = 17/10/2006 14:04:36 | Attr = R ]

{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]

< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 3054 | Size = 2153536 bytes | Modified Date = 17/10/2006 14:04:36 | Attr = R ]

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]

{4acca1a7-ecc8-4c89-be52-b11919042bbf} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar] -> Conduit Ltd. [Ver = 4, 5, 125, 0 | Size = 1182744 bytes | Modified Date = 2/11/2006 11:12:24 | Attr = ]

{92085AD4-F48A-450D-BD93-B28CC7DF67CE} [HKLM] -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll [eBay Toolbar] -> [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:46 | Attr = ]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> File not found

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\

ShellBrowser\\{319A68DB-06D0-46DA-9F93-A810D5A70836} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 3054 | Size = 2153536 bytes | Modified Date = 17/10/2006 14:04:36 | Attr = R ]

WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]

WebBrowser\\{4ACCA1A7-ECC8-4C89-BE52-B11919042BBF} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar] -> Conduit Ltd. [Ver = 4, 5, 125, 0 | Size = 1182744 bytes | Modified Date = 2/11/2006 11:12:24 | Attr = ]

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> File not found

< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

{77BF5300-1474-4EC7-9980-D32B190E9B07} -> 8196 - Reg Data - Key not found ->

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist ->

{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Windows Messenger ->

NextId -> 8197 ->

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\

&Add animation to IncrediMail Style Box -> %ProgramFiles%\IncrediMail\bin\resources\WebMenuImg.htm -> [Ver = | Size = 591 bytes | Modified Date = 5/01/2005 15:28:04 | Attr = ]

&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm -> File not found

< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\

.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 30/01/2001 12:56:24 | Attr = ]

< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

[HKLM] -> Reg Data - Key not found [] -> File not found

{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [barre des tâches et menu Démarrer] -> File not found

{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Extension Affichage Panorama du Panneau de configuration] -> File not found

{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Extensions de l'environnement de compression de fichiers] -> File not found

{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Comptes d'utilisateurs] -> File not found

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Menu contextuel de cryptage] -> File not found

{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [Extension icône HyperTerminal] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 30/09/2001 11:48:18 | Attr = ]

{92085AD4-F48A-450D-BD93-B28CC7DF67CE} [HKLM] -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll [eBay Toolbar] -> [Ver = 2, 4000, 0, 0 | Size = 497144 bytes | Modified Date = 10/01/2007 21:06:46 | Attr = ]

{A155339D-CCCD-4714-85EB-3754B804C9DF} [HKLM] -> %ProgramFiles%\a-squared Free\a2freecontmenu.dll [a-squared Free Context Menu Shell Extension] -> Emsi Software GmbH [Ver = 2.0.0.48 | Size = 508928 bytes | Modified Date = 18/07/2006 12:32:50 | Attr = ]

{A4DF5659-0801-4A60-9607-1C48695EFDA9} [HKLM] -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wns.dll [Dossier de téléchargement Share-to-Web ] -> Hewlett-Packard [Ver = 2, 6, 0, 162 | Size = 147456 bytes | Modified Date = 17/04/2002 9:40:36 | Attr = ]

{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 7680000 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

{AB77609F-2178-4E6F-9C4B-44AC179D937A} [HKLM] -> Reg Data - Key not found [a² Context Menu Shell Extension] -> File not found

{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 118784 bytes | Modified Date = 17/01/2003 23:00:00 | Attr = ]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 30/10/2006 9:36:36 | Attr = ]

{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 7680000 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\

{F8984111-38B6-11D5-8725-0050DA2761C4} [HKLM] -> %ProgramFiles%\IncrediMail\bin\IMShExt.dll [iMMenuShellExt] -> IncrediMail, Ltd. [Ver = 2, 0, 0, 0 | Size = 61440 bytes | Modified Date = 25/05/2005 12:08:52 | Attr = ]

{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 118784 bytes | Modified Date = 17/01/2003 23:00:00 | Attr = ]

< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

{A155339D-CCCD-4714-85EB-3754B804C9DF} [HKLM] -> %ProgramFiles%\a-squared Free\a2freecontmenu.dll [a2FreeContMenu] -> Emsi Software GmbH [Ver = 2.0.0.48 | Size = 508928 bytes | Modified Date = 18/07/2006 12:32:50 | Attr = ]

< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\

{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 118784 bytes | Modified Date = 17/01/2003 23:00:00 | Attr = ]

< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> Reg Data - Key not found [inCDMenu] -> File not found

{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.9597 | Size = 7680000 bytes | Modified Date = 20/09/2006 16:25:00 | Attr = ]

< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\

{A155339D-CCCD-4714-85EB-3754B804C9DF} [HKLM] -> %ProgramFiles%\a-squared Free\a2freecontmenu.dll [a2FreeContMenu] -> Emsi Software GmbH [Ver = 2.0.0.48 | Size = 508928 bytes | Modified Date = 18/07/2006 12:32:50 | Attr = ]

{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 9.05.15 | Size = 112224 bytes | Modified Date = 20/11/2002 13:11:54 | Attr = ]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 118784 bytes | Modified Date = 17/01/2003 23:00:00 | Attr = ]

< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14/12/2004 2:20:02 | Attr = ]

< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

SKY13 -> IEAK ->

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\

{E07A05DF-641D-418A-9A2D-15D22E2B554F} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 1/11/2006 15:21:20 | Attr = R ]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\

{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab ->

{0246ECA8-996F-11D1-BE2F-00A0C9037DFE} -> TDServer Control - CodeBase = http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab ->

{084DAC27-6FA3-4F55-9005-033F2F102F5C} -> ITPPDiagIE Class - CodeBase = http://data.jeuxclassiques.com/npwwg.cab ->

{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -> - CodeBase = http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab ->

{0E8D0700-75DF-11D3-8B4A-0008C7450C4A} -> DjVuCtl Class - CodeBase = http://downloadcenter.samsung.com/content/...trolLite_EN.cab ->

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab ->

{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->

{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->

{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} -> VerifyGMN Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab ->

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab ->

{32564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab ->

{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->

{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab ->

{39D420B3-E0EB-424C-89AA-C24F8DE7EF79} -> KooPlayer Control - CodeBase = http://www.euchannels.net/update/KooPlayer.ocx ->

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->

{4B48D5DF-9021-45F7-A240-60304302A215} -> Malicious Software Removal Tool - CodeBase = http://download.microsoft.com/download/5/c.../WebCleaner.cab ->

{4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} -> - CodeBase = http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe ->

{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1137956595296 ->

{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab ->

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1127471785543 ->

{72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} -> InstallShield International Setup Player - CodeBase = http://ftp.hp.com/pub/automatic/player/isetupML.cab ->

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab ->

{867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -> HardwareDetection Control - CodeBase = http://drivers1.free.fr/telecharger.php?id=2&version= ->

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab ->

{92ABACFE-EF6E-42C7-A824-D50A914B5B70} -> MastaCash Loader Class - CodeBase = http://dx.mastacash.com/loader.cab ->

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->

{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> Update Class - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...8739.4624537037 ->

{A3009861-330C-4E10-822B-39D16EC8829D} -> CRAVOnline Object - CodeBase = http://www.ravantivirus.com/scan/ravonline.cab ->

{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -> SassCln Object - CodeBase = http://www.microsoft.com/security/controls/SassCln.CAB ->

{AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} -> - CodeBase = http://scripts.dlv4.com/binaries/egaccess4..._1070_em_XP.cab ->

{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -> Get_ActiveX Control - CodeBase = https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx ->

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/msnmesse...pdownloader.cab ->

{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} -> Virtools WebPlayer Class - CodeBase = http://a532.g.akamai.net/7/532/6712/2.0.0....0/Installer.exe ->

{C771B05E-E725-4516-97A5-4CE5EB163CFB} -> - CodeBase = http://www.asian-x.org/acces/237/asian-x_an.exe ->

{D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} -> - CodeBase = http://dialup.carpediem.fr/CABS/cd/1,0,3,8...AccesMembre.cab ->

{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -> Measurement Service Client v.3.4 - CodeBase = http://ccon.futuremark.com/global/msc34.cab ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

{E15111B0-95AE-4C05-B91F-F4564057990C} -> MovieSystem WAY - CodeBase = http://services.moviesystem.com/cabs/msway.cab ->

{E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} -> ProductIDGatherer.WindowsGatherer - CodeBase = http://download.microsoft.com/download/a/3...tIDGatherer.CAB ->

{EB387D2F-E27B-4D36-979E-847D1036C65D} -> QDiagHUpdateObj Class - CodeBase = http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326 ->

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/...942/mcfscan.cab ->

{F00F4763-7355-4725-82F7-0DA94A256D46} -> IncrediMail - CodeBase = http://www2.incredimail.com/contents/setup...er/imloader.cab ->

{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx ->

Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

 

 

[Files - Created Within 30 days]

diff.exe -> %SystemDrive%\diff.exe -> [Ver = | Size = 68096 bytes | Created Date = 21/01/2007 23:47:51 | Attr = ]

grep.exe -> %SystemDrive%\grep.exe -> [Ver = | Size = 103424 bytes | Created Date = 21/01/2007 23:47:51 | Attr = ]

reboot.cmd -> %SystemDrive%\reboot.cmd -> [Ver = | Size = 853 bytes | Created Date = 21/01/2007 23:47:51 | Attr = ]

ccReg.dat -> %CommonProgramFiles%\Symantec Shared\ccReg.dat -> [Ver = | Size = 1206 bytes | Created Date = 21/01/2007 23:41:04 | Attr = RH ]

CommonClient.dat -> %CommonProgramFiles%\Symantec Shared\CommonClient.dat -> [Ver = | Size = 13990 bytes | Created Date = 19/01/2007 11:05:47 | Attr = RH ]

MyAuth.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\MyAuth.dat -> [Ver = | Size = 384 bytes | Created Date = 19/01/2007 0:06:06 | Attr = ]

CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Created Date = 13/01/2007 5:25:34 | Attr = ]

ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 13/01/2007 5:25:35 | Attr = ]

ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 13/01/2007 5:25:35 | Attr = ]

naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.exp -> [Ver = | Size = 13040 bytes | Created Date = 13/01/2007 5:25:36 | Attr = ]

naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 13/01/2007 5:25:36 | Attr = ]

naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.vxd -> [Ver = | Size = 89674 bytes | Created Date = 13/01/2007 5:25:36 | Attr = ]

naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng32.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.exp -> [Ver = | Size = 13232 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.vxd -> [Ver = | Size = 994379 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex32a.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

Raccourci vers scrauth.lnk -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\Raccourci vers scrauth.lnk -> [Ver = | Size = 956 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\symaveng.cat -> [Ver = | Size = 9237 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\symaveng.inf -> [Ver = | Size = 1061 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCDEFS.DAT -> [Ver = | Size = 187905 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN7.DAT -> [Ver = | Size = 1196629 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN8.DAT -> [Ver = | Size = 325348 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN9.DAT -> [Ver = | Size = 736279 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.GRD -> [Ver = | Size = 4778 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.SIG -> [Ver = | Size = 2269 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\virscan.inf -> [Ver = | Size = 106244 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN1.DAT -> [Ver = | Size = 975798 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN5.DAT -> [Ver = | Size = 3179218 bytes | Created Date = 13/01/2007 5:25:37 | Attr = ]

VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Created Date = 13/01/2007 5:25:38 | Attr = ]

VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN7.DAT -> [Ver = | Size = 5890358 bytes | Created Date = 13/01/2007 5:25:38 | Attr = ]

VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN8.DAT -> [Ver = | Size = 1662499 bytes | Created Date = 13/01/2007 5:25:40 | Attr = ]

VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN9.DAT -> [Ver = | Size = 4008519 bytes | Created Date = 13/01/2007 5:25:40 | Attr = ]

VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 13/01/2007 5:25:40 | Attr = ]

vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Created Date = 17/01/2007 20:26:39 | Attr = ]

ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 13/01/2007 5:25:40 | Attr = ]

CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Created Date = 18/01/2007 1:30:45 | Attr = ]

ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 18/01/2007 1:30:45 | Attr = ]

ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ECMSVR32.DLL -> Symantec Corporation [Ver = 71.1.0.11 | Size = 272040 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]

naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.exp -> [Ver = | Size = 13040 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]

naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.sys -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 80472 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]

naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.vxd -> [Ver = | Size = 90186 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]

naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng32.dll -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 124536 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]

navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.exp -> [Ver = | Size = 13232 bytes | Created Date = 18/01/2007 1:30:46 | Attr = ]

navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.sys -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 852280 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.vxd -> [Ver = | Size = 1014347 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex32a.dll -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 902776 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

Raccourci vers scrauth.lnk -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\Raccourci vers scrauth.lnk -> [Ver = | Size = 956 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\symaveng.cat -> [Ver = | Size = 9237 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\symaveng.inf -> [Ver = | Size = 1061 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCDEFS.DAT -> [Ver = | Size = 188007 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN7.DAT -> [Ver = | Size = 1204823 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN8.DAT -> [Ver = | Size = 327507 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN9.DAT -> [Ver = | Size = 739486 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\V.GRD -> [Ver = | Size = 4778 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\V.SIG -> [Ver = | Size = 2261 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\virscan.inf -> [Ver = | Size = 106244 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN1.DAT -> [Ver = | Size = 976014 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN3.DAT -> [Ver = | Size = 147584 bytes | Created Date = 18/01/2007 1:30:47 | Attr = ]

VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]

VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN5.DAT -> [Ver = | Size = 3200757 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]

VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]

VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN7.DAT -> [Ver = | Size = 6003538 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]

VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN8.DAT -> [Ver = | Size = 1664913 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]

VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN9.DAT -> [Ver = | Size = 4033733 bytes | Created Date = 18/01/2007 1:30:48 | Attr = ]

VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 18/01/2007 1:30:49 | Attr = ]

vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Created Date = 19/01/2007 0:12:54 | Attr = ]

ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 18/01/2007 1:30:49 | Attr = ]

CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.exp -> [Ver = | Size = 13040 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.vxd -> [Ver = | Size = 89674 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng32.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.exp -> [Ver = | Size = 13232 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.vxd -> [Ver = | Size = 994379 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex32a.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\symaveng.cat -> [Ver = | Size = 9237 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\symaveng.inf -> [Ver = | Size = 1061 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCDEFS.DAT -> [Ver = | Size = 187887 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN7.DAT -> [Ver = | Size = 1190578 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN8.DAT -> [Ver = | Size = 324094 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN9.DAT -> [Ver = | Size = 735255 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\V.GRD -> [Ver = | Size = 4778 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\V.SIG -> [Ver = | Size = 2269 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\virscan.inf -> [Ver = | Size = 106244 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN1.DAT -> [Ver = | Size = 975620 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN5.DAT -> [Ver = | Size = 3167664 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN6.DAT -> [Ver = | Size = 390049 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN7.DAT -> [Ver = | Size = 5790278 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN8.DAT -> [Ver = | Size = 1660106 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN9.DAT -> [Ver = | Size = 4000061 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 10/01/2007 10:00:00 | Attr = ]

pack.epk -> %SystemRoot%\pack.epk -> [Ver = | Size = 944917 bytes | Created Date = 17/01/2007 15:27:19 | Attr = ]

asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 19/01/2007 15:36:17 | Attr = ]

crypts.dll -> %System32%\crypts.dll -> [Ver = | Size = 23040 bytes | Created Date = 19/01/2007 0:06:27 | Attr = ]

mmc.exe.config -> %System32%\mmc.exe.config -> [Ver = | Size = 126 bytes | Created Date = 9/01/2007 14:13:32 | Attr = ]

nvs2.inf -> %System32%\nvs2.inf -> [Ver = | Size = 22 bytes | Created Date = 17/01/2007 15:27:32 | Attr = ]

prodsrvs.exe -> %System32%\prodsrvs.exe -> [Ver = 1, 0, 0, 1 | Size = 144896 bytes | Created Date = 21/01/2007 21:06:15 | Attr = ]

RunOnce.tm_ -> %System32%\RunOnce.tm_ -> [Ver = | Size = 14 bytes | Created Date = 19/01/2007 0:06:15 | Attr = ]

RunOnce.t__ -> %System32%\RunOnce.t__ -> [Ver = | Size = 8 bytes | Created Date = 19/01/2007 0:06:15 | Attr = ]

update00822631.exe -> %System32%\update00822631.exe -> [Ver = | Size = 39936 bytes | Created Date = 19/01/2007 0:06:21 | Attr = ]

update77526596.exe -> %System32%\update77526596.exe -> [Ver = | Size = 4129 bytes | Created Date = 19/01/2007 0:06:30 | Attr = ]

ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 19/01/2007 15:36:17 | Attr = ]

 

[Files - Modified Within 30 days]

ccReg.dat -> %CommonProgramFiles%\Symantec Shared\ccReg.dat -> [Ver = | Size = 1206 bytes | Modified Date = 22/01/2007 1:59:36 | Attr = RH ]

ccReg_old.dat -> %CommonProgramFiles%\Symantec Shared\ccReg_old.dat -> [Ver = | Size = 1206 bytes | Modified Date = 22/01/2007 1:50:36 | Attr = RH ]

CommonClient.dat -> %CommonProgramFiles%\Symantec Shared\CommonClient.dat -> [Ver = | Size = 13990 bytes | Modified Date = 22/01/2007 1:59:36 | Attr = RH ]

CommonClient_old.dat -> %CommonProgramFiles%\Symantec Shared\CommonClient_old.dat -> [Ver = | Size = 13990 bytes | Modified Date = 22/01/2007 1:50:36 | Attr = RH ]

Catalog.LiveSubscribe -> %CommonProgramFiles%\Symantec Shared\LiveReg\Catalog.LiveSubscribe -> [Ver = | Size = 988 bytes | Modified Date = 21/01/2007 21:39:16 | Attr = ]

definfo.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\definfo.dat -> [Ver = | Size = 57 bytes | Modified Date = 18/01/2007 1:30:52 | Attr = ]

MyAuth.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\MyAuth.dat -> [Ver = | Size = 384 bytes | Modified Date = 19/01/2007 0:06:08 | Attr = ]

usage.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\usage.dat -> [Ver = | Size = 115 bytes | Modified Date = 19/01/2007 15:09:26 | Attr = ]

CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.exp -> [Ver = | Size = 13040 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng.vxd -> [Ver = | Size = 89674 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\naveng32.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.exp -> [Ver = | Size = 13232 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex15.vxd -> [Ver = | Size = 994379 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\navex32a.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\symaveng.cat -> [Ver = | Size = 9237 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\symaveng.inf -> [Ver = | Size = 1061 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCDEFS.DAT -> [Ver = | Size = 187905 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN7.DAT -> [Ver = | Size = 1196629 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN8.DAT -> [Ver = | Size = 325348 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN9.DAT -> [Ver = | Size = 736279 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINF.DAT -> [Ver = | Size = 453 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFL.DAT -> [Ver = | Size = 1957 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.GRD -> [Ver = | Size = 4778 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.SIG -> [Ver = | Size = 2269 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\virscan.inf -> [Ver = | Size = 106244 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN1.DAT -> [Ver = | Size = 975798 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN5.DAT -> [Ver = | Size = 3179218 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN7.DAT -> [Ver = | Size = 5890358 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN8.DAT -> [Ver = | Size = 1662499 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN9.DAT -> [Ver = | Size = 4008519 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Modified Date = 17/01/2007 20:26:40 | Attr = ]

ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ECMSVR32.DLL -> Symantec Corporation [Ver = 71.1.0.11 | Size = 272040 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.exp -> [Ver = | Size = 13040 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.sys -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 80472 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng.vxd -> [Ver = | Size = 90186 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\naveng32.dll -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 124536 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.exp -> [Ver = | Size = 13232 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.sys -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 852280 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex15.vxd -> [Ver = | Size = 1014347 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\navex32a.dll -> Symantec Corporation [Ver = 20071.1.0.15 | Size = 902776 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\symaveng.cat -> [Ver = | Size = 9237 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\symaveng.inf -> [Ver = | Size = 1061 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCDEFS.DAT -> [Ver = | Size = 188007 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN7.DAT -> [Ver = | Size = 1204823 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN8.DAT -> [Ver = | Size = 327507 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCSCAN9.DAT -> [Ver = | Size = 739486 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINF.DAT -> [Ver = | Size = 453 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TINFL.DAT -> [Ver = | Size = 1957 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\V.GRD -> [Ver = | Size = 4778 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\V.SIG -> [Ver = | Size = 2261 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\virscan.inf -> [Ver = | Size = 106244 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN1.DAT -> [Ver = | Size = 976014 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN3.DAT -> [Ver = | Size = 147584 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN5.DAT -> [Ver = | Size = 3200757 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN7.DAT -> [Ver = | Size = 6003538 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN8.DAT -> [Ver = | Size = 1664913 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN9.DAT -> [Ver = | Size = 4033733 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Modified Date = 19/01/2007 0:12:56 | Attr = ]

ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

naveng.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.exp -> [Ver = | Size = 13040 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

naveng.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

naveng.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng.vxd -> [Ver = | Size = 89674 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

naveng32.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\naveng32.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

navex15.exp -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.exp -> [Ver = | Size = 13232 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

navex15.sys -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

navex15.vxd -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.vxd -> [Ver = | Size = 994379 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

navex32a.dll -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex32a.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

symaveng.cat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\symaveng.cat -> [Ver = | Size = 9237 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

symaveng.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\symaveng.inf -> [Ver = | Size = 1061 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCDEFS.DAT -> [Ver = | Size = 187887 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN7.DAT -> [Ver = | Size = 1190578 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN8.DAT -> [Ver = | Size = 324094 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCSCAN9.DAT -> [Ver = | Size = 735255 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINF.DAT -> [Ver = | Size = 453 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TINFL.DAT -> [Ver = | Size = 1957 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\V.GRD -> [Ver = | Size = 4778 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\V.SIG -> [Ver = | Size = 2269 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

virscan.inf -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\virscan.inf -> [Ver = | Size = 106244 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN1.DAT -> [Ver = | Size = 975620 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN5.DAT -> [Ver = | Size = 3167664 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN6.DAT -> [Ver = | Size = 390049 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN7.DAT -> [Ver = | Size = 5790278 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN8.DAT -> [Ver = | Size = 1660106 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN9.DAT -> [Ver = | Size = 4000061 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

AUTOLNCH.REG -> %SystemRoot%\AUTOLNCH.REG -> [Ver = | Size = 1080 bytes | Modified Date = 21/01/2007 18:32:14 | Attr = ]

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 22/01/2007 1:58:54 | Attr = S]

MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 0 bytes | Modified Date = 22/01/2007 1:58:50 | Attr = ]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 21/01/2007 20:52:50 | Attr = ]

pack.epk -> %SystemRoot%\pack.epk -> [Ver = | Size = 944917 bytes | Modified Date = 17/01/2007 15:27:20 | Attr = ]

Ulead32.ini -> %SystemRoot%\Ulead32.ini -> [Ver = | Size = 907 bytes | Modified Date = 17/01/2007 1:05:30 | Attr = ]

WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 1/01/2007 12:01:54 | Attr = ]

crypts.dll -> %System32%\crypts.dll -> [Ver = | Size = 23040 bytes | Modified Date = 19/01/2007 0:06:28 | Attr = ]

Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 19/01/2007 16:02:52 | Attr = ]

mmc.exe.config -> %System32%\mmc.exe.config -> [Ver = | Size = 126 bytes | Modified Date = 9/01/2007 14:13:34 | Attr = ]

nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 75993 bytes | Modified Date = 22/01/2007 1:59:24 | Attr = ]

nvs2.inf -> %System32%\nvs2.inf -> [Ver = | Size = 22 bytes | Modified Date = 17/01/2007 15:27:34 | Attr = ]

pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 19/01/2007 16:02:52 | Attr = ]

prodsrvs.exe -> %System32%\prodsrvs.exe -> [Ver = 1, 0, 0, 1 | Size = 144896 bytes | Modified Date = 10/01/2007 10:35:26 | Attr = ]

RunOnce.tm_ -> %System32%\RunOnce.tm_ -> [Ver = | Size = 14 bytes | Modified Date = 19/01/2007 0:06:16 | Attr = ]

RunOnce.t__ -> %System32%\RunOnce.t__ -> [Ver = | Size = 8 bytes | Modified Date = 19/01/2007 0:06:32 | Attr = ]

Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 19/01/2007 16:02:52 | Attr = ]

update00822631.exe -> %System32%\update00822631.exe -> [Ver = | Size = 39936 bytes | Modified Date = 19/01/2007 0:06:26 | Attr = ]

update77526596.exe -> %System32%\update77526596.exe -> [Ver = | Size = 4129 bytes | Modified Date = 19/01/2007 0:06:32 | Attr = ]

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2184 bytes | Modified Date = 21/01/2007 20:25:04 | Attr = ]

CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 19/01/2007 19:22:34 | Attr = ]

 

[File String Scan - Non-Microsoft Only]

UPX! , UPX0 , -> %CommonProgramFiles%\Ahead\AudioPlugins\MusePack\MPPDEC.EXE -> [Ver = | Size = 64512 bytes | Modified Date = 23/02/2003 19:29:44 | Attr = H ]

UPX! , UPX0 , -> %CommonProgramFiles%\Ahead\AudioPlugins\MusePack\MPPENC.EXE -> [Ver = | Size = 79360 bytes | Modified Date = 26/10/2002 0:53:22 | Attr = H ]

UPX! , UPX0 , -> %CommonProgramFiles%\Ahead\AudioPlugins\Speex\SPEEXDEC.EXE -> [Ver = | Size = 120832 bytes | Modified Date = 23/03/2003 15:45:40 | Attr = H ]

UPX! , UPX0 , -> %CommonProgramFiles%\Ahead\AudioPlugins\Speex\SPEEXENC.EXE -> [Ver = | Size = 122880 bytes | Modified Date = 23/03/2003 15:42:46 | Attr = H ]

Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 19/08/2003 17:56:42 | Attr = ]

Thawte Consulting , -> %CommonProgramFiles%\Logitech\LGS500Inst\setup.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 121064 bytes | Modified Date = 6/04/2005 18:39:06 | Attr = ]

SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20031112.019\WHATSNEW.TXT -> [Ver = | Size = 27089 bytes | Modified Date = 12/11/2003 10:00:00 | Attr = ]

SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20031113.023\WHATSNEW.TXT -> [Ver = | Size = 27089 bytes | Modified Date = 13/11/2003 10:00:00 | Attr = ]

aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\navex15.sys -> Symantec Corporation [Ver = 20051.3.0.16 | Size = 750424 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]

aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\navex15.vxd -> [Ver = | Size = 907339 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]

aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\navex32a.dll -> Symantec Corporation [Ver = 20051.3.0.16 | Size = 788088 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]

SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\TCDEFS.DAT -> [Ver = | Size = 39566 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]

FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\VIRSCAN8.DAT -> [Ver = | Size = 1437408 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]

UPX! , FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20051116.024\VIRSCAN9.DAT -> [Ver = | Size = 2859322 bytes | Modified Date = 16/11/2005 10:00:00 | Attr = ]

SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCDEFS.DAT -> [Ver = | Size = 187905 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN8.DAT -> [Ver = | Size = 1662499 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN9.DAT -> [Ver = | Size = 4008519 bytes | Modified Date = 12/01/2007 10:00:00 | Attr = ]

SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\TCDEFS.DAT -> [Ver = | Size = 188007 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN8.DAT -> [Ver = | Size = 1664913 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070117.019\VIRSCAN9.DAT -> [Ver = | Size = 4033733 bytes | Modified Date = 17/01/2007 10:00:00 | Attr = ]

SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\TCDEFS.DAT -> [Ver = | Size = 187887 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN8.DAT -> [Ver = | Size = 1660106 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\VIRSCAN9.DAT -> [Ver = | Size = 4000061 bytes | Modified Date = 10/01/2007 10:00:00 | Attr = ]

PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\LPT$VPN.989 -> [Ver = | Size = 12848976 bytes | Modified Date = 26/02/2005 2:15:22 | Attr = ]

UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 26/02/2005 2:15:22 | Attr = ]

PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.989 -> [Ver = | Size = 12848976 bytes | Modified Date = 26/02/2005 2:15:22 | Attr = ]

UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.100-1003 | Size = 1036800 bytes | Modified Date = 26/02/2005 2:15:22 | Attr = ]

UPX! , UPX0 , -> %System32%\crypts.dll -> [Ver = | Size = 23040 bytes | Modified Date = 19/01/2007 0:06:28 | Attr = ]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 30/09/2001 11:47:58 | Attr = ]

PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.2 | Size = 573952 bytes | Modified Date = 7/12/2005 18:05:52 | Attr = ]

UPX! , UPX0 , -> %System32%\EGDHTML_1024.dll -> E-Group [Ver = 1, 0, 2, 4 | Size = 64000 bytes | Modified Date = 13/11/2003 11:54:08 | Attr = ]

Umonitor , -> %System32%\ipebase12.dll -> Hewlett-Packard Company [Ver = 1, 2, 0, 5 | Size = 331776 bytes | Modified Date = 15/01/2001 21:03:54 | Attr = ]

PEC2 , PECompact2 , -> %System32%\prodsrvs.exe -> [Ver = 1, 0, 0, 1 | Size = 144896 bytes | Modified Date = 10/01/2007 10:35:26 | Attr = ]

UPX! , UPX0 , -> %System32%\update00822631.exe -> [Ver = | Size = 39936 bytes | Modified Date = 19/01/2007 0:06:26 | Attr = ]

UPX! , UPX0 , -> %System32%\update77526596.exe -> [Ver = | Size = 4129 bytes | Modified Date = 19/01/2007 0:06:32 | Attr = ]

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 30/09/2001 11:49:10 | Attr = ]

WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 30/09/2001 11:47:28 | Attr = ]

UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 30/09/2001 11:48:40 | Attr = ]

 

< End of report >

Partager ce message


Lien à poster
Partager sur d’autres sites

ok merci pour le rapport! Stp suit exactement les manipulations ci dessous!!Va jusqu'au bout et si tu as rencontré des problèmes durant la procédure , fais le moi savoir.

 

Tu as deux possiblités pour consulter les instructions qui suivent:

 

-Soit tu copie/colles le contenu de la procédure dans un fichier texte(que tu met sur le bureau) pour pouvoir le consulter en mode sans échec(tu n'auras pas accès à internet!).

 

-Tu peux également enregistrer la page web complète, sur laquelle se trouve la procédure,

en le faisant à partir de ton navigateur :

 

-Aller en haut de page et cliquer sur le menu"Fichier" : une liste apparait=>

-Choisis "Enregistrer sous" et choisis "Bureau".

-Ensuite cliquer sur le bouton "Enregistrer" à droite du champs "nom du fichier".

 

Pour lire la procédure en mode sans échec, tu n'auras qu'à double cliquer sur le fichier aide pour virus backdoor trojan et w32 spybot worm (avec l'icone de ton navigateur) situé sur le bureau.(tu noteras qu'un nouveau dossier va se créer sur le bureau en plus du fichier : c'est normal!) De cette manière, tu conserveras toutes les mises en formes et les couleurs de la procédure, et cela permettra de t'y retrouver.

--------------------------------------------------------------------------------------------------------------------------

 

La procédure:

 

- Télécharge puis installe AVG Anti-Spyware (AVG AS)

Une fois AVG AS lancé, clique sur "Mise à jour"

Ferme le programme.Ne lance pas le scan maintenant!!

 

- Télécharge ATF Cleaner by Atribune sur ton bureau.

 

- Télécharge Brute Force Uninstaller (de Merijn).

Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

http://metallica.geekstogo.com/EGDACCESS.bfu

FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica).

Voici ce à quoi doit ressembler l'icone du fichier .Bfu que tu viens de télécharger:

edgaccessbfu5np.gif

Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

 

- Démarre WinPFind3U en double cliquant sur WinPFind3U.exe et copie/colle le texte ci dessous (ne copie pas le mot code) dans le Panneau Paste fix here , puis clique sur le bouton Run Fix.

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> 549b.tmp -> %SystemRoot%\Temp\549B.tmp
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> SDR6V_Check -> %UserDocuments%\SDRmon.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Instant Access -> %System32%\prodsrvs.exe
YY -> System Soap Pro -> %SystemDrive%\PROGRA~1\SYSTEM~1\soap.exe
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> seekmo -> %ProgramFiles%\seekmo\seekmo.exe
< Internet Explorer Settings > -> 
YY -> HKCU: URLSearchHooks\\{4acca1a7-ecc8-4c89-be52-b11919042bbf} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar]
YN -> HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {4acca1a7-ecc8-4c89-be52-b11919042bbf} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{319A68DB-06D0-46DA-9F93-A810D5A70836} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YY -> WebBrowser\\{4ACCA1A7-ECC8-4C89-BE52-B11919042BBF} [HKLM] -> %ProgramFiles%\nuls\tbnuls.dll [nuls Toolbar]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
YN -> {77BF5300-1474-4EC7-9980-D32B190E9B07} -> 8196 - Reg Data - Key not found
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {084DAC27-6FA3-4F55-9005-033F2F102F5C} -> ITPPDiagIE Class - CodeBase = http://data.jeuxclassiques.com/npwwg.cab
YN -> {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -> - CodeBase = http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab
YN -> {92ABACFE-EF6E-42C7-A824-D50A914B5B70} -> MastaCash Loader Class - CodeBase = http://dx.mastacash.com/loader.cab
YN -> {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} -> - CodeBase = http://scripts.dlv4.com/binaries/egaccess4..._1070_em_XP.cab
YN -> {C771B05E-E725-4516-97A5-4CE5EB163CFB} -> - CodeBase = http://www.asian-x.org/acces/237/asian-x_an.exe
YN -> {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} -> - CodeBase = http://dialup.carpediem.fr/CABS/cd/1,0,3,8...AccesMembre.cab
[Files - Created Within 30 days]
NY -> pack.epk -> %SystemRoot%\pack.epk
NY -> nvs2.inf -> %System32%\nvs2.inf
NY -> prodsrvs.exe -> %System32%\prodsrvs.exe
NY -> RunOnce.tm_ -> %System32%\RunOnce.tm_
NY -> RunOnce.t__ -> %System32%\RunOnce.t__
NY -> update00822631.exe -> %System32%\update00822631.exe
NY -> update77526596.exe -> %System32%\update77526596.exe
[Files - Modified Within 30 days]
NY -> pack.epk -> %SystemRoot%\pack.epk
NY -> nvs2.inf -> %System32%\nvs2.inf
NY -> prodsrvs.exe -> %System32%\prodsrvs.exe
NY -> RunOnce.tm_ -> %System32%\RunOnce.tm_
NY -> RunOnce.t__ -> %System32%\RunOnce.t__
NY -> update00822631.exe -> %System32%\update00822631.exe
NY -> update77526596.exe -> %System32%\update77526596.exe
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\EGDHTML_1024.dll
NY -> PEC2 , PECompact2 , -> %System32%\prodsrvs.exe
NY -> UPX! , UPX0 , -> %System32%\update00822631.exe
NY -> UPX! , UPX0 , -> %System32%\update77526596.exe
[ Extra Files ]
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.inf
[Reboot]

Le Fix va se faire rapidement,puis il te sera demandé de redémarrer ton pc : accepte en cliquant sur Yes

 

Étape 1:

 

*Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".

Choisir le compte usuel (et non Administrateur).

 

en cas de problème pour sélectionner le mode sans échec, appliquer la procédure de Symantec "Comment démarrer l'ordinateur en mode sans échec"

 

(n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

Étape 2:

 

* Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

  • Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
    EGDACCESS.bfu
     
  • Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
  • Clique sur Execute et laisse-le faire son travail.
  • Attendre que Complete script execution apparaîsse et clique sur OK.
  • Clique Exit pour fermer le programme BFU.

Étape 3:

 

Créer un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code" )

 

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\erixmcyhdt
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|erixmcyhdt
FileDelete %SYSDIR%\erixmcyhdt_navps.dat
FileDelete %SYSDIR%\erixmcyhdt_nav.dat
FileDelete %SYSDIR%\erixmcyhdt.dat
FileDelete %SYSDIR%\erixmcyhdt.exe

-Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

-Choisis "Enregistrer sous" et choisis "C:\BFU"

-Dans le champs "Nom du fichier" en bas de page donne le nom suivant: aftermath.bfu

-Dans le champs"Type" en bas de page ,choisis: "tous les fichiers"

-ensuite clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

-quitte le Bloc Notes.

 

Étape 4:

 

Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

  • Clique sur le petit dossier jaune (à droite de la boîte "Scriptline to execute");
  • Double-clique sur aftermath.bfu
  • Tu devrais maintenant voir ceci dans la boîte "Scriptline to execute" :
    C:\BFU\aftermath.bfu
     
  • Clique sur Execute et laisse-le faire son travail.
  • Attendre que Complete script execution apparaîsse et clique sur OK (l'exécution est rapide..).
  • Clique Exit pour fermer le programme BFU.

Étape 5:

 

Double-clique sur ATF-Cleaner.exe afin de lancer le programme.

  • Pour internet explorer
    Sous l'onglet Main, choisis : Select All
    Clique sur le bouton Empty Selected
     
    Pour Firefox(si tu l'utilises)
    Sous l'onglet Firefox, choisis : Select All
    Clique le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
    Clique Exit, du menu prinicipal, afin de fermer le programme.

* Si l'onglet "Firefox" est grisé dans ATF,nettoie le cache et les cookies dans Firefox comme ceci :

  • Ouvre Firefox et clique sur Outils=> Options
  • Clique sur l'onglet Vie Privée
  • clique sur le bouton Vider le cache dans l'onglet "Historique"
  • clique sur le bouton Supprimer les cookies dans l'onglet "Cookies"
  • clique sur le bouton Vider le cache dans l'onglet "Cache"
  • clique sur le bouton Ok pour fermer la fenêtre des options et valider tes choix.

Étape 6:

 

Relance AVG AS puis choisis l'onglet "Analyse"

Puis l'onglet "Paramètres"

Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"

http://img509.imageshack.us/img509/4851/scanavgjk2.jpg

Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

 

/!\ Si un fichier infecté est détécté en fin d'analyse /!\

Clique sur "Appliquer toutes les actions "

 

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"

Enregistre ce fichier texte sur ton bureau.

 

Étape 7:

 

Redémarre normalement et poste:

 

-Le rapport d'Avg As

-Un nouveau rapport avec Blacklight

-Relance WinPFind3U et poste le nouveau rapport.

Poste aussi le rapport qui se trouve dans le dossier WinPFind3u( c'est un rapport qui a pour nom la date du jour\mois\année\heure).

 

Allez courage! c'est pas compliqué si tu suis bien les étapes :P

 

Edit: comme je t'ai indiqué dans mon MP, j'ai modifié la procédure :P

Modifié par charles ingals

Partager ce message


Lien à poster
Partager sur d’autres sites

Créer un compte ou se connecter pour commenter

Vous devez être membre afin de pouvoir déposer un commentaire

Créer un compte

Créez un compte sur notre communauté. C’est facile !

Créer un nouveau compte

Se connecter

Vous avez déjà un compte ? Connectez-vous ici.

Connectez-vous maintenant

×