Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e)

Bonsoir

J'ai procédé à une opération de désinfection sur Dell Inspiron 6500 qui a apparemment mal tourné. Je vous soumets le rapport Hijackthis pour analyse en attendant votre diagnostic et vos recommandations, sachant qu'au demarrage le bureau nes'affiche qu'après 5 minutes et qu'il m'est impossible de me connecter à Internet.

Merci à tous.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:11:42, on 16/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

D:\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Documents and Settings\dali\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

D:\Winamp\winampa.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cidaemon.exe

G:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\dali\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

O4 - HKLM\..\Run: [Windows Defender] "D:\MSASCui.exe" -hide

O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM\..\Run: [scmru] "C:\Program Files\SecureIT\tools\cleverassist\SCPremRbt.exe" btreport

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [JustVoip] "D:\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [E06FDXRC_392244] "E:\Collection Microsoft Encarta 2006\EDICT.EXE" -m

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] D:\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] E:\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: AutorunsDisabled

O4 - Global Startup: AutorunsDisabled

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll (file missing)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office12\REFIEBAR.DLL

O10 - Broken Internet access because of LSP chain gap (#1 in chain of 1 missing)

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{00483275-C0F2-4055-923B-C76A71D7867E}: NameServer = 193.95.93.77,193.95.66.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{1E039D85-4BFC-4D5E-A2BB-7B84F5A28BB5}: NameServer = 192.168.93.77,192.168.66.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{00483275-C0F2-4055-923B-C76A71D7867E}: NameServer = 193.95.93.77,193.95.66.10

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)

O23 - Service: Publication FTP (MSFtpsvc) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)

O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

 

--

End of file - 7380 bytes

Posté(e)

Bonjour,

 

c'est bourré de bestioles.

 

 

Désactive TeaTimer dans spybot dès maintenant, ça peut empêcher la désinfection. :P

A faire en passant par les options de Spybot: il faut aller dans le menu "Mode"=> coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" .

Ne le réactive pas. Ce programme gêne plus qu'il ne rend service.

 

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

Si ça ne se télécharge pas, que tu es redirigé, ou que MBAM ne démarre pas, signale-le moi : c'est un symptôme.

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre.
  • A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite. :P
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Posté(e)

Bonjour

Merci de l'intérêt que vous portez à mon problème et de votre intervention pour le résoudre. Je vais essayer de suivre la procédure détaillée dans votre réponse mais je crains ne pas pouvoir me connecter à internet, dans ce cas je téléchargerai les programmes requis sur un autre PC, je les recopierai sur une clé USB et je les collerai sur mon Dell infecté, j'espère que ça ira.Merci encore une fois.

Posté(e)

Bonsoir

J'ai essayé d'exécuter MBAM de nouveau, cette fois il a démarré mais c'était impossible de faire la mise à jour faute de connection internet. Ensuite j'ai lancé la recherche rapide d'infections et il a affiché les résultats dont voici une copie. j'attend vos instructions pour la suite. Merci

 

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 2775

Windows 5.1.2600 Service Pack 2

 

16/10/2009 23:03:54

mbam-log-2009-10-16 (23-03-54).txt

 

Type de recherche: Examen rapide

Eléments examinés: 97128

Temps écoulé: 9 minute(s), 8 second(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 3

 

Processus mémoire infecté(s):

C:\Documents and Settings\dali\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\untopr5 (Adware.WebRebates) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameWorkService (Trojan.Delf) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\dali\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.MSNFix (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\dali\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> Quarantined and deleted successfully.

Posté(e)

On va faire autrement, sans connexion internet. Transfère le fichier téléchargé.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Branche tes supports amovibles (clés USB, disques durs externes, etc) et laisse les branchés pendant que combofix travaille.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Posté(e)

Bonsoir, Falkra

Voilà, je suis tes instructions à la lettre et voici le rapport de CamboFix:

 

ComboFix 09-10-16.09 - dali 17/10/2009 18:06.1.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.253 [GMT 1:00]

Lancé depuis: c:\documents and settings\dali\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\dali\Application Data\tazebama

c:\documents and settings\dali\Application Data\tazebama\tazebama.log

c:\windows\Installer\136ed1c.msp

c:\windows\Installer\14822a.msp

c:\windows\Installer\1e3fac.msp

c:\windows\Installer\30bcb.msp

c:\windows\Installer\37ab1.msi

c:\windows\Installer\42dda9.msp

c:\windows\Installer\440ce8.msp

c:\windows\Installer\5044ce.msp

c:\windows\Installer\713c02.msp

c:\windows\Installer\78aa3c.msp

c:\windows\Installer\9f2597.msp

c:\windows\Installer\9f25ac.msp

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-17 au 2009-10-17 ))))))))))))))))))))))))))))))))))))

.

 

2009-10-16 21:29 . 2009-10-16 21:29 -------- d-----w- c:\documents and settings\dali\Application Data\Malwarebytes

2009-10-16 21:29 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-16 21:28 . 2009-10-16 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-16 21:28 . 2009-10-16 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-16 21:28 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-16 21:08 . 2009-10-16 21:08 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-10-16 16:22 . 2009-10-16 16:22 -------- d--h--w- c:\windows\PIF

2009-10-13 21:46 . 2004-08-04 06:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys

2009-10-11 20:44 . 2009-10-11 20:44 -------- d-----r- c:\documents and settings\Agilium\Favoris

2009-10-11 20:44 . 2009-10-11 20:44 -------- d-----w- c:\documents and settings\Agilium\Bureau

2009-10-11 11:11 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-10-11 11:11 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-10-11 11:11 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-10-11 11:11 . 2009-10-11 11:11 -------- d-----w- c:\program files\Avira

2009-10-11 11:11 . 2009-10-11 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-10-10 22:42 . 2009-10-10 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla

2009-10-08 20:52 . 2009-10-08 20:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2009-10-08 17:03 . 2009-10-16 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-08 15:33 . 2009-10-08 15:33 -------- d-----w- c:\program files\AskBardis

2009-10-07 23:57 . 2009-10-10 18:52 -------- d-----w- c:\windows\system32\CatRoot

2009-10-07 23:53 . 2009-10-07 23:53 -------- d-s---w- c:\windows\system32\Microsoft

2009-10-02 17:47 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-09-29 17:44 . 2009-09-29 17:44 -------- d-----w- c:\program files\Fichiers communs\SourceTec

2009-09-24 23:26 . 2009-09-24 23:26 -------- d-----w- c:\documents and settings\dali\Local Settings\Application Data\Winamp Toolbar

2009-09-24 23:24 . 2009-09-24 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar

2009-09-24 23:22 . 2009-09-24 23:32 -------- d-----w- c:\documents and settings\dali\Application Data\Winamp

2009-09-24 22:39 . 2009-09-24 22:39 -------- d-----w- c:\program files\Windows Media Connect 2

2009-09-23 16:48 . 2009-09-24 22:27 -------- d-----w- c:\documents and settings\dali\Local Settings\Application Data\Yahoo!

2009-09-22 18:04 . 2009-09-22 18:04 -------- d-----w- c:\program files\Fichiers communs\NSV

2009-09-18 11:31 . 2009-09-18 11:31 -------- d-----w- c:\documents and settings\Application Data\tazebama

2009-09-18 11:31 . 2009-09-18 11:31 -------- d-----w- c:\documents and settings\Application Data

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-10 18:03 . 2009-07-09 15:59 -------- d-----w- c:\program files\Google

2009-10-10 11:09 . 2004-11-22 13:14 91552 -c--a-w- c:\documents and settings\Agilium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-09 21:52 . 2006-01-27 21:21 -------- d-----w- c:\documents and settings\dali\Application Data\EoRezo

2009-10-08 23:46 . 2007-03-27 20:45 -------- d-----w- c:\program files\Opera

2009-10-08 23:45 . 2005-02-20 23:37 -------- d-----w- c:\program files\Drivers

2009-10-07 22:17 . 2007-11-22 13:50 -------- d-----w- c:\documents and settings\dali\Application Data\tor

2009-10-07 15:43 . 2009-03-02 14:03 -------- d-----w- c:\documents and settings\dali\Application Data\Vidalia

2009-10-06 18:25 . 2008-02-27 21:45 -------- d-----w- c:\documents and settings\dali\Application Data\Uniblue

2009-10-01 22:01 . 2005-03-20 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-09-30 22:46 . 2005-02-16 14:51 -------- d-----w- c:\documents and settings\dali\Application Data\Skype

2009-09-16 19:27 . 2005-01-19 18:39 91552 -c--a-w- c:\documents and settings\dali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-10 14:08 . 2009-09-10 14:08 -------- d-----w- c:\documents and settings\dali\Application Data\Foxit

2009-09-10 13:36 . 2004-10-08 08:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-10 13:17 . 2004-11-04 15:10 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-09-09 04:06 . 2004-11-17 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-08-29 14:48 . 2009-08-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-08-29 14:38 . 2009-08-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-08-28 14:43 . 2005-10-27 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-08-26 13:57 . 2004-12-26 14:41 4240 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-26 08:03 . 2009-09-09 16:00 71680 ----a-w- c:\windows\system32\scsprembt.exe

2009-08-21 09:55 . 2003-07-22 16:07 458540 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-21 09:55 . 2003-07-22 16:07 68230 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-05 09:06 . 2004-11-19 17:03 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-28 15:33 . 2009-05-01 23:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2004-11-02 20:37 . 2004-11-02 20:37 56 -csh--r- c:\windows\system32\332BA2C6BA.sys

2004-11-02 20:37 . 2004-11-02 20:37 2098 -csha-w- c:\windows\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

[-] 2004-08-19 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll

[-] 2004-08-19 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\browser.dll

[-] 2004-08-19 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2003-07-22 15:49 . !HASH: COULD NOT OPEN FILE !!!!! . 49152 . . [------] . . c:\windows\$NtServicePackUninstall$\browser.dll

 

[-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2006-08-25 . 47ABF878B9AEC81B23BA5F89DE597B3A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-08-19 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2004-08-19 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2004-08-19 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\comctl32.dll

[-] 2004-08-19 . 7B5D86AF13CEF261180CC0F3BF094366 . 1050624 . . [6.0] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2004-08-19 . 7B5D86AF13CEF261180CC0F3BF094366 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2003-07-22 15:50 . !HASH: COULD NOT OPEN FILE !!!!! . 557056 . . [------] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2003-07-22 . 4DB6E9BE9D620099256BA281654E1A73 . 921600 . . [6.0] . . c:\windows\WinSxS\InstallTemp\431750\comctl32.dll

[-] 2003-07-22 . 241C3B9A8940FE7C3AE23B52189F9C65 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2002-08-29 . 4DB6E9BE9D620099256BA281654E1A73 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

 

[-] 2004-08-19 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 2004-08-19 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\cryptsvc.dll

[-] 2004-08-19 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2003-07-22 15:51 . !HASH: COULD NOT OPEN FILE !!!!! . 53248 . . [------] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

 

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2003-07-22 15:49 . !HASH: COULD NOT OPEN FILE !!!!! . 13568 . . [------] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

 

[-] 2003-07-22 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

 

[-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\kbdclass.sys

[-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2003-07-22 15:57 . !HASH: COULD NOT OPEN FILE !!!!! . 24064 . . [------] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

 

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2003-03-06 08:30 . !HASH: COULD NOT OPEN FILE !!!!! . 162432 . . [------] . . c:\windows\$NtServicePackUninstall$\ndis.sys

 

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ntfs.sys

[-] 2003-07-22 16:05 . !HASH: COULD NOT OPEN FILE !!!!! . 561920 . . [------] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

 

[-] 2003-07-22 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

 

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\tcpip.sys

[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2003-07-22 16:14 . !HASH: COULD NOT OPEN FILE !!!!! . 332928 . . [------] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

 

[-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2005-07-26 04:39 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2005-07-26 04:29 . B56B69129181FF63BAED5EDE65DCC9B1 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2005-07-26 04:29 . B56B69129181FF63BAED5EDE65DCC9B1 . 243200 . . [2001.12.4414.308] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\es.dll

[-] 2004-08-19 23:09 . FDE7FBE9CC9DD9484DF3E0241737C091 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2004-08-19 23:09 . FDE7FBE9CC9DD9484DF3E0241737C091 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2004-03-06 02:17 . !HASH: COULD NOT OPEN FILE !!!!! . 226816 . . [------] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2003-07-22 15:53 . !HASH: COULD NOT OPEN FILE !!!!! . 225280 . . [------] . . c:\windows\$NtUninstallKB828741$\es.dll

 

[-] 2004-08-19 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2004-08-19 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\imm32.dll

[-] 2004-08-19 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2003-07-22 15:56 . !HASH: COULD NOT OPEN FILE !!!!! . 103936 . . [------] . . c:\windows\$NtServicePackUninstall$\imm32.dll

 

[-] 2009-03-21 . 534040750B9E70B156A98F5D0E8F6D2A . 1051136 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll

[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2009-03-21 . 2087E2764822A8D93A4CA7FA0FED35E8 . 1054208 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll

[-] 2007-04-16 . 589A56A96F3230ED25DB6A9F2BDFA2AB . 1051136 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[-] 2007-04-16 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2006-07-05 . FB85EF2A6713E3A58A497E093626B93C . 1050112 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\kernel32.dll

[-] 2004-08-19 . C88F74591579DBDE273C61312B2D3886 . 1048576 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2004-08-19 . C88F74591579DBDE273C61312B2D3886 . 1048576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2004-06-17 17:56 . !HASH: COULD NOT OPEN FILE !!!!! . 995840 . . [------] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2003-07-22 . 3F846A5513E8CC7DB6259585E60CB14D . 995328 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\kernel32.dll

 

[-] 2005-09-01 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\linkinfo.dll

[-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[-] 2004-08-19 . 6C411ABBEEF0CA1D991F8A8F449D2B5F . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2004-08-19 . 6C411ABBEEF0CA1D991F8A8F449D2B5F . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2003-07-22 15:58 . !HASH: COULD NOT OPEN FILE !!!!! . 15360 . . [------] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

 

[-] 2004-08-19 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll

[-] 2004-08-19 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\lpk.dll

[-] 2004-08-19 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2003-07-22 15:58 . !HASH: COULD NOT OPEN FILE !!!!! . 18944 . . [------] . . c:\windows\$NtServicePackUninstall$\lpk.dll

 

[-] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\lsass.exe

[-] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2003-07-22 15:58 . !HASH: COULD NOT OPEN FILE !!!!! . 11776 . . [------] . . c:\windows\$NtServicePackUninstall$\lsass.exe

 

[-] 2009-07-18 . 9D44C24BEC9060AC73E1976CFA06A634 . 3083264 . . [6.00.2900.3603] . . c:\windows\system32\mshtml.dll

[-] 2009-07-18 . E0E80E9B1B3321B1AF943720AB16E7C2 . 3090432 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll

[-] 2009-07-18 . 169C482CD18E2A1D80135974902F88F7 . 3090432 . . [6.00.2900.3603] . . c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll

[-] 2009-07-18 . 4E816F8F7F18C2774EC5BACAC42635C0 . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll

[-] 2009-04-29 . 9742B4FBDAE395046D86163C138D22ED . 3081728 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll

[-] 2009-04-29 . D324BAC264319E0C1A832CBC0DCAA516 . 3089920 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll

[-] 2009-04-29 . DACDAF05E6B664F8E62480182CBA2C78 . 3089920 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\mshtml.dll

[-] 2009-04-29 . 96C819527CD6AB12AF4652D48F9B5196 . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll

[-] 2009-02-20 . D5F02ACCD671A99D15F59DA56B2EA3EC . 3088896 . . [6.00.2900.3527] . . c:\windows\$hf_mig$\KB963027\SP2QFE\mshtml.dll

[-] 2009-02-20 . D04B31EEE8EE34691EA10D323369AD06 . 3080704 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\mshtml.dll

[-] 2009-02-20 . EB1C22D91F6363367656872ED813DAB5 . 3089408 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\mshtml.dll

[-] 2009-02-20 . BAE9A8994957EF57BB429A7E5688EC80 . 3089408 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll

[-] 2008-12-12 . C4CAE99E2AB643B25D0484D5E985960D . 3081216 . . [6.00.2900.3492] . . c:\windows\$NtUninstallKB963027$\mshtml.dll

[-] 2008-12-12 . 19442577E63238262B8CA132E64FA5BE . 3088384 . . [6.00.2900.3492] . . c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll

[-] 2008-12-12 . 6F69E698F11B1214F05195873B73BED4 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll

[-] 2008-12-12 . A3C8A9D3F61F721FCA1A841164FB0CF2 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll

[-] 2008-10-16 . BB926972223761C93BB8D41881CE4DD7 . 3080704 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB960714$\mshtml.dll

[-] 2008-10-16 . 14BBFF7E52B9FF4645AB4EF9D4CE6182 . 3088384 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll

[-] 2008-10-16 . 72299C6CD21801EAB5CBBC3F7B1DB195 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll

[-] 2008-10-16 . CC8B4DA84F4621329ACA3F7A81584F83 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll

[-] 2008-08-20 . 7CCBC169EFCB0284781139ADB7E26F51 . 3081216 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\mshtml.dll

[-] 2008-08-20 . EB2B003122AA714FE93979CFA4EEAA55 . 3088384 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll

[-] 2008-08-20 . E1772442035064C97BA6B4D60BDA1BB9 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll

[-] 2008-08-20 . 4229C8960DE4DC5B6C326E2B65175E9F . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll

[-] 2008-06-25 . 8758CE41A129C23B1A1BD7C9FEE2CCCB . 3088896 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll

[-] 2008-06-23 . A9D7198AAAC327D413D7941B2C0046A4 . 3088384 . . [6.00.2900.3395] . . c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll

[-] 2008-06-23 . FAA707F1143B2CB58ED7BD4F0758BADE . 3080704 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\mshtml.dll

[-] 2008-06-23 . DB0D7FB7B08ED1A861ACDD3A684049DD . 3088384 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll

[-] 2008-04-21 . FEACD6E84244125550219C6795348FDE . 3080704 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\mshtml.dll

[-] 2008-04-21 . 57BC3BE475F34AE089878A016C2CA46E . 3087872 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll

[-] 2008-04-21 . 840E79E91BCCD80B2FC3CCAD2C60B35A . 3087872 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll

[-] 2008-04-21 . B3CD09A5DBD2A569ADFA8654E3C8879D . 3088384 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll

[-] 2008-02-16 . 32DFD49FE02F9E6E02B979EBE1647205 . 3080704 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\mshtml.dll

[-] 2008-02-16 . 7A78A2B4118A5F18B4CC93A83F157FD3 . 3087872 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll

[-] 2007-12-07 . 9B740C8350EDBDD2290B89290039676C . 3080192 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\mshtml.dll

[-] 2007-12-07 . 538016006E65697948DC04305FC60212 . 3087360 . . [6.00.2900.3268] . . c:\windows\$hf_mig$\KB944533\SP2QFE\mshtml.dll

[-] 2007-10-30 . C9BD851330A5AE9CF42CA74F7FAB3054 . 3079680 . . [6.00.2900.3243] . . c:\windows\$NtUninstallKB944533$\mshtml.dll

[-] 2007-10-30 . 1B0CD3D5B664C7786698FBB8C381A4D3 . 3086848 . . [6.00.2900.3243] . . c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll

[-] 2007-08-22 . 878BCB476F8223BDA6E902B364042EB5 . 3079168 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB942615$\mshtml.dll

[-] 2007-08-22 . 6B815842B4A9CDED3D7E9846639E69FA . 3085824 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll

[-] 2007-06-15 . CA8215FF55022B47D6948C4BB09E8D52 . 3085312 . . [6.00.2900.3157] . . c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll

[-] 2007-06-14 . 49AA1DD6240BC870C8F332840A2E8602 . 3079680 . . [6.00.2900.3157] . . c:\windows\$NtUninstallKB939653$\mshtml.dll

[-] 2007-05-04 . BE930AD339B283D83030BD7E67D1CCFD . 3085312 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll

[-] 2007-05-04 . 124B8EFC0167495237D40282CC06492B . 3079680 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB937143$\mshtml.dll

[-] 2007-02-19 . C67A9D187092A34604FE37EF94D4C626 . 3077632 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\mshtml.dll

[-] 2007-02-19 . 942AB79C4A9DDEED3FE39C424967B91B . 3084288 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll

[-] 2007-01-04 . 28E7C79F82CEF8DC3189FBA5CBC3EB84 . 3083264 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll

[-] 2007-01-04 . 3B65C31DD93571252D99E33D042A97C7 . 3077632 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\mshtml.dll

[-] 2007-01-04 . 3B65C31DD93571252D99E33D042A97C7 . 3077632 . . [6.00.2900.3059] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\mshtml.dll

[-] 2005-05-02 . D73E130276025BA9839FAB4B1A3137CA . 3012608 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll

[-] 2005-05-02 . 2F0CE851CF44801A80BBCDB9F2FBCC38 . 3011072 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB928090$\mshtml.dll

[-] 2005-03-10 . C44BAD9DE28B971508C136B9E9E1E1E3 . 3010560 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\mshtml.dll

[-] 2005-03-10 . E908FC09D79479E827F34C7BDF5E606E . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll

[-] 2005-01-27 . 502E7D81AF05AF7DA49425AA02A64F84 . 3006976 . . [6.00.2900.2604] . . c:\windows\$NtUninstallKB890923$\mshtml.dll

[-] 2005-01-27 . 2003C448DA234D22A9A5F676D9BC6D13 . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll

[-] 2004-09-29 . 938732076F87CDD3B6CFF39942A3A29F . 3004928 . . [6.00.2900.2523] . . c:\windows\$NtUninstallKB867282$\mshtml.dll

[-] 2004-09-29 08:00 . !HASH: COULD NOT OPEN FILE !!!!! . 2805760 . . [------] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2004-08-19 . 7CA9E0D2C4DCA6B710FD57F40E597337 . 3003392 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2003-07-22 . 195ECED9CA2D18CCEB5C383220D8ED44 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB834707-IE6SP1-20040929.091901$\mshtml.dll

 

[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 8A52DE10680A40ECD04FA2C0FBC34190 . 247808 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 4138FBDEDBC6FEAD215BB4C4B102F7DE . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2004-08-19 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2004-08-19 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2004-08-19 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\mswsock.dll

[-] 2003-07-22 16:03 . !HASH: COULD NOT OPEN FILE !!!!! . 230912 . . [------] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

 

[-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[-] 2004-08-19 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll

[-] 2004-08-19 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\netlogon.dll

[-] 2004-08-19 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2003-07-22 16:04 . !HASH: COULD NOT OPEN FILE !!!!! . 399360 . . [------] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

 

[-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\netman.dll

[-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2004-08-19 . 237F77C91B70469E3AF9F7FD0A524954 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2004-08-19 . 237F77C91B70469E3AF9F7FD0A524954 . 198144 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netman.dll

[-] 2003-07-22 16:04 . !HASH: COULD NOT OPEN FILE !!!!! . 154112 . . [------] . . c:\windows\$NtServicePackUninstall$\netman.dll

 

[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2009-02-09 . 4183ED119200F8520F5E834498AFB927 . 2182528 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-02-09 . 4183ED119200F8520F5E834498AFB927 . 2182528 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe

[-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe

[-] 2008-08-14 . D79210549BBF09B7638E860440504299 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2008-08-14 . 449566D74B5C261A3A54AA216F0C532B . 2182400 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-08-14 . C6649255E51F145B6E15C505AB68E459 . 2188032 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

[-] 2008-08-14 . C8D4D5974F9671DA0A37175650912960 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[-] 2007-02-28 . 8E244108562E0E452EB68DFF64CB08A9 . 2184192 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2006-12-19 . 1F3FA2065E6E043A1D82A487B5DA309C . 2184064 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

[-] 2006-12-19 . D27929DB7B7F92F9D0F8EC9BA01C601C . 2182400 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[-] 2005-03-02 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2005-03-02 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

[-] 2005-03-02 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ntoskrnl.exe

[-] 2004-08-19 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2004-08-19 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2004-06-17 17:43 . !HASH: COULD NOT OPEN FILE !!!!! . 2055168 . . [------] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2003-07-22 . F58B3CE36566D6061A496DC595A8AAA3 . 2045824 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\ntoskrnl.exe

 

[-] 2004-08-19 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2004-08-19 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\powrprof.dll

[-] 2004-08-19 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2003-07-22 16:07 . !HASH: COULD NOT OPEN FILE !!!!! . 14848 . . [------] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

 

[-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\qmgr.dll

[-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2004-07-01 22:08 . !HASH: COULD NOT OPEN FILE !!!!! . 360960 . . [------] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2003-07-22 . E1BDBEC55DF596AC4DC9FDCF6CB12832 . 223232 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll

 

[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll

[-] 2009-02-09 . 5620353B93DD08016674E4FEE280190B . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll

[-] 2005-07-26 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2005-07-26 . B38D431ACE730452CD1FEE4FB7ECD6E2 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[-] 2005-07-26 . B38D431ACE730452CD1FEE4FB7ECD6E2 . 398336 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\rpcss.dll

[-] 2005-04-28 . FD292BFE003558F4C39AA3D44F420AC7 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2005-04-28 . D0F724BDF4A0647F1A52985FD629EFCE . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2005-01-14 . EAB055D3580A4D7C66DA05C7160EE5C1 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2005-01-14 . 05E8F98BC17FCCE18D7DB332A81B8DDE . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll

[-] 2004-08-19 . C6FE0B727A5D13419D480150631ADC09 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[-] 2004-08-19 . C6FE0B727A5D13419D480150631ADC09 . 395776 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2004-03-06 02:17 . !HASH: COULD NOT OPEN FILE !!!!! . 263680 . . [------] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2003-07-22 16:09 . !HASH: COULD NOT OPEN FILE !!!!! . 260608 . . [------] . . c:\windows\$NtUninstallKB828741$\rpcss.dll

 

[-] 2004-08-19 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll

[-] 2004-08-19 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\scecli.dll

[-] 2004-08-19 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2003-07-22 16:09 . !HASH: COULD NOT OPEN FILE !!!!! . 180736 . . [------] . . c:\windows\$NtServicePackUninstall$\scecli.dll

 

[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe

[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2009-02-09 . 9D6BF82FE50D55F20F8E10E0F6653886 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe

[-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe

[-] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\services.exe

[-] 2003-07-22 16:10 . !HASH: COULD NOT OPEN FILE !!!!! . 101888 . . [------] . . c:\windows\$NtServicePackUninstall$\services.exe

 

[-] 2004-08-19 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll

[-] 2004-08-19 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\sfc.dll

[-] 2004-08-19 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2003-07-22 16:10 . !HASH: COULD NOT OPEN FILE !!!!! . 4096 . . [------] . . c:\windows\$NtServicePackUninstall$\sfc.dll

 

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2004-08-19 . DF9FC62AD51CB082B0AE371919A232CB . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2004-08-19 . DF9FC62AD51CB082B0AE371919A232CB . 57856 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2003-07-22 16:12 . !HASH: COULD NOT OPEN FILE !!!!! . 51200 . . [------] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

 

[-] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\svchost.exe

[-] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2003-07-22 16:13 . !HASH: COULD NOT OPEN FILE !!!!! . 12800 . . [------] . . c:\windows\$NtServicePackUninstall$\svchost.exe

 

[-] 2005-07-08 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\tapisrv.dll

[-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2004-08-19 . 5CC2A233DAC03CAF99D20B87598675CD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2004-08-19 . 5CC2A233DAC03CAF99D20B87598675CD . 246272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

[-] 2003-07-22 16:13 . !HASH: COULD NOT OPEN FILE !!!!! . 233984 . . [------] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

 

[-] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll

[-] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2004-08-19 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2004-08-19 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2004-08-19 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\user32.dll

[-] 2004-06-17 17:56 . !HASH: COULD NOT OPEN FILE !!!!! . 561152 . . [------] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2003-07-22 . 0ABF2F5280940D32D1D52BD3500B0C37 . 561152 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\user32.dll

 

[-] 2004-08-19 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2004-08-19 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\userinit.exe

[-] 2004-08-19 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2003-07-22 16:15 . !HASH: COULD NOT OPEN FILE !!!!! . 22528 . . [------] . . c:\windows\$NtServicePackUninstall$\userinit.exe

 

[-] 2009-06-26 . 1B086DE4AFB06F40C5949992314738D4 . 670720 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll

[-] 2009-06-26 . 421625BFBCED3CCAFC30EBA47A05CECB . 672256 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll

[-] 2009-06-26 . D7F5C0B6497908C84F9C1E9D2BB36396 . 672256 . . [6.00.2900.3592] . . c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll

[-] 2009-04-29 . 814148D0471936ECFC8B9FC5B761A447 . 663552 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll

[-] 2009-04-29 . 0A4B365061992BC4EF268229BE616F57 . 670720 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll

[-] 2009-04-29 . 4C0CAC19431E83809003460D2E54F5FB . 672256 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll

[-] 2009-04-29 . 2B73F48C9BD74FD54E07556B41684AC3 . 672256 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll

[-] 2009-02-20 . FD1F0132A44E044C821C2B74D918D20A . 663552 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\wininet.dll

[-] 2009-02-20 . AD9AB4386AE234EA5C8EED51CD934C44 . 672256 . . [6.00.2900.3527] . . c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll

[-] 2009-02-20 . 273B84C3C339341F917D7DDAD0722F51 . 670208 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll

[-] 2009-02-20 . 8EAE861274F3E0C00C10C871371A1A8E . 671744 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll

[-] 2008-10-16 . 4BAD064ED3FB5008AF94D427DD77FDDD . 663552 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB963027$\wininet.dll

[-] 2008-10-16 . F9AE6DBB4EC5B4D1A82BF2F0CB7EE200 . 671744 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll

[-] 2008-10-16 . 1C6E9FDAB1F4CB983A39EFBA6F131ACC . 671232 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

[-] 2008-10-16 . 05033943FF61ABD13B93C00337D04E92 . 670208 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll

[-] 2008-08-20 . ADBB0BDB81EB0013942D907E9418AB8B . 663552 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\wininet.dll

[-] 2008-08-20 . AEF39AC3BCBAFE971155D0073191B5A6 . 671744 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll

[-] 2008-08-20 . 50D19E569C83A9C1AE7EFAEF6A93BC50 . 670208 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll

[-] 2008-08-20 . 96D50ACA60DA22ADBD253F2825C98D1A . 670720 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

[-] 2008-06-23 . 8CA18FD7CCCABFF7E84702BC1BBF5DCB . 671232 . . [6.00.2900.3395] . . c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll

[-] 2008-06-23 . 95D92788889B847309C63E2EC287D1C0 . 663552 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\wininet.dll

[-] 2008-06-23 . D2177655BC338A07B99913F6A4BED52D . 670208 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll

[-] 2008-06-23 . 4E00327DA458BEFFEA8F4B222F466B20 . 670720 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll

[-] 2008-04-21 . 355A69CC05045428CE6B9E6BFBD4B74B . 663552 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\wininet.dll

[-] 2008-04-21 . F2F343D7ED0223645BA773B840EB4993 . 670720 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll

[-] 2008-04-21 . 7AF7D7D178F2863E7E7C880B55C88B76 . 670208 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll

[-] 2008-04-21 . 82B3264706B9921C67B196319FDA51DE . 670720 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll

[-] 2008-02-16 . DCB8A9F102663D962BE60CDE38A6C1D7 . 670208 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

[-] 2008-02-16 . C9218CD3CD93586FFE9AE789282CAE63 . 663552 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\wininet.dll

[-] 2007-12-07 . C5A40DE381481D288ADDEE45FC67F652 . 663552 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\wininet.dll

[-] 2007-12-07 . C057D734B1951393FD07E2607513D4D9 . 670208 . . [6.00.2900.3268] . . c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll

[-] 2007-10-11 . D2FD027E5D3AF96DEE6C5CC225079DF0 . 663552 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB944533$\wininet.dll

[-] 2007-10-11 . 0465CDE31ADD22F6233FFB4FE4AF01CF . 670208 . . [6.00.2900.3231] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll

[-] 2007-08-22 . 18048557AA56DE4B1955FDF7A21F9B24 . 663040 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB942615$\wininet.dll

[-] 2007-08-22 . 4F6A45B54D26708E2C2BF2C43D83EDEA . 669696 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll

[-] 2007-06-26 . 19058FBDC72F7BAE085369C6D0A7D074 . 669696 . . [6.00.2900.3164] . . c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll

[-] 2007-06-26 . 889269134AF28B2142F47A337CA3A1CD . 663040 . . [6.00.2900.3164] . . c:\windows\$NtUninstallKB939653$\wininet.dll

[-] 2007-04-18 . A3BF56A786B277E881FD9137F55F0B4B . 669696 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll

[-] 2007-04-18 . CA6F58031096FC2509C57670129469F7 . 663040 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB937143$\wininet.dll

[-] 2007-02-19 . 1BDE6D5DBA35797ECA8DB8FCB80FC015 . 669696 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll

[-] 2007-02-19 . 129A4681B22150D08E35E144494240A2 . 663040 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\wininet.dll

[-] 2007-01-04 . 114342601AC7EA73B0D2A0ED8505B8B9 . 669184 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll

[-] 2007-01-04 . 25D38FFA2B441E326850AE4CB67D1A91 . 663040 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\wininet.dll

[-] 2007-01-04 . 25D38FFA2B441E326850AE4CB67D1A91 . 663040 . . [6.00.2900.3059] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\wininet.dll

[-] 2005-05-02 . 0996B57CC2ABCB271872296E98A18DB2 . 663040 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll

[-] 2005-05-02 . FFE3E6FB8D52955A2DE4C6CC765B02BC . 662016 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB928090$\wininet.dll

[-] 2005-03-10 . BA7CDA9917332A6E1FAA1B46BC3AB5FD . 660992 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\wininet.dll

[-] 2005-03-10 . 06AD0B0F43286CD50AF283762EB56763 . 662016 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll

[-] 2005-01-27 . B16B02F3C804F057DAB099CC15ED0206 . 660992 . . [6.00.2900.2577] . . c:\windows\$NtUninstallKB890923$\wininet.dll

[-] 2005-01-27 . 66A10B98F18FD804236AB2D90301DE04 . 662016 . . [6.00.2900.2598] . . c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll

[-] 2004-09-29 . A1F5B2FC31EF3986BCA19F72DDE0B922 . 660992 . . [6.00.2900.2518] . . c:\windows\$NtUninstallKB867282$\wininet.dll

[-] 2004-08-23 19:35 . !HASH: COULD NOT OPEN FILE !!!!! . 593920 . . [------] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2004-08-19 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2004-08-19 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll

[-] 2003-07-22 . CBC50D46257C4A75644230507B488050 . 603136 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB834707-IE6SP1-20040929.091901$\wininet.dll

 

[-] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\winlogon.exe

[-] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-06-17 17:42 . !HASH: COULD NOT OPEN FILE !!!!! . 487424 . . [------] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2003-07-22 . 71820BC9EE6653C8748922459DFC384D . 520704 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\winlogon.exe

 

[-] 2004-08-19 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2004-08-19 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ws2_32.dll

[-] 2004-08-19 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2003-07-22 16:19 . !HASH: COULD NOT OPEN FILE !!!!! . 75264 . . [------] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

 

[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\explorer.exe

[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2004-08-19 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2004-08-19 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-19 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\explorer.exe

[-] 2003-07-22 15:53 . !HASH: COULD NOT OPEN FILE !!!!! . 1008128 . . [------] . . c:\windows\$NtServicePackUninstall$\explorer.exe

 

[-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\msvcrt.dll

[-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-19 . 75ECEFC8AB4DD9AEC9BC082D003BD90D . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2003-07-22 16:03 . !HASH: COULD NOT OPEN FILE !!!!! . 323072 . . [------] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2003-07-22 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2002-08-28 . 1B2C477D8847E4123DD8761D2E9008F7 . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll

 

[-] 2004-08-19 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2004-08-19 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\srsvc.dll

[-] 2004-08-19 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2003-07-22 16:12 . !HASH: COULD NOT OPEN FILE !!!!! . 159232 . . [------] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

 

[-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\wscntfy.exe

[-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

 

[-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\xmlprov.dll

[-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

 

[-] 2004-08-19 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2004-08-19 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\eventlog.dll

[-] 2004-08-19 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2003-07-22 15:53 . !HASH: COULD NOT OPEN FILE !!!!! . 49152 . . [------] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

 

[-] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\sfcfiles.dll

[-] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2003-07-22 16:10 . !HASH: COULD NOT OPEN FILE !!!!! . 1145856 . . [------] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

 

[-] 2004-08-19 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2004-08-19 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ctfmon.exe

[-] 2004-08-19 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2003-07-22 15:51 . !HASH: COULD NOT OPEN FILE !!!!! . 13312 . . [------] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

 

[-] 2004-08-19 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll

[-] 2004-08-19 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\regsvc.dll

[-] 2004-08-19 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2003-07-22 16:08 . !HASH: COULD NOT OPEN FILE !!!!! . 51712 . . [------] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

 

[-] 2004-08-19 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

[-] 2004-08-19 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\schedsvc.dll

[-] 2004-08-19 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2003-07-22 16:09 . !HASH: COULD NOT OPEN FILE !!!!! . 161280 . . [------] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

 

[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll

[-] 2006-12-19 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2004-08-19 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2004-08-19 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2004-08-19 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\shsvcs.dll

[-] 2003-07-22 16:10 . !HASH: COULD NOT OPEN FILE !!!!! . 116736 . . [------] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

 

[-] 2004-08-19 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[-] 2004-08-19 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ssdpsrv.dll

[-] 2004-08-19 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2003-07-22 16:12 . !HASH: COULD NOT OPEN FILE !!!!! . 43008 . . [------] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

 

[-] 2004-08-19 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2004-08-19 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\termsrv.dll

[-] 2004-08-19 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2003-07-22 16:14 . !HASH: COULD NOT OPEN FILE !!!!! . 202752 . . [------] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

 

[-] 2004-08-19 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\appmgmts.dll

[-] 2004-08-19 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\appmgmts.dll

[-] 2004-08-19 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[-] 2003-07-22 15:49 . !HASH: COULD NOT OPEN FILE !!!!! . 165376 . . [------] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

 

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2001-08-17 19:58 . !HASH: COULD NOT OPEN FILE !!!!! . 25472 . . [------] . . c:\windows\$NtServicePackUninstall$\agp440.sys

 

[-] 2003-07-22 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

 

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys

[-] 2002-08-28 21:16 . !HASH: COULD NOT OPEN FILE !!!!! . 142208 . . [------] . . c:\windows\$NtServicePackUninstall$\aec.sys

 

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

 

[-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2003-07-22 15:59 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2003-07-22 15:59 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\mfc40u.dll

 

[-] 2004-08-19 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 2004-08-19 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\msgsvc.dll

[-] 2004-08-19 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2003-07-22 16:01 . !HASH: COULD NOT OPEN FILE !!!!! . 34304 . . [------] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

 

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-08-19 23:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

 

[-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe

[-] 2009-02-09 . 663D7167ED065786EC9DCFF2569A39F7 . 2059776 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-02-09 . 663D7167ED065786EC9DCFF2569A39F7 . 2059776 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-02-09 . 0150FE5C1E07F8AE422FEC6C8E8A0C98 . 2065024 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe

[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 . 755B50949D0DBC0F0136B0DB58765331 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 . F9720D61DF1E3E47614C4FC891F3FE44 . 2059776 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-08-14 . DCBC1A6D150B5EE1BD6257186157B0F3 . 2065024 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

[-] 2008-08-14 . 8DA71F1900721E1E4FCB5B02D55FB771 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

[-] 2007-02-28 . 7A56A64EB50399613587E90292DD2AAB . 2061440 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2006-12-19 . 8B039EFBE4C9AA23F152FFA0E238B8FA . 2061440 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

[-] 2006-12-19 . 06015D137B02542F07D5CD7B144DF942 . 2059648 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[-] 2005-03-02 . 5311776074B6C13F983DC75BAEAC9C0C . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2005-03-02 . 73FA9C95D235844A36968C7852C7DBDD . 2058880 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

[-] 2005-03-02 . 73FA9C95D235844A36968C7852C7DBDD . 2058880 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ntkrnlpa.exe

[-] 2004-08-19 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2004-08-19 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2004-06-17 17:43 . !HASH: COULD NOT OPEN FILE !!!!! . 1958272 . . [------] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2003-07-22 . 4560381FA3425B16F5DF1A0DE4814DE7 . 1951488 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\ntkrnlpa.exe

 

[-] 2004-08-19 23:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

[-] 2004-08-19 23:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ntmssvc.dll

[-] 2004-08-19 23:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2003-07-22 16:05 . !HASH: COULD NOT OPEN FILE !!!!! . 395776 . . [------] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

 

[-] 2007-02-05 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll

[-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll

[-] 2004-08-19 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

[-] 2004-08-19 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\upnphost.dll

[-] 2004-08-19 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\upnphost.dll

[-] 2003-07-22 16:15 . !HASH: COULD NOT OPEN FILE !!!!! . 164864 . . [------] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="d:\winamp\winampa.exe" [2009-07-01 37888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

2009-03-10 21:18 265088 ----a-w- c:\windows\system32\WgaLogon.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0k\0 \0*

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/10/2009 12:11 108289]

R2 WinDefend;Windows Defender;D:\MsMpEng.exe [03/11/2006 19:19 13592]

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]

S3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\drivers\pixmc10c.sys [29/12/2004 23:20 31232]

S3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\drivers\pixmc10a.sys [29/12/2004 23:21 28060]

S3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\drivers\pixmc10v.sys [29/12/2004 23:21 22652]

S3 USTOR;U-Storage Controller;c:\windows\system32\drivers\UStork.sys [20/02/2005 15:55 20258]

.

Contenu du dossier 'Tâches planifiées'

 

2009-10-17 c:\windows\Tasks\MP Scheduled Scan.job

- D:\MpCmdRun.exe [2006-11-03 18:20]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://y.lo.st

mStart Page = hxxp://fr.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html

IE: E&xporter vers Microsoft Excel - e:\office12\EXCEL.EXE/3000

TCP: {00483275-C0F2-4055-923B-C76A71D7867E} = 193.95.93.77,193.95.66.10

TCP: {1E039D85-4BFC-4D5E-A2BB-7B84F5A28BB5} = 192.168.93.77,192.168.66.10

FF - ProfilePath - c:\documents and settings\dali\Application Data\Mozilla\Firefox\Profiles\wm1tknr3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://y.lo.st

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13929&gct=&gc=1&q=

FF - prefs.js: network.proxy.http_port - 9050

FF - prefs.js: network.proxy.type - 2

FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\divx\DivX Web Player\npdivx32.dll

FF - plugin: d:\program files\plugins\np-mswmp.dll

FF - plugin: d:\program files\plugins\npFoxitReaderPlugin.dll

 

---- PARAMETRES FIREFOX ----

 

.

- - - - ORPHELINS SUPPRIMES - - - -

 

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\Winamp Toolbar\winamptb.dll

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe

HKCU-Run-neufbox_reminder - c:\program files\Kit ADSL\Wizard\PostInstall_Checker.exe

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

HKCU-Run-JustVoip - d:\justvoip\JustVoip.exe

HKCU-Run-E06FDXRC_392244 - e:\collection microsoft encarta 2006\EDICT.EXE

HKCU-Run-Uniblue RegistryBooster 2009 - d:\uniblue\RegistryBooster\RegistryBooster.exe

HKCU-Run-Uniblue RegistryBooster 2 - e:\registrybooster 2\RegistryBooster.exe

HKLM-Run-Windows Defender - D:\MSASCui.exe

HKLM-Run-scmru - c:\program files\SecureIT\tools\cleverassist\SCPremRbt.exe

HKLM-Run-EoEngine - (no file)

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe

Notify-AtiExtEvent - (no file)

AddRemove-274c5407c4fa26908310cb5c1c4000b2 - c:\program files\netbeans-4.0beta2\_uninst\uninstaller.exe

AddRemove-Foxit Reader - d:\program files\Foxit Software\Foxit Reader\Uninstall.exe

AddRemove-Google Updater - c:\program files\Google\Google Updater\GoogleUpdater.exe

AddRemove-Handy Recovery 1.0 - c:\progra~1\SOFTLO~1\HANDYR~1.0\UNWISE.EXE

AddRemove-HijackThis - G:\HijackThis.exe

AddRemove-Mozilla Firefox (3.0.6) - d:\program files\uninstall\helper.exe

AddRemove-Privoxy - d:\vidalia bundle\Uninstall.exe

AddRemove-SecureMail - e:\securemail\Uninstall.exe

AddRemove-SecureMail Web Access - e:\securemail web access\WebAccessUninstall.exe

AddRemove-Tor - d:\vidalia bundle\Uninstall.exe

AddRemove-{7585478E9D9B42108671C12F8714CEFE} - d:\divx\DivXConverterUninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-17 18:14

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql]

"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql]

"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

.

Heure de fin: 2009-10-17 18:26

ComboFix-quarantined-files.txt 2009-10-17 17:26

 

Avant-CF: 318 070 784 octets libres

Après-CF: 357 851 136 octets libres

 

642

 

A la prochaine, avec toutes mes considérations.

Posté(e)

Il y a une sale infection qui modifie les fichiers, une belle horreur, mais pas la pire.

 

Ces proxies, c'est souhaité ? (je ne parle pas de Tor uniquement) parce que ça me semble curieux.

 

On va bosser un peu, pour continuer le ménage.

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/0e583c
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Posté(e)

Salut Falkra

Il faisait tard mais je n'ai pas pu m'empêcher de terminer le travail que tu m'as demandé. En voici le résultat:

 

ComboFix 09-10-16.09 - dali 17/10/2009 23:48.2.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.256 [GMT 1:00]

Lancé depuis: c:\documents and settings\dali\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\dali\Bureau\CFscript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Application Data\tazebama

c:\documents and settings\dali\Application Data\EoRezo

c:\documents and settings\dali\Application Data\EoRezo\cmhost.cyp

c:\documents and settings\dali\Application Data\EoRezo\ConfMedia.cyp

c:\documents and settings\dali\Application Data\EoRezo\db\cat.cyp

c:\documents and settings\dali\Application Data\EoRezo\eoDesktop\config.xml

c:\documents and settings\dali\Application Data\EoRezo\eoDesktop\eoDesktop.html

c:\documents and settings\dali\Application Data\EoRezo\eoDesktop\userConfig.xml

c:\documents and settings\dali\Application Data\EoRezo\EoNet.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\balance.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\belier.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\cancer.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\capricorne.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_01net_actualite.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_01net_actualite.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_1201.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_abcbourse_analyse.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_abcbourse_news.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_advisto.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_advisto.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_agenda_musical.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_agenda_musical.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_aninmint.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_aninmint.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_bbc.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_bbc.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_bd_livres_krinein.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_companynewsgroup.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_companynewsgroup.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_dvd_bonus.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_EoRezo_Horoscope.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_equipe_foot.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_equipe_foot.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_eurotop_foot.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_eurotop_foot.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fcb_foot.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew1.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew2.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew20.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew3.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew4.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew44.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew56.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew6.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew60.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fileNew8.xml

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_football365_foot.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fr_uefa_com.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_fr_uefa_com.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_france2_tv.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_france2_tv.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_france3_tv.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_france3_tv.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_ft.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_ft.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_iht.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_iht.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_info_football_foot.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_jeux_france.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_jeux_video.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_l_equipe_rugby.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_l_equipe_rugby.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_latribune_investissement.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_latribune_investissement.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_le_figaro_entreprise.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_le_figaro_entreprise.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_le_monde_entreprise.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_le_monde_entreprise.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lefigaro_une.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lelombrik.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lemonde_livres.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lemonde_livres.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_conso.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_conso.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_finance.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_finance.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_patrimoine.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_lesechos_patrimoine.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_liberation_actualite.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_madame_figaro_cuisine.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_mangaanime.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_msn_insolites.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_narutochaos.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_nord_cinema_box_office.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_nord_cinema_box_office.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_nord_cinema_critique.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_nosamieslesstars.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_om_live.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_parisetudiant.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_parisetudiant_job.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_actustar.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_france2.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_france2.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_madamefigaro.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_nouvelobs.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_nouvelobs.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_tf1.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_people_tf1.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_planet_psg.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_nouvelobs.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_nouvelobs.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_premier_ministre.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_premier_ministre.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_tv5.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_politique_tv5.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_ptdr.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_recette_dessert_cuisine.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_rtl_foot.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_rtl_foot.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_actualite.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_actualite.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_cinema.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_cinema.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_economie.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_economie.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_insolites.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_tf1_insolites.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_umoor.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_yahoo_cuisine.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRss_yatahonga.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\EoRssServer.cfg

c:\documents and settings\dali\Application Data\EoRezo\EoRss\gemeaux.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\lion.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\poisson.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\sagittaire.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\taureau.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\verseau.gif

c:\documents and settings\dali\Application Data\EoRezo\EoRss\vierge.gif

c:\documents and settings\dali\Application Data\EoRezo\eoStats\eoStats.txt

c:\documents and settings\dali\Application Data\EoRezo\host.cyp

c:\documents and settings\dali\Application Data\EoRezo\install.exe

c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\help_config.cyp

c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe

c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\unins000.dat

c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\unins000.exe

c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\user_config.cyp

c:\documents and settings\dali\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp

c:\documents and settings\dali\Application Data\EoRezo\tmp.exe

c:\documents and settings\dali\Application Data\EoRezo\user.cyp

c:\program files\AskBardis

c:\program files\AskBardis\bar\Settings\prevCfg2.htm

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASKUPGRADE

-------\Service_ASKUpgrade

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-17 au 2009-10-17 ))))))))))))))))))))))))))))))))))))

.

 

2009-10-16 21:29 . 2009-10-16 21:29 -------- d-----w- c:\documents and settings\dali\Application Data\Malwarebytes

2009-10-16 21:29 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-16 21:28 . 2009-10-16 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-16 21:28 . 2009-10-16 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-16 21:28 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-16 21:08 . 2009-10-16 21:08 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-10-16 16:22 . 2009-10-16 16:22 -------- d--h--w- c:\windows\PIF

2009-10-13 21:46 . 2004-08-04 06:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys

2009-10-11 20:44 . 2009-10-11 20:44 -------- d-----r- c:\documents and settings\Agilium\Favoris

2009-10-11 20:44 . 2009-10-11 20:44 -------- d-----w- c:\documents and settings\Agilium\Bureau

2009-10-11 11:11 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-10-11 11:11 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-10-11 11:11 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-10-11 11:11 . 2009-10-11 11:11 -------- d-----w- c:\program files\Avira

2009-10-11 11:11 . 2009-10-11 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-10-10 22:42 . 2009-10-10 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla

2009-10-08 20:52 . 2009-10-08 20:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2009-10-08 17:03 . 2009-10-16 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-07 23:57 . 2009-10-10 18:52 -------- d-----w- c:\windows\system32\CatRoot

2009-10-07 23:53 . 2009-10-07 23:53 -------- d-s---w- c:\windows\system32\Microsoft

2009-10-02 17:47 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-09-29 17:44 . 2009-09-29 17:44 -------- d-----w- c:\program files\Fichiers communs\SourceTec

2009-09-24 23:26 . 2009-09-24 23:26 -------- d-----w- c:\documents and settings\dali\Local Settings\Application Data\Winamp Toolbar

2009-09-24 23:24 . 2009-09-24 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar

2009-09-24 23:22 . 2009-09-24 23:32 -------- d-----w- c:\documents and settings\dali\Application Data\Winamp

2009-09-24 22:39 . 2009-09-24 22:39 -------- d-----w- c:\program files\Windows Media Connect 2

2009-09-23 16:48 . 2009-09-24 22:27 -------- d-----w- c:\documents and settings\dali\Local Settings\Application Data\Yahoo!

2009-09-22 18:04 . 2009-09-22 18:04 -------- d-----w- c:\program files\Fichiers communs\NSV

2009-09-18 11:31 . 2009-09-18 11:31 -------- d-----w- c:\documents and settings\Application Data

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-10 18:03 . 2009-07-09 15:59 -------- d-----w- c:\program files\Google

2009-10-10 11:09 . 2004-11-22 13:14 91552 -c--a-w- c:\documents and settings\Agilium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-08 23:46 . 2007-03-27 20:45 -------- d-----w- c:\program files\Opera

2009-10-08 23:45 . 2005-02-20 23:37 -------- d-----w- c:\program files\Drivers

2009-10-07 22:17 . 2007-11-22 13:50 -------- d-----w- c:\documents and settings\dali\Application Data\tor

2009-10-07 15:43 . 2009-03-02 14:03 -------- d-----w- c:\documents and settings\dali\Application Data\Vidalia

2009-10-06 18:25 . 2008-02-27 21:45 -------- d-----w- c:\documents and settings\dali\Application Data\Uniblue

2009-10-01 22:01 . 2005-03-20 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-09-30 22:46 . 2005-02-16 14:51 -------- d-----w- c:\documents and settings\dali\Application Data\Skype

2009-09-16 19:27 . 2005-01-19 18:39 91552 -c--a-w- c:\documents and settings\dali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-10 14:08 . 2009-09-10 14:08 -------- d-----w- c:\documents and settings\dali\Application Data\Foxit

2009-09-10 13:36 . 2004-10-08 08:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-10 13:17 . 2004-11-04 15:10 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-09-09 04:06 . 2004-11-17 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-08-29 14:48 . 2009-08-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-08-29 14:38 . 2009-08-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-08-28 14:43 . 2005-10-27 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-08-26 13:57 . 2004-12-26 14:41 4240 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-26 08:03 . 2009-09-09 16:00 71680 ----a-w- c:\windows\system32\scsprembt.exe

2009-08-21 09:55 . 2003-07-22 16:07 458540 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-21 09:55 . 2003-07-22 16:07 68230 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-05 09:06 . 2004-11-19 17:03 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-28 15:33 . 2009-05-01 23:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2004-11-02 20:37 . 2004-11-02 20:37 56 -csh--r- c:\windows\system32\332BA2C6BA.sys

2004-11-02 20:37 . 2004-11-02 20:37 2098 -csha-w- c:\windows\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

Erreur des Services de cryptographie !!

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="d:\winamp\winampa.exe" [2009-07-01 37888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

2009-03-10 21:18 265088 ----a-w- c:\windows\system32\WgaLogon.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0k\0 \0*

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\Drivers\pixmc10c.sys [2002-09-27 31232]

R3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\Drivers\pixmc10a.sys [2002-10-03 28060]

R3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\Drivers\pixmc10v.sys [2002-11-28 22652]

R3 USTOR;U-Storage Controller;c:\windows\system32\DRIVERS\UStork.sys [2003-07-08 20258]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 WinDefend;Windows Defender;D:\MsMpEng.exe [2006-11-03 13592]

 

.

Contenu du dossier 'Tâches planifiées'

 

2009-10-17 c:\windows\Tasks\MP Scheduled Scan.job

- D:\MpCmdRun.exe [2006-11-03 18:20]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://y.lo.st

mStart Page = hxxp://fr.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html

IE: E&xporter vers Microsoft Excel - e:\office12\EXCEL.EXE/3000

TCP: {00483275-C0F2-4055-923B-C76A71D7867E} = 193.95.93.77,193.95.66.10

TCP: {1E039D85-4BFC-4D5E-A2BB-7B84F5A28BB5} = 192.168.93.77,192.168.66.10

FF - ProfilePath - c:\documents and settings\dali\Application Data\Mozilla\Firefox\Profiles\wm1tknr3.default\

FF - prefs.js: network.proxy.http_port - 9050

FF - prefs.js: network.proxy.type - 2

 

---- PARAMETRES FIREFOX ----

 

.

- - - - ORPHELINS SUPPRIMES - - - -

 

AddRemove-SoftwareUpdate_is1 - c:\documents and settings\dali\Application Data\eoRezo\SoftwareUpdate\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-17 23:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql]

"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql]

"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\BCMWLTRY.EXE

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\program files\Avira\AntiVir Desktop\avwsc.exe

.

**************************************************************************

.

Heure de fin: 2009-10-17 0:05 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-10-17 23:05

ComboFix2.txt 2009-10-17 17:26

 

Avant-CF: 357 265 408 octets libres

Après-CF: 256 507 904 octets libres

 

307

Posté(e)

Bonjour bouha, Falkra :P

 

bouha : si je suis là, c'est juste parce que j'ai demandé à Falkra si je pouvais poursuivre avec toi, hier (samedi soir en fait..). Je fais rarement ça mais là, quand j'ai vu Tazebama dans les rapports... J'ai déjà croisé le fer avec cette infection ici, sur ma machine d'essais, et on ne l'a pas souvent vue sur les forums, alors je me suis porté volontaire :P

 

Tazebama (aussi connu sous le nom de Mabezat) est un infecteur de fichiers exécutables et je soupçonne qu'il t'ait causé tes ennuis de désinfection. Là, la machine se porte plutôt mal, avec le service Cryptographique endommagé (possiblement) et Windows qui ne peut plus vérifier l'intégrité de ses fichiers système ni les réparer. Ça promet... IL faudra aussi te réparer des dégâts infligés à Internet Explorer, à la passerelle réseau (perte de connexion) et autres trucs possibles.

 

Avant de foncer, je veux te poser quelques questions :

 

1) As-tu le CD de Windows ou des CDs de recouvrement pour le système ? Ou bien juste la partition de recouvrement (Dell) ?

 

2) As-tu retrouvé la connexion Internet ?

 

3) Quel est l'état actuel de la machine ? (en gros...)

 

4) Peux-tu me remettre un rapport HijackThis tout frais s'il te plaît ?

 

Merci, et à bientôt.

 

Mark

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...