Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Annalyse combofix aidez moi svp

strictmaximum
 Partager

Messages recommandés

strictmaximum Junior Member

strictmaximum

Posté(e)
Posté(e)

Bonjour tous,

 

Au départ en fait j'ai un probleme avec l'explorateur windows qui s'arrête dès que je fais un clic droit... J'ai éffectué des restaurations du systeme, j'ai essayé les combines de chez microsoft, j'ai parcouru des dizaines de forum sans trouver l'ombre d'une solution efficace, j'ai fait plusieurs scans avec spyware terminator, spybot, malwarebytes et Avast.

Avast m'a trouvé un fichier cab corrompu...Mais ne propose rien...

Aujourd'hui je me tourne vers vous en espérant que vous aurez une soluce... je vous poste le "log" de "combofix" que je viens d'effectuer.

Si ce n'est pas un probleme de malware avez-vous une idée de comment faire pour évier ce message? "l'explorateur windows a cessé de fonctionner"

merci d'avance

 

Informatiquement vôtre,

 

Strictmaximum

 

 

Le log ComboFix:

 

ComboFix 08-08-30.03 - Wam 2008-08-31 12:25:28.4 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1926 [GMT 2:00]

Endroit: C:\Users\Wam\Desktop\Poste de contrôle\Maintenance\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-31 11:24 . 2008-08-31 11:38 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-08-31 11:38 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-08-31 11:41 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-31 10:24 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll

2008-08-31 10:24 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml

2008-08-31 10:24 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml

2008-08-31 10:20 . 2008-08-31 11:36 <REP> d-------- C:\Users\Wam\AppData\Roaming\Vista Start Menu

2008-08-31 10:20 . 2008-08-31 10:21 <REP> d-------- C:\Program Files\Vista Start Menu

2008-08-31 10:13 . 2008-08-31 10:17 <REP> d-------- C:\Windows\UltraDefrag

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Users\Wam\AppData\Roaming\FreeCommander

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Program Files\FreeCommander

2008-08-30 13:43 . 2008-08-30 13:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\eSobi

2008-08-30 00:44 . 2008-08-30 00:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\PeerNetworking

2008-08-29 23:16 . 2008-08-29 23:16 <REP> d-------- C:\Users\Wam\AppData\Roaming\Template

2008-08-29 23:16 . 2008-08-30 12:24 438 --a------ C:\Users\Wam\AppData\Roaming\wklnhst.dat

2008-08-29 20:07 . 2008-08-29 20:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Auslogics

2008-08-29 20:05 . 2008-08-29 20:05 <REP> d-------- C:\Program Files\Auslogics

2008-08-29 16:13 . 2008-08-29 16:13 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-08-29 15:14 . 2008-08-29 15:14 <REP> d-------- C:\Users\Wam\Option

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\Users\All Users\Lavasoft

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\ProgramData\Lavasoft

2008-08-28 23:07 . 2008-08-28 23:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Grisoft

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\Users\All Users\TEMP

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\ProgramData\TEMP

2008-08-28 22:58 . 2008-08-28 22:58 <REP> d-------- C:\Program Files\Sophos

2008-08-28 22:41 . 2008-08-28 22:49 <REP> d----c--- C:\Windows\System32\DRVSTORE

2008-08-28 21:44 . 2008-08-30 19:56 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-08-28 17:38 . 2008-08-28 17:38 <REP> d-------- C:\Program Files\GameTop.com

2008-08-28 17:37 . 2008-08-28 17:37 <REP> d-------- C:\Program Files\FreeGamePick.com

2008-08-28 12:58 . 2008-08-28 12:58 <REP> d-------- C:\Program Files\Monte Cristo

2008-08-28 11:14 . 2008-08-28 11:14 <REP> d-------- C:\Program Files\Nouvelle Cible

2008-08-28 11:14 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Cheatbook 12.2004

2008-08-28 11:12 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Audacity

2008-08-28 11:11 . 2008-08-28 11:11 <REP> d-------- C:\Program Files\IVCsoft

2008-08-28 09:49 . 2008-08-28 09:49 56 --ah----- C:\Windows\System32\ezsidmv.dat

2008-08-28 08:49 . 2008-08-28 08:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\Command & Conquer 3  La Fureur de Kane

2008-08-28 08:49 . 2008-08-28 08:49 107,888 --a------ C:\Windows\System32\CmdLineExt.dll

2008-08-28 08:33 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll

2008-08-28 08:33 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll

2008-08-28 08:33 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll

2008-08-28 08:33 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll

2008-08-28 08:33 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll

2008-08-28 08:02 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-08-28 07:47 . 2008-08-28 08:20 <REP> d-------- C:\Program Files\Electronic Arts

2008-08-28 01:28 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information

2008-08-28 00:51 . 2008-08-29 01:08 <REP> d-------- C:\Program Files\Picasa2

2008-08-28 00:51 . 2006-10-05 04:42 2,560 --a------ C:\Windows\System32\drivers\cdralw2k.sys

2008-08-28 00:51 . 2006-10-05 04:42 2,432 --a------ C:\Windows\System32\drivers\cdr4_xp.sys

2008-08-28 00:42 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Defraggler

2008-08-27 23:18 . 2008-08-27 23:18 <REP> d-------- C:\Users\All Users\WinZip

2008-08-27 23:18 . 2008-08-27 23:18 <REP> d-------- C:\ProgramData\WinZip

2008-08-27 23:16 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\WinZip 8.1 Fr

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\FLEXnet

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\FLEXnet

2008-08-27 22:56 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\NFO viewer

2008-08-27 22:56 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Bonjour

2008-08-27 22:52 . 2008-08-27 22:52 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\QuickTime

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\vlc

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Program Files\VideoLAN

2008-08-27 21:52 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Apple Software Update

2008-08-27 21:39 . 2008-08-29 01:04 <REP> d-------- C:\Users\Wam\AppData\Roaming\IrfanView

2008-08-27 21:39 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\IrfanView

2008-08-27 21:39 . 2008-08-28 00:51 <REP> d-------- C:\Program Files\Google

2008-08-27 17:13 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\PhotoDeluxe EE 1.1

2008-08-27 17:11 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe

2008-08-27 16:51 . 2008-08-29 01:18 900 --ahs---- C:\Windows\System32\KGyGaAvL.sys

2008-08-27 16:27 . 2008-08-27 16:27 <REP> d-------- C:\Users\Wam\AppData\Roaming\Corel

2008-08-27 16:24 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Corel® Painter IX TBYB FR

2008-08-27 15:39 . 2008-08-31 11:37 <REP> d-------- C:\Users\Wam\AppData\Roaming\OpenOffice.org2

2008-08-27 15:37 . 2008-08-27 15:37 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

2008-08-27 15:21 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\CCleaner

2008-08-27 15:18 . 2008-08-27 15:20 <REP> d-------- C:\Users\Wam\AppData\Roaming\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Crawler

2008-08-27 15:18 . 2008-08-27 15:18 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys

2008-08-27 15:15 . 2008-08-27 15:15 <REP> d-------- C:\Users\Wam\AppData\Roaming\Malwarebytes

2008-08-27 15:15 . 2008-08-27 15:15 <REP> d-------- C:\Users\All Users\Malwarebytes

2008-08-27 15:15 . 2008-08-27 15:15 <REP> d-------- C:\ProgramData\Malwarebytes

2008-08-27 15:15 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-27 15:15 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-08-27 15:15 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys

2008-08-27 14:57 . 2008-08-28 09:49 <REP> d-------- C:\Users\Wam\AppData\Roaming\skypePM

2008-08-27 14:55 . 2008-08-29 01:04 <REP> d-------- C:\Users\Wam\AppData\Roaming\Skype

2008-08-27 14:55 . 2008-08-30 21:02 <REP> d-------- C:\Users\Valérie\Documents de valérie

2008-08-27 14:55 . 2008-08-30 21:02 <REP> d-------- C:\Users\Valérie\Documents de valérie

2008-08-27 14:55 . 2008-08-27 14:55 <REP> d-------- C:\Users\All Users\Skype

2008-08-27 14:55 . 2008-08-27 14:55 <REP> d-------- C:\ProgramData\Skype

2008-08-27 14:55 . 2008-08-27 14:55 <REP> d-------- C:\Program Files\Skype

2008-08-27 14:55 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Common Files\Skype

2008-08-27 14:50 . 2008-08-27 14:50 0 --a------ C:\Windows\nsreg.dat

2008-08-27 14:19 . 2008-08-29 01:08 <REP> d-------- C:\Program Files\MSN Messenger

2008-08-27 13:37 . 2008-08-27 13:37 <REP> d-------- C:\Users\All Users\ma-config.com

2008-08-27 13:37 . 2008-08-27 13:37 <REP> d-------- C:\ProgramData\ma-config.com

2008-08-27 13:37 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\ma-config.com

2008-08-27 13:10 . 2008-08-27 13:10 <REP> d-------- C:\Users\Wam\AppData\Roaming\SiteAdvisor

2008-08-27 12:39 . 2008-08-27 12:46 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Adobe

2008-08-27 12:26 . 2008-08-27 12:26 <REP> d-------- C:\Users\Wam\AppData\Roaming\Yahoo!

2008-08-27 12:16 . 2008-08-27 12:20 <REP> d-------- C:\Program Files\Windows Live

2008-08-27 12:16 . 2008-08-27 13:17 <REP> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-27 12:15 . 2008-08-27 12:15 <REP> d-------- C:\Users\All Users\WLInstaller

2008-08-27 12:15 . 2008-08-27 12:15 <REP> d-------- C:\ProgramData\WLInstaller

2008-08-27 11:55 . 2008-08-27 11:55 <REP> d-------- C:\Program Files\Hercules

2008-08-27 11:54 . 2008-08-27 14:02 <REP> d-------- C:\Windows\OvtCam

2008-08-27 11:54 . 2005-03-15 17:04 161,792 --a------ C:\Windows\System32\drivers\ov530vid.sys

2008-08-27 11:54 . 2004-08-05 17:34 61,440 --a------ C:\Windows\ov530dib.dll

2008-08-27 11:54 . 2005-09-30 09:42 40,960 --a------ C:\Windows\System32\ov530ext.dll

2008-08-27 11:54 . 2004-11-09 00:37 25,177 --a------ C:\Windows\System32\drivers\ov530cmd.sys

2008-08-27 11:54 . 2005-09-30 09:56 18,972 --a------ C:\Windows\System32\ov530ext.ax

2008-08-27 11:54 . 2004-07-20 01:50 16,440 --a------ C:\Windows\System32\ov530usd.dll

2008-08-27 11:46 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-27 11:42 . 2008-08-27 11:42 <REP> d-------- C:\Program Files\MSXML 4.0

2008-08-27 11:41 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-08-27 11:39 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-08-27 11:26 . 2008-08-27 11:26 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Macromedia

2008-08-27 11:26 . 2008-08-27 11:26 <REP> d-------- C:\Users\Valérie\AppData\Roaming\ATI

2008-08-27 11:25 . 2008-08-29 01:04 <REP> dr------- C:\Users\Valérie\Videos

2008-08-27 11:25 . 2008-08-29 01:04 <REP> dr------- C:\Users\Valérie\Videos

2008-08-27 11:25 . 2008-08-29 01:04 <REP> dr------- C:\Users\Valérie\Searches

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-31 10:25 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-08-31 10:25 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-08-31 07:13 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-31 07:12 --------- d-----w C:\Program Files\Microsoft Works

2008-08-30 11:46 --------- d-----w C:\ProgramData\eSobi

2008-08-28 22:08 --------- d-----w C:\Program Files\Yahoo!

2008-08-27 20:57 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPRR____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLV____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLST___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLEV___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLED___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLC____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPC_____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPAJ____.FOT

2008-08-27 12:06 --------- d-s---w C:\Users\Valérie\AppData\Roaming\Microsoft

2008-08-27 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-27 11:22 --------- d-----w C:\Program Files\McAfee

2008-08-27 11:10 --------- d-----w C:\ProgramData\SiteAdvisor

2008-08-27 10:46 --------- d-----w C:\Users\Valérie\AppData\Roaming\Adobe

2008-08-27 09:48 --------- d-----w C:\Program Files\Windows Mail

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\Macromedia

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\ATI

2008-08-27 09:25 --------- d-----w C:\Users\Valérie\AppData\Roaming\Identities

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Modèles

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Menu Démarrer

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Favoris

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Bureau

2008-08-27 07:53 --------- d-sh--w C:\Program Files\Fichiers communs

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-06-05 02:42 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll

2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll

2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll

2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll

2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll

2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe

2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe

2008-05-06 02:10 749,568 ----a-w C:\Windows\AcerStore.exe

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

2007-04-23 12:21 269,824 ----a-w C:\Windows\inf\WG111v3\Vista64\wg111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\WG111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\Vista\wg111v3.sys

2006-12-15 09:30 98,304 ----a-w C:\Windows\inf\WG111v3\UScanM.exe

2006-12-15 09:30 315,392 ----a-w C:\Windows\inf\WG111v3\InstallDriver.exe

2006-12-15 09:30 28,672 ----a-w C:\Windows\inf\WG111v3\SetDrv.exe

2006-12-15 09:30 212,992 ----a-w C:\Windows\inf\WG111v3\CopyWHQLDriver.exe

2006-12-15 09:30 20,480 ----a-w C:\Windows\inf\WG111v3\RTWUPath.exe

2006-12-15 09:30 19,968 ----a-w C:\Windows\inf\WG111v3\RTWREFU.EXE

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-30_ 0.00.29.11 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-05 02:57:20 23,558 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\ARPPRODUCTICON.exe

+ 2008-08-30 11:46:56 247,638 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\ARPPRODUCTICON.exe

- 2008-06-05 02:57:20 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_15D967B5A4BE42AE9E8464CD062B25AA.exe

+ 2008-08-30 11:46:56 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_15D967B5A4BE42AE9E8464CD062B25AA.exe

- 2008-06-05 02:57:20 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_desktop_15D967B5A4BE42AE9E8464CD062B25AA.exe

+ 2008-08-30 11:46:56 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_desktop_15D967B5A4BE42AE9E8464CD062B25AA.exe

- 2008-08-29 21:28:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-08-31 09:37:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-08-29 21:28:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-08-31 09:37:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-08-29 21:30:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-08-31 09:38:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-08-31 09:38:55 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-08-29 21:30:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-08-31 09:38:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-08-31 09:38:50 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-08-29 21:28:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-08-29 21:28:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-08-29 21:28:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-08-29 21:58:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-08-31 10:25:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-08-31 10:25:24 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-08-27 20:59:33 1,661,272 ----a-w C:\Windows\System32\FNTCACHE.DAT

+ 2008-08-31 07:14:39 1,658,936 ----a-w C:\Windows\System32\FNTCACHE.DAT

- 2008-08-29 21:35:02 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-08-31 09:42:02 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-08-29 21:35:02 123,350 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-08-31 09:42:02 123,350 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-08-29 21:35:02 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-08-31 09:42:02 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-08-29 21:35:02 669,328 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-08-31 09:42:02 669,328 ----a-w C:\Windows\System32\perfh00C.dat

- 2008-08-29 21:27:57 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

+ 2008-08-31 08:32:01 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

- 2008-08-29 21:30:48 5,380 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2571914964-1430876280-426546182-1000_UserData.bin

+ 2008-08-31 09:39:05 6,104 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2571914964-1430876280-426546182-1000_UserData.bin

- 2008-08-29 21:30:48 73,984 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-08-31 09:39:05 74,118 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-08-29 21:30:47 51,058 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-08-31 09:39:04 52,236 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-08-29 14:12:19 86,315 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-08-31 08:23:51 175,166 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-05-10 03:30:49 858,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6000.16687_none_863728a999516b76\RacEngn.dll

+ 2008-05-10 03:13:37 858,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6000.20832_none_86f1d584b24afdff\RacEngn.dll

+ 2008-05-10 03:35:20 885,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6001.18069_none_883507bb9665f733\RacEngn.dll

+ 2008-05-10 03:21:35 885,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6001.22176_none_88b0d3bcaf8e66e9\RacEngn.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 03:18 443968]

"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2008-07-09 13:43 2136064]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]

"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]

"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 19:49 204908]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 19:57 34040]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-27 21:39 29744]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 07:21 5369856 C:\Windows\RtHDVCpl.exe]

 

C:\Users\Wam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-14 10:24:06 1695744]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{39483AF4-6277-434A-8C81-EEA2C2461D24}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{8719D5E1-793E-4F9D-88DD-78C00BCDF5D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician

"{4D7E353C-F160-4D1E-B45D-FBAF340ED2ED}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD

"{3F1AC602-C49C-4B07-AAC9-F573A6DE6DDB}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician

"{366F7CF6-4D0E-4110-8DF8-4D6586841F01}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine

"{BD637667-56BC-43ED-9884-B9B585628618}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia

"{01FF3703-8975-429B-875A-AB12919BCBC8}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{473DFFBF-F989-48BF-8937-0650C5A6DB8B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service

"{E2448DCF-9832-4280-BA97-EF6465FCD0C1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator

"{2FB1E4DC-655B-4D66-BC5F-35F864C3CAF8}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{4801CD5B-F558-4808-9CD9-4DFB2F24AC55}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{616AABAB-E816-4AAD-8898-F38B1255D749}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{FD0915E6-9BAD-4C0E-98F8-71A181A5E87C}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{EAC16019-5FFD-4479-9BD1-FF44C6A1B94C}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{41BD57FF-08B7-4BBF-9C4D-841047B98225}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{71601132-DFFE-4DCE-95B3-5900799EEB1D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{203193B0-DC74-4F91-B57A-E4676324A6C0}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{1700F0E7-0C4A-48EF-B683-39EA20456A31}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{88B1733F-727D-4D99-A5CE-67D908A41F11}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{EBDF6D30-E9D1-47A5-8CD1-1CDF9514292E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{A9E1E3A8-D134-4FF3-8D7B-2198638C0508}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{137680FD-D621-4F63-B3FD-DAC52CFC22E8}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{6657B234-CB7A-4E77-90CA-BE121A3BE73D}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

 

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:23]

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 19:49]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 19:57]

R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 03:02]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 19:53]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 16:58]

R3 ovt530;Webcam Classic;C:\Windows\system32\Drivers\ov530vid.sys [2005-03-15 17:04]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys [2007-04-23 14:19]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 04:51]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-27 21:39]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57]

S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 08:45]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Wam\AppData\Roaming\Mozilla\Firefox\Profiles\nb924ai7.default\

FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-31 12:27:00

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-08-31 12:28:11

ComboFix-quarantined-files.txt 2008-08-31 10:28:08

ComboFix2.txt 2008-08-29 22:13:20

ComboFix3.txt 2008-08-29 22:01:16

 

Pre-Run: 132,663,820,288 octets libres

Post-Run: 132,639,662,080 octets libres

 

373 --- E O F --- 2008-08-31 08:24:27

Lien vers le commentaire
Partager sur d’autres sites

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonsoir strictmaximum :P

 

Messages: 2
Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement :P

 

----------

 

Pour commencer, pour toi et les lecteurs, il ne faut pas exécuter ComboFix de son propre chef ! C'est un outil puissant qui peut parfois faire plus de mal que de bien suivant comment et quand il est utilisé. Ce n'est un outil à utiliser que lorsque cela vous l'est demandé par un Helper. En plus, je vois que tu l'as exécuté plusieurs fois.

 

Poste moi les rapports précédents, tu les trouveras ici :

  • C:\ComboFix2.txt
    C:\ComboFix3.txt

 

A bientôt.

Lien vers le commentaire
Partager sur d’autres sites
strictmaximum Junior Member

strictmaximum

Posté(e)
  • Auteur
Posté(e)

En fait j'en ai fait plusieurs à la suite....Voilà les 2 et 3

 

merci pour votre aide, le 2:

 

ComboFix 08-09-05.02 - Wam 2008-09-06 10:53:14.5 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1896 [GMT 2:00]

Endroit: C:\Users\Wam\Desktop\Poste de contrôle\Maintenance\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-04 10:33 . 2008-09-04 10:33 <REP> dr-h----- C:\Users\Wam\AppData\Roaming\SecuROM

2008-09-04 10:33 . 2008-09-04 10:35 <REP> d-------- C:\Users\Wam\AppData\Roaming\Red Alert 3 Beta

2008-09-04 10:30 . 2008-09-04 10:30 <REP> d-------- C:\Program Files\EA Games

2008-09-04 10:30 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll

2008-09-04 10:30 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll

2008-09-04 10:30 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll

2008-09-04 01:07 . 2008-09-04 01:07 <REP> d-------- C:\Windows\Sun

2008-09-04 01:06 . 2008-09-04 01:06 <REP> d-------- C:\Program Files\Java

2008-09-04 01:05 . 2008-09-04 01:05 <REP> d-------- C:\Program Files\Common Files\Java

2008-09-03 13:25 . 2008-09-03 13:26 <REP> d-------- C:\Users\All Users\EPSON

2008-09-03 13:25 . 2008-09-03 13:26 <REP> d-------- C:\ProgramData\EPSON

2008-09-03 13:25 . 2006-08-10 02:02 75,264 --a------ C:\Windows\System32\E_FLBBEE.DLL

2008-09-03 13:25 . 2006-04-19 02:00 62,976 --a------ C:\Windows\System32\E_FD4BBEE.DLL

2008-09-03 13:25 . 2004-09-10 20:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL

2008-09-03 13:24 . 2008-09-03 13:24 <REP> d-------- C:\Users\Wam\AppData\Roaming\InstallShield

2008-09-03 13:18 . 2008-09-03 13:25 <REP> d-------- C:\Program Files\epson

2008-09-03 13:18 . 2006-10-13 00:00 61,952 --a------ C:\Windows\System32\escwiad.dll

2008-09-03 13:18 . 2005-02-25 00:00 46,080 --a------ C:\Windows\System32\escimgd.dll

2008-09-03 13:18 . 2005-02-25 00:00 22,016 --a------ C:\Windows\System32\esccmd.dll

2008-09-03 13:17 . 2008-09-03 13:17 27 --a------ C:\Windows\CDE DX4000DEFGIPS.ini

2008-09-03 12:25 . 2008-09-03 12:25 691 --a------ C:\Users\Wam\AppData\Roaming\GetValue.vbs

2008-09-03 12:25 . 2008-09-03 12:25 35 --a------ C:\Users\Wam\AppData\Roaming\SetValue.bat

2008-09-03 12:23 . 2008-09-03 12:25 3,194 --a------ C:\Windows\System32\tmp.reg

2008-09-03 12:16 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe

2008-09-03 12:16 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe

2008-09-03 12:16 . 2008-09-02 23:58 88,576 --a------ C:\Windows\System32\AntiXPVSTFix.exe

2008-09-03 12:16 . 2008-09-02 16:51 86,528 --a------ C:\Windows\System32\VACFix.exe

2008-09-03 12:16 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe

2008-09-03 12:16 . 2008-08-28 22:36 82,432 --a------ C:\Windows\System32\IEDFix.C.exe

2008-09-03 12:16 . 2008-08-18 12:19 82,432 --a------ C:\Windows\System32\404Fix.exe

2008-09-03 12:16 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe

2008-09-03 12:16 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe

2008-09-03 12:16 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe

2008-09-03 08:52 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-03 08:52 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-03 08:52 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-03 08:52 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-03 08:52 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-03 08:52 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-03 08:52 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-03 08:52 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-03 08:52 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-03 00:43 . 2008-09-03 00:43 <REP> d-------- C:\Program Files\Cheatbook 09.2008

2008-09-01 20:54 . 2008-09-01 20:54 <REP> d-------- C:\Users\Valérie\AppData\Roaming\vlc

2008-09-01 20:48 . 2008-09-01 20:48 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Mozilla

2008-09-01 20:47 . 2008-09-05 17:56 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Vista Start Menu

2008-08-31 18:25 . 2008-08-31 19:01 <REP> d-------- C:\Users\All Users\TrackMania

2008-08-31 18:25 . 2008-08-31 19:01 <REP> d-------- C:\ProgramData\TrackMania

2008-08-31 18:21 . 2008-08-31 18:23 <REP> d-------- C:\Program Files\TmNationsForever

2008-08-31 11:24 . 2008-09-03 13:58 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-09-03 13:58 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-08-31 11:41 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-31 10:24 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll

2008-08-31 10:24 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml

2008-08-31 10:24 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml

2008-08-31 10:20 . 2008-09-04 12:02 <REP> d-------- C:\Users\Wam\AppData\Roaming\Vista Start Menu

2008-08-31 10:20 . 2008-08-31 10:21 <REP> d-------- C:\Program Files\Vista Start Menu

2008-08-31 10:13 . 2008-08-31 10:17 <REP> d-------- C:\Windows\UltraDefrag

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Users\Wam\AppData\Roaming\FreeCommander

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Program Files\FreeCommander

2008-08-30 13:43 . 2008-08-30 13:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\eSobi

2008-08-30 00:44 . 2008-08-30 00:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\PeerNetworking

2008-08-29 23:16 . 2008-08-29 23:16 <REP> d-------- C:\Users\Wam\AppData\Roaming\Template

2008-08-29 23:16 . 2008-09-02 12:07 618 --a------ C:\Users\Wam\AppData\Roaming\wklnhst.dat

2008-08-29 20:07 . 2008-08-29 20:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Auslogics

2008-08-29 20:05 . 2008-08-29 20:05 <REP> d-------- C:\Program Files\Auslogics

2008-08-29 16:13 . 2008-08-29 16:13 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-08-29 15:14 . 2008-08-29 15:14 <REP> d-------- C:\Users\Wam\Option

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\Users\All Users\Lavasoft

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\ProgramData\Lavasoft

2008-08-28 23:07 . 2008-08-28 23:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Grisoft

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\Users\All Users\TEMP

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\ProgramData\TEMP

2008-08-28 22:58 . 2008-08-31 19:46 <REP> d-------- C:\Program Files\Sophos

2008-08-28 22:41 . 2008-08-28 22:49 <REP> d----c--- C:\Windows\System32\DRVSTORE

2008-08-28 21:44 . 2008-08-30 19:56 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-08-28 17:38 . 2008-08-28 17:38 <REP> d-------- C:\Program Files\GameTop.com

2008-08-28 17:37 . 2008-08-28 17:37 <REP> d-------- C:\Program Files\FreeGamePick.com

2008-08-28 12:58 . 2008-08-28 12:58 <REP> d-------- C:\Program Files\Monte Cristo

2008-08-28 11:14 . 2008-08-28 11:14 <REP> d-------- C:\Program Files\Nouvelle Cible

2008-08-28 11:14 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Cheatbook 12.2004

2008-08-28 11:12 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Audacity

2008-08-28 11:11 . 2008-08-28 11:11 <REP> d-------- C:\Program Files\IVCsoft

2008-08-28 09:49 . 2008-08-28 09:49 56 --ah----- C:\Windows\System32\ezsidmv.dat

2008-08-28 08:49 . 2008-08-28 08:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\Command & Conquer 3  La Fureur de Kane

2008-08-28 08:49 . 2008-08-28 08:49 107,888 --a------ C:\Windows\System32\CmdLineExt.dll

2008-08-28 08:33 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll

2008-08-28 08:33 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll

2008-08-28 08:33 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll

2008-08-28 08:33 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll

2008-08-28 08:33 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll

2008-08-28 08:02 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-08-28 07:47 . 2008-08-28 08:20 <REP> d-------- C:\Program Files\Electronic Arts

2008-08-28 01:28 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information

2008-08-28 00:51 . 2008-08-29 01:08 <REP> d-------- C:\Program Files\Picasa2

2008-08-28 00:51 . 2006-10-05 04:42 2,560 --a------ C:\Windows\System32\drivers\cdralw2k.sys

2008-08-28 00:51 . 2006-10-05 04:42 2,432 --a------ C:\Windows\System32\drivers\cdr4_xp.sys

2008-08-27 23:18 . 2008-09-01 11:06 <REP> d-------- C:\Users\All Users\WinZip

2008-08-27 23:18 . 2008-09-01 11:06 <REP> d-------- C:\ProgramData\WinZip

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\FLEXnet

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\FLEXnet

2008-08-27 22:56 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\NFO viewer

2008-08-27 22:56 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Bonjour

2008-08-27 22:52 . 2008-08-27 22:52 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\QuickTime

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\vlc

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Program Files\VideoLAN

2008-08-27 21:52 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Apple Software Update

2008-08-27 21:39 . 2008-08-29 01:04 <REP> d-------- C:\Users\Wam\AppData\Roaming\IrfanView

2008-08-27 21:39 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\IrfanView

2008-08-27 21:39 . 2008-09-03 11:53 <REP> d-------- C:\Program Files\Google

2008-08-27 17:13 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\PhotoDeluxe EE 1.1

2008-08-27 17:11 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe

2008-08-27 16:51 . 2008-08-29 01:18 900 --ahs---- C:\Windows\System32\KGyGaAvL.sys

2008-08-27 16:27 . 2008-08-27 16:27 <REP> d-------- C:\Users\Wam\AppData\Roaming\Corel

2008-08-27 16:24 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Corel® Painter IX TBYB FR

2008-08-27 15:39 . 2008-09-06 08:43 <REP> d-------- C:\Users\Wam\AppData\Roaming\OpenOffice.org2

2008-08-27 15:37 . 2008-08-27 15:37 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

2008-08-27 15:21 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\CCleaner

2008-08-27 15:18 . 2008-09-01 00:18 <REP> d-------- C:\Users\Wam\AppData\Roaming\Spyware Terminator

2008-08-27 15:18 . 2008-09-01 00:18 <REP> d-------- C:\Users\All Users\Spyware Terminator

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-06 08:53 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-09-06 08:53 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-09-05 15:56 --------- d-----w C:\Users\Valérie\AppData\Roaming\Vista Start Menu

2008-09-03 23:21 --------- d-----w C:\Program Files\Common Files\Adobe

2008-09-01 18:54 --------- d-----w C:\Users\Valérie\AppData\Roaming\vlc

2008-09-01 18:48 --------- d-----w C:\Users\Valérie\AppData\Roaming\Mozilla

2008-08-31 07:13 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-31 07:12 --------- d-----w C:\Program Files\Microsoft Works

2008-08-30 11:46 --------- d-----w C:\ProgramData\eSobi

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPRR____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLV____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLST___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLEV___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLED___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLC____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPC_____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPAJ____.FOT

2008-08-27 12:06 --------- d-s---w C:\Users\Valérie\AppData\Roaming\Microsoft

2008-08-27 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-27 11:10 --------- d-----w C:\ProgramData\SiteAdvisor

2008-08-27 10:46 --------- d-----w C:\Users\Valérie\AppData\Roaming\Adobe

2008-08-27 09:48 --------- d-----w C:\Program Files\Windows Mail

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\Macromedia

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\ATI

2008-08-27 09:25 --------- d-----w C:\Users\Valérie\AppData\Roaming\Identities

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Modèles

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Menu Démarrer

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Favoris

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Bureau

2008-08-27 07:53 --------- d-sh--w C:\Program Files\Fichiers communs

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

2007-04-23 12:21 269,824 ----a-w C:\Windows\inf\WG111v3\Vista64\wg111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\WG111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\Vista\wg111v3.sys

2006-12-15 09:30 98,304 ----a-w C:\Windows\inf\WG111v3\UScanM.exe

2006-12-15 09:30 315,392 ----a-w C:\Windows\inf\WG111v3\InstallDriver.exe

2006-12-15 09:30 28,672 ----a-w C:\Windows\inf\WG111v3\SetDrv.exe

2006-12-15 09:30 212,992 ----a-w C:\Windows\inf\WG111v3\CopyWHQLDriver.exe

2006-12-15 09:30 20,480 ----a-w C:\Windows\inf\WG111v3\RTWUPath.exe

2006-12-15 09:30 19,968 ----a-w C:\Windows\inf\WG111v3\RTWREFU.EXE

.

 

((((((((((((((((((((((((((((( snapshot_2008-08-31_12.27.22.25 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-28 11:00:13 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2008-08-31 16:23:58 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2008-08-28 11:00:13 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2008-08-31 16:23:59 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2008-08-28 11:00:13 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2008-08-31 16:23:59 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

- 2008-08-28 11:00:06 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:23:52 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:06 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:23:53 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:07 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:23:54 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:08 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:23:55 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:09 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:23:55 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:09 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:23:56 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:10 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:23:56 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:10 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:23:57 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:11 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:23:57 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:13 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-31 16:24:00 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-08-28 11:00:13 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2008-08-31 16:24:01 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2008-08-28 11:00:14 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2008-08-31 16:24:01 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2008-08-28 11:00:14 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2008-08-31 16:24:01 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2008-08-28 11:00:14 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2008-08-31 16:24:01 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2008-08-28 11:00:12 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2008-08-31 16:23:58 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2006-11-20 09:04:16 57,344 ----a-w C:\Windows\Downloaded Program Files\lfbmp13n.dll

+ 2006-11-20 09:04:16 401,408 ----a-w C:\Windows\Downloaded Program Files\lfcmp13n.dll

+ 2006-11-20 09:04:16 65,536 ----a-w C:\Windows\Downloaded Program Files\lfeps13n.dll

+ 2006-11-20 09:04:16 98,304 ----a-w C:\Windows\Downloaded Program Files\lffax13n.dll

+ 2006-11-20 09:04:16 69,632 ----a-w C:\Windows\Downloaded Program Files\lfgif13n.dll

+ 2006-11-20 09:04:16 49,152 ----a-w C:\Windows\Downloaded Program Files\lfpcd13n.dll

+ 2006-11-20 09:04:16 53,248 ----a-w C:\Windows\Downloaded Program Files\lfpcx13n.dll

+ 2006-11-20 09:04:16 159,744 ----a-w C:\Windows\Downloaded Program Files\lfpng13n.dll

+ 2006-11-20 09:04:16 55,808 ----a-w C:\Windows\Downloaded Program Files\lfpsd13n.dll

+ 2006-11-20 09:04:16 53,248 ----a-w C:\Windows\Downloaded Program Files\lftga13n.dll

+ 2006-11-20 09:04:16 155,648 ----a-w C:\Windows\Downloaded Program Files\lftif13n.dll

+ 2006-11-20 09:04:16 1,693,696 ----a-w C:\Windows\Downloaded Program Files\ltclr13n.dll

+ 2006-11-20 09:04:16 299,008 ----a-w C:\Windows\Downloaded Program Files\ltdis13n.dll

+ 2006-11-20 09:04:16 206,336 ----a-w C:\Windows\Downloaded Program Files\ltefx13n.dll

+ 2006-11-20 09:04:16 163,840 ----a-w C:\Windows\Downloaded Program Files\ltfil13n.dll

+ 2006-11-20 09:04:16 450,560 ----a-w C:\Windows\Downloaded Program Files\ltimg13n.dll

+ 2006-11-20 09:04:16 462,848 ----a-w C:\Windows\Downloaded Program Files\ltkrn13n.dll

+ 2006-11-20 09:04:16 543,544 ----a-w C:\Windows\Downloaded Program Files\MsnPUpld.dll

+ 2007-01-09 06:30:14 110,592 ----a-w C:\Windows\Downloaded Program Files\PURfr-fr.dll

- 2008-08-27 23:32:18 51,200 ----a-w C:\Windows\inf\infpub.dat

+ 2008-09-03 11:27:21 51,200 ----a-w C:\Windows\inf\infpub.dat

- 2008-08-27 23:32:18 86,016 ----a-w C:\Windows\inf\infstor.dat

+ 2008-09-03 11:27:21 86,016 ----a-w C:\Windows\inf\infstor.dat

- 2008-08-27 23:32:18 86,016 ----a-w C:\Windows\inf\infstrng.dat

+ 2008-09-03 11:27:20 86,016 ----a-w C:\Windows\inf\infstrng.dat

+ 2008-09-03 09:53:53 26,694 ----a-r C:\Windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe

+ 2008-09-03 09:53:53 26,694 ----a-r C:\Windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2008-09-03 09:53:53 26,694 ----a-r C:\Windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2008-09-03 09:53:53 26,694 ----a-r C:\Windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2008-09-03 09:53:53 26,694 ----a-r C:\Windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2008-09-03 09:53:53 26,694 ----a-r C:\Windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe

+ 2008-09-03 23:22:02 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-A81200000003}\SC_Reader.exe

+ 2008-09-04 08:32:47 33,982 ----a-r C:\Windows\Installer\{C1F97FD4-1BD9-45BE-A580-0174BBA8B7F5}\ra3.exe

- 1995-07-31 11:44:46 212,480 ----a-w C:\Windows\pcdlib32.dll

+ 2006-11-20 09:04:16 212,480 ----a-w C:\Windows\pcdlib32.dll

- 2008-08-31 09:37:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-09-06 06:43:08 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-08-31 09:37:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-09-06 06:43:08 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-08-31 09:38:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-06 06:44:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-06 06:44:32 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-08-31 09:38:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-06 06:44:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-06 06:44:27 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

+ 2008-07-18 20:08:20 72,256 ------w C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe

- 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-06 06:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-08-31 22:18:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008090120080902\index.dat

- 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-06 06:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-06 06:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-08-31 10:25:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-06 08:53:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-06 08:53:09 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-08-17 13:01:14 17,144 ----a-w C:\Windows\System32\drivers\mbam.sys

+ 2008-09-01 22:16:40 17,200 ----a-w C:\Windows\System32\drivers\mbam.sys

- 2008-08-17 13:01:18 38,472 ----a-w C:\Windows\System32\drivers\mbamswissarmy.sys

+ 2008-09-01 22:16:46 38,528 ----a-w C:\Windows\System32\drivers\mbamswissarmy.sys

- 2006-11-02 09:14:58 18,944 ----a-w C:\Windows\System32\drivers\usbprint.sys

+ 2008-01-21 02:23:22 18,944 ----a-w C:\Windows\System32\drivers\usbprint.sys

+ 2008-01-21 02:23:27 35,328 ----a-w C:\Windows\System32\drivers\usbscan.sys

+ 2006-09-21 03:01:00 2,913 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_A7X0E1.DAT

+ 2006-09-13 23:00:00 20,480 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DAUDF1.DLL

+ 2004-09-10 18:12:28 49,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DCINST.DLL

+ 2006-09-13 02:00:00 450,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DCON04.DLL

+ 2006-09-26 03:00:00 65,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DDSP30.DLL

+ 2005-11-30 02:20:00 212,992 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DHA730.DLL

+ 2006-01-23 02:20:00 325,632 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DHMM6A.DLL

+ 2006-01-12 02:01:00 456,192 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DI1BFE.DLL

+ 2006-10-25 02:00:00 349,184 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DJB722.DLL

+ 2006-09-29 03:00:00 102,912 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DMAI30.DLL

+ 2005-04-18 16:10:02 258,114 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DOKA01.DLL

+ 2006-09-06 02:00:00 196,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DPPE06.EXE

+ 2006-10-12 02:00:00 626,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DPUI04.DLL

+ 2006-02-21 02:20:00 1,327,616 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DSB0EE.DLL

+ 2006-10-10 04:00:00 883,200 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DU1BFE.DLL

+ 2006-01-11 02:20:00 49,664 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_DUMWF5.DLL

+ 2006-09-21 23:10:00 120,320 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_H48UIA.DLL

+ 2006-02-20 23:00:00 495,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_H790E1.DLL

+ 2006-03-20 02:01:00 151,552 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_S30MT1.EXE

+ 2006-03-20 02:02:00 118,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_S30RN1.EXE

+ 2006-04-18 02:00:00 102,400 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_S30RP1.EXE

+ 2006-09-25 02:06:00 253,952 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_S3T0A1.EXE

+ 2006-11-01 02:02:00 585,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_S790E1.DLL

+ 2006-09-21 02:01:00 548,864 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_S7B0E1.DLL

+ 2006-09-21 02:01:00 139,264 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_S7I0E1.EXE

+ 2006-04-24 00:00:00 110,592 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_SAGSET.DLL

+ 2006-09-13 23:01:00 155,648 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_SIACS1.EXE

+ 2006-09-05 01:05:00 126,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\E_SKU321.DLL

+ 2006-04-27 03:11:00 167,936 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBAPI4.DLL

+ 2006-04-27 03:11:00 167,936 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBAPI5.DLL

+ 2006-05-09 04:00:00 32,768 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBAPI6.DLL

+ 2006-04-19 04:00:00 34,304 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBPBIDI.DLL

+ 2006-07-25 04:01:00 33,792 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBPBIDI6.DLL

+ 2000-06-06 23:01:00 34,304 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBPCHP.DLL

+ 2005-09-02 03:07:00 192,512 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBPLPT5.DLL

+ 2006-08-10 03:12:00 82,939 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBPMON25.DLL

+ 2006-08-10 00:02:00 75,264 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBPMONB.DLL

+ 2005-11-16 23:03:00 94,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EBPSHRE4.DLL

+ 2003-05-21 00:27:00 64,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\ECBTEG.DLL

+ 2006-04-19 00:00:00 62,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\ECBTEGB.DLL

+ 2006-04-25 23:00:00 36,864 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EPIBSR50.EXE

+ 2006-09-21 01:04:00 18,432 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EPIPGI20.DLL

+ 2006-11-21 00:16:00 114,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EPSET32.DLL

+ 2006-09-08 04:18:00 723,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EPUPDATE.EXE

+ 2006-10-16 07:50:00 174,592 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EPUTIX27.DLL

+ 2006-10-16 07:50:00 84,480 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\EPUTIX27.EXE

+ 2006-02-13 23:11:00 131,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\COMMON\SAGENT4.EXE

+ 2006-11-06 02:03:00 222,720 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\FRANCAIS\E_DI0BFE.DLL

+ 2006-11-08 23:03:00 65,536 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\FRANCAIS\E_H7E0E1.DLL

+ 2006-11-14 02:03:00 106,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\FRANCAIS\E_S7E0E1.DLL

+ 2005-04-05 22:01:00 6,400 ----a-w C:\Windows\System32\DriverStore\FileRepository\e_df1bee_fr.inf_fa5d113a\FRANCAIS\EPUPDATE.DAT

+ 1999-12-07 00:03:00 73,216 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\ade.dll

+ 1999-04-26 22:17:00 3,136 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\ade001.bin

+ 2005-12-15 22:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\epbmp.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\epbmpres.dll

+ 2006-02-14 22:00:00 98,304 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\epipd.dll

+ 2005-12-15 22:00:00 147,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\epjpg.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\epjpgres.dll

+ 2005-12-15 22:00:00 90,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\epmtf.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\epmtfres.dll

+ 2006-02-14 22:00:00 102,400 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\eppdf.dll

+ 2006-01-22 22:00:00 49,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\eppdfres.dll

+ 2005-12-15 22:00:00 86,016 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\eppij.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\eppijres.dll

+ 2005-12-15 22:00:00 81,920 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\eppit.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\eppitres.dll

+ 2005-12-15 22:00:00 90,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\eptif.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\eptifres.dll

+ 2005-12-15 22:00:00 118,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\escndv.exe

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\escndvrs.dll

+ 2006-10-12 22:00:00 61,952 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\escwiad.dll

+ 2006-02-21 22:00:00 188,416 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esdevcl.dll

+ 2006-02-21 22:00:00 131,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esdevif.dll

+ 2005-12-15 22:00:00 49,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esdscl.dll

+ 2006-10-15 22:00:00 425,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esdtr.dll

+ 2006-08-29 22:00:00 94,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esdtr2.dll

+ 2005-08-28 22:00:00 143,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esexf.dll

+ 2005-09-26 22:00:00 163,840 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esfit.dll

+ 2005-09-26 22:00:00 53,248 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esicm.dll

+ 2006-07-04 22:00:00 561,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esimfl.dll

+ 2006-01-22 22:00:00 229,376 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esimgctl.dll

+ 2006-07-31 22:00:00 1,658,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esimgdet.dll

+ 2005-12-15 22:00:00 348,261 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esmps.dll

+ 2005-12-15 22:00:00 561,272 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esmpsres.dll

+ 2005-08-28 22:00:00 98,304 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\espimtif.dll

+ 2006-02-13 22:00:00 3,559,424 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esres.dll

+ 2006-02-06 22:00:00 323,584 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esscncl.dll

+ 2005-12-15 22:00:00 40,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\estwm.exe

+ 2006-02-20 22:00:00 241,664 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\estwpmg.dll

+ 2006-02-13 22:00:00 663,552 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esui.dll

+ 2005-12-15 22:00:00 122,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\es6b.inf_0b39f50d\esutwb.dll

+ 2006-10-30 22:10:00 71,840 ----a-w C:\Windows\System32\EPPicMgr.dll

+ 2004-03-03 04:10:00 26,154 ----a-w C:\Windows\System32\EPPICPattern1.dat

+ 2004-03-03 04:10:00 27,417 ----a-w C:\Windows\System32\EPPICPattern121.dat

+ 2004-03-03 04:10:00 31,053 ----a-w C:\Windows\System32\EPPICPattern131.dat

+ 2004-03-03 04:10:00 20,148 ----a-w C:\Windows\System32\EPPICPattern2.dat

+ 2004-03-03 04:10:00 24,903 ----a-w C:\Windows\System32\EPPICPattern3.dat

+ 2004-03-03 04:10:00 11,811 ----a-w C:\Windows\System32\EPPICPattern4.dat

+ 2004-03-03 04:10:00 21,390 ----a-w C:\Windows\System32\EPPICPattern5.dat

+ 2004-03-03 04:10:00 4,943 ----a-w C:\Windows\System32\EPPICPattern6.dat

+ 2005-05-31 22:20:00 111,932 ----a-w C:\Windows\System32\EPPICPrinterDB.dat

+ 2006-10-30 22:10:00 120,992 ----a-w C:\Windows\System32\EpPicPrt.dll

+ 2008-01-21 02:23:08 37,376 ----a-w C:\Windows\System32\HPZLLLHN.DLL

+ 2008-06-09 23:21:01 135,168 ----a-w C:\Windows\System32\java.exe

+ 2008-06-09 23:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe

+ 2008-06-10 00:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe

- 2008-08-31 09:42:02 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-09-06 06:47:37 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-08-31 09:42:02 123,350 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-09-06 06:47:37 123,350 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-08-31 09:42:02 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-09-06 06:47:37 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-08-31 09:42:02 669,328 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-09-06 06:47:37 669,328 ----a-w C:\Windows\System32\perfh00C.dat

+ 2006-10-19 22:10:00 108,704 ----a-w C:\Windows\System32\PICEntry.dll

+ 2006-10-19 22:10:00 80,024 ----a-w C:\Windows\System32\PICSDK.dll

+ 2006-10-19 22:10:00 501,912 ----a-w C:\Windows\System32\PICSDK2.dll

- 2008-08-31 08:32:01 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

+ 2008-09-03 12:30:05 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

+ 2006-09-21 02:01:00 548,864 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FABRBEE.DLL

+ 2006-09-21 03:01:00 2,913 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FAIFBEE.DAT

+ 2006-09-21 23:10:00 120,320 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FAIRBEE.DLL

+ 2006-09-25 02:06:00 253,952 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FAMDBEE.EXE

+ 2006-03-20 02:01:00 151,552 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FAMTBEE.EXE

+ 2006-11-01 02:02:00 585,728 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FAPRBEE.DLL

+ 2006-03-20 02:02:00 118,784 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FARNBEE.EXE

+ 2006-09-05 01:05:00 126,976 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FASKBEE.DLL

+ 2006-11-14 02:03:00 106,496 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FASRBEE.DLL

+ 2006-09-21 02:01:00 139,264 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBEE.EXE

+ 2006-09-13 23:00:00 20,480 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FAUDBEE.DLL

+ 2006-05-09 04:00:00 32,768 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FBA6BEE.DLL

+ 2006-04-27 03:11:00 167,936 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FBAPBEE.DLL

+ 2006-09-13 23:01:00 155,648 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FBCSBEE.EXE

+ 2006-07-25 04:01:00 33,792 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FBL6BEE.DLL

+ 2006-04-25 23:00:00 36,864 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FBSRBEE.EXE

+ 2006-09-13 02:00:00 450,048 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FCONBEE.DLL

+ 2006-09-26 03:00:00 65,024 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FDSPBEE.DLL

+ 2006-09-21 01:04:00 18,432 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FGRCBEE.DLL

+ 2006-02-20 23:00:00 495,104 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FHBRBEE.DLL

+ 2006-01-23 02:20:00 325,632 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FHM0BEE.DLL

+ 2006-11-08 23:03:00 65,536 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FHSRBEE.DLL

+ 2005-11-30 02:20:00 212,992 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FHT0BEE.DLL

+ 2006-10-16 07:50:00 174,592 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FHUTBEE.DLL

+ 2006-10-16 07:50:00 84,480 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FHUTBEE.EXE

+ 2006-10-25 02:00:00 349,184 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FJBCBEE.DLL

+ 2006-09-29 03:00:00 102,912 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FMAI1BEE.DLL

+ 2006-01-11 02:20:00 49,664 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FMW0BEE.DLL

+ 2005-04-18 16:10:02 258,114 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FOKABEE.DLL

+ 2006-09-06 02:00:00 196,608 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FPREBEE.EXE

+ 2006-10-12 02:00:00 626,688 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FPRUBEE.DLL

+ 2006-02-21 02:20:00 1,327,616 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FSR0BEE.DLL

+ 2006-01-12 02:01:00 456,192 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FUI1BEE.DLL

+ 2006-10-10 04:00:00 883,200 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FUIC1BEE.DLL

+ 2006-11-06 02:03:00 222,720 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_FUIRBEE.DLL

+ 2006-04-18 02:00:00 102,400 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\E_S30RP1.EXE

+ 2006-04-27 03:11:00 167,936 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\EBAPI4.DLL

+ 2006-04-19 04:00:00 34,304 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\EBPBIDI.DLL

+ 2006-11-21 00:16:00 114,688 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\EPSET32.DLL

+ 2005-04-05 22:01:00 6,400 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\EPUPDATE.DAT

+ 2006-09-08 04:18:00 723,144 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\EPUPDATE.EXE

+ 2008-01-21 02:23:11 363,520 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPCDMCLH.DLL

+ 2008-01-21 02:23:09 5,387,776 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFIGLHN.DLL

+ 2008-01-21 02:23:06 280,064 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFIME50.DLL

+ 2008-01-21 02:23:11 19,968 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFRES50.DLL

+ 2008-01-21 02:23:07 1,253,888 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZ3RLHN.DLL

+ 2008-01-21 02:23:05 365,568 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZEVLHN.DLL

+ 2008-01-21 02:23:08 4,930,560 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZLALHN.DLL

+ 2008-01-21 02:23:08 663,552 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZLELHN.DLL

+ 2008-01-21 02:23:14 79,872 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZPRLHN.DLL

+ 2008-01-21 02:23:10 562,176 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZSSLHN.DLL

+ 2008-01-21 02:23:10 3,447,808 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZSTLHN.DLL

+ 2008-01-21 02:23:14 2,725,376 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZUILHN.DLL

+ 2005-04-05 22:01:00 6,400 ----a-w C:\Windows\System32\spool\drivers\w32x86\EPUPDATE.DAT

+ 2006-09-08 04:18:00 723,144 ----a-w C:\Windows\System32\spool\drivers\w32x86\EPUPDATE.EXE

+ 2008-01-21 02:23:14 89,600 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL

- 2008-08-31 09:39:05 6,104 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2571914964-1430876280-426546182-1000_UserData.bin

+ 2008-09-06 06:45:13 6,520 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2571914964-1430876280-426546182-1000_UserData.bin

+ 2008-09-05 15:26:42 1,982 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2571914964-1430876280-426546182-1001_UserData.bin

- 2008-08-31 09:39:05 74,118 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-06 06:45:13 74,254 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-08-31 09:39:04 52,236 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-06 06:45:12 53,752 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 1999-12-07 00:03:00 73,216 ----a-w C:\Windows\twain_32\escndv\es006b\ade.dll

+ 1999-04-26 22:17:00 3,136 ----a-w C:\Windows\twain_32\escndv\es006b\ade001.bin

+ 2006-02-21 22:00:00 188,416 ----a-w C:\Windows\twain_32\escndv\es006b\esdevcl.dll

+ 2006-02-21 22:00:00 131,072 ----a-w C:\Windows\twain_32\escndv\es006b\esdevif.dll

+ 2005-12-15 22:00:00 49,152 ----a-w C:\Windows\twain_32\escndv\es006b\esdscl.dll

+ 2006-10-15 22:00:00 425,984 ----a-w C:\Windows\twain_32\escndv\es006b\esdtr.dll

+ 2006-08-29 22:00:00 94,208 ----a-w C:\Windows\twain_32\escndv\es006b\esdtr2.dll

+ 2005-09-26 22:00:00 163,840 ----a-w C:\Windows\twain_32\escndv\es006b\esfit.dll

+ 2005-09-26 22:00:00 53,248 ----a-w C:\Windows\twain_32\escndv\es006b\esicm.dll

+ 2006-07-04 22:00:00 561,152 ----a-w C:\Windows\twain_32\escndv\es006b\esimfl.dll

+ 2006-01-22 22:00:00 229,376 ----a-w C:\Windows\twain_32\escndv\es006b\esimgctl.dll

+ 2006-07-31 22:00:00 1,658,880 ----a-w C:\Windows\twain_32\escndv\es006b\esimgdet.dll

+ 2005-12-15 22:00:00 348,261 ----a-w C:\Windows\twain_32\escndv\es006b\esmps.dll

+ 2005-12-15 22:00:00 561,272 ----a-w C:\Windows\twain_32\escndv\es006b\esmpsres.dll

+ 2006-02-13 22:00:00 3,559,424 ----a-w C:\Windows\twain_32\escndv\es006b\esres.dll

+ 2006-02-06 22:00:00 323,584 ----a-w C:\Windows\twain_32\escndv\es006b\esscncl.dll

+ 2005-12-15 22:00:00 40,960 ----a-w C:\Windows\twain_32\escndv\es006b\estwm.exe

+ 2006-02-20 22:00:00 241,664 ----a-w C:\Windows\twain_32\escndv\es006b\estwpmg.dll

+ 2006-02-13 22:00:00 663,552 ----a-w C:\Windows\twain_32\escndv\es006b\esui.dll

+ 2005-12-15 22:00:00 122,880 ----a-w C:\Windows\twain_32\escndv\es006b\esutwb.dll

+ 2005-12-15 22:00:00 73,728 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\epbmp.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\epbmpres.dll

+ 2006-02-14 22:00:00 98,304 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\epipd.dll

+ 2005-12-15 22:00:00 147,456 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\epjpg.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\epjpgres.dll

+ 2005-12-15 22:00:00 90,112 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\epmtf.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\epmtfres.dll

+ 2006-02-14 22:00:00 102,400 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\eppdf.dll

+ 2006-01-22 22:00:00 49,152 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\eppdfres.dll

+ 2005-12-15 22:00:00 86,016 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\eppij.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\eppijres.dll

+ 2005-12-15 22:00:00 81,920 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\eppit.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\eppitres.dll

+ 2005-12-15 22:00:00 90,112 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\eptif.dll

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\eptifres.dll

+ 2005-08-28 22:00:00 143,360 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\esexf.dll

+ 2005-08-28 22:00:00 98,304 ----a-w C:\Windows\twain_32\escndv\es006b\ffmt\espimtif.dll

+ 2005-12-15 22:00:00 118,784 ----a-w C:\Windows\twain_32\escndv\escndv.exe

+ 2005-12-15 22:00:00 45,056 ----a-w C:\Windows\twain_32\escndv\escndvrs.dll

+ 2005-12-15 22:00:00 40,960 ----a-w C:\Windows\twain_32\escndv\estwm.exe

- 2008-08-31 08:23:51 175,166 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-09-03 11:32:22 1,175,593 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-07-19 05:09:42 563,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.784_none_10766c5d7a4348db\wuapi.dll

+ 2008-07-19 03:44:12 83,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.784_none_10766c5d7a4348db\wudriver.dll

+ 2008-07-19 05:10:18 36,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.784_none_10766c5d7a4348db\wups.dll

+ 2008-07-18 18:44:32 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.784_none_ba812c9e1ffa7ad7\wuapp.exe

+ 2008-07-18 20:08:18 163,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.784_none_ba812c9e1ffa7ad7\wuwebv.dll

+ 2008-07-19 05:10:40 53,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.784_none_2a6532116682efd8\wuauclt.exe

+ 2008-07-19 05:09:40 1,811,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.784_none_2a6532116682efd8\wuaueng.dll

+ 2008-07-19 05:10:39 45,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.784_none_2a6532116682efd8\wups2.dll

+ 2008-07-19 03:44:52 1,524,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.784_none_a81255bc06873289\wucltux.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2008-07-09 2136064]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

"EPSON Stylus DX4000 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 139264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]

"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-27 29744]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 C:\Windows\RtHDVCpl.exe]

 

C:\Users\Wam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-14 1695744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{39483AF4-6277-434A-8C81-EEA2C2461D24}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{8719D5E1-793E-4F9D-88DD-78C00BCDF5D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician

"{4D7E353C-F160-4D1E-B45D-FBAF340ED2ED}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD

"{3F1AC602-C49C-4B07-AAC9-F573A6DE6DDB}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician

"{366F7CF6-4D0E-4110-8DF8-4D6586841F01}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine

"{BD637667-56BC-43ED-9884-B9B585628618}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia

"{01FF3703-8975-429B-875A-AB12919BCBC8}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{473DFFBF-F989-48BF-8937-0650C5A6DB8B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service

"{E2448DCF-9832-4280-BA97-EF6465FCD0C1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator

"{2FB1E4DC-655B-4D66-BC5F-35F864C3CAF8}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{4801CD5B-F558-4808-9CD9-4DFB2F24AC55}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{616AABAB-E816-4AAD-8898-F38B1255D749}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{FD0915E6-9BAD-4C0E-98F8-71A181A5E87C}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{EAC16019-5FFD-4479-9BD1-FF44C6A1B94C}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{41BD57FF-08B7-4BBF-9C4D-841047B98225}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{71601132-DFFE-4DCE-95B3-5900799EEB1D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{203193B0-DC74-4F91-B57A-E4676324A6C0}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{1700F0E7-0C4A-48EF-B683-39EA20456A31}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{88B1733F-727D-4D99-A5CE-67D908A41F11}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{EBDF6D30-E9D1-47A5-8CD1-1CDF9514292E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{A9E1E3A8-D134-4FF3-8D7B-2198638C0508}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"TCP Query User{91B2DB49-F98D-4878-9CF8-8A78E27EFB8B}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{34C3EC7B-1EB3-4ED4-9BB1-B4EC856B22A3}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"{95F0C6D7-0EC8-4EB9-B8F5-9AFE75CE08D8}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{77CF3FE0-D087-4054-AC3C-6052515A366C}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

 

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]

R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]

R3 ovt530;Webcam Classic;C:\Windows\system32\Drivers\ov530vid.sys [2005-03-15 161792]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-27 29744]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{490aa8b8-32a8-11dd-97bb-806e6f6e6963}]

\shell\AutoRun\command - E:\autorun.exe

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Wam\AppData\Roaming\Mozilla\Firefox\Profiles\nb924ai7.default\

FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll

FF -: plugin - C:\Users\Wam\AppData\Roaming\Mozilla\Firefox\Profiles\nb924ai7.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-06 10:55:45

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-09-06 10:56:58

ComboFix-quarantined-files.txt 2008-09-06 08:56:55

ComboFix2.txt 2008-08-31 10:28:11

ComboFix3.txt 2008-08-29 22:13:20

ComboFix4.txt 2008-08-29 22:01:16

 

Pre-Run: 115,810,127,872 octets libres

Post-Run: 115,775,627,264 octets libres

 

641 --- E O F --- 2008-09-06 06:48:02

 

Le 3

 

ComboFix 08-08-30.03 - Wam 2008-08-31 12:25:28.4 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1926 [GMT 2:00]

Endroit: C:\Users\Wam\Desktop\Poste de contrôle\Maintenance\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-31 11:24 . 2008-08-31 11:38 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-08-31 11:38 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-08-31 11:41 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-31 10:24 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll

2008-08-31 10:24 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml

2008-08-31 10:24 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml

2008-08-31 10:20 . 2008-08-31 11:36 <REP> d-------- C:\Users\Wam\AppData\Roaming\Vista Start Menu

2008-08-31 10:20 . 2008-08-31 10:21 <REP> d-------- C:\Program Files\Vista Start Menu

2008-08-31 10:13 . 2008-08-31 10:17 <REP> d-------- C:\Windows\UltraDefrag

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Users\Wam\AppData\Roaming\FreeCommander

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Program Files\FreeCommander

2008-08-30 13:43 . 2008-08-30 13:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\eSobi

2008-08-30 00:44 . 2008-08-30 00:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\PeerNetworking

2008-08-29 23:16 . 2008-08-29 23:16 <REP> d-------- C:\Users\Wam\AppData\Roaming\Template

2008-08-29 23:16 . 2008-08-30 12:24 438 --a------ C:\Users\Wam\AppData\Roaming\wklnhst.dat

2008-08-29 20:07 . 2008-08-29 20:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Auslogics

2008-08-29 20:05 . 2008-08-29 20:05 <REP> d-------- C:\Program Files\Auslogics

2008-08-29 16:13 . 2008-08-29 16:13 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-08-29 15:14 . 2008-08-29 15:14 <REP> d-------- C:\Users\Wam\Option

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\Users\All Users\Lavasoft

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\ProgramData\Lavasoft

2008-08-28 23:07 . 2008-08-28 23:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Grisoft

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\Users\All Users\TEMP

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\ProgramData\TEMP

2008-08-28 22:58 . 2008-08-28 22:58 <REP> d-------- C:\Program Files\Sophos

2008-08-28 22:41 . 2008-08-28 22:49 <REP> d----c--- C:\Windows\System32\DRVSTORE

2008-08-28 21:44 . 2008-08-30 19:56 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-08-28 17:38 . 2008-08-28 17:38 <REP> d-------- C:\Program Files\GameTop.com

2008-08-28 17:37 . 2008-08-28 17:37 <REP> d-------- C:\Program Files\FreeGamePick.com

2008-08-28 12:58 . 2008-08-28 12:58 <REP> d-------- C:\Program Files\Monte Cristo

2008-08-28 11:14 . 2008-08-28 11:14 <REP> d-------- C:\Program Files\Nouvelle Cible

2008-08-28 11:14 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Cheatbook 12.2004

2008-08-28 11:12 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Audacity

2008-08-28 11:11 . 2008-08-28 11:11 <REP> d-------- C:\Program Files\IVCsoft

2008-08-28 09:49 . 2008-08-28 09:49 56 --ah----- C:\Windows\System32\ezsidmv.dat

2008-08-28 08:49 . 2008-08-28 08:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\Command & Conquer 3  La Fureur de Kane

2008-08-28 08:49 . 2008-08-28 08:49 107,888 --a------ C:\Windows\System32\CmdLineExt.dll

2008-08-28 08:33 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll

2008-08-28 08:33 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll

2008-08-28 08:33 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll

2008-08-28 08:33 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll

2008-08-28 08:33 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll

2008-08-28 08:02 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-08-28 07:47 . 2008-08-28 08:20 <REP> d-------- C:\Program Files\Electronic Arts

2008-08-28 01:28 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information

2008-08-28 00:51 . 2008-08-29 01:08 <REP> d-------- C:\Program Files\Picasa2

2008-08-28 00:51 . 2006-10-05 04:42 2,560 --a------ C:\Windows\System32\drivers\cdralw2k.sys

2008-08-28 00:51 . 2006-10-05 04:42 2,432 --a------ C:\Windows\System32\drivers\cdr4_xp.sys

2008-08-28 00:42 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Defraggler

2008-08-27 23:18 . 2008-08-27 23:18 <REP> d-------- C:\Users\All Users\WinZip

2008-08-27 23:18 . 2008-08-27 23:18 <REP> d-------- C:\ProgramData\WinZip

2008-08-27 23:16 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\WinZip 8.1 Fr

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\FLEXnet

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\FLEXnet

2008-08-27 22:56 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\NFO viewer

2008-08-27 22:56 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Bonjour

2008-08-27 22:52 . 2008-08-27 22:52 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\QuickTime

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\vlc

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Program Files\VideoLAN

2008-08-27 21:52 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Apple Software Update

2008-08-27 21:39 . 2008-08-29 01:04 <REP> d-------- C:\Users\Wam\AppData\Roaming\IrfanView

2008-08-27 21:39 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\IrfanView

2008-08-27 21:39 . 2008-08-28 00:51 <REP> d-------- C:\Program Files\Google

2008-08-27 17:13 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\PhotoDeluxe EE 1.1

2008-08-27 17:11 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe

2008-08-27 16:51 . 2008-08-29 01:18 900 --ahs---- C:\Windows\System32\KGyGaAvL.sys

2008-08-27 16:27 . 2008-08-27 16:27 <REP> d-------- C:\Users\Wam\AppData\Roaming\Corel

2008-08-27 16:24 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Corel® Painter IX TBYB FR

2008-08-27 15:39 . 2008-08-31 11:37 <REP> d-------- C:\Users\Wam\AppData\Roaming\OpenOffice.org2

2008-08-27 15:37 . 2008-08-27 15:37 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

2008-08-27 15:21 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\CCleaner

2008-08-27 15:18 . 2008-08-27 15:20 <REP> d-------- C:\Users\Wam\AppData\Roaming\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Crawler

2008-08-27 15:18 . 2008-08-27 15:18 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys

2008-08-27 15:15 . 2008-08-27 15:15 <REP> d-------- C:\Users\Wam\AppData\Roaming\Malwarebytes

2008-08-27 15:15 . 2008-08-27 15:15 <REP> d-------- C:\Users\All Users\Malwarebytes

2008-08-27 15:15 . 2008-08-27 15:15 <REP> d-------- C:\ProgramData\Malwarebytes

2008-08-27 15:15 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-27 15:15 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-08-27 15:15 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys

2008-08-27 14:57 . 2008-08-28 09:49 <REP> d-------- C:\Users\Wam\AppData\Roaming\skypePM

2008-08-27 14:55 . 2008-08-29 01:04 <REP> d-------- C:\Users\Wam\AppData\Roaming\Skype

2008-08-27 14:55 . 2008-08-30 21:02 <REP> d-------- C:\Users\Valérie\Documents de valérie

2008-08-27 14:55 . 2008-08-30 21:02 <REP> d-------- C:\Users\Valérie\Documents de valérie

2008-08-27 14:55 . 2008-08-27 14:55 <REP> d-------- C:\Users\All Users\Skype

2008-08-27 14:55 . 2008-08-27 14:55 <REP> d-------- C:\ProgramData\Skype

2008-08-27 14:55 . 2008-08-27 14:55 <REP> d-------- C:\Program Files\Skype

2008-08-27 14:55 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Common Files\Skype

2008-08-27 14:50 . 2008-08-27 14:50 0 --a------ C:\Windows\nsreg.dat

2008-08-27 14:19 . 2008-08-29 01:08 <REP> d-------- C:\Program Files\MSN Messenger

2008-08-27 13:37 . 2008-08-27 13:37 <REP> d-------- C:\Users\All Users\ma-config.com

2008-08-27 13:37 . 2008-08-27 13:37 <REP> d-------- C:\ProgramData\ma-config.com

2008-08-27 13:37 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\ma-config.com

2008-08-27 13:10 . 2008-08-27 13:10 <REP> d-------- C:\Users\Wam\AppData\Roaming\SiteAdvisor

2008-08-27 12:39 . 2008-08-27 12:46 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Adobe

2008-08-27 12:26 . 2008-08-27 12:26 <REP> d-------- C:\Users\Wam\AppData\Roaming\Yahoo!

2008-08-27 12:16 . 2008-08-27 12:20 <REP> d-------- C:\Program Files\Windows Live

2008-08-27 12:16 . 2008-08-27 13:17 <REP> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-27 12:15 . 2008-08-27 12:15 <REP> d-------- C:\Users\All Users\WLInstaller

2008-08-27 12:15 . 2008-08-27 12:15 <REP> d-------- C:\ProgramData\WLInstaller

2008-08-27 11:55 . 2008-08-27 11:55 <REP> d-------- C:\Program Files\Hercules

2008-08-27 11:54 . 2008-08-27 14:02 <REP> d-------- C:\Windows\OvtCam

2008-08-27 11:54 . 2005-03-15 17:04 161,792 --a------ C:\Windows\System32\drivers\ov530vid.sys

2008-08-27 11:54 . 2004-08-05 17:34 61,440 --a------ C:\Windows\ov530dib.dll

2008-08-27 11:54 . 2005-09-30 09:42 40,960 --a------ C:\Windows\System32\ov530ext.dll

2008-08-27 11:54 . 2004-11-09 00:37 25,177 --a------ C:\Windows\System32\drivers\ov530cmd.sys

2008-08-27 11:54 . 2005-09-30 09:56 18,972 --a------ C:\Windows\System32\ov530ext.ax

2008-08-27 11:54 . 2004-07-20 01:50 16,440 --a------ C:\Windows\System32\ov530usd.dll

2008-08-27 11:46 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-27 11:42 . 2008-08-27 11:42 <REP> d-------- C:\Program Files\MSXML 4.0

2008-08-27 11:41 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-08-27 11:39 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-08-27 11:26 . 2008-08-27 11:26 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Macromedia

2008-08-27 11:26 . 2008-08-27 11:26 <REP> d-------- C:\Users\Valérie\AppData\Roaming\ATI

2008-08-27 11:25 . 2008-08-29 01:04 <REP> dr------- C:\Users\Valérie\Videos

2008-08-27 11:25 . 2008-08-29 01:04 <REP> dr------- C:\Users\Valérie\Videos

2008-08-27 11:25 . 2008-08-29 01:04 <REP> dr------- C:\Users\Valérie\Searches

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-31 10:25 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-08-31 10:25 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-08-31 07:13 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-31 07:12 --------- d-----w C:\Program Files\Microsoft Works

2008-08-30 11:46 --------- d-----w C:\ProgramData\eSobi

2008-08-28 22:08 --------- d-----w C:\Program Files\Yahoo!

2008-08-27 20:57 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPRR____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLV____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLST___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLEV___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLED___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLC____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPC_____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPAJ____.FOT

2008-08-27 12:06 --------- d-s---w C:\Users\Valérie\AppData\Roaming\Microsoft

2008-08-27 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-27 11:22 --------- d-----w C:\Program Files\McAfee

2008-08-27 11:10 --------- d-----w C:\ProgramData\SiteAdvisor

2008-08-27 10:46 --------- d-----w C:\Users\Valérie\AppData\Roaming\Adobe

2008-08-27 09:48 --------- d-----w C:\Program Files\Windows Mail

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\Macromedia

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\ATI

2008-08-27 09:25 --------- d-----w C:\Users\Valérie\AppData\Roaming\Identities

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Modèles

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Menu Démarrer

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Favoris

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Bureau

2008-08-27 07:53 --------- d-sh--w C:\Program Files\Fichiers communs

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-06-05 02:42 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll

2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll

2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll

2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll

2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll

2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe

2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe

2008-05-06 02:10 749,568 ----a-w C:\Windows\AcerStore.exe

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

2007-04-23 12:21 269,824 ----a-w C:\Windows\inf\WG111v3\Vista64\wg111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\WG111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\Vista\wg111v3.sys

2006-12-15 09:30 98,304 ----a-w C:\Windows\inf\WG111v3\UScanM.exe

2006-12-15 09:30 315,392 ----a-w C:\Windows\inf\WG111v3\InstallDriver.exe

2006-12-15 09:30 28,672 ----a-w C:\Windows\inf\WG111v3\SetDrv.exe

2006-12-15 09:30 212,992 ----a-w C:\Windows\inf\WG111v3\CopyWHQLDriver.exe

2006-12-15 09:30 20,480 ----a-w C:\Windows\inf\WG111v3\RTWUPath.exe

2006-12-15 09:30 19,968 ----a-w C:\Windows\inf\WG111v3\RTWREFU.EXE

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-30_ 0.00.29.11 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-05 02:57:20 23,558 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\ARPPRODUCTICON.exe

+ 2008-08-30 11:46:56 247,638 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\ARPPRODUCTICON.exe

- 2008-06-05 02:57:20 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_15D967B5A4BE42AE9E8464CD062B25AA.exe

+ 2008-08-30 11:46:56 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_15D967B5A4BE42AE9E8464CD062B25AA.exe

- 2008-06-05 02:57:20 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_desktop_15D967B5A4BE42AE9E8464CD062B25AA.exe

+ 2008-08-30 11:46:56 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_desktop_15D967B5A4BE42AE9E8464CD062B25AA.exe

- 2008-08-29 21:28:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-08-31 09:37:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-08-29 21:28:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-08-31 09:37:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-08-29 21:30:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-08-31 09:38:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-08-31 09:38:55 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-08-29 21:30:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-08-31 09:38:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-08-31 09:38:50 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-08-29 21:28:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-08-29 21:28:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-08-29 21:28:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-08-29 21:58:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-08-31 10:25:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-08-31 10:25:24 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-08-27 20:59:33 1,661,272 ----a-w C:\Windows\System32\FNTCACHE.DAT

+ 2008-08-31 07:14:39 1,658,936 ----a-w C:\Windows\System32\FNTCACHE.DAT

- 2008-08-29 21:35:02 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-08-31 09:42:02 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-08-29 21:35:02 123,350 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-08-31 09:42:02 123,350 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-08-29 21:35:02 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-08-31 09:42:02 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-08-29 21:35:02 669,328 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-08-31 09:42:02 669,328 ----a-w C:\Windows\System32\perfh00C.dat

- 2008-08-29 21:27:57 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

+ 2008-08-31 08:32:01 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

- 2008-08-29 21:30:48 5,380 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2571914964-1430876280-426546182-1000_UserData.bin

+ 2008-08-31 09:39:05 6,104 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2571914964-1430876280-426546182-1000_UserData.bin

- 2008-08-29 21:30:48 73,984 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-08-31 09:39:05 74,118 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-08-29 21:30:47 51,058 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-08-31 09:39:04 52,236 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-08-29 14:12:19 86,315 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-08-31 08:23:51 175,166 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-05-10 03:30:49 858,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6000.16687_none_863728a999516b76\RacEngn.dll

+ 2008-05-10 03:13:37 858,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6000.20832_none_86f1d584b24afdff\RacEngn.dll

+ 2008-05-10 03:35:20 885,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6001.18069_none_883507bb9665f733\RacEngn.dll

+ 2008-05-10 03:21:35 885,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6001.22176_none_88b0d3bcaf8e66e9\RacEngn.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 03:18 443968]

"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2008-07-09 13:43 2136064]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]

"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]

"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 19:49 204908]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 19:57 34040]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-27 21:39 29744]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 07:21 5369856 C:\Windows\RtHDVCpl.exe]

 

C:\Users\Wam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-14 10:24:06 1695744]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{39483AF4-6277-434A-8C81-EEA2C2461D24}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{8719D5E1-793E-4F9D-88DD-78C00BCDF5D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician

"{4D7E353C-F160-4D1E-B45D-FBAF340ED2ED}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD

"{3F1AC602-C49C-4B07-AAC9-F573A6DE6DDB}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician

"{366F7CF6-4D0E-4110-8DF8-4D6586841F01}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine

"{BD637667-56BC-43ED-9884-B9B585628618}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia

"{01FF3703-8975-429B-875A-AB12919BCBC8}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{473DFFBF-F989-48BF-8937-0650C5A6DB8B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service

"{E2448DCF-9832-4280-BA97-EF6465FCD0C1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator

"{2FB1E4DC-655B-4D66-BC5F-35F864C3CAF8}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{4801CD5B-F558-4808-9CD9-4DFB2F24AC55}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{616AABAB-E816-4AAD-8898-F38B1255D749}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{FD0915E6-9BAD-4C0E-98F8-71A181A5E87C}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{EAC16019-5FFD-4479-9BD1-FF44C6A1B94C}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{41BD57FF-08B7-4BBF-9C4D-841047B98225}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{71601132-DFFE-4DCE-95B3-5900799EEB1D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{203193B0-DC74-4F91-B57A-E4676324A6C0}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{1700F0E7-0C4A-48EF-B683-39EA20456A31}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{88B1733F-727D-4D99-A5CE-67D908A41F11}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{EBDF6D30-E9D1-47A5-8CD1-1CDF9514292E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{A9E1E3A8-D134-4FF3-8D7B-2198638C0508}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{137680FD-D621-4F63-B3FD-DAC52CFC22E8}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{6657B234-CB7A-4E77-90CA-BE121A3BE73D}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

 

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:23]

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 19:49]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 19:57]

R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 03:02]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 19:53]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 16:58]

R3 ovt530;Webcam Classic;C:\Windows\system32\Drivers\ov530vid.sys [2005-03-15 17:04]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys [2007-04-23 14:19]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 04:51]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-27 21:39]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57]

S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 08:45]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Wam\AppData\Roaming\Mozilla\Firefox\Profiles\nb924ai7.default\

FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-31 12:27:00

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-08-31 12:28:11

ComboFix-quarantined-files.txt 2008-08-31 10:28:08

ComboFix2.txt 2008-08-29 22:13:20

ComboFix3.txt 2008-08-29 22:01:16

 

Pre-Run: 132,663,820,288 octets libres

Post-Run: 132,639,662,080 octets libres

 

373 --- E O F --- 2008-08-31 08:24:27

 

 

et un dernier aujourd'hui:

 

ComboFix 08-09-05.02 - Wam 2008-09-06 11:06:29.6 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1823 [GMT 2:00]

Endroit: C:\Users\Wam\Desktop\Poste de contrôle\Maintenance\ComboFix.exe

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-04 10:33 . 2008-09-04 10:33 <REP> dr-h----- C:\Users\Wam\AppData\Roaming\SecuROM

2008-09-04 10:33 . 2008-09-04 10:35 <REP> d-------- C:\Users\Wam\AppData\Roaming\Red Alert 3 Beta

2008-09-04 10:30 . 2008-09-04 10:30 <REP> d-------- C:\Program Files\EA Games

2008-09-04 10:30 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll

2008-09-04 10:30 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll

2008-09-04 10:30 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll

2008-09-04 01:07 . 2008-09-04 01:07 <REP> d-------- C:\Windows\Sun

2008-09-04 01:06 . 2008-09-04 01:06 <REP> d-------- C:\Program Files\Java

2008-09-04 01:05 . 2008-09-04 01:05 <REP> d-------- C:\Program Files\Common Files\Java

2008-09-03 13:25 . 2008-09-03 13:26 <REP> d-------- C:\Users\All Users\EPSON

2008-09-03 13:25 . 2008-09-03 13:26 <REP> d-------- C:\ProgramData\EPSON

2008-09-03 13:25 . 2006-08-10 02:02 75,264 --a------ C:\Windows\System32\E_FLBBEE.DLL

2008-09-03 13:25 . 2006-04-19 02:00 62,976 --a------ C:\Windows\System32\E_FD4BBEE.DLL

2008-09-03 13:25 . 2004-09-10 20:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL

2008-09-03 13:24 . 2008-09-03 13:24 <REP> d-------- C:\Users\Wam\AppData\Roaming\InstallShield

2008-09-03 13:18 . 2008-09-03 13:25 <REP> d-------- C:\Program Files\epson

2008-09-03 13:18 . 2006-10-13 00:00 61,952 --a------ C:\Windows\System32\escwiad.dll

2008-09-03 13:18 . 2005-02-25 00:00 46,080 --a------ C:\Windows\System32\escimgd.dll

2008-09-03 13:18 . 2005-02-25 00:00 22,016 --a------ C:\Windows\System32\esccmd.dll

2008-09-03 13:17 . 2008-09-03 13:17 27 --a------ C:\Windows\CDE DX4000DEFGIPS.ini

2008-09-03 12:25 . 2008-09-03 12:25 691 --a------ C:\Users\Wam\AppData\Roaming\GetValue.vbs

2008-09-03 12:25 . 2008-09-03 12:25 35 --a------ C:\Users\Wam\AppData\Roaming\SetValue.bat

2008-09-03 12:23 . 2008-09-03 12:25 3,194 --a------ C:\Windows\System32\tmp.reg

2008-09-03 12:16 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe

2008-09-03 12:16 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe

2008-09-03 12:16 . 2008-09-02 23:58 88,576 --a------ C:\Windows\System32\AntiXPVSTFix.exe

2008-09-03 12:16 . 2008-09-02 16:51 86,528 --a------ C:\Windows\System32\VACFix.exe

2008-09-03 12:16 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe

2008-09-03 12:16 . 2008-08-28 22:36 82,432 --a------ C:\Windows\System32\IEDFix.C.exe

2008-09-03 12:16 . 2008-08-18 12:19 82,432 --a------ C:\Windows\System32\404Fix.exe

2008-09-03 12:16 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe

2008-09-03 12:16 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe

2008-09-03 12:16 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe

2008-09-03 08:52 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-03 08:52 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-03 08:52 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-03 08:52 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-03 08:52 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-03 08:52 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-03 08:52 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-03 08:52 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-03 08:52 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-03 00:43 . 2008-09-03 00:43 <REP> d-------- C:\Program Files\Cheatbook 09.2008

2008-09-01 20:54 . 2008-09-01 20:54 <REP> d-------- C:\Users\Valérie\AppData\Roaming\vlc

2008-09-01 20:48 . 2008-09-01 20:48 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Mozilla

2008-09-01 20:47 . 2008-09-05 17:56 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Vista Start Menu

2008-08-31 18:25 . 2008-08-31 19:01 <REP> d-------- C:\Users\All Users\TrackMania

2008-08-31 18:25 . 2008-08-31 19:01 <REP> d-------- C:\ProgramData\TrackMania

2008-08-31 18:21 . 2008-08-31 18:23 <REP> d-------- C:\Program Files\TmNationsForever

2008-08-31 11:24 . 2008-09-03 13:58 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-09-03 13:58 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-08-31 11:41 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-31 10:24 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll

2008-08-31 10:24 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml

2008-08-31 10:24 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml

2008-08-31 10:20 . 2008-09-04 12:02 <REP> d-------- C:\Users\Wam\AppData\Roaming\Vista Start Menu

2008-08-31 10:20 . 2008-08-31 10:21 <REP> d-------- C:\Program Files\Vista Start Menu

2008-08-31 10:13 . 2008-08-31 10:17 <REP> d-------- C:\Windows\UltraDefrag

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Users\Wam\AppData\Roaming\FreeCommander

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Program Files\FreeCommander

2008-08-30 13:43 . 2008-08-30 13:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\eSobi

2008-08-30 00:44 . 2008-08-30 00:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\PeerNetworking

2008-08-29 23:16 . 2008-08-29 23:16 <REP> d-------- C:\Users\Wam\AppData\Roaming\Template

2008-08-29 23:16 . 2008-09-02 12:07 618 --a------ C:\Users\Wam\AppData\Roaming\wklnhst.dat

2008-08-29 20:07 . 2008-08-29 20:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Auslogics

2008-08-29 20:05 . 2008-08-29 20:05 <REP> d-------- C:\Program Files\Auslogics

2008-08-29 16:13 . 2008-08-29 16:13 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-08-29 15:14 . 2008-08-29 15:14 <REP> d-------- C:\Users\Wam\Option

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\Users\All Users\Lavasoft

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\ProgramData\Lavasoft

2008-08-28 23:07 . 2008-08-28 23:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Grisoft

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\Users\All Users\TEMP

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\ProgramData\TEMP

2008-08-28 22:58 . 2008-08-31 19:46 <REP> d-------- C:\Program Files\Sophos

2008-08-28 22:41 . 2008-08-28 22:49 <REP> d----c--- C:\Windows\System32\DRVSTORE

2008-08-28 21:44 . 2008-08-30 19:56 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-08-28 17:38 . 2008-08-28 17:38 <REP> d-------- C:\Program Files\GameTop.com

2008-08-28 17:37 . 2008-08-28 17:37 <REP> d-------- C:\Program Files\FreeGamePick.com

2008-08-28 12:58 . 2008-08-28 12:58 <REP> d-------- C:\Program Files\Monte Cristo

2008-08-28 11:14 . 2008-08-28 11:14 <REP> d-------- C:\Program Files\Nouvelle Cible

2008-08-28 11:14 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Cheatbook 12.2004

2008-08-28 11:12 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Audacity

2008-08-28 11:11 . 2008-08-28 11:11 <REP> d-------- C:\Program Files\IVCsoft

2008-08-28 09:49 . 2008-08-28 09:49 56 --ah----- C:\Windows\System32\ezsidmv.dat

2008-08-28 08:49 . 2008-08-28 08:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\Command & Conquer 3  La Fureur de Kane

2008-08-28 08:49 . 2008-08-28 08:49 107,888 --a------ C:\Windows\System32\CmdLineExt.dll

2008-08-28 08:33 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll

2008-08-28 08:33 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll

2008-08-28 08:33 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll

2008-08-28 08:33 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll

2008-08-28 08:33 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll

2008-08-28 08:02 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-08-28 07:47 . 2008-08-28 08:20 <REP> d-------- C:\Program Files\Electronic Arts

2008-08-28 01:28 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information

2008-08-28 00:51 . 2008-08-29 01:08 <REP> d-------- C:\Program Files\Picasa2

2008-08-28 00:51 . 2006-10-05 04:42 2,560 --a------ C:\Windows\System32\drivers\cdralw2k.sys

2008-08-28 00:51 . 2006-10-05 04:42 2,432 --a------ C:\Windows\System32\drivers\cdr4_xp.sys

2008-08-27 23:18 . 2008-09-01 11:06 <REP> d-------- C:\Users\All Users\WinZip

2008-08-27 23:18 . 2008-09-01 11:06 <REP> d-------- C:\ProgramData\WinZip

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\FLEXnet

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\FLEXnet

2008-08-27 22:56 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\NFO viewer

2008-08-27 22:56 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Bonjour

2008-08-27 22:52 . 2008-08-27 22:52 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\QuickTime

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\vlc

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Program Files\VideoLAN

2008-08-27 21:52 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Apple Software Update

2008-08-27 21:39 . 2008-08-29 01:04 <REP> d-------- C:\Users\Wam\AppData\Roaming\IrfanView

2008-08-27 21:39 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\IrfanView

2008-08-27 21:39 . 2008-09-03 11:53 <REP> d-------- C:\Program Files\Google

2008-08-27 17:13 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\PhotoDeluxe EE 1.1

2008-08-27 17:11 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe

2008-08-27 16:51 . 2008-08-29 01:18 900 --ahs---- C:\Windows\System32\KGyGaAvL.sys

2008-08-27 16:27 . 2008-08-27 16:27 <REP> d-------- C:\Users\Wam\AppData\Roaming\Corel

2008-08-27 16:24 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Corel® Painter IX TBYB FR

2008-08-27 15:39 . 2008-09-06 08:43 <REP> d-------- C:\Users\Wam\AppData\Roaming\OpenOffice.org2

2008-08-27 15:37 . 2008-08-27 15:37 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

2008-08-27 15:21 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\CCleaner

2008-08-27 15:18 . 2008-09-01 00:18 <REP> d-------- C:\Users\Wam\AppData\Roaming\Spyware Terminator

2008-08-27 15:18 . 2008-09-01 00:18 <REP> d-------- C:\Users\All Users\Spyware Terminator

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-06 08:53 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-09-06 08:53 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-09-05 15:56 --------- d-----w C:\Users\Valérie\AppData\Roaming\Vista Start Menu

2008-09-03 23:21 --------- d-----w C:\Program Files\Common Files\Adobe

2008-09-01 18:54 --------- d-----w C:\Users\Valérie\AppData\Roaming\vlc

2008-09-01 18:48 --------- d-----w C:\Users\Valérie\AppData\Roaming\Mozilla

2008-08-31 07:13 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-31 07:12 --------- d-----w C:\Program Files\Microsoft Works

2008-08-30 11:46 --------- d-----w C:\ProgramData\eSobi

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPRR____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLV____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLST___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLEV___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLED___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLC____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPC_____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPAJ____.FOT

2008-08-27 12:06 --------- d-s---w C:\Users\Valérie\AppData\Roaming\Microsoft

2008-08-27 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-27 11:10 --------- d-----w C:\ProgramData\SiteAdvisor

2008-08-27 10:46 --------- d-----w C:\Users\Valérie\AppData\Roaming\Adobe

2008-08-27 09:48 --------- d-----w C:\Program Files\Windows Mail

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\Macromedia

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\ATI

2008-08-27 09:25 --------- d-----w C:\Users\Valérie\AppData\Roaming\Identities

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Modèles

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Menu Démarrer

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Favoris

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Bureau

2008-08-27 07:53 --------- d-sh--w C:\Program Files\Fichiers communs

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

2007-04-23 12:21 269,824 ----a-w C:\Windows\inf\WG111v3\Vista64\wg111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\WG111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\Vista\wg111v3.sys

2006-12-15 09:30 98,304 ----a-w C:\Windows\inf\WG111v3\UScanM.exe

2006-12-15 09:30 315,392 ----a-w C:\Windows\inf\WG111v3\InstallDriver.exe

2006-12-15 09:30 28,672 ----a-w C:\Windows\inf\WG111v3\SetDrv.exe

2006-12-15 09:30 212,992 ----a-w C:\Windows\inf\WG111v3\CopyWHQLDriver.exe

2006-12-15 09:30 20,480 ----a-w C:\Windows\inf\WG111v3\RTWUPath.exe

2006-12-15 09:30 19,968 ----a-w C:\Windows\inf\WG111v3\RTWREFU.EXE

.

 

((((((((((((((((((((((((((((( snapshot_2008-09-06_10.56.08.13 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-06 06:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-06 09:00:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-06 06:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-06 09:00:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-06 06:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-06 09:00:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2008-07-09 2136064]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

"EPSON Stylus DX4000 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 139264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]

"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-27 29744]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 C:\Windows\RtHDVCpl.exe]

 

C:\Users\Wam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-14 1695744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{39483AF4-6277-434A-8C81-EEA2C2461D24}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{8719D5E1-793E-4F9D-88DD-78C00BCDF5D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician

"{4D7E353C-F160-4D1E-B45D-FBAF340ED2ED}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD

"{3F1AC602-C49C-4B07-AAC9-F573A6DE6DDB}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician

"{366F7CF6-4D0E-4110-8DF8-4D6586841F01}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine

"{BD637667-56BC-43ED-9884-B9B585628618}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia

"{01FF3703-8975-429B-875A-AB12919BCBC8}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{473DFFBF-F989-48BF-8937-0650C5A6DB8B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service

"{E2448DCF-9832-4280-BA97-EF6465FCD0C1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator

"{2FB1E4DC-655B-4D66-BC5F-35F864C3CAF8}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{4801CD5B-F558-4808-9CD9-4DFB2F24AC55}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{616AABAB-E816-4AAD-8898-F38B1255D749}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{FD0915E6-9BAD-4C0E-98F8-71A181A5E87C}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{EAC16019-5FFD-4479-9BD1-FF44C6A1B94C}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{41BD57FF-08B7-4BBF-9C4D-841047B98225}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{71601132-DFFE-4DCE-95B3-5900799EEB1D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{203193B0-DC74-4F91-B57A-E4676324A6C0}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{1700F0E7-0C4A-48EF-B683-39EA20456A31}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{88B1733F-727D-4D99-A5CE-67D908A41F11}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{EBDF6D30-E9D1-47A5-8CD1-1CDF9514292E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{A9E1E3A8-D134-4FF3-8D7B-2198638C0508}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"TCP Query User{91B2DB49-F98D-4878-9CF8-8A78E27EFB8B}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{34C3EC7B-1EB3-4ED4-9BB1-B4EC856B22A3}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"{95F0C6D7-0EC8-4EB9-B8F5-9AFE75CE08D8}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{77CF3FE0-D087-4054-AC3C-6052515A366C}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

 

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]

R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]

R3 ovt530;Webcam Classic;C:\Windows\system32\Drivers\ov530vid.sys [2005-03-15 161792]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-27 29744]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{490aa8b8-32a8-11dd-97bb-806e6f6e6963}]

\shell\AutoRun\command - E:\autorun.exe

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Wam\AppData\Roaming\Mozilla\Firefox\Profiles\nb924ai7.default\

FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll

FF -: plugin - C:\Users\Wam\AppData\Roaming\Mozilla\Firefox\Profiles\nb924ai7.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-06 11:07:51

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-09-06 11:09:02

ComboFix-quarantined-files.txt 2008-09-06 09:08:59

ComboFix2.txt 2008-09-06 08:56:59

ComboFix3.txt 2008-08-31 10:28:11

ComboFix4.txt 2008-08-29 22:13:20

ComboFix5.txt 2008-09-06 09:06:20

 

Pre-Run: 115,387,248,640 octets libres

Post-Run: 115,349,667,840 octets libres

 

313 --- E O F --- 2008-09-06 06:48:02

 

 

Merci de m'expliquer un peu comment lire les résultats

 

 

informatiquement vôtre

 

strictmaximum

Lien vers le commentaire
Partager sur d’autres sites
  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour strictmaximum,

 

Manifestement, tu as essayé de te désinfecter tout seul, et tu as enchaîné tous les outils que tu as pu trouver. Résultat, certains ont été sans doute utilisés pour rien, avec les éventuels risques que cela aurait pu occasionner, d'autres sont déjà passés sans que j'ai pu voir les rapports. On se retrouve avec 3 rapports ComboFix, qui n'ont rien traité, sans savoir de quel côté chercher précisément.

 

Aux symptômes décrits dès le premier post, la piste infectieuse n'était peut-être pas la bonne tout de suite. Je crains que de n'avoir essayé toutes les solutions que tu as eues sous la main, tu n'ais fini par occasionner plus de soucis que de résultats.

 

Refais moi un point très précis des symptômes qui persistent toujours, des messages d'erreur rencontrés, etc. Précise moi si tu disposes d'un cd original windows.

 

Le tout suivi d'un log Hijackthis comme ceci :

 

Télécharge HijackThisV2 sur ton bureau.

  • Double-clique sur HJTInstall.exe et suis les instructions d'installation.
  • Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici
  • Lance le, valide le message d'avertissement, puis clique sur Do a system scan and save a logfile.
  • A la fin de l'analyse, le bloc-notes va s'ouvrir. Copie-colle tout son contenu ici à la suite.
  • Poste le rapport généré sur le forum.

Lien vers le commentaire
Partager sur d’autres sites
strictmaximum Junior Member

strictmaximum

Posté(e)
  • Auteur
Posté(e) (modifié)

voilà, le log fait avec hijackis merci encore... j'ai le cd fournit avec le pc , je n'aimerais pas devoir tout ré-installer, j'ai mis des heures pour tout mettre!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:04:43, on 10/09/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Vista Start Menu\VistaStartMenu.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

c:\PROGRA~1\Crawler\CMail.exe

C:\Windows\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Wam\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_S7EF0.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resou...NPUpldfr-fr.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 9696 bytes

Modifié par strictmaximum
Lien vers le commentaire
Partager sur d’autres sites
  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour strictmaximum :P

 

Merci de ta patience. Rien de très inquiétant sur ce rapport.

 

flechedroite.png Désactive le teatimer de Spybot en passant par les options de Spybot :

  • Une fois dans le logiciel, il faut aller dans le menu "Mode"
  • Coche "Mode avancé" puis "Outils"(en bas de page) et enfin "Résident"
  • Décoche cette case: "Résident Teatimer" .
  • Tu ne doit plus voir l'icône du Teatimer dans la barre de tâches!

 

flechedroite.png Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)

Lien vers le commentaire
Partager sur d’autres sites
strictmaximum Junior Member

strictmaximum

Posté(e)
  • Auteur
Posté(e)

et voilà (encore merci)

 

 

-----------\\ ToolBar S&D 1.2.0 XP/Vista

 

Microsoft® Windows Vista Édition Familiale Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : AMD Phenom 9550 Quad-Core Processor )

BIOS : Default System BIOS

USER : Wam ( Not Administrator ! )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 080916-0] 4.8.1229 (Activated)

C:\ (Local Disk) - NTFS - Total : 180 Go Free : 103 Go

D:\ (Local Disk) - NTFS - Total : 270 Go Free : 270 Go

E:\ (CD or DVD) - UDF - Total : 7 Go Free : 0 Go

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

J:\ (USB)

 

"C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )

Option : [1] ( 17/09/2008|21:52 )

 

[ UAC => 1 ]

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Barre d'outils Crawler

C:\Program Files\Crawler

C:\Program Files\Crawler\CMail.exe

C:\Program Files\Crawler\CMailDll.dll

C:\Program Files\Crawler\CPhoto.dll

C:\Program Files\Crawler\Download

C:\Program Files\Crawler\libeay32.dll

C:\Program Files\Crawler\ssleay32.dll

C:\Program Files\Crawler\Toolbar

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Local Page"="C:\\windows\\system32\\blank.htm"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\windows\\system32\\blank.htm"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 17/09/2008|21:52 - Option : [1]

 

-----------\\ Fin du rapport a 21:52:45,15

 

 

 

ah oui en temps j'avais désinstallé spybot, je ne sais pas si c'est bien

 

encore merci

 

strictmaximum

Lien vers le commentaire
Partager sur d’autres sites
strictmaximum Junior Member

strictmaximum

Posté(e)
  • Auteur
Posté(e)

quand l'explorateur plante comme explication j'ai ça: Signature du problème :

Nom d’événement de problème: APPCRASH

Nom de l’application: Explorer.exe

Version de l’application: 6.0.6001.18000

Horodatage de l'application: 47918e5d

Nom du module par défaut: StackHash_47e1

Version du module par défaut: 6.0.6001.18000

Horodateur du module par défaut: 4791a7a6

Code de l’exception: c0000374

Décalage de l’exception: 000b015d

Version du système: 6.0.6001.2.1.0.768.3

Identificateur de paramètres régionaux: 1036

Information supplémentaire n° 1: 47e1

Information supplémentaire n° 2: 8f6fc9ea277ed5422b58dfa488178fb3

Information supplémentaire n° 3: 4c3f

Information supplémentaire n° 4: 3706be1a2f9d98439fedaa6521756600

 

Lire notre déclaration de confidentialité :

http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x040c

 

 

si ça peut aider....

 

merci

Lien vers le commentaire
Partager sur d’autres sites
strictmaximum Junior Member

strictmaximum

Posté(e)
  • Auteur
Posté(e)

quand je suis dans le panneau de config l'explorateur plante quand je veux acceder à "configurer les proprietes d'utilisateur avancé" !!!!

 

j'en ai marre... et j'ai vraiment pas envie de tout réinstaller... et qui me dit que le disque que j'ai gravé au début (de vista) n'est pas corrompu lui aussi?

 

merci encore de répondre

 

strictmaximum

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...