Help(Redirect,Popup,Microsoft Download Not Allowed)

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Help(Redirect,Popup,Microsoft Download Not Allowed), Google=Redirected, Popup=Google, Download not Allowed=Microsoft Downl.

Options

zerrogh View Member Profile	Nov 18 2008, 07:02 PM Post #1
Member Group: Members Posts: 21 Joined: 18-November 08 Member No.: 258,128	Hello every one. Sry for my bad english, im french so ... Since one week, my internet is running really. Im was looking some forum to know how to delete my problem but I don't find any way. So I will explain my problem. First: When I type www.google.ca in the adress bar, it give me the google site, this is ok, but in english ... and www.google.ca is suppose to be in french so ... Second: When im looking for something with google.ca, it always redirecting me someware. The web site are: copy-book.com smartsearch.com click.smartsearch.com and some other Third: When im looking for something with google.ca, popup come every time and this is always the same. the website of the popup is: http://popup.adv.net Fourth: When im on any website, there is publicity of Vimax Pills, something to elarge your bleep. Five: When im trying to download something on microsoft.com it always say the domain is invalid. (AND THIS IS FOR ALL THE COMPUTER AT MY HOME) so hereis my hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:34:54, on 2008-11-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4250 bytes Here some picture of the popup and the invalid domain from microsoft.com¸ Thanks for help This post has been edited by zerrogh: Nov 18 2008, 07:04 PM Attached File(s) ERREUR.JPG ( 116.68k ) Number of downloads: 15 ERREUR_2.JPG ( 116.92k ) Number of downloads: 10 ERREUR_3.JPG ( 90.73k ) Number of downloads: 9

3 Pages

1 2 3 >

Replies (1 - 14)

Buckeye_Sam View Member Profile	Nov 19 2008, 08:11 PM Post #2
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process. Please download random's system information tool (RSIT) and save it to your desktop. Double click on RSIT.exe to run it. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

zerrogh View Member Profile	Nov 20 2008, 08:05 PM Post #3
Member Group: Members Posts: 21 Joined: 18-November 08 Member No.: 258,128	Hey Sam, This is nice you can help me So my log.txt is right here: Logfile of random's system information tool 1.04 (written by random/random) Run by HP_Propriétaire at 2008-11-20 20:03:03 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 130 GB (88%) free of 147 GB Total RAM: 1023 MB (50% free) ======Scheduled tasks folder====== C:\WINDOWS\tasks\Connexion facile à Internet.job C:\WINDOWS\tasks\GoogleUpdateTaskUser.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-20 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-20 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - Vue HP - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304] - [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600] "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648] "HPHUPD06"=c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152] "HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456] "KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-11-04 180269] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-06-08 286720] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472] "VTTimer"=VTTimer.exe [] "PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] "AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344] "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952] "Reminder"=C:\Windows\Creator\Remind_XP.exe [2003-12-18 118784] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 133104] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe::Enabled:BackWeb for Pavilion" "C:\Program Files\Services en ligne\AOL\waol.exe"="C:\Program Files\Services en ligne\AOL\waol.exe::Enabled:AOL Canada" "C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\WZSE0.TMP\SymNRT.exe::Enabled:Norton Removal Tool" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe::Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe::Enabled:PnkBstrB" "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe::Enabled:Call of Duty® - World at War™" "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe::Enabled:Call of Duty® - World at War™" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe::enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88ea4f3c-b74c-11dd-ac67-806d6172696f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88ea4f3e-b74c-11dd-ac67-806d6172696f}] shell\AutoRun\command - E:\setup\rsrc\Autorun.exe shell\dinstall\command - E:\Directx\dxsetup.exe ======List of files/folders created in the last 1 months====== 2008-11-20 19:51:27 ----D---- C:\Program Files\trend micro 2008-11-20 19:51:16 ----D---- C:\rsit 2008-11-20 19:37:26 ----D---- C:\Program Files\Reference Assemblies 2008-11-20 18:42:06 ----D---- C:\WINDOWS\I386 2008-11-20 18:34:28 ----RD---- C:\Program Files 2008-11-20 18:34:10 ----RHD---- C:\MSOCache 2008-11-20 18:33:33 ----RSD---- C:\WINDOWS\assembly 2008-11-20 18:33:31 ----RD---- C:\WINDOWS\Offline Web Pages 2008-11-20 18:32:29 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-20 18:16:54 ----A---- C:\WINDOWS\system32\winstanew.dll 2008-11-20 18:16:54 ----A---- C:\WINDOWS\system32\user32new.dll 2008-11-20 18:16:54 ----A---- C:\WINDOWS\system32\setupapinew.dll 2008-11-20 18:16:54 ----A---- C:\WINDOWS\system32\secur32new.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\rpcrt4new.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\powrprofnew.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\Nucleus.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\ntdsapinew.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\ntdllnew.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\msvcrtnew.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\M2000Twn.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\kernel32new.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\dxgi.dll 2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\dwmapi.dll 2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\d3dx10.dll 2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\d3d10core.dll 2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\d3d10.dll 2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\crypt32new.dll 2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\apphelpnew.dll 2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\advapi32new.dll 2008-11-20 18:09:55 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Adobe 2008-11-20 18:06:30 ----A---- C:\WINDOWS\system32\XAudio2_1.dll 2008-11-20 18:06:30 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll 2008-11-20 18:06:30 ----A---- C:\WINDOWS\system32\xactengine3_1.dll 2008-11-20 18:06:30 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll 2008-11-20 18:06:29 ----A---- C:\WINDOWS\system32\d3dx10_38.dll 2008-11-20 18:06:29 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll 2008-11-20 18:06:28 ----A---- C:\WINDOWS\system32\XAudio2_0.dll 2008-11-20 18:06:28 ----A---- C:\WINDOWS\system32\D3DX9_38.dll 2008-11-20 18:06:27 ----A---- C:\WINDOWS\system32\xactengine3_0.dll 2008-11-20 18:06:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll 2008-11-20 18:06:26 ----A---- C:\WINDOWS\system32\d3dx9_37.dll 2008-11-20 18:06:26 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2008-11-20 18:06:26 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2008-11-20 18:06:25 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2008-11-20 18:06:24 ----A---- C:\WINDOWS\system32\d3dx9_36.dll 2008-11-20 18:06:24 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2008-11-20 18:06:24 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2008-11-20 18:06:23 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2008-11-20 18:06:23 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2008-11-20 18:06:23 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2008-11-20 18:06:22 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2008-11-20 18:06:22 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll 2008-11-20 18:06:22 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2008-11-20 18:06:21 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2008-11-20 18:06:21 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2008-11-20 18:06:20 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2008-11-20 18:06:20 ----A---- C:\WINDOWS\system32\d3dx9_34.dll 2008-11-20 18:06:16 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2008-11-20 18:06:11 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2008-11-20 18:06:11 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2008-11-20 18:06:04 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2008-11-20 18:06:04 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2008-11-20 18:06:03 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2008-11-20 18:06:03 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2008-11-20 18:06:02 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2008-11-20 18:06:02 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2008-11-20 18:06:02 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2008-11-20 18:06:01 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2008-11-20 18:06:01 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2008-11-20 18:06:01 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2008-11-20 18:06:00 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2008-11-20 18:06:00 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2008-11-20 18:05:48 ----D---- C:\WINDOWS\LastGood 2008-11-20 18:04:54 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2008-11-20 18:04:52 ----D---- C:\WINDOWS\system32\LogFiles 2008-11-20 18:04:52 ----A---- C:\WINDOWS\system32\PnkBstrA.exe 2008-11-20 18:04:52 ----A---- C:\WINDOWS\system32\pbsvc.exe 2008-11-20 17:53:30 ----D---- C:\Program Files\Activision 2008-11-20 17:48:40 ----D---- C:\Program Files\Fichiers communs\Adobe 2008-11-20 17:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-11-20 17:42:49 ----D---- C:\WINDOWS\Prefetch 2008-11-20 17:36:37 ----N---- C:\WINDOWS\system32\msxml6r.dll 2008-11-20 17:36:37 ----N---- C:\WINDOWS\system32\msxml6.dll 2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\credssp.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\azroles.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\onex.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\napstat.exe 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mssha.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mdmxsdk.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\xpsp3res.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slserv.exe 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slgen.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\setupn.exe 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\qutil.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\qagent.dll 2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\verclsid.exe 2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\tzchange.exe 2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-11-20 17:36:23 ----N---- C:\WINDOWS\system32\xmllite.dll 2008-11-20 17:36:23 ----N---- C:\WINDOWS\slrundll.exe 2008-11-20 17:36:23 ----D---- C:\WINDOWS\system32\fr-fr 2008-11-20 17:36:23 ----D---- C:\WINDOWS\l2schemas 2008-11-20 17:36:22 ----D---- C:\WINDOWS\system32\bits 2008-11-20 17:35:15 ----D---- C:\WINDOWS\ServicePackFiles 2008-11-20 17:34:06 ----A---- C:\WINDOWS\system32\aswBoot.exe 2008-11-20 17:34:02 ----D---- C:\Program Files\Alwil Software 2008-11-20 17:33:18 ----D---- C:\WINDOWS\network diagnostic 2008-11-20 17:31:42 ----A---- C:\WINDOWS\002574_.tmp 2008-11-20 17:31:33 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2008-11-20 17:30:58 ----D---- C:\NVIDIA 2008-11-20 17:27:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-11-20 17:27:47 ----D---- C:\WINDOWS\EHome 2008-11-20 17:25:59 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-20 17:25:59 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-20 17:25:59 ----A---- C:\WINDOWS\system32\java.exe 2008-11-20 17:25:59 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-20 17:24:06 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2008-11-20 17:24:05 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2008-11-20 17:24:05 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2008-11-20 17:24:05 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2008-11-20 17:24:04 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2008-11-20 17:24:03 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2008-11-20 17:24:03 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2008-11-20 17:24:02 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2008-11-20 17:24:02 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2008-11-20 17:24:01 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2008-11-20 17:23:17 ----D---- C:\WINDOWS\Logs 2008-11-20 17:23:11 ----D---- C:\Program Files\SystemRequirementsLab 2008-11-20 17:22:52 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Macromedia 2008-11-20 17:22:44 ----SHD---- C:\WINDOWS\ftpcache 2008-11-20 17:11:59 ----RASH---- C:\BOOT.BAK 2008-11-20 17:11:45 ----RSHD---- C:\cmdcons 2008-11-20 17:11:45 ----A---- C:\WINDOWS\UPGRADE.TXT 2008-11-20 17:11:40 ----D---- C:\WINDOWS\setup.pss 2008-11-20 17:07:12 ----D---- C:\WINDOWS\nview 2008-11-20 17:07:12 ----A---- C:\WINDOWS\system32\nvudisp.exe 2008-11-20 17:03:53 ----SHD---- C:\RECYCLER 2008-11-20 16:59:18 ----A---- C:\WINDOWS\system32\wmpns.dll 2008-11-20 16:58:43 ----ASH---- C:\Documents and Settings\HP_Propriétaire\Application Data\desktop.ini 2008-11-20 16:58:40 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Identities 2008-11-20 16:58:40 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer 2008-11-20 16:58:39 ----SD---- C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft 2008-11-20 16:58:39 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Sun 2008-11-20 16:58:39 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\SampleView 2008-11-20 16:58:39 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Real 2008-11-20 16:56:51 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll 2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizePX.dll 2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll 2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll 2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll 2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresize.dll 2008-11-20 16:55:48 ----D---- C:\Program Files\InterVideo 2008-11-20 16:55:10 ----A---- C:\WINDOWS\system32\uninst_disp_silently.txt 2008-11-20 16:55:10 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2008-11-20 16:55:00 ----A---- C:\WINDOWS\system32\uninst_gart_silently.txt 2008-11-20 16:54:58 ----A---- C:\WINDOWS\system32\uninst_nrm_silently.txt 2008-11-20 16:54:56 ----A---- C:\WINDOWS\system32\uninst_net_silently.txt 2008-11-20 16:54:46 ----A---- C:\WINDOWS\system32\uninst_smb_silently.txt 2008-11-20 16:54:46 ----A---- C:\WINDOWS\system32\NVUninst.exe 2008-11-20 16:47:58 ----A---- C:\WINDOWS\system32\hidserv.dll 2008-11-20 16:47:14 ----A---- C:\WINDOWS\system32\ksuser.dll 2008-11-20 16:46:17 ----SHD---- C:\System Volume Information 2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mdhcp.dll 2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mciole32.dll 2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mciole16.dll 2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mcicda.dll 2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mchgrcoi.dll 2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mcdsrv32.dll 2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mcd32.dll 2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mapistub.dll 2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\mag_hook.dll 2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lzexpand.dll 2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lz32.dll 2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lusrmgr.msc 2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lprmonui.dll 2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lpr.exe 2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lpq.exe 2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\logoff.exe 2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\loghours.dll 2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\lodctr.exe 2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\loadfix.com 2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\lnkstub.exe 2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\lights.exe 2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\langwrbk.dll 2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\label.exe 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kdcom.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kbdmac.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kbdfo.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kbdcan.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kbdbene.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kb16.com 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jsfr.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jobexec.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgsh400.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgsd400.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgpl400.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgmd400.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgdw400.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgaw400.dll 2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jet500.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\irclass.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ir32_32.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxwan.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxsap.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxrip.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxpromn.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxmontr.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipsec6.exe 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\iprtrmgr.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\iprtprio.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\iprop.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipmontr.dll 2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\iologmsg.dll 2008-11-17 00:06:35 ----A---- C:\WINDOWS\system32\infosoft.dll 2008-11-17 00:06:35 ----A---- C:\WINDOWS\system32\inetcplc.dll 2008-11-17 00:06:35 ----A---- C:\WINDOWS\system32\ifsutil.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\ieakui.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\icmui.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iassvcs.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iassdo.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iassam.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iasrecst.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iaspolcy.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iasnap.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iashlpr.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iasads.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iasacct.dll 2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\hticons.dll 2008-11-17 00:06:33 ----A---- C:\WINDOWS\system32\hostname.exe 2008-11-17 00:06:33 ----A---- C:\WINDOWS\system32\hnetmon.dll 2008-11-17 00:06:33 ----A---- C:\WINDOWS\system32\hlink.dll 2008-11-17 00:06:32 ----A---- C:\WINDOWS\system32\help.exe 2008-11-17 00:06:31 ----A---- C:\WINDOWS\system32\graphics.com 2008-11-17 00:06:31 ----A---- C:\WINDOWS\system32\graftabl.com 2008-11-17 00:06:31 ----A---- C:\WINDOWS\system32\gpkcsp.dll 2008-11-17 00:06:30 ----A---- C:\WINDOWS\system32\glmf32.dll 2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\getuname.dll 2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\gdi.exe 2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\gcdef.dll 2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\fxssend.exe 2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\fxsroute.dll 2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\fxsclntR.dll 2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\fxscfgwz.dll 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\ftsrch.dll 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fsutil.exe 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fsusd.dll 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fsmgmt.msc 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\freecell.exe 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\format.com 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\forcedos.exe 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fontsub.dll 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fmifs.dll 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fixmapi.exe 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\finger.exe 2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\find.exe 2008-11-17 00:02:16 ----A---- C:\WINDOWS\system32\fc.exe 2008-11-17 00:02:16 ----A---- C:\WINDOWS\system32\fastopen.exe 2008-11-17 00:02:16 ----A---- C:\WINDOWS\system32\exe2bin.exe 2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\eventvwr.msc 2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\eventvwr.exe 2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\eventcls.dll 2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\esentutl.exe 2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\esentprf.dll 2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\esent97.dll 2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\edlin.exe 2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\edit.com 2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\dskquoui.dll 2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\dsauth.dll 2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\ds16gt.dLL 2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\drwtsn32.exe 2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\drwatson.exe 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dpwsock.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dpserial.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dpnwsock.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dpnmodem.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dplay.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\doskey.exe 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\docprop.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmocx.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmintf.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmdskres.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmdlgs.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmconfig.dll 2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dllhst3g.exe 2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\dispex.dll 2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskperf.exe 2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskmgmt.msc 2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskcopy.dll 2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskcopy.com 2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskcomp.com 2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\dimap.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\diactfrm.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dhcpsapi.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dhcpmon.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dgsetup.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dfrgres.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dfrg.msc 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\devmgmt.msc 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\deskperf.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\deskmon.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\deskadp.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\debug.exe 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\ddeml.dll 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\datime.dll 2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3dxof.dll 2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3drm.dll 2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3dramp.dll 2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3dpmesh.dll 2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3dim.dll 2008-11-17 00:01:37 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll 2008-11-17 00:01:37 ----A---- C:\WINDOWS\system32\ctl3d32.dll 2008-11-17 00:01:37 ----A---- C:\WINDOWS\system32\csseqchk.dll 2008-11-17 00:01:36 ----A---- C:\WINDOWS\system32\crtdll.dll 2008-11-17 00:01:36 ----A---- C:\WINDOWS\system32\convert.exe 2008-11-17 00:01:36 ----A---- C:\WINDOWS\system32\control.exe 2008-11-17 00:01:36 ----A---- C:\WINDOWS\system32\console.dll 2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\confmsp.dll 2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\comsnap.dll 2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\comrepl.dll 2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\compobj.dll 2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\compmgmt.msc 2008-11-17 00:01:31 ----A---- C:\WINDOWS\system32\compact.exe 2008-11-17 00:01:31 ----A---- C:\WINDOWS\system32\comp.exe 2008-11-17 00:01:31 ----A---- C:\WINDOWS\system32\commdlg.dll 2008-11-17 00:01:31 ----A---- C:\WINDOWS\system32\command.com 2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\comcat.dll 2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\comaddin.dll 2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\cnvfat.dll 2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\cnetcfg.dll 2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\cmpbk32.dll 2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\clb.dll 2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\ckcnv.exe 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\cidaemon.exe 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\cic.dll 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\ciadv.msc 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\ciadmin.dll 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\chkntfs.exe 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\chkdsk.exe 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\chcp.com 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\charmap.exe 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\certmgr.msc 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\cdmodem.dll 2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\ccfgnt.dll 2008-11-17 00:01:28 ----A---- C:\WINDOWS\system32\cards.dll 2008-11-17 00:01:28 ----A---- C:\WINDOWS\system32\capesnpn.dll 2008-11-17 00:01:28 ----A---- C:\WINDOWS\system32\calc.exe 2008-11-17 00:01:28 ----A---- C:\WINDOWS\system32\cacls.exe 2008-11-17 00:01:27 ----A---- C:\WINDOWS\system32\bootvrfy.exe 2008-11-17 00:01:27 ----A---- C:\WINDOWS\system32\bootvid.dll 2008-11-17 00:01:27 ----A---- C:\WINDOWS\system32\bootok.exe 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avwav.dll 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avtapi.dll 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avmeter.dll 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avifile.dll 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avicap32.dll 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avicap.dll 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\autodisc.dll 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\attrib.exe 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\atrace.dll 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\atmpvcno.dll 2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\atkctrs.dll 2008-11-17 00:01:17 ----A---- C:\WINDOWS\system32\arp.exe 2008-11-17 00:00:38 ----A---- C:\WINDOWS\system32\append.exe 2008-11-17 00:00:38 ----A---- C:\WINDOWS\system32\apcups.dll 2008-11-17 00:00:37 ----A---- C:\WINDOWS\system32\adptif.dll 2008-11-17 00:00:36 ----A---- C:\WINDOWS\system32\acledit.dll 2008-11-17 00:00:36 ----A---- C:\WINDOWS\system32\acctres.dll 2008-11-17 00:00:36 ----A---- C:\WINDOWS\system32\aaaamon.dll 2008-11-16 23:34:21 ----A---- C:\WINDOWS\system32\wupdmgr.exe 2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wshnetbs.dll 2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wshisn.dll 2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wshfr.dll 2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wshatm.dll 2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\write.exe 2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wowexec.exe 2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wowdeb.exe 2008-11-16 23:34:16 ----A---- C:\WINDOWS\system32\wmiprop.dll 2008-11-16 23:34:16 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2008-11-16 23:34:16 ----A---- C:\WINDOWS\system32\wmerrFRA.dll 2008-11-16 23:34:15 ----A---- C:\WINDOWS\system32\winstrm.dll 2008-11-16 23:34:15 ----A---- C:\WINDOWS\system32\winspool.exe 2008-11-16 23:34:15 ----A---- C:\WINDOWS\system32\winsock.dll 2008-11-16 23:34:14 ----A---- C:\WINDOWS\system32\winnls.dll 2008-11-16 23:34:14 ----A---- C:\WINDOWS\system32\winmsd.exe 2008-11-16 23:34:14 ----A---- C:\WINDOWS\system32\winmine.exe 2008-11-16 23:34:13 ----A---- C:\WINDOWS\winhelp.exe 2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\winfax.dll 2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\winchat.exe 2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\win87em.dll 2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\win.com 2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\wifeman.dll 2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\wiavusd.dll 2008-11-16 23:34:12 ----A---- C:\WINDOWS\system32\webhits.dll 2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\wavemsp.dll 2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\w32topl.dll 2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\w32tm.exe 2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\vssadmin.exe 2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\vss_ps.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\vmmreg32.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vjoy.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vga64k.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vga256.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vga.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vfpodbc.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\verifier.exe 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\verifier.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\ver.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vcdex.dll 2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vbsfr.dll 2008-11-16 23:34:08 ----A---- C:\WINDOWS\system32\utildll.dll 2008-11-16 23:34:08 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2008-11-16 23:34:08 ----A---- C:\WINDOWS\system32\user.exe 2008-11-16 23:34:08 ----A---- C:\WINDOWS\system32\ureg.dll 2008-11-16 23:34:07 ----A---- C:\WINDOWS\twunk_32.exe 2008-11-16 23:34:07 ----A---- C:\WINDOWS\twunk_16.exe 2008-11-16 23:34:07 ----A---- C:\WINDOWS\twain.dll 2008-11-16 23:34:07 ----A---- C:\WINDOWS\system32\unlodctr.exe 2008-11-16 23:34:07 ----A---- C:\WINDOWS\system32\umdmxfrm.dll 2008-11-16 23:34:07 ----A---- C:\WINDOWS\system32\ufat.dll 2008-11-16 23:34:07 ----A---- C:\WINDOWS\system32\typelib.dll 2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tskill.exe 2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tsd32.dll 2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tscon.exe 2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tsappcmp.dll 2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tree.com 2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\traffic.dll 2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tracert6.exe 2008-11-16 23:34:05 ----A---- C:\WINDOWS\system32\toolhelp.dll 2008-11-16 23:34:04 ----A---- C:\WINDOWS\system32\tftp.exe 2008-11-16 23:34:04 ----A---- C:\WINDOWS\system32\tcpsvcs.exe 2008-11-16 23:34:03 ----A---- C:\WINDOWS\TASKMAN.EXE 2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\tcmsetup.exe 2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\taskman.exe 2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\tapiui.dll 2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\tapiperf.dll 2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\tapi.dll 2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\systray.exe 2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\syskey.exe 2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\sysinv.dll 2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\sysedit.exe 2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\syncapp.exe 2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\swprv.dll 2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\svcpack.dll 2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\subst.exe 2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\storage.dll 2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\stclient.dll 2008-11-16 23:33:22 ----A---- C:\WINDOWS\system32\sqlwoa.dll 2008-11-16 23:33:22 ----A---- C:\WINDOWS\system32\sqlwid.dll 2008-11-16 23:33:21 ----A---- C:\WINDOWS\system32\spxcoins.dll 2008-11-16 23:33:21 ----A---- C:\WINDOWS\system32\sprestrt.exe 2008-11-16 23:33:15 ----A---- C:\WINDOWS\system32\sort.exe 2008-11-16 23:33:15 ----A---- C:\WINDOWS\system32\sol.exe 2008-11-16 23:33:15 ----A---- C:\WINDOWS\system32\softpub.dll 2008-11-16 23:33:14 ----A---- C:\WINDOWS\system32\sndvol32.exe 2008-11-16 23:33:14 ----A---- C:\WINDOWS\system32\slbrccsp.dll 2008-11-16 23:33:14 ----A---- C:\WINDOWS\system32\skdll.dll 2008-11-16 23:33:13 ----A---- C:\WINDOWS\system32\sisbkup.dll 2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\shell.dll 2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\share.exe 2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\shadow.exe 2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\sfmapi.dll 2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\sfc.exe 2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\setver.exe 2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\setupdll.dll 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\serwvdrv.dll 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\services.msc 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\serialui.dll 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\senscfg.dll 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\sdpblb.dll 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\scrrnfr.dll 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\scredir.dll 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\scofr.dll 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\scardssp.dll 2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\sc.exe 2008-11-16 23:33:10 ----A---- C:\WINDOWS\system32\rwinsta.exe 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\runas.exe 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rtm.dll 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsvpsp.dll 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsvpperf.dll 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsvpmsg.dll 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsvp.exe 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsmui.exe 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsmsink.exe 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsm.exe 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rpcns4.dll 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\routetab.dll 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\routemon.exe 2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\route.exe 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rnr20.dll 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\riched32.dll 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\reset.exe 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\replace.exe 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rend.dll 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\regwiz.exe 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\regini.exe 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\regedt32.exe 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\recover.exe 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rasser.dll 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rasrad.dll 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rasmxs.dll 2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rasmontr.dll 2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\rasdial.exe 2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\rasctrs.dll 2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\rasautou.exe 2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\qwinsta.exe 2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\qosname.dll 2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\qappsrv.exe 2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\pubprn.vbs 2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\psnppagn.dll 2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\pschdprf.dll 2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\print.exe 2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\prflbmsg.dll 2008-11-16 23:33:05 ----A---- C:\WINDOWS\system32\pmspl.dll 2008-11-16 23:33:05 ----A---- C:\WINDOWS\system32\plustab.dll 2008-11-16 23:33:05 ----A---- C:\WINDOWS\system32\ping6.exe 2008-11-16 23:33:05 ----A---- C:\WINDOWS\system32\pifmgr.dll 2008-11-16 23:33:01 ----RA---- C:\WINDOWS\system32\perfmon.msc 2008-11-16 23:33:01 ----A---- C:\WINDOWS\system32\perfts.dll 2008-11-16 23:33:01 ----A---- C:\WINDOWS\system32\perfnet.dll 2008-11-16 23:33:01 ----A---- C:\WINDOWS\system32\pentnt.exe 2008-11-16 23:33:00 ----A---- C:\WINDOWS\system32\pathping.exe 2008-11-16 23:33:00 ----A---- C:\WINDOWS\system32\panmap.dll 2008-11-16 23:33:00 ----A---- C:\WINDOWS\system32\osuninst.exe 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olethk32.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olesvr32.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olesvr.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\oledlg.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olecnv32.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olecli32.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olecli.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\oleaccrc.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\oleacc.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\ole2nls.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\ole2disp.dll 2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\ole2.dll 2008-11-16 23:32:55 ----A---- C:\WINDOWS\system32\odbc16gt.dll 2008-11-16 23:32:55 ----A---- C:\WINDOWS\system32\ocmanage.dll 2008-11-16 23:32:54 ----A---- C:\WINDOWS\system32\ntvdmd.dll 2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntmsoprq.msc 2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntmsmgr.msc 2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntmsevt.dll 2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntlanui2.dll 2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntlanui.dll 2008-11-16 23:32:51 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2008-11-16 23:32:51 ----A---- C:\WINDOWS\system32\nlsfunc.exe 2008-11-16 23:32:50 ----A---- C:\WINDOWS\system32\netui2.dll 2008-11-16 23:32:49 ----A---- C:\WINDOWS\system32\netmsg.dll 2008-11-16 23:32:49 ----A---- C:\WINDOWS\system32\neth.dll 2008-11-16 23:32:49 ----A---- C:\WINDOWS\system32\netevent.dll 2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\netapi.dll 2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\ncxpnt.dll 2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\nbtstat.exe 2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\narrhook.dll 2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\mycomput.dll 2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\mtxex.dll 2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\mtxdm.dll 2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\msxmlr.dll 2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\msxml3r.dll 2008-11-16 23:32:46 ----A---- C:\WINDOWS\system32\msxml2r.dll 2008-11-16 23:32:46 ----A---- C:\WINDOWS\system32\msvideo.dll 2008-11-16 23:32:46 ----A---- C:\WINDOWS\system32\msvidc32.dll 2008-11-16 23:32:46 ----A---- C:\WINDOWS\system32\msvcrt20.dll 2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\msvcp50.dll 2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\msvbvm50.dll 2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\msswchx.exe 2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\msswch.dll 2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\mssip32.dll 2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\mssign32.dll 2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msrecr40.dll 2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msrclr40.dll 2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msratelc.dll 2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msr2cenu.dll 2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msr2c.dll 2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msports.dll 2008-11-16 23:32:43 ----A---- C:\WINDOWS\system32\msobjs.dll 2008-11-16 23:32:38 ----A---- C:\WINDOWS\system32\msls31.dll 2008-11-16 23:32:38 ----A---- C:\WINDOWS\system32\msidntld.dll 2008-11-16 23:32:37 ----A---- C:\WINDOWS\system32\mshearts.exe 2008-11-16 23:32:37 ----A---- C:\WINDOWS\system32\msg.exe 2008-11-16 23:32:36 ----A---- C:\WINDOWS\system32\msencode.dll 2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\mscdexnt.exe 2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\mscat32.dll 2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\msaudite.dll 2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\msacm.dll 2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\msaatext.dll 2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mrinfo.exe 2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mprui.dll 2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mprmsg.dll 2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mprdim.dll 2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mprddm.dll 2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mpnotify.exe 2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\mountvol.exe 2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\more.com 2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\modex.dll 2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\mode.com 2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\mmutilse.dll 2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mmdrv.dll 2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mll_qic.dll 2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mll_mtf.dll 2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mll_hp.dll 2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mimefilt.dll 2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\migpwd.exe 2008-11-16 23:32:31 ----A---- C:\WINDOWS\system32\mfc40u.dll 2008-11-16 23:32:31 ----A---- C:\WINDOWS\system32\mfc40.dll 2008-11-16 23:32:30 ----A---- C:\WINDOWS\system32\mem.exe ======List of files/folders modified in the last 1 months====== 2008-11-20 19:37:36 ----SHD---- C:\WINDOWS\Installer 2008-11-20 19:37:36 ----HD---- C:\Config.Msi 2008-11-20 19:37:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-11-20 19:37:17 ----D---- C:\Program Files\Microsoft.NET 2008-11-20 18:44:16 ----HD---- C:\hp 2008-11-20 18:44:15 ----D---- C:\WINDOWS\CREATOR 2008-11-20 18:42:06 ----D---- C:\WINDOWS\SMINST 2008-11-20 18:42:00 ----D---- C:\Program Files\Fichiers communs\Services 2008-11-20 18:41:53 ----D---- C:\WINDOWS\system32\ras 2008-11-20 18:41:46 ----D---- C:\WINDOWS\system32\icsxml 2008-11-20 18:41:45 ----D---- C:\WINDOWS\system32\ias 2008-11-20 18:41:15 ----RD---- C:\WINDOWS\Web 2008-11-20 18:41:15 ----D---- C:\WINDOWS\Media 2008-11-20 18:41:15 ----D---- C:\WINDOWS\addins 2008-11-20 18:41:05 ----D---- C:\WINDOWS\Cursors 2008-11-20 18:21:12 ----D---- C:\WINDOWS\Temp 2008-11-20 18:16:54 ----D---- C:\WINDOWS\system32 2008-11-20 18:16:54 ----D---- C:\Program Files\Fichiers communs 2008-11-20 18:06:32 ----D---- C:\WINDOWS\system32\DirectX 2008-11-20 18:06:31 ----HD---- C:\WINDOWS\inf 2008-11-20 18:05:53 ----D---- C:\WINDOWS 2008-11-20 18:05:46 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-20 18:05:11 ----D---- C:\WINDOWS\system32\drivers 2008-11-20 18:04:46 ----HD---- C:\Program Files\InstallShield Installation Information 2008-11-20 17:50:09 ----D---- C:\WINDOWS\system32\config 2008-11-20 17:49:20 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-20 17:47:41 ----SD---- C:\WINDOWS\Tasks 2008-11-20 17:46:50 ----D---- C:\Program Files\Adobe 2008-11-20 17:44:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-20 17:43:39 ----A---- C:\WINDOWS\OEWABLog.txt 2008-11-20 17:42:43 ----A---- C:\WINDOWS\setuplog.txt 2008-11-20 17:42:10 ----D---- C:\WINDOWS\system32\wbem 2008-11-20 17:42:10 ----D---- C:\WINDOWS\system32\Setup 2008-11-20 17:42:10 ----D---- C:\WINDOWS\AppPatch 2008-11-20 17:42:10 ----D---- C:\Program Files\Internet Explorer 2008-11-20 17:42:09 ----RSD---- C:\WINDOWS\Fonts 2008-11-20 17:42:04 ----D---- C:\WINDOWS\Help 2008-11-20 17:42:02 ----D---- C:\Program Files\Fichiers communs\Symantec Shared 2008-11-20 17:41:30 ----D---- C:\WINDOWS\security 2008-11-20 17:38:33 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-20 17:36:40 ----D---- C:\WINDOWS\WinSxS 2008-11-20 17:36:38 ----D---- C:\Program Files\Messenger 2008-11-20 17:36:36 ----D---- C:\Program Files\Windows Media Player 2008-11-20 17:36:30 ----D---- C:\WINDOWS\ime 2008-11-20 17:36:23 ----D---- C:\WINDOWS\system32\usmt 2008-11-20 17:36:22 ----D---- C:\WINDOWS\PeerNet 2008-11-20 17:36:22 ----D---- C:\Program Files\Movie Maker 2008-11-20 17:36:22 ----AD---- C:\WINDOWS\system32\fr 2008-11-20 17:35:11 ----D---- C:\WINDOWS\system32\Restore 2008-11-20 17:35:11 ----D---- C:\WINDOWS\system32\npp 2008-11-20 17:35:10 ----D---- C:\WINDOWS\msagent 2008-11-20 17:35:09 ----D---- C:\WINDOWS\srchasst 2008-11-20 17:35:09 ----D---- C:\Program Files\NetMeeting 2008-11-20 17:35:08 ----D---- C:\WINDOWS\system32\Com 2008-11-20 17:35:06 ----D---- C:\Program Files\Windows NT 2008-11-20 17:35:06 ----D---- C:\Program Files\Outlook Express 2008-11-20 17:35:04 ----D---- C:\Program Files\Fichiers communs\System 2008-11-20 17:34:53 ----D---- C:\WINDOWS\system32\oobe 2008-11-20 17:34:52 ----D---- C:\WINDOWS\system 2008-11-20 17:25:42 ----D---- C:\Program Files\Java 2008-11-20 17:24:11 ----D---- C:\WINDOWS\Microsoft.NET 2008-11-20 17:23:05 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-20 17:22:29 ----D---- C:\WINDOWS\Debug 2008-11-20 17:12:00 ----RASH---- C:\boot.ini 2008-11-20 17:03:52 ----D---- C:\Program Files\Easy Internet signup 2008-11-20 16:58:37 ----D---- C:\Documents and Settings 2008-11-20 16:57:35 ----D---- C:\sysprep 2008-11-20 16:56:49 ----D---- C:\Program Files\Fichiers communs\InstallShield 2008-11-20 16:53:51 ----D---- C:\WINDOWS\Registration 2008-11-20 16:48:13 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-18 26944] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 41856] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-18 110160] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-18 50864] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-18 94032] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-18 23152] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-06 13872] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874] S3 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112] S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976] S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-29 229888] S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-09-23 173312] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-20 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-20 66872] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920] R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-08 401408] S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-20 107832] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-21 32768] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 268800] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136] -----------------EOF----------------- And my info.txt is here: info.txt logfile of random's system information tool 1.04 2008-11-20 20:03:13 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} Agere Systems PCI Soft Modem-->agrsmdel avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Call of Duty® - World at War™-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l3084 Encyclopédie Microsoft Encarta 2005-->MsiExec.exe /I{05460044-64A6-4248-A026-9745C1E9E159} Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HP Appareils photos Photosmart 4.0-->C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878} HP Image Zone 4.2.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone Plus 4.2.3-->C:\Program Files\HP\Digital Imaging\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}\setup\hpzscr01.exe -datfile hpdscr01.dat HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2} HPIZ423-->MsiExec.exe /X{561A9B4E-2E48-4149-B977-59C7AFF62B52} InterVideo DiscLabel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{00FC6799-866E-44A1-A60C-DCF394CF56FD} Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} KBD-->C:\HP\KBD\KBD.EXE uninstalled Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9} Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI PC-Doctor for Windows-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1036 Photosmart 320,370,7400,8100,8400 Series (fra)-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat PS2-->C:\WINDOWS\system32\ps2.exe uninstall PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731 Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 localhost 127.0.0.1 clicks.smartbizsearch.com 127.0.0.1 smartbizsearch.com 127.0.0.1 copy-book.com 127.0.0.1 ask.com 127.0.0.1 pillsexpert.com ======Security center information====== AV: avast! antivirus 4.8.1290 [VPS 081120-0] ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22 "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- That's it

Buckeye_Sam View Member Profile	Nov 21 2008, 06:46 AM Post #4
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Please download ComboFix from one of these locations: Link 1 Link 2 Link 3 Important! You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.** Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

zerrogh View Member Profile	Nov 21 2008, 12:23 PM Post #5
Member Group: Members Posts: 21 Joined: 18-November 08 Member No.: 258,128	Ok so here is the log: ComboFix 08-11-20.02 - HP_Propriétaire 2008-11-21 12:19:59.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.675 [GMT -5:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\HP_PRO~1\LOCALS~1\Temp\install_flash_player.exe c:\windows\system32\advapi32new.dll c:\windows\system32\apphelpnew.dll c:\windows\system32\crypt32new.dll c:\windows\system32\d3d10core.dll c:\windows\system32\dwmapi.dll c:\windows\system32\dxgi.dll c:\windows\system32\kernel32new.dll c:\windows\system32\msvcrtnew.dll c:\windows\system32\ntdsapinew.dll c:\windows\system32\powrprofnew.dll c:\windows\system32\secur32new.dll c:\windows\system32\user32new.dll c:\windows\system32\winstanew.dll D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-21 au 2008-11-21 )))))))))))))))))))))))))))))))))))) . 2008-11-20 23:23 . 2008-11-20 23:23 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\teamspeak2 2008-11-20 23:23 . 2008-11-20 23:23 34,064 --a------ c:\windows\system32\lhacm.acm 2008-11-20 23:22 . 2008-11-20 23:23 <REP> d-------- c:\program files\Teamspeak2_RC2 2008-11-20 21:52 . 2008-11-20 21:52 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ventrilo 2008-11-20 21:51 . 2008-11-20 21:51 <REP> d-------- c:\program files\Ventrilo 2008-11-20 21:51 . 2008-11-20 21:51 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard 2008-11-20 21:51 . 2008-11-20 21:51 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2008-11-20 21:29 . 2008-11-20 21:29 <REP> d-------- c:\program files\America's Army Server Manager 2008-11-20 21:28 . 2008-11-20 21:48 <REP> d-------- c:\program files\America's Army 2008-11-20 20:28 . 2008-11-20 20:28 <REP> d-------- c:\program files\Messenger Plus! Live 2008-11-20 20:28 . 2008-11-20 20:28 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData 2008-11-20 20:28 . 2008-11-20 20:28 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData 2008-11-20 20:25 . 2008-11-20 23:18 <REP> d-------- c:\documents and settings\HP_Propriétaire\Tracing 2008-11-20 20:25 . 2008-11-20 23:18 <REP> d-------- c:\documents and settings\HP_Propriétaire\Tracing 2008-11-20 20:23 . 2008-11-20 20:23 <REP> d-------- c:\program files\Microsoft 2008-11-20 20:21 . 2008-11-20 20:21 <REP> d-------- c:\program files\Fichiers communs\Windows Live 2008-11-20 20:19 . 2008-11-20 20:23 <REP> d-------- c:\program files\Windows Live 2008-11-20 19:51 . 2008-11-20 20:03 <REP> d-------- C:\rsit 2008-11-20 19:51 . 2008-11-20 20:03 <REP> d-------- c:\program files\trend micro 2008-11-20 19:37 . 2008-11-20 19:37 <REP> d-------- c:\program files\Reference Assemblies 2008-11-20 18:44 . 2008-11-20 17:50 241 --a------ c:\windows\system\hpsysdrv.dat 2008-11-20 18:42 . 2008-11-20 18:44 <REP> d-------- c:\windows\I386 2008-11-20 18:34 . 2008-11-20 23:22 <REP> dr------- C:\Program Files 2008-11-20 18:34 . 2008-11-20 18:41 <REP> dr-h----- C:\MSOCache 2008-11-20 18:34 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\Default User\Menu Démarrer 2008-11-20 18:34 . 2008-11-20 20:22 <REP> dr------- c:\documents and settings\All Users\Menu Démarrer 2008-11-20 18:34 . 2008-11-21 11:18 <REP> dr------- c:\documents and settings\All Users\Documents 2008-11-20 18:32 . 2008-11-20 17:46 <REP> dr-hsc--- c:\windows\system32\dllcache 2008-11-20 18:32 . 2008-11-20 18:41 <REP> dr------- c:\windows\system32\config\systemprofile\Menu Démarrer 2008-11-20 18:16 . 2008-04-22 22:20 1,584,149 --a------ c:\windows\system32\setupapinew.dll 2008-11-20 18:16 . 2006-11-02 12:47 1,162,656 --a------ c:\windows\system32\ntdllnew.dll 2008-11-20 18:16 . 2008-04-12 18:13 1,029,126 --a------ c:\windows\system32\d3d10.dll 2008-11-20 18:16 . 2008-05-04 17:42 789,525 --a------ c:\windows\system32\rpcrt4new.dll 2008-11-20 18:16 . 2006-11-29 14:06 440,080 --a------ c:\windows\system32\d3dx10.dll 2008-11-20 18:16 . 2004-12-08 17:57 376,832 --a------ c:\windows\system32\M2000Twn.dll 2008-11-20 18:16 . 2007-04-18 02:13 25,037 --a------ c:\windows\system32\Nucleus.dll 2008-11-20 18:16 . 2008-03-09 07:25 236 --ah----- c:\program files\Fichiers communs\dx.reg 2008-11-20 18:05 . 2008-11-20 18:06 <REP> d-------- c:\windows\LastGood 2008-11-20 18:05 . 2008-11-21 11:20 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-11-20 18:05 . 2008-11-20 18:05 22,328 --a------ c:\documents and settings\HP_Propriétaire\Application Data\PnkBstrK.sys 2008-11-20 18:04 . 2008-11-20 18:04 <REP> d-------- c:\windows\system32\LogFiles 2008-11-20 18:04 . 2008-11-20 18:04 682,280 --a------ c:\windows\system32\pbsvc.exe 2008-11-20 18:04 . 2008-11-21 11:20 202,352 --a------ c:\windows\system32\PnkBstrB.exe 2008-11-20 18:04 . 2008-11-20 18:04 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-11-20 17:53 . 2008-11-20 17:53 <REP> d-------- c:\program files\Activision 2008-11-20 17:48 . 2008-11-20 17:48 <REP> d-------- c:\program files\Fichiers communs\Adobe 2008-11-20 17:46 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2008-11-20 17:46 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys 2008-11-20 17:35 . 2008-11-20 17:35 <REP> d-------- c:\windows\ServicePackFiles 2008-11-20 17:35 . 2008-04-13 19:34 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe 2008-11-20 17:34 . 2008-11-20 17:34 <REP> d-------- c:\program files\Alwil Software 2008-11-20 17:31 . 2007-08-10 08:18 26,488 --a------ c:\windows\system32\spupdsvc.exe 2008-11-20 17:31 . 2006-12-28 12:01 19,569 --a------ c:\windows\002574_.tmp 2008-11-20 17:30 . 2008-11-20 17:30 <REP> d-------- C:\NVIDIA 2008-11-20 17:27 . 2008-11-20 17:27 <REP> d-------- c:\windows\EHome 2008-11-20 17:25 . 2008-11-20 17:25 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-20 17:25 . 2008-11-20 17:25 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-20 17:24 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2008-11-20 17:23 . 2008-11-20 17:23 <REP> d-------- c:\windows\Logs 2008-11-20 17:23 . 2008-11-20 17:24 <REP> d-------- c:\program files\SystemRequirementsLab 2008-11-20 17:22 . 2008-11-20 17:22 <REP> d--hs---- c:\windows\ftpcache 2008-11-20 17:07 . 2008-11-20 17:42 <REP> d-------- c:\windows\nview 2008-11-20 17:07 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe 2008-11-20 17:07 . 2008-11-20 17:50 198,698 --a------ c:\windows\system32\nvapps.xml 2008-11-20 17:07 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu 2008-11-20 17:06 . 2008-11-20 17:06 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-20 17:06 . 2008-11-20 17:06 1,409 --a------ c:\windows\QTFont.for 2008-11-20 16:59 . 2008-04-13 19:33 221,184 --a------ c:\windows\system32\wmpns.dll 2008-11-20 16:59 . 2008-11-20 16:59 1,652 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_PP163AA-ABA A800N_YC_0Pavi_QMXK448_E51FCheBLT2_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L40C_M1024_J160_7AMD_8Athlon XP_92.2_#081117_N11063065_Z11C1048C_G.MRK 2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2008-11-20 16:58 . 2008-11-20 17:06 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2008-11-20 16:58 . 2008-11-20 17:06 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2008-11-20 16:58 . 2004-11-04 14:37 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2008-11-20 16:58 . 2004-11-04 14:37 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2008-11-20 16:58 . 2008-11-20 18:41 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Modèles 2008-11-20 16:58 . 2008-11-20 18:41 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Modèles 2008-11-20 16:58 . 2008-11-20 20:23 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2008-11-20 16:58 . 2008-11-20 20:23 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2008-11-20 16:58 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2008-11-20 16:58 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2008-11-20 16:58 . 2008-11-20 18:16 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2008-11-20 16:58 . 2008-11-20 18:16 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2008-11-20 16:58 . 2008-11-21 12:17 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2008-11-20 16:58 . 2008-11-21 12:17 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2008-11-20 16:58 . 2004-11-04 23:22 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2008-11-20 16:58 . 2008-11-20 20:28 <REP> d-------- c:\documents and settings\HP_Propriétaire 2008-11-20 16:57 . 2004-11-04 22:36 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2008-11-20 16:57 . 2003-09-10 23:36 21,060 --------- c:\windows\system32\drivers\iviaspi.sys 2008-11-20 16:57 . 2003-09-19 01:47 10,368 --------- c:\windows\system32\drivers\pfc.sys 2008-11-20 16:56 . 2008-11-20 16:56 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-11-20 16:56 . 2004-04-16 11:24 61,440 --a------ c:\windows\system32\ISUSPM.cpl 2008-11-20 16:55 . 2008-11-20 16:57 <REP> d-------- c:\program files\InterVideo 2008-11-20 16:55 . 2008-10-07 13:33 6,133,856 --a------ c:\windows\system32\drivers\nv4_mini.sys 2008-11-20 16:55 . 2008-10-07 13:33 6,058,112 --a------ c:\windows\system32\nv4_disp.dll 2008-11-20 16:55 . 2004-09-27 14:09 204,800 --a------ c:\windows\system32\IVIresizeW7.dll 2008-11-20 16:55 . 2004-09-27 14:09 200,704 --a------ c:\windows\system32\IVIresizeA6.dll 2008-11-20 16:55 . 2004-09-27 14:09 192,512 --a------ c:\windows\system32\IVIresizeP6.dll 2008-11-20 16:55 . 2004-09-27 14:09 192,512 --a------ c:\windows\system32\IVIresizeM6.dll 2008-11-20 16:55 . 2004-09-27 14:09 188,416 --a------ c:\windows\system32\IVIresizePX.dll 2008-11-20 16:55 . 2004-09-27 14:09 20,480 --a------ c:\windows\system32\IVIresize.dll 2008-11-20 16:54 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\Default User\WINDOWS 2008-11-20 16:54 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUninst.exe 2008-11-17 00:02 . 2004-08-04 15:00 1,114,896 --a------ c:\windows\system32\esent97.dll 2008-11-17 00:01 . 2004-08-04 15:00 1,817,687 --a--c--- c:\windows\system32\dllcache\bckgres.dll 2008-11-17 00:00 . 2004-08-04 15:00 135,680 --a--c--- c:\windows\system32\dllcache\acledit.dll 2008-11-16 23:34 . 2004-08-03 23:00 3,374,512 --a--c--- c:\windows\system32\dllcache\tourP.exe 2008-11-16 23:33 . 2004-08-03 23:00 2,178,131 --a--c--- c:\windows\system32\dllcache\shvlres.dll 2008-11-16 23:32 . 2004-08-03 23:00 4,399,505 --a--c--- c:\windows\system32\dllcache\nls302en.lex . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-21 00:37 --------- d-----w c:\program files\Microsoft.NET 2008-11-20 23:04 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-20 22:42 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2008-11-20 22:25 --------- d-----w c:\program files\Java 2008-11-20 22:03 --------- d-----w c:\program files\Easy Internet signup 2008-11-20 21:56 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-09-09 05:03 51,712 ----a-w c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . Note les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-20 133104] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-20 136600] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152] "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-11-04 180269] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-08 286720] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [29/05/2004 05:31:38 241664] Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [04/11/2004 22:45:46 45056] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\America's Army\\System\\ArmyOps.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/11/2008 17:34:31 110160] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [20/11/2008 17:34:31 20560] Newly Created Service - PNKBSTRA Newly Created Service - PNKBSTRB Newly Created Service - PNKBSTRK Newly Created Service - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-11-20 c:\windows\Tasks\Connexion facile à Internet.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50] 2008-11-21 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\HP_Propri [] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-VTTimer - VTTimer.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab c:\windows\Downloaded Program Files\sysreqlab.osd . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-21 12:21:54 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************ . Heure de fin: 2008-11-21 12:22:45 ComboFix-quarantined-files.txt 2008-11-21 17:22:29 Avant-CF: 130 430 287 872 octets libres Après-CF: 130,477,002,752 octets libres 232

Buckeye_Sam View Member Profile	Nov 22 2008, 09:18 AM Post #6
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Open notepad and copy/paste the text in the quotebox below into it: QUOTE http://www.bleepingcomputer.com/forums/ind...howtopic=180735 Suspect::[52] c:\windows\system32\setupapinew.dll c:\windows\system32\ntdllnew.dll c:\windows\system32\d3d10.dll c:\windows\system32\rpcrt4new.dll c:\windows\system32\d3dx10.dll c:\windows\system32\M2000Twn.dll c:\windows\system32\Nucleus.dll c:\program files\Fichiers communs\dx.reg Save this as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file. ====================== Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. How is your computer behaving now? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

zerrogh View Member Profile	Nov 22 2008, 07:07 PM Post #7
Member Group: Members Posts: 21 Joined: 18-November 08 Member No.: 258,128	Hey, Here is the malwarebyte's log: Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1416 Windows 5.1.2600 Service Pack 3 2008-11-22 19:03:18 mbam-log-2008-11-22 (19-03-18).txt Type de recherche: Examen rapide Eléments examinés: 50783 Temps écoulé: 2 minute(s), 57 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) This is in french but it mean nothing is infected. And here my combofix log: ComboFix 08-11-22.02 - HP_Propriétaire 2008-11-22 18:40:36.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.665 [GMT -5:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 )))))))))))))))))))))))))))))))))))) . 2008-11-21 22:00 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb 2008-11-21 20:04 . 2008-11-21 20:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard 2008-11-21 18:20 . 2008-11-21 20:05 <REP> d-------- c:\program files\Fichiers communs\Blizzard Entertainment 2008-11-21 16:10 . 2008-11-21 16:10 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2008-11-21 16:07 . 2008-11-21 16:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Logitech 2008-11-21 16:06 . 2008-09-26 10:52 10,384 --a------ c:\windows\system32\drivers\LBeepKE.sys 2008-11-21 16:06 . 2008-11-21 16:06 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-11-21 16:06 . 2008-11-21 16:06 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-11-21 16:06 . 2008-11-21 16:06 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-11-21 16:06 . 2008-11-21 16:06 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-11-21 16:05 . 2008-11-21 16:05 <REP> d-------- c:\windows\Drivers 2008-11-21 16:05 . 2008-11-21 16:05 <REP> d-------- c:\program files\Logitech 2008-11-21 16:05 . 2008-11-21 16:05 <REP> d-------- c:\program files\Fichiers communs\Logishrd 2008-11-21 16:05 . 2008-11-21 16:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech 2008-11-21 16:05 . 2008-10-27 12:52 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2008-11-21 16:05 . 2008-10-27 12:53 170,512 --a------ c:\windows\system32\kemutb.dll 2008-11-21 16:05 . 2008-10-27 12:53 145,936 --a------ c:\windows\system32\KemUtil.dll 2008-11-21 16:05 . 2008-10-27 12:53 117,264 --a------ c:\windows\system32\KemWnd.dll 2008-11-21 16:05 . 2008-10-27 12:54 84,496 --a------ c:\windows\system32\KemXML.dll 2008-11-21 16:05 . 2002-12-24 13:52 54,016 --a------ c:\windows\system32\drivers\ousb2hub.sys 2008-11-21 16:05 . 2002-12-24 13:52 39,040 --a------ c:\windows\system32\drivers\ousbehci.sys 2008-11-21 16:03 . 2008-11-21 16:03 <REP> d-------- c:\program files\VIA 2008-11-21 16:03 . 2007-06-21 17:01 54,312 --------- c:\windows\system32\agrsmdel.exe 2008-11-21 16:03 . 2008-09-25 17:58 21,656 --a------ c:\windows\system32\drivers\xfilt.sys 2008-11-21 16:03 . 2008-09-25 17:57 12,952 --a------ c:\windows\system32\drivers\videX32.sys 2008-11-21 16:02 . 2008-11-21 16:02 <REP> d-------- c:\windows\Options 2008-11-21 16:01 . 2008-11-21 16:01 <REP> d----c--- c:\windows\system32\DRVSTORE 2008-11-21 16:01 . 2008-11-21 16:01 <REP> d-------- C:\Pilotes-pciv92v4v4l 2008-11-21 16:01 . 2006-11-02 07:21 319,456 --------- c:\windows\system32\difxapi.dll 2008-11-21 16:01 . 2006-10-27 16:26 69,632 --a------ c:\windows\system32\vuins32.dll 2008-11-21 16:01 . 2008-06-25 14:36 43,520 --a------ c:\windows\system32\drivers\fetnd5bv.sys 2008-11-21 15:57 . 2008-11-21 15:58 <REP> d-------- c:\program files\ma-config.com 2008-11-21 15:57 . 2008-11-21 15:57 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com 2008-11-21 15:40 . 2008-11-21 15:40 <REP> d-------- c:\program files\Sun 2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\windows\Sun 2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SystemRequirementsLab 2008-11-21 12:54 . 2008-11-21 12:54 319 --a------ c:\windows\game.ini 2008-11-20 23:23 . 2008-11-21 23:44 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\teamspeak2 2008-11-20 23:23 . 2008-11-20 23:23 34,064 --a------ c:\windows\system32\lhacm.acm 2008-11-20 23:22 . 2008-11-20 23:23 <REP> d-------- c:\program files\Teamspeak2_RC2 2008-11-20 21:52 . 2008-11-20 21:52 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ventrilo 2008-11-20 21:51 . 2008-11-20 21:51 <REP> d-------- c:\program files\Ventrilo 2008-11-20 21:51 . 2008-11-20 21:51 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard 2008-11-20 21:51 . 2008-11-20 21:51 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2008-11-20 21:29 . 2008-11-20 21:29 <REP> d-------- c:\program files\America's Army Server Manager 2008-11-20 21:28 . 2008-11-20 21:48 <REP> d-------- c:\program files\America's Army 2008-11-20 20:28 . 2008-11-20 20:28 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData 2008-11-20 20:28 . 2008-11-20 20:28 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData 2008-11-20 20:25 . 2008-11-22 09:11 <REP> d-------- c:\documents and settings\HP_Propriétaire\Tracing 2008-11-20 20:25 . 2008-11-22 09:11 <REP> d-------- c:\documents and settings\HP_Propriétaire\Tracing 2008-11-20 20:23 . 2008-11-20 20:23 <REP> d-------- c:\program files\Microsoft 2008-11-20 19:51 . 2008-11-20 20:03 <REP> d-------- C:\rsit 2008-11-20 19:51 . 2008-11-20 20:03 <REP> d-------- c:\program files\trend micro 2008-11-20 19:37 . 2008-11-20 19:37 <REP> d-------- c:\program files\Reference Assemblies 2008-11-20 18:44 . 2008-11-22 09:15 242 --a------ c:\windows\system\hpsysdrv.dat 2008-11-20 18:42 . 2008-11-20 18:44 <REP> d-------- c:\windows\I386 2008-11-20 18:34 . 2008-11-22 09:23 <REP> dr------- C:\Program Files 2008-11-20 18:34 . 2008-11-20 18:41 <REP> dr-h----- C:\MSOCache 2008-11-20 18:34 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\Default User\Menu Démarrer 2008-11-20 18:34 . 2008-11-22 09:11 <REP> dr------- c:\documents and settings\All Users\Menu Démarrer 2008-11-20 18:34 . 2008-11-21 19:46 <REP> dr------- c:\documents and settings\All Users\Documents 2008-11-20 18:32 . 2008-11-21 22:00 <REP> dr-hsc--- c:\windows\system32\dllcache 2008-11-20 18:32 . 2008-11-20 18:41 <REP> dr------- c:\windows\system32\config\systemprofile\Menu Démarrer 2008-11-20 18:16 . 2008-04-22 22:20 1,584,149 --a------ c:\windows\system32\setupapinew.dll 2008-11-20 18:16 . 2006-11-02 12:47 1,162,656 --a------ c:\windows\system32\ntdllnew.dll 2008-11-20 18:16 . 2008-04-12 18:13 1,029,126 --a------ c:\windows\system32\d3d10.dll 2008-11-20 18:16 . 2008-05-04 17:42 789,525 --a------ c:\windows\system32\rpcrt4new.dll 2008-11-20 18:16 . 2006-11-29 14:06 440,080 --a------ c:\windows\system32\d3dx10.dll 2008-11-20 18:16 . 2004-12-08 17:57 376,832 --a------ c:\windows\system32\M2000Twn.dll 2008-11-20 18:16 . 2007-04-18 02:13 25,037 --a------ c:\windows\system32\Nucleus.dll 2008-11-20 18:16 . 2008-03-09 07:25 236 --ah----- c:\program files\Fichiers communs\dx.reg 2008-11-20 18:05 . 2008-11-21 17:08 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-11-20 18:05 . 2008-11-21 13:20 22,328 --a------ c:\documents and settings\HP_Propriétaire\Application Data\PnkBstrK.sys 2008-11-20 18:04 . 2008-11-20 18:04 <REP> d-------- c:\windows\system32\LogFiles 2008-11-20 18:04 . 2008-11-21 13:20 682,280 --a------ c:\windows\system32\pbsvc.exe 2008-11-20 18:04 . 2008-11-21 17:08 202,352 --a------ c:\windows\system32\PnkBstrB.exe 2008-11-20 18:04 . 2008-11-21 14:22 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-11-20 17:53 . 2008-11-21 13:08 <REP> d-------- c:\program files\Activision 2008-11-20 17:48 . 2008-11-20 17:48 <REP> d-------- c:\program files\Fichiers communs\Adobe 2008-11-20 17:46 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2008-11-20 17:46 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys 2008-11-20 17:35 . 2008-11-20 17:35 <REP> d-------- c:\windows\ServicePackFiles 2008-11-20 17:35 . 2008-04-13 19:34 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe 2008-11-20 17:34 . 2008-11-20 17:34 <REP> d-------- c:\program files\Alwil Software 2008-11-20 17:31 . 2007-08-10 08:18 26,488 --a------ c:\windows\system32\spupdsvc.exe 2008-11-20 17:31 . 2006-12-28 12:01 19,569 --a------ c:\windows\002574_.tmp 2008-11-20 17:30 . 2008-11-20 17:30 <REP> d-------- C:\NVIDIA 2008-11-20 17:27 . 2008-11-20 17:27 <REP> d-------- c:\windows\EHome 2008-11-20 17:25 . 2008-11-20 17:25 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-20 17:25 . 2008-11-20 17:25 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-20 17:24 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2008-11-20 17:23 . 2008-11-20 17:23 <REP> d-------- c:\windows\Logs 2008-11-20 17:23 . 2008-11-20 17:24 <REP> d-------- c:\program files\SystemRequirementsLab 2008-11-20 17:22 . 2008-11-20 17:22 <REP> d--hs---- c:\windows\ftpcache 2008-11-20 17:07 . 2008-11-21 22:02 <REP> d-------- c:\windows\nview 2008-11-20 17:07 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe 2008-11-20 17:07 . 2008-11-22 09:15 196,202 --a------ c:\windows\system32\nvapps.xml 2008-11-20 17:07 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu 2008-11-20 17:06 . 2008-11-20 17:06 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-20 17:06 . 2008-11-20 17:06 1,409 --a------ c:\windows\QTFont.for 2008-11-20 16:59 . 2008-04-13 19:33 221,184 --a------ c:\windows\system32\wmpns.dll 2008-11-20 16:59 . 2008-11-20 16:59 1,652 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_PP163AA-ABA A800N_YC_0Pavi_QMXK448_E51FCheBLT2_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L40C_M1024_J160_7AMD_8Athlon XP_92.2_#081117_N11063065_Z11C1048C_G.MRK 2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2008-11-20 16:58 . 2008-11-20 17:06 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2008-11-20 16:58 . 2008-11-20 17:06 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2008-11-20 16:58 . 2004-11-04 14:37 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2008-11-20 16:58 . 2004-11-04 14:37 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2008-11-20 16:58 . 2008-11-20 18:41 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Modèles 2008-11-20 16:58 . 2008-11-20 18:41 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Modèles 2008-11-20 16:58 . 2008-11-22 09:20 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2008-11-20 16:58 . 2008-11-22 09:20 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2008-11-20 16:58 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2008-11-20 16:58 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2008-11-20 16:58 . 2008-11-20 18:16 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2008-11-20 16:58 . 2008-11-20 18:16 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2008-11-20 16:58 . 2008-11-22 18:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2008-11-20 16:58 . 2008-11-22 18:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2008-11-20 16:58 . 2004-11-04 23:22 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2008-11-20 16:58 . 2008-11-20 20:28 <REP> d-------- c:\documents and settings\HP_Propriétaire 2008-11-20 16:57 . 2004-11-04 22:36 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2008-11-20 16:57 . 2003-09-10 23:36 21,060 --------- c:\windows\system32\drivers\iviaspi.sys 2008-11-20 16:57 . 2003-09-19 01:47 10,368 --------- c:\windows\system32\drivers\pfc.sys 2008-11-20 16:56 . 2008-11-20 16:56 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 04:45 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-21 20:39 --------- d-----w c:\program files\Java 2008-11-21 00:37 --------- d-----w c:\program files\Microsoft.NET 2008-11-20 22:42 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2008-11-20 22:03 --------- d-----w c:\program files\Easy Internet signup 2008-11-20 21:56 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-10-10 20:46 69,632 ----a-w c:\windows\KHALMNPR.Exe 2008-09-26 15:53 37,392 ----a-w c:\windows\system32\drivers\LMouFilt.Sys 2008-09-26 15:53 28,816 ----a-w c:\windows\system32\drivers\LUsbFilt.sys 2008-09-26 15:52 35,472 ----a-w c:\windows\system32\drivers\LHidFilt.Sys 2008-09-09 05:03 51,712 ----a-w c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-21_12.22.06,85 ))))))))))))))))))))))))))))))))))))))))) . - 2004-04-05 23:49:42 64,512 ----a-w c:\windows\agrsmdel.exe + 2007-06-21 22:01:28 54,312 ----a-w c:\windows\agrsmdel.exe - 2008-11-20 23:05:59 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2008-11-21 18:21:27 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll - 2008-11-20 23:05:59 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2008-11-21 18:21:28 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2008-11-20 23:05:59 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2008-11-21 18:21:28 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll - 2008-11-20 23:05:54 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:24 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:54 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:25 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:55 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:25 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:56 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:26 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:56 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:26 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:57 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:26 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:57 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:26 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:57 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:27 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:58 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:27 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:59 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-11-21 18:21:28 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-11-20 23:05:59 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2008-11-21 18:21:28 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2008-11-20 23:05:59 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2008-11-21 18:21:28 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2008-11-20 23:05:59 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2008-11-21 18:21:29 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2008-11-20 23:05:59 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2008-11-21 18:21:29 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll - 2008-11-20 23:05:59 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-11-21 18:21:27 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2002-12-24 18:52:40 54,016 ------w c:\windows\Drivers\ousb2\ousb2hub.sys + 2002-12-24 18:52:40 39,040 ------w c:\windows\Drivers\ousb2\ousbehci.sys + 2008-11-21 21:06:38 10,134 ----a-r c:\windows\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe + 2008-11-21 21:05:27 10,134 ----a-r c:\windows\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe + 2008-11-21 19:18:01 10,134 ----a-r c:\windows\Installer\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\ARPPRODUCTICON.exe + 2008-11-21 19:19:45 10,134 ----a-r c:\windows\Installer\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\ARPPRODUCTICON.exe + 2008-11-22 04:44:57 10,134 ----a-r c:\windows\Installer\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\ARPPRODUCTICON.exe - 2008-11-20 23:04:44 11,502 ----a-r c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe + 2008-11-21 18:20:21 11,502 ----a-r c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe + 2008-11-21 17:54:01 216,358 ----a-r c:\windows\Installer\{E48469CC-635E-4FD5-A122-1497C286D217}\ARPPRODUCTICON.exe + 2008-11-22 21:19:33 2,300 ----a-w c:\windows\SoftwareDistribution\EventCache\{5B600A83-8601-458A-87DE-B8C7AD3C2D33}.bin + 2008-11-22 02:11:49 2,300 ----a-w c:\windows\SoftwareDistribution\EventCache\{C343480A-A0B6-4CB2-9E07-DAE5D1B854E6}.bin + 2006-09-11 20:34:46 13,312 ----a-w c:\windows\system32\agrscoin.dll + 2006-10-05 18:10:12 9,216 ----a-w c:\windows\system32\agrsmsvc.exe + 2008-04-13 16:45:28 36,864 -c--a-w c:\windows\system32\dllcache\hidclass.sys + 2008-04-13 16:45:24 24,960 -c--a-w c:\windows\system32\dllcache\hidparse.sys + 2008-04-13 16:45:28 10,368 -c--a-w c:\windows\system32\dllcache\hidusb.sys + 2008-04-14 00:04:36 37,632 -c--a-w c:\windows\system32\dllcache\isapnp.sys + 2008-04-13 23:53:20 23,680 -c--a-w c:\windows\system32\dllcache\mouclass.sys + 2001-08-23 22:04:42 12,288 -c--a-w c:\windows\system32\dllcache\mouhid.sys + 2008-10-07 18:33:00 6,133,856 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys - 2004-06-29 22:07:18 1,268,204 ----a-w c:\windows\system32\drivers\AGRSM.sys + 2007-07-16 19:49:34 1,212,288 ----a-w c:\windows\system32\drivers\AGRSM.sys + 2006-11-02 12:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys + 2006-11-02 12:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys + 2006-11-02 12:21:54 319,456 -c--a-w c:\windows\system32\DRVSTORE\FETNDIS_65DEB2693536D41917BF3797E3E6B5E4CDBBAEDC\difxapi.dll + 2008-06-25 19:36:08 43,520 -c--a-w c:\windows\system32\DRVSTORE\FETNDIS_65DEB2693536D41917BF3797E3E6B5E4CDBBAEDC\fetnd5bv.sys + 2006-10-27 21:26:56 69,632 -c--a-w c:\windows\system32\DRVSTORE\FETNDIS_65DEB2693536D41917BF3797E3E6B5E4CDBBAEDC\vuins32.dll - 2008-11-20 22:42:13 176,264 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-11-21 21:08:21 179,448 ----a-w c:\windows\system32\FNTCACHE.DAT + 2003-11-12 06:41:00 41,984 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\fetnd5b.sys + 2004-06-29 22:07:18 1,268,204 ----a-w c:\windows\system32\ReinstallBackups\0009\DriverFiles\AGRSM.sys + 2004-04-05 23:49:42 64,512 ----a-w c:\windows\system32\ReinstallBackups\0009\DriverFiles\agrsmdel.exe + 2004-06-29 22:06:38 88,363 ----a-w c:\windows\system32\ReinstallBackups\0009\DriverFiles\AGRSMMSG.exe + 2008-04-14 00:04:36 37,632 ----a-w c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\isapnp.sys + 2008-04-13 16:40:32 96,512 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys + 2004-08-04 04:00:00 3,328 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\pciide.sys + 2008-04-13 16:40:30 24,960 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\pciidex.sys + 2008-04-13 16:40:32 96,512 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys + 2008-04-13 16:40:30 24,960 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\pciidex.sys + 2008-04-13 16:40:32 5,376 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\viaide.sys + 2008-04-14 00:33:28 20,992 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hid.dll + 2008-04-13 16:45:28 36,864 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hidclass.sys + 2008-04-13 16:45:24 24,960 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hidparse.sys + 2008-04-13 16:45:28 10,368 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hidusb.sys + 2008-04-13 23:53:20 23,680 ----a-w c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\mouclass.sys + 2001-08-23 22:04:42 12,288 ----a-w c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\mouhid.sys + 2008-10-07 18:33:00 6,058,112 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_disp.dll + 2008-10-07 18:33:00 6,133,856 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_mini.sys + 2008-10-07 18:33:00 475,136 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvapi.dll + 2008-10-07 18:33:00 122,880 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcod.dll + 2008-10-07 18:33:00 13,574,144 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcpl.dll + 2008-10-07 18:33:00 1,368,064 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcuda.dll + 2008-10-07 18:33:00 3,989,504 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvdisps.dll + 2008-10-07 18:33:00 5,799,936 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvdispsr.dll + 2008-10-07 18:33:00 3,444,736 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvgames.dll + 2008-10-07 18:33:00 3,457,024 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvgamesr.dll + 2008-10-07 18:33:00 229,376 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccs.dll + 2008-10-07 18:33:00 188,416 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccss.dll + 2008-10-07 18:33:00 458,752 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccssr.dll + 2008-10-07 18:33:00 86,016 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmctray.dll + 2008-10-07 18:33:00 1,257,472 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmobls.dll + 2008-10-07 18:33:00 2,854,912 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmoblsr.dll + 2008-10-07 18:33:00 286,720 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvnt4cpl.dll + 2008-10-07 18:33:00 8,826,880 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvoglnt.dll + 2008-10-07 18:33:00 163,908 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvsvc32.exe + 2008-10-07 18:33:00 3,764,224 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvvitvs.dll + 2008-10-07 18:33:00 4,149,248 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvvitvsr.dll + 2008-10-07 18:33:00 81,920 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwddi.dll + 2008-10-07 18:33:00 2,686,976 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwss.dll + 2008-10-07 18:33:00 2,981,888 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwssr.dll + 2007-06-22 17:34:02 1,419,232 ----a-w c:\windows\system32\WdfCoInstaller01005.dll + 2008-11-22 14:15:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_62c.dat + 2008-11-22 14:15:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e8.dat + 2006-12-02 03:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-02 05:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-02 05:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-02 05:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-02 05:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-02 05:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . Note les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-20 133104] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-20 136600] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152] "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-11-04 180269] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-08 286720] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-04 98304] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [29/05/2004 05:31:38 241664] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [21/11/2008 16:05:44 809488] Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [04/11/2004 22:45:46 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-10-27 12:57 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\America's Army\\System\\ArmyOps.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [21/11/2008 16:03:39 12952] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [21/11/2008 16:03:39 21656] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/11/2008 17:34:31 110160] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [20/11/2008 17:34:31 20560] R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [21/11/2008 16:06:43 10384] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [17/11/2008 08:05:32 195752] . Contenu du dossier 'Tâches planifiées' 2008-11-20 c:\windows\Tasks\Connexion facile à Internet.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50] 2008-11-22 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\HP_Propri [] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-22 18:42:16 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(664) c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll . Heure de fin: 2008-11-22 18:43:10 ComboFix-quarantined-files.txt 2008-11-22 23:43:04 ComboFix2.txt 2008-11-21 17:22:46 Avant-CF: 106 638 766 080 octets libres Après-CF: 106,700,263,424 octets libres 365 But nothing change, I have the popup, the redirect ... everything.

Buckeye_Sam View Member Profile	Nov 23 2008, 12:35 PM Post #8
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #5 - Search and clean DNS Hijack by typing 5 and press "Enter"; a text file will appear. It may bring up a message that ways "Your computer may be victim of a DNS Hijack: 85.255.x.x" Do you want to set your network to dynamic - DHCP server? Click on "Yes" Reboot Please copy/paste the content of that report into your next reply. If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.** Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

zerrogh View Member Profile	Nov 25 2008, 08:06 PM Post #9
Member Group: Members Posts: 21 Joined: 18-November 08 Member No.: 258,128	Hey, you said: It may bring up a message that ways "Your computer may be victim of a DNS Hijack: 85.255.x.x" but I don't get this message Here is the log: SmitFraudFix v2.378 Rapport fait à 20:05:07,62, 2008-11-25 Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Mes documents\T‚l‚chargements\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

Buckeye_Sam View Member Profile	Nov 26 2008, 03:10 PM Post #10
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back here in your next reply. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

zerrogh View Member Profile	Nov 26 2008, 05:33 PM Post #11
Member Group: Members Posts: 21 Joined: 18-November 08 Member No.: 258,128	SDFix: Version 1.240 Run by Administrateur on 2008-11-26 at 17:14 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-26 17:27:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe::Enabled:BackWeb for Pavilion" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe::Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe::Enabled:PnkBstrB" "C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe::Enabled:Ventrilo.exe" "C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe::Enabled:ArmyOps" "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe::Enabled:Call of Duty® 4 - Modern Warfare™ " "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe::Enabled:Call of Duty® - World at War™ " "C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe::Enabled:Call of Duty® - World at War™ " "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Enabled:LimeWire" "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe::Enabled:Microsoft Management Console" "C:\\Documents and Settings\\HP_Propri‚taire\\Bureau\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Bureau\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe::enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe::Enabled:Windows Live Call" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" Remaining Files* : Files with Hidden Attributes : Thu 20 Nov 2008 218 A.SHR --- "C:\BOOT.BAK" Finished!

Buckeye_Sam View Member Profile	Nov 27 2008, 11:20 AM Post #12
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Run SDFix once again and follow these steps. Type 3 to Download/Run SAV32CLI from Sophos. Follow the on screen prompts and extract the Sophos files to C:\SAV32CLI When the main scanning screen is displayed type 6 to run a Full scan SAV32CLI will start and scan the system for infected files Please be patient as this scan may take some time When the scan has finished post back the SophosReport.txt from the SDFix folder -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

zerrogh View Member Profile	Nov 28 2008, 07:06 PM Post #13
Member Group: Members Posts: 21 Joined: 18-November 08 Member No.: 258,128	hu, when I press 3, The program is closing

Buckeye_Sam View Member Profile	Nov 29 2008, 10:48 AM Post #14
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, in the menu, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Please post the contents of the log from DrWeb and a new combofix log in your next reply. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

zerrogh View Member Profile	Dec 1 2008, 10:01 PM Post #15
Member Group: Members Posts: 21 Joined: 18-November 08 Member No.: 258,128	Suppriée = Delete Quatantaine = Quarantain Infectées = Infected Irréparable = "Cant Repair" RegUBP2b-HP_Propriétaire.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Supprimé.; ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe;Probablement BATCH.Virus;; ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\HP_Propriétaire\Bureau;L'archive contient des éléments infectés;Quarantaine.; SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\HP_Propriétaire\Bureau\SDFix.exe;Tool.Prockill;; SDFix.exe;C:\Documents and Settings\HP_Propriétaire\Bureau;L'archive contient des éléments infectés;Quarantaine.; xcleaner_full_setup.exe\data016;C:\Documents and Settings\HP_Propriétaire\Bureau\xcleaner_full_setup.exe;BackDoor.Pigeon.origin;; xcleaner_full_setup.exe;C:\Documents and Settings\HP_Propriétaire\Bureau;L'archive contient des éléments infectés;Quarantaine.; SmitfraudFix (1).exe\SmitfraudFix\Process.exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements\SmitfraudFix (1).exe;Tool.Prockill;; SmitfraudFix (1).exe\SmitfraudFix\restart.exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements\SmitfraudFix (1).exe;Tool.ShutDown.11;; SmitfraudFix (1).exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements;L'archive contient des éléments infectés;Quarantaine.; Process.exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements\SmitfraudFix;Tool.Prockill;; restart.exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements\SmitfraudFix;Tool.ShutDown.11;; KillWind.exe;C:\hp\bin;Tool.ProcessKill;; juggler.exe;C:\Program Files\X-Cleaner;BackDoor.Pigeon.origin;Irréparable.Quarantaine.; A0004418.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP10;Probablement BATCH.Virus;; A0005194.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP14\A0005194.exe;Probablement BATCH.Virus;; A0005194.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP14\A0005194.exe;Program.PsExec.171;; A0005194.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP14;L'archive contient des éléments infectés;Quarantaine.; A0005197.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP14;Probablement BATCH.Virus;; A0005237.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP15;Probablement BATCH.Virus;; A0015208.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP17;Tool.Prockill;; A0015252.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18\A0015252.exe;Tool.Prockill;; A0015252.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18\A0015252.exe;Tool.ShutDown.11;; A0015252.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18;L'archive contient des éléments infectés;Quarantaine.; A0015265.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18;Tool.Prockill;; A0015267.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18;Tool.ShutDown.11;; A0015681.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18;Tool.Prockill;; A0020810.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.; A0021813.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.; A0022812.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.; A0022879.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.; A0023876.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.; A0024847.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;Trojan.StartPage.1505;Supprimé.; A0024848.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20\A0024848.exe;Probablement BATCH.Virus;; A0024848.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20\A0024848.exe;Program.PsExec.171;; A0024848.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;L'archive contient des éléments infectés;Quarantaine.; A0024849.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20\A0024849.exe;Tool.Prockill;; A0024849.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;L'archive contient des éléments infectés;Quarantaine.; A0024850.exe\data016;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20\A0024850.exe;BackDoor.Pigeon.origin;; A0024850.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;L'archive contient des éléments infectés;Quarantaine.; A0024851.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;BackDoor.Pigeon.origin;Irréparable.Quarantaine.; Process.exe;C:\WINDOWS\system32;Tool.Prockill;; This post has been edited by zerrogh: Dec 1 2008, 10:05 PM

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

3 Pages

1 2 3 >

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 09:52 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides