Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help(Redirect,Popup,Microsoft Download Not Allowed)


  • This topic is locked This topic is locked
34 replies to this topic

#1 zerrogh

zerrogh

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 18 November 2008 - 07:02 PM

Hello every one.
Sry for my bad english, im french so ...

Since one week, my internet is running really.
Im was looking some forum to know how to delete my problem but I don't find any way.
So I will explain my problem.

First:
When I type www.google.ca in the adress bar, it give me the google site, this is ok, but in english ... and www.google.ca is suppose to be in french so ...

Second:
When im looking for something with google.ca, it always redirecting me someware.
The web site are:
copy-book.com
smartsearch.com
click.smartsearch.com
and some other

Third:
When im looking for something with google.ca, popup come every time and this is always the same.
the website of the popup is: http://popup.adv.net

Fourth:
When im on any website, there is publicity of Vimax Pills, something to elarge your bleep.

Five:
When im trying to download something on microsoft.com it always say the domain is invalid.

(AND THIS IS FOR ALL THE COMPUTER AT MY HOME)

so hereis my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:54, on 2008-11-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4250 bytes

Here some picture of the popup and the invalid domain from microsoft.com¸

Thanks for help

Attached Files


Edited by zerrogh, 18 November 2008 - 07:04 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:18 PM

Posted 19 November 2008 - 08:11 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.


Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 zerrogh

zerrogh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 20 November 2008 - 08:05 PM

Hey Sam,
This is nice you can help me :thumbsup:

So my log.txt is right here:

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Propriétaire at 2008-11-20 20:03:03
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 130 GB (88%) free of 147 GB
Total RAM: 1023 MB (50% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\Connexion facile à Internet.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - Vue HP - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]
- []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HPHUPD06"=c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-11-04 180269]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-06-08 286720]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"VTTimer"=VTTimer.exe []
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2003-12-18 118784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 133104]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\Services en ligne\AOL\waol.exe"="C:\Program Files\Services en ligne\AOL\waol.exe:*:Enabled:AOL Canada"
"C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88ea4f3c-b74c-11dd-ac67-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88ea4f3e-b74c-11dd-ac67-806d6172696f}]
shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
shell\dinstall\command - E:\Directx\dxsetup.exe


======List of files/folders created in the last 1 months======

2008-11-20 19:51:27 ----D---- C:\Program Files\trend micro
2008-11-20 19:51:16 ----D---- C:\rsit
2008-11-20 19:37:26 ----D---- C:\Program Files\Reference Assemblies
2008-11-20 18:42:06 ----D---- C:\WINDOWS\I386
2008-11-20 18:34:28 ----RD---- C:\Program Files
2008-11-20 18:34:10 ----RHD---- C:\MSOCache
2008-11-20 18:33:33 ----RSD---- C:\WINDOWS\assembly
2008-11-20 18:33:31 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-20 18:32:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-20 18:16:54 ----A---- C:\WINDOWS\system32\winstanew.dll
2008-11-20 18:16:54 ----A---- C:\WINDOWS\system32\user32new.dll
2008-11-20 18:16:54 ----A---- C:\WINDOWS\system32\setupapinew.dll
2008-11-20 18:16:54 ----A---- C:\WINDOWS\system32\secur32new.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\rpcrt4new.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\powrprofnew.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\Nucleus.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\ntdsapinew.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\ntdllnew.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\msvcrtnew.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\M2000Twn.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\kernel32new.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\dxgi.dll
2008-11-20 18:16:53 ----A---- C:\WINDOWS\system32\dwmapi.dll
2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\d3dx10.dll
2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\d3d10core.dll
2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\d3d10.dll
2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\crypt32new.dll
2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\apphelpnew.dll
2008-11-20 18:16:51 ----A---- C:\WINDOWS\system32\advapi32new.dll
2008-11-20 18:09:55 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Adobe
2008-11-20 18:06:30 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-20 18:06:30 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-20 18:06:30 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-20 18:06:30 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-20 18:06:29 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-20 18:06:29 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-20 18:06:28 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-20 18:06:28 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-20 18:06:27 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-20 18:06:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-20 18:06:26 ----A---- C:\WINDOWS\system32\d3dx9_37.dll
2008-11-20 18:06:26 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-20 18:06:26 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-20 18:06:25 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-20 18:06:24 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-20 18:06:24 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-20 18:06:24 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-20 18:06:23 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-20 18:06:23 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-20 18:06:23 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-20 18:06:22 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-20 18:06:22 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-20 18:06:22 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-20 18:06:21 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-11-20 18:06:21 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-11-20 18:06:20 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-11-20 18:06:20 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-11-20 18:06:16 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-20 18:06:11 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-20 18:06:11 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-20 18:06:04 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-20 18:06:04 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-20 18:06:03 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-20 18:06:03 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-20 18:06:02 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-20 18:06:02 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-11-20 18:06:02 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-20 18:06:01 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-20 18:06:01 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-20 18:06:01 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-20 18:06:00 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-20 18:06:00 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-20 18:05:48 ----D---- C:\WINDOWS\LastGood
2008-11-20 18:04:54 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-20 18:04:52 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-20 18:04:52 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-11-20 18:04:52 ----A---- C:\WINDOWS\system32\pbsvc.exe
2008-11-20 17:53:30 ----D---- C:\Program Files\Activision
2008-11-20 17:48:40 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-11-20 17:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-20 17:42:49 ----D---- C:\WINDOWS\Prefetch
2008-11-20 17:36:37 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-20 17:36:37 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-20 17:36:29 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-20 17:36:28 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-20 17:36:27 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-20 17:36:26 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-20 17:36:25 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-20 17:36:24 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-20 17:36:23 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-20 17:36:23 ----N---- C:\WINDOWS\slrundll.exe
2008-11-20 17:36:23 ----D---- C:\WINDOWS\system32\fr-fr
2008-11-20 17:36:23 ----D---- C:\WINDOWS\l2schemas
2008-11-20 17:36:22 ----D---- C:\WINDOWS\system32\bits
2008-11-20 17:35:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-20 17:34:06 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-20 17:34:02 ----D---- C:\Program Files\Alwil Software
2008-11-20 17:33:18 ----D---- C:\WINDOWS\network diagnostic
2008-11-20 17:31:42 ----A---- C:\WINDOWS\002574_.tmp
2008-11-20 17:31:33 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-20 17:30:58 ----D---- C:\NVIDIA
2008-11-20 17:27:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-20 17:27:47 ----D---- C:\WINDOWS\EHome
2008-11-20 17:25:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-20 17:25:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-20 17:25:59 ----A---- C:\WINDOWS\system32\java.exe
2008-11-20 17:25:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-20 17:24:06 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-20 17:24:05 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-20 17:24:05 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-20 17:24:05 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-20 17:24:04 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-20 17:24:03 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-20 17:24:03 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-20 17:24:02 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-20 17:24:02 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-20 17:24:01 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-20 17:23:17 ----D---- C:\WINDOWS\Logs
2008-11-20 17:23:11 ----D---- C:\Program Files\SystemRequirementsLab
2008-11-20 17:22:52 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Macromedia
2008-11-20 17:22:44 ----SHD---- C:\WINDOWS\ftpcache
2008-11-20 17:11:59 ----RASH---- C:\BOOT.BAK
2008-11-20 17:11:45 ----RSHD---- C:\cmdcons
2008-11-20 17:11:45 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-11-20 17:11:40 ----D---- C:\WINDOWS\setup.pss
2008-11-20 17:07:12 ----D---- C:\WINDOWS\nview
2008-11-20 17:07:12 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-20 17:03:53 ----SHD---- C:\RECYCLER
2008-11-20 16:59:18 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-20 16:58:43 ----ASH---- C:\Documents and Settings\HP_Propriétaire\Application Data\desktop.ini
2008-11-20 16:58:40 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Identities
2008-11-20 16:58:40 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer
2008-11-20 16:58:39 ----SD---- C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft
2008-11-20 16:58:39 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Sun
2008-11-20 16:58:39 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\SampleView
2008-11-20 16:58:39 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Real
2008-11-20 16:56:51 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2008-11-20 16:55:56 ----A---- C:\WINDOWS\system32\IVIresize.dll
2008-11-20 16:55:48 ----D---- C:\Program Files\InterVideo
2008-11-20 16:55:10 ----A---- C:\WINDOWS\system32\uninst_disp_silently.txt
2008-11-20 16:55:10 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-20 16:55:00 ----A---- C:\WINDOWS\system32\uninst_gart_silently.txt
2008-11-20 16:54:58 ----A---- C:\WINDOWS\system32\uninst_nrm_silently.txt
2008-11-20 16:54:56 ----A---- C:\WINDOWS\system32\uninst_net_silently.txt
2008-11-20 16:54:46 ----A---- C:\WINDOWS\system32\uninst_smb_silently.txt
2008-11-20 16:54:46 ----A---- C:\WINDOWS\system32\NVUninst.exe
2008-11-20 16:47:58 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-20 16:47:14 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-20 16:46:17 ----SHD---- C:\System Volume Information
2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mdhcp.dll
2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mciole32.dll
2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mciole16.dll
2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mcicda.dll
2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mcd32.dll
2008-11-17 00:06:40 ----A---- C:\WINDOWS\system32\mapistub.dll
2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\mag_hook.dll
2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lzexpand.dll
2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lz32.dll
2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lprmonui.dll
2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lpr.exe
2008-11-17 00:06:39 ----A---- C:\WINDOWS\system32\lpq.exe
2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\loghours.dll
2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\lodctr.exe
2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\loadfix.com
2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\lnkstub.exe
2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\lights.exe
2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\langwrbk.dll
2008-11-17 00:06:38 ----A---- C:\WINDOWS\system32\label.exe
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kdcom.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kbdmac.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kbdfo.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kbdcan.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kbdbene.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\kb16.com
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jsfr.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jobexec.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgsh400.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgsd400.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgpl400.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgmd400.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgdw400.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jgaw400.dll
2008-11-17 00:06:37 ----A---- C:\WINDOWS\system32\jet500.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ir32_32.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxwan.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxsap.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxrip.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipsec6.exe
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\iprtprio.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\iprop.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\ipmontr.dll
2008-11-17 00:06:36 ----A---- C:\WINDOWS\system32\iologmsg.dll
2008-11-17 00:06:35 ----A---- C:\WINDOWS\system32\infosoft.dll
2008-11-17 00:06:35 ----A---- C:\WINDOWS\system32\inetcplc.dll
2008-11-17 00:06:35 ----A---- C:\WINDOWS\system32\ifsutil.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\icmui.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iassvcs.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iassdo.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iassam.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iasrecst.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iasnap.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iashlpr.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iasads.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\iasacct.dll
2008-11-17 00:06:34 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-17 00:06:33 ----A---- C:\WINDOWS\system32\hostname.exe
2008-11-17 00:06:33 ----A---- C:\WINDOWS\system32\hnetmon.dll
2008-11-17 00:06:33 ----A---- C:\WINDOWS\system32\hlink.dll
2008-11-17 00:06:32 ----A---- C:\WINDOWS\system32\help.exe
2008-11-17 00:06:31 ----A---- C:\WINDOWS\system32\graphics.com
2008-11-17 00:06:31 ----A---- C:\WINDOWS\system32\graftabl.com
2008-11-17 00:06:31 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2008-11-17 00:06:30 ----A---- C:\WINDOWS\system32\glmf32.dll
2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\gdi.exe
2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\gcdef.dll
2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\fxssend.exe
2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\fxsroute.dll
2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\fxsclntR.dll
2008-11-17 00:02:18 ----A---- C:\WINDOWS\system32\fxscfgwz.dll
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\ftsrch.dll
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fsutil.exe
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fsusd.dll
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\format.com
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fontsub.dll
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fmifs.dll
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\fixmapi.exe
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\finger.exe
2008-11-17 00:02:17 ----A---- C:\WINDOWS\system32\find.exe
2008-11-17 00:02:16 ----A---- C:\WINDOWS\system32\fc.exe
2008-11-17 00:02:16 ----A---- C:\WINDOWS\system32\fastopen.exe
2008-11-17 00:02:16 ----A---- C:\WINDOWS\system32\exe2bin.exe
2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\eventvwr.msc
2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\eventvwr.exe
2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\eventcls.dll
2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\esentutl.exe
2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\esentprf.dll
2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\esent97.dll
2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\edlin.exe
2008-11-17 00:02:15 ----A---- C:\WINDOWS\system32\edit.com
2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\dskquoui.dll
2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\dsauth.dll
2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2008-11-17 00:02:13 ----A---- C:\WINDOWS\system32\drwatson.exe
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dpwsock.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dpserial.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dplay.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\doskey.exe
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\docprop.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmocx.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmintf.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmdskres.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dmconfig.dll
2008-11-17 00:01:41 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\dispex.dll
2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskperf.exe
2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskcopy.dll
2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskcopy.com
2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\diskcomp.com
2008-11-17 00:01:40 ----A---- C:\WINDOWS\system32\dimap.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\diactfrm.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dfrgres.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dfrg.msc
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\devmgmt.msc
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\deskperf.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\deskmon.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\deskadp.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\debug.exe
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\ddeml.dll
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-17 00:01:39 ----A---- C:\WINDOWS\system32\datime.dll
2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3dxof.dll
2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3drm.dll
2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3dramp.dll
2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2008-11-17 00:01:38 ----A---- C:\WINDOWS\system32\d3dim.dll
2008-11-17 00:01:37 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll
2008-11-17 00:01:37 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2008-11-17 00:01:37 ----A---- C:\WINDOWS\system32\csseqchk.dll
2008-11-17 00:01:36 ----A---- C:\WINDOWS\system32\crtdll.dll
2008-11-17 00:01:36 ----A---- C:\WINDOWS\system32\convert.exe
2008-11-17 00:01:36 ----A---- C:\WINDOWS\system32\control.exe
2008-11-17 00:01:36 ----A---- C:\WINDOWS\system32\console.dll
2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\confmsp.dll
2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\compobj.dll
2008-11-17 00:01:35 ----A---- C:\WINDOWS\system32\compmgmt.msc
2008-11-17 00:01:31 ----A---- C:\WINDOWS\system32\compact.exe
2008-11-17 00:01:31 ----A---- C:\WINDOWS\system32\comp.exe
2008-11-17 00:01:31 ----A---- C:\WINDOWS\system32\commdlg.dll
2008-11-17 00:01:31 ----A---- C:\WINDOWS\system32\command.com
2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\comcat.dll
2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\cnvfat.dll
2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\clb.dll
2008-11-17 00:01:30 ----A---- C:\WINDOWS\system32\ckcnv.exe
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\cidaemon.exe
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\cic.dll
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\ciadv.msc
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\ciadmin.dll
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\chkntfs.exe
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\chkdsk.exe
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\chcp.com
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\certmgr.msc
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-17 00:01:29 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2008-11-17 00:01:28 ----A---- C:\WINDOWS\system32\cards.dll
2008-11-17 00:01:28 ----A---- C:\WINDOWS\system32\capesnpn.dll
2008-11-17 00:01:28 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-17 00:01:28 ----A---- C:\WINDOWS\system32\cacls.exe
2008-11-17 00:01:27 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2008-11-17 00:01:27 ----A---- C:\WINDOWS\system32\bootvid.dll
2008-11-17 00:01:27 ----A---- C:\WINDOWS\system32\bootok.exe
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avifile.dll
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avicap32.dll
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\avicap.dll
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\autodisc.dll
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\attrib.exe
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2008-11-17 00:01:26 ----A---- C:\WINDOWS\system32\atkctrs.dll
2008-11-17 00:01:17 ----A---- C:\WINDOWS\system32\arp.exe
2008-11-17 00:00:38 ----A---- C:\WINDOWS\system32\append.exe
2008-11-17 00:00:38 ----A---- C:\WINDOWS\system32\apcups.dll
2008-11-17 00:00:37 ----A---- C:\WINDOWS\system32\adptif.dll
2008-11-17 00:00:36 ----A---- C:\WINDOWS\system32\acledit.dll
2008-11-17 00:00:36 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-17 00:00:36 ----A---- C:\WINDOWS\system32\aaaamon.dll
2008-11-16 23:34:21 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wshisn.dll
2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wshfr.dll
2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wshatm.dll
2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\write.exe
2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wowexec.exe
2008-11-16 23:34:20 ----A---- C:\WINDOWS\system32\wowdeb.exe
2008-11-16 23:34:16 ----A---- C:\WINDOWS\system32\wmiprop.dll
2008-11-16 23:34:16 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-16 23:34:16 ----A---- C:\WINDOWS\system32\wmerrFRA.dll
2008-11-16 23:34:15 ----A---- C:\WINDOWS\system32\winstrm.dll
2008-11-16 23:34:15 ----A---- C:\WINDOWS\system32\winspool.exe
2008-11-16 23:34:15 ----A---- C:\WINDOWS\system32\winsock.dll
2008-11-16 23:34:14 ----A---- C:\WINDOWS\system32\winnls.dll
2008-11-16 23:34:14 ----A---- C:\WINDOWS\system32\winmsd.exe
2008-11-16 23:34:14 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-16 23:34:13 ----A---- C:\WINDOWS\winhelp.exe
2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\winfax.dll
2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\win87em.dll
2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\win.com
2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\wifeman.dll
2008-11-16 23:34:13 ----A---- C:\WINDOWS\system32\wiavusd.dll
2008-11-16 23:34:12 ----A---- C:\WINDOWS\system32\webhits.dll
2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\wavemsp.dll
2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\w32topl.dll
2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\w32tm.exe
2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\vssadmin.exe
2008-11-16 23:34:10 ----A---- C:\WINDOWS\system32\vss_ps.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\vmmreg32.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vjoy.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vga64k.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vga256.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vga.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vfpodbc.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\verifier.exe
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\verifier.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\ver.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vcdex.dll
2008-11-16 23:34:09 ----A---- C:\WINDOWS\system32\vbsfr.dll
2008-11-16 23:34:08 ----A---- C:\WINDOWS\system32\utildll.dll
2008-11-16 23:34:08 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-16 23:34:08 ----A---- C:\WINDOWS\system32\user.exe
2008-11-16 23:34:08 ----A---- C:\WINDOWS\system32\ureg.dll
2008-11-16 23:34:07 ----A---- C:\WINDOWS\twunk_32.exe
2008-11-16 23:34:07 ----A---- C:\WINDOWS\twunk_16.exe
2008-11-16 23:34:07 ----A---- C:\WINDOWS\twain.dll
2008-11-16 23:34:07 ----A---- C:\WINDOWS\system32\unlodctr.exe
2008-11-16 23:34:07 ----A---- C:\WINDOWS\system32\umdmxfrm.dll
2008-11-16 23:34:07 ----A---- C:\WINDOWS\system32\ufat.dll
2008-11-16 23:34:07 ----A---- C:\WINDOWS\system32\typelib.dll
2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tsd32.dll
2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tsappcmp.dll
2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tree.com
2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\traffic.dll
2008-11-16 23:34:06 ----A---- C:\WINDOWS\system32\tracert6.exe
2008-11-16 23:34:05 ----A---- C:\WINDOWS\system32\toolhelp.dll
2008-11-16 23:34:04 ----A---- C:\WINDOWS\system32\tftp.exe
2008-11-16 23:34:04 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2008-11-16 23:34:03 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\taskman.exe
2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\tapiui.dll
2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\tapiperf.dll
2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\tapi.dll
2008-11-16 23:34:03 ----A---- C:\WINDOWS\system32\systray.exe
2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\syskey.exe
2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\sysinv.dll
2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\sysedit.exe
2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\syncapp.exe
2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\swprv.dll
2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\svcpack.dll
2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\subst.exe
2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\storage.dll
2008-11-16 23:33:23 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-16 23:33:22 ----A---- C:\WINDOWS\system32\sqlwoa.dll
2008-11-16 23:33:22 ----A---- C:\WINDOWS\system32\sqlwid.dll
2008-11-16 23:33:21 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-16 23:33:21 ----A---- C:\WINDOWS\system32\sprestrt.exe
2008-11-16 23:33:15 ----A---- C:\WINDOWS\system32\sort.exe
2008-11-16 23:33:15 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-16 23:33:15 ----A---- C:\WINDOWS\system32\softpub.dll
2008-11-16 23:33:14 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-16 23:33:14 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2008-11-16 23:33:14 ----A---- C:\WINDOWS\system32\skdll.dll
2008-11-16 23:33:13 ----A---- C:\WINDOWS\system32\sisbkup.dll
2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\shell.dll
2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\share.exe
2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\sfmapi.dll
2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\sfc.exe
2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\setver.exe
2008-11-16 23:33:12 ----A---- C:\WINDOWS\system32\setupdll.dll
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\serwvdrv.dll
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\services.msc
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\serialui.dll
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\senscfg.dll
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\sdpblb.dll
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\scrrnfr.dll
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\scredir.dll
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\scofr.dll
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\scardssp.dll
2008-11-16 23:33:11 ----A---- C:\WINDOWS\system32\sc.exe
2008-11-16 23:33:10 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\runas.exe
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rtm.dll
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsvp.exe
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsmui.exe
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsmsink.exe
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rsm.exe
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\rpcns4.dll
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\routetab.dll
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\routemon.exe
2008-11-16 23:33:09 ----A---- C:\WINDOWS\system32\route.exe
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rnr20.dll
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\riched32.dll
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\replace.exe
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rend.dll
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\regwiz.exe
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\regedt32.exe
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\recover.exe
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rasser.dll
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rasrad.dll
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rasmxs.dll
2008-11-16 23:33:08 ----A---- C:\WINDOWS\system32\rasmontr.dll
2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\rasdial.exe
2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\rasctrs.dll
2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\rasautou.exe
2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-16 23:33:07 ----A---- C:\WINDOWS\system32\qosname.dll
2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\pubprn.vbs
2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\psnppagn.dll
2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\pschdprf.dll
2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\print.exe
2008-11-16 23:33:06 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2008-11-16 23:33:05 ----A---- C:\WINDOWS\system32\pmspl.dll
2008-11-16 23:33:05 ----A---- C:\WINDOWS\system32\plustab.dll
2008-11-16 23:33:05 ----A---- C:\WINDOWS\system32\ping6.exe
2008-11-16 23:33:05 ----A---- C:\WINDOWS\system32\pifmgr.dll
2008-11-16 23:33:01 ----RA---- C:\WINDOWS\system32\perfmon.msc
2008-11-16 23:33:01 ----A---- C:\WINDOWS\system32\perfts.dll
2008-11-16 23:33:01 ----A---- C:\WINDOWS\system32\perfnet.dll
2008-11-16 23:33:01 ----A---- C:\WINDOWS\system32\pentnt.exe
2008-11-16 23:33:00 ----A---- C:\WINDOWS\system32\pathping.exe
2008-11-16 23:33:00 ----A---- C:\WINDOWS\system32\panmap.dll
2008-11-16 23:33:00 ----A---- C:\WINDOWS\system32\osuninst.exe
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olethk32.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olesvr32.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olesvr.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\oledlg.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olecli32.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\olecli.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\oleacc.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\ole2nls.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\ole2disp.dll
2008-11-16 23:32:59 ----A---- C:\WINDOWS\system32\ole2.dll
2008-11-16 23:32:55 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2008-11-16 23:32:55 ----A---- C:\WINDOWS\system32\ocmanage.dll
2008-11-16 23:32:54 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2008-11-16 23:32:53 ----A---- C:\WINDOWS\system32\ntlanui.dll
2008-11-16 23:32:51 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-16 23:32:51 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2008-11-16 23:32:50 ----A---- C:\WINDOWS\system32\netui2.dll
2008-11-16 23:32:49 ----A---- C:\WINDOWS\system32\netmsg.dll
2008-11-16 23:32:49 ----A---- C:\WINDOWS\system32\neth.dll
2008-11-16 23:32:49 ----A---- C:\WINDOWS\system32\netevent.dll
2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\netapi.dll
2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\nbtstat.exe
2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\narrhook.dll
2008-11-16 23:32:48 ----A---- C:\WINDOWS\system32\mycomput.dll
2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\msxmlr.dll
2008-11-16 23:32:47 ----A---- C:\WINDOWS\system32\msxml3r.dll
2008-11-16 23:32:46 ----A---- C:\WINDOWS\system32\msxml2r.dll
2008-11-16 23:32:46 ----A---- C:\WINDOWS\system32\msvideo.dll
2008-11-16 23:32:46 ----A---- C:\WINDOWS\system32\msvidc32.dll
2008-11-16 23:32:46 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\msvcp50.dll
2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\msswchx.exe
2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\msswch.dll
2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\mssip32.dll
2008-11-16 23:32:45 ----A---- C:\WINDOWS\system32\mssign32.dll
2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msrecr40.dll
2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msrclr40.dll
2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msratelc.dll
2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msr2c.dll
2008-11-16 23:32:44 ----A---- C:\WINDOWS\system32\msports.dll
2008-11-16 23:32:43 ----A---- C:\WINDOWS\system32\msobjs.dll
2008-11-16 23:32:38 ----A---- C:\WINDOWS\system32\msls31.dll
2008-11-16 23:32:38 ----A---- C:\WINDOWS\system32\msidntld.dll
2008-11-16 23:32:37 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-16 23:32:37 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-16 23:32:36 ----A---- C:\WINDOWS\system32\msencode.dll
2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\mscat32.dll
2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\msaudite.dll
2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\msacm.dll
2008-11-16 23:32:35 ----A---- C:\WINDOWS\system32\msaatext.dll
2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mrinfo.exe
2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mprui.dll
2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mprmsg.dll
2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mprdim.dll
2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mprddm.dll
2008-11-16 23:32:34 ----A---- C:\WINDOWS\system32\mpnotify.exe
2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\mountvol.exe
2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\more.com
2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\modex.dll
2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\mode.com
2008-11-16 23:32:33 ----A---- C:\WINDOWS\system32\mmutilse.dll
2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mmdrv.dll
2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mll_qic.dll
2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mll_hp.dll
2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\mimefilt.dll
2008-11-16 23:32:32 ----A---- C:\WINDOWS\system32\migpwd.exe
2008-11-16 23:32:31 ----A---- C:\WINDOWS\system32\mfc40u.dll
2008-11-16 23:32:31 ----A---- C:\WINDOWS\system32\mfc40.dll
2008-11-16 23:32:30 ----A---- C:\WINDOWS\system32\mem.exe

======List of files/folders modified in the last 1 months======

2008-11-20 19:37:36 ----SHD---- C:\WINDOWS\Installer
2008-11-20 19:37:36 ----HD---- C:\Config.Msi
2008-11-20 19:37:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-20 19:37:17 ----D---- C:\Program Files\Microsoft.NET
2008-11-20 18:44:16 ----HD---- C:\hp
2008-11-20 18:44:15 ----D---- C:\WINDOWS\CREATOR
2008-11-20 18:42:06 ----D---- C:\WINDOWS\SMINST
2008-11-20 18:42:00 ----D---- C:\Program Files\Fichiers communs\Services
2008-11-20 18:41:53 ----D---- C:\WINDOWS\system32\ras
2008-11-20 18:41:46 ----D---- C:\WINDOWS\system32\icsxml
2008-11-20 18:41:45 ----D---- C:\WINDOWS\system32\ias
2008-11-20 18:41:15 ----RD---- C:\WINDOWS\Web
2008-11-20 18:41:15 ----D---- C:\WINDOWS\Media
2008-11-20 18:41:15 ----D---- C:\WINDOWS\addins
2008-11-20 18:41:05 ----D---- C:\WINDOWS\Cursors
2008-11-20 18:21:12 ----D---- C:\WINDOWS\Temp
2008-11-20 18:16:54 ----D---- C:\WINDOWS\system32
2008-11-20 18:16:54 ----D---- C:\Program Files\Fichiers communs
2008-11-20 18:06:32 ----D---- C:\WINDOWS\system32\DirectX
2008-11-20 18:06:31 ----HD---- C:\WINDOWS\inf
2008-11-20 18:05:53 ----D---- C:\WINDOWS
2008-11-20 18:05:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-20 18:05:11 ----D---- C:\WINDOWS\system32\drivers
2008-11-20 18:04:46 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-20 17:50:09 ----D---- C:\WINDOWS\system32\config
2008-11-20 17:49:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-20 17:47:41 ----SD---- C:\WINDOWS\Tasks
2008-11-20 17:46:50 ----D---- C:\Program Files\Adobe
2008-11-20 17:44:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-20 17:43:39 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-20 17:42:43 ----A---- C:\WINDOWS\setuplog.txt
2008-11-20 17:42:10 ----D---- C:\WINDOWS\system32\wbem
2008-11-20 17:42:10 ----D---- C:\WINDOWS\system32\Setup
2008-11-20 17:42:10 ----D---- C:\WINDOWS\AppPatch
2008-11-20 17:42:10 ----D---- C:\Program Files\Internet Explorer
2008-11-20 17:42:09 ----RSD---- C:\WINDOWS\Fonts
2008-11-20 17:42:04 ----D---- C:\WINDOWS\Help
2008-11-20 17:42:02 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2008-11-20 17:41:30 ----D---- C:\WINDOWS\security
2008-11-20 17:38:33 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-20 17:36:40 ----D---- C:\WINDOWS\WinSxS
2008-11-20 17:36:38 ----D---- C:\Program Files\Messenger
2008-11-20 17:36:36 ----D---- C:\Program Files\Windows Media Player
2008-11-20 17:36:30 ----D---- C:\WINDOWS\ime
2008-11-20 17:36:23 ----D---- C:\WINDOWS\system32\usmt
2008-11-20 17:36:22 ----D---- C:\WINDOWS\PeerNet
2008-11-20 17:36:22 ----D---- C:\Program Files\Movie Maker
2008-11-20 17:36:22 ----AD---- C:\WINDOWS\system32\fr
2008-11-20 17:35:11 ----D---- C:\WINDOWS\system32\Restore
2008-11-20 17:35:11 ----D---- C:\WINDOWS\system32\npp
2008-11-20 17:35:10 ----D---- C:\WINDOWS\msagent
2008-11-20 17:35:09 ----D---- C:\WINDOWS\srchasst
2008-11-20 17:35:09 ----D---- C:\Program Files\NetMeeting
2008-11-20 17:35:08 ----D---- C:\WINDOWS\system32\Com
2008-11-20 17:35:06 ----D---- C:\Program Files\Windows NT
2008-11-20 17:35:06 ----D---- C:\Program Files\Outlook Express
2008-11-20 17:35:04 ----D---- C:\Program Files\Fichiers communs\System
2008-11-20 17:34:53 ----D---- C:\WINDOWS\system32\oobe
2008-11-20 17:34:52 ----D---- C:\WINDOWS\system
2008-11-20 17:25:42 ----D---- C:\Program Files\Java
2008-11-20 17:24:11 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-20 17:23:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-20 17:22:29 ----D---- C:\WINDOWS\Debug
2008-11-20 17:12:00 ----RASH---- C:\boot.ini
2008-11-20 17:03:52 ----D---- C:\Program Files\Easy Internet signup
2008-11-20 16:58:37 ----D---- C:\Documents and Settings
2008-11-20 16:57:35 ----D---- C:\sysprep
2008-11-20 16:56:49 ----D---- C:\Program Files\Fichiers communs\InstallShield
2008-11-20 16:53:51 ----D---- C:\WINDOWS\Registration
2008-11-20 16:48:13 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-18 26944]
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 41856]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-18 110160]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-18 50864]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-18 94032]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-18 23152]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-06 13872]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
S3 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-29 229888]
S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-09-23 173312]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-20 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-20 66872]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-08 401408]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-20 107832]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-21 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 268800]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]

-----------------EOF-----------------



And my info.txt is here:

info.txt logfile of random's system information tool 1.04 2008-11-20 20:03:13

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Agere Systems PCI Soft Modem-->agrsmdel
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Call of Duty® - World at War™-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l3084
Encyclopédie Microsoft Encarta 2005-->MsiExec.exe /I{05460044-64A6-4248-A026-9745C1E9E159}
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HP Appareils photos Photosmart 4.0-->C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2.3-->C:\Program Files\HP\Digital Imaging\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ423-->MsiExec.exe /X{561A9B4E-2E48-4149-B977-59C7AFF62B52}
InterVideo DiscLabel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{00FC6799-866E-44A1-A60C-DCF394CF56FD}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PC-Doctor for Windows-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1036
Photosmart 320,370,7400,8100,8400 Series (fra)-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 clicks.smartbizsearch.com
127.0.0.1 smartbizsearch.com
127.0.0.1 copy-book.com
127.0.0.1 ask.com
127.0.0.1 pillsexpert.com

======Security center information======

AV: avast! antivirus 4.8.1290 [VPS 081120-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


That's it

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:18 PM

Posted 21 November 2008 - 06:46 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 zerrogh

zerrogh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 21 November 2008 - 12:23 PM

Ok so here is the log:

ComboFix 08-11-20.02 - HP_Propriétaire 2008-11-21 12:19:59.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.675 [GMT -5:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_PRO~1\LOCALS~1\Temp\install_flash_player.exe
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-21 au 2008-11-21 ))))))))))))))))))))))))))))))))))))
.

2008-11-20 23:23 . 2008-11-20 23:23 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\teamspeak2
2008-11-20 23:23 . 2008-11-20 23:23 34,064 --a------ c:\windows\system32\lhacm.acm
2008-11-20 23:22 . 2008-11-20 23:23 <REP> d-------- c:\program files\Teamspeak2_RC2
2008-11-20 21:52 . 2008-11-20 21:52 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ventrilo
2008-11-20 21:51 . 2008-11-20 21:51 <REP> d-------- c:\program files\Ventrilo
2008-11-20 21:51 . 2008-11-20 21:51 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-20 21:51 . 2008-11-20 21:51 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-20 21:29 . 2008-11-20 21:29 <REP> d-------- c:\program files\America's Army Server Manager
2008-11-20 21:28 . 2008-11-20 21:48 <REP> d-------- c:\program files\America's Army
2008-11-20 20:28 . 2008-11-20 20:28 <REP> d-------- c:\program files\Messenger Plus! Live
2008-11-20 20:28 . 2008-11-20 20:28 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData
2008-11-20 20:28 . 2008-11-20 20:28 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData
2008-11-20 20:25 . 2008-11-20 23:18 <REP> d-------- c:\documents and settings\HP_Propriétaire\Tracing
2008-11-20 20:25 . 2008-11-20 23:18 <REP> d-------- c:\documents and settings\HP_Propriétaire\Tracing
2008-11-20 20:23 . 2008-11-20 20:23 <REP> d-------- c:\program files\Microsoft
2008-11-20 20:21 . 2008-11-20 20:21 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-11-20 20:19 . 2008-11-20 20:23 <REP> d-------- c:\program files\Windows Live
2008-11-20 19:51 . 2008-11-20 20:03 <REP> d-------- C:\rsit
2008-11-20 19:51 . 2008-11-20 20:03 <REP> d-------- c:\program files\trend micro
2008-11-20 19:37 . 2008-11-20 19:37 <REP> d-------- c:\program files\Reference Assemblies
2008-11-20 18:44 . 2008-11-20 17:50 241 --a------ c:\windows\system\hpsysdrv.dat
2008-11-20 18:42 . 2008-11-20 18:44 <REP> d-------- c:\windows\I386
2008-11-20 18:34 . 2008-11-20 23:22 <REP> dr------- C:\Program Files
2008-11-20 18:34 . 2008-11-20 18:41 <REP> dr-h----- C:\MSOCache
2008-11-20 18:34 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\Default User\Menu Démarrer
2008-11-20 18:34 . 2008-11-20 20:22 <REP> dr------- c:\documents and settings\All Users\Menu Démarrer
2008-11-20 18:34 . 2008-11-21 11:18 <REP> dr------- c:\documents and settings\All Users\Documents
2008-11-20 18:32 . 2008-11-20 17:46 <REP> dr-hsc--- c:\windows\system32\dllcache
2008-11-20 18:32 . 2008-11-20 18:41 <REP> dr------- c:\windows\system32\config\systemprofile\Menu Démarrer
2008-11-20 18:16 . 2008-04-22 22:20 1,584,149 --a------ c:\windows\system32\setupapinew.dll
2008-11-20 18:16 . 2006-11-02 12:47 1,162,656 --a------ c:\windows\system32\ntdllnew.dll
2008-11-20 18:16 . 2008-04-12 18:13 1,029,126 --a------ c:\windows\system32\d3d10.dll
2008-11-20 18:16 . 2008-05-04 17:42 789,525 --a------ c:\windows\system32\rpcrt4new.dll
2008-11-20 18:16 . 2006-11-29 14:06 440,080 --a------ c:\windows\system32\d3dx10.dll
2008-11-20 18:16 . 2004-12-08 17:57 376,832 --a------ c:\windows\system32\M2000Twn.dll
2008-11-20 18:16 . 2007-04-18 02:13 25,037 --a------ c:\windows\system32\Nucleus.dll
2008-11-20 18:16 . 2008-03-09 07:25 236 --ah----- c:\program files\Fichiers communs\dx.reg
2008-11-20 18:05 . 2008-11-20 18:06 <REP> d-------- c:\windows\LastGood
2008-11-20 18:05 . 2008-11-21 11:20 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 18:05 . 2008-11-20 18:05 22,328 --a------ c:\documents and settings\HP_Propriétaire\Application Data\PnkBstrK.sys
2008-11-20 18:04 . 2008-11-20 18:04 <REP> d-------- c:\windows\system32\LogFiles
2008-11-20 18:04 . 2008-11-20 18:04 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-11-20 18:04 . 2008-11-21 11:20 202,352 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-20 18:04 . 2008-11-20 18:04 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-20 17:53 . 2008-11-20 17:53 <REP> d-------- c:\program files\Activision
2008-11-20 17:48 . 2008-11-20 17:48 <REP> d-------- c:\program files\Fichiers communs\Adobe
2008-11-20 17:46 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-11-20 17:46 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-11-20 17:35 . 2008-11-20 17:35 <REP> d-------- c:\windows\ServicePackFiles
2008-11-20 17:35 . 2008-04-13 19:34 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-11-20 17:34 . 2008-11-20 17:34 <REP> d-------- c:\program files\Alwil Software
2008-11-20 17:31 . 2007-08-10 08:18 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-20 17:31 . 2006-12-28 12:01 19,569 --a------ c:\windows\002574_.tmp
2008-11-20 17:30 . 2008-11-20 17:30 <REP> d-------- C:\NVIDIA
2008-11-20 17:27 . 2008-11-20 17:27 <REP> d-------- c:\windows\EHome
2008-11-20 17:25 . 2008-11-20 17:25 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-20 17:25 . 2008-11-20 17:25 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-20 17:24 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-20 17:23 . 2008-11-20 17:23 <REP> d-------- c:\windows\Logs
2008-11-20 17:23 . 2008-11-20 17:24 <REP> d-------- c:\program files\SystemRequirementsLab
2008-11-20 17:22 . 2008-11-20 17:22 <REP> d--hs---- c:\windows\ftpcache
2008-11-20 17:07 . 2008-11-20 17:42 <REP> d-------- c:\windows\nview
2008-11-20 17:07 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-20 17:07 . 2008-11-20 17:50 198,698 --a------ c:\windows\system32\nvapps.xml
2008-11-20 17:07 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-20 17:06 . 2008-11-20 17:06 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-20 17:06 . 2008-11-20 17:06 1,409 --a------ c:\windows\QTFont.for
2008-11-20 16:59 . 2008-04-13 19:33 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-20 16:59 . 2008-11-20 16:59 1,652 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_PP163AA-ABA A800N_YC_0Pavi_QMXK448_E51FCheBLT2_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L40C_M1024_J160_7AMD_8Athlon XP_92.2_#081117_N11063065_Z11C1048C_G.MRK
2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS
2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS
2008-11-20 16:58 . 2008-11-20 17:06 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage réseau
2008-11-20 16:58 . 2008-11-20 17:06 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage réseau
2008-11-20 16:58 . 2004-11-04 14:37 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage d'impression
2008-11-20 16:58 . 2004-11-04 14:37 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage d'impression
2008-11-20 16:58 . 2008-11-20 18:41 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Modèles
2008-11-20 16:58 . 2008-11-20 18:41 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Modèles
2008-11-20 16:58 . 2008-11-20 20:23 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents
2008-11-20 16:58 . 2008-11-20 20:23 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents
2008-11-20 16:58 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\HP_Propriétaire\Menu Démarrer
2008-11-20 16:58 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\HP_Propriétaire\Menu Démarrer
2008-11-20 16:58 . 2008-11-20 18:16 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris
2008-11-20 16:58 . 2008-11-20 18:16 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris
2008-11-20 16:58 . 2008-11-21 12:17 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau
2008-11-20 16:58 . 2008-11-21 12:17 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau
2008-11-20 16:58 . 2004-11-04 23:22 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView
2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer
2008-11-20 16:58 . 2008-11-20 20:28 <REP> d-------- c:\documents and settings\HP_Propriétaire
2008-11-20 16:57 . 2004-11-04 22:36 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-11-20 16:57 . 2003-09-10 23:36 21,060 --------- c:\windows\system32\drivers\iviaspi.sys
2008-11-20 16:57 . 2003-09-19 01:47 10,368 --------- c:\windows\system32\drivers\pfc.sys
2008-11-20 16:56 . 2008-11-20 16:56 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-11-20 16:56 . 2004-04-16 11:24 61,440 --a------ c:\windows\system32\ISUSPM.cpl
2008-11-20 16:55 . 2008-11-20 16:57 <REP> d-------- c:\program files\InterVideo
2008-11-20 16:55 . 2008-10-07 13:33 6,133,856 --a------ c:\windows\system32\drivers\nv4_mini.sys
2008-11-20 16:55 . 2008-10-07 13:33 6,058,112 --a------ c:\windows\system32\nv4_disp.dll
2008-11-20 16:55 . 2004-09-27 14:09 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
2008-11-20 16:55 . 2004-09-27 14:09 200,704 --a------ c:\windows\system32\IVIresizeA6.dll
2008-11-20 16:55 . 2004-09-27 14:09 192,512 --a------ c:\windows\system32\IVIresizeP6.dll
2008-11-20 16:55 . 2004-09-27 14:09 192,512 --a------ c:\windows\system32\IVIresizeM6.dll
2008-11-20 16:55 . 2004-09-27 14:09 188,416 --a------ c:\windows\system32\IVIresizePX.dll
2008-11-20 16:55 . 2004-09-27 14:09 20,480 --a------ c:\windows\system32\IVIresize.dll
2008-11-20 16:54 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\Default User\WINDOWS
2008-11-20 16:54 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUninst.exe
2008-11-17 00:02 . 2004-08-04 15:00 1,114,896 --a------ c:\windows\system32\esent97.dll
2008-11-17 00:01 . 2004-08-04 15:00 1,817,687 --a--c--- c:\windows\system32\dllcache\bckgres.dll
2008-11-17 00:00 . 2004-08-04 15:00 135,680 --a--c--- c:\windows\system32\dllcache\acledit.dll
2008-11-16 23:34 . 2004-08-03 23:00 3,374,512 --a--c--- c:\windows\system32\dllcache\tourP.exe
2008-11-16 23:33 . 2004-08-03 23:00 2,178,131 --a--c--- c:\windows\system32\dllcache\shvlres.dll
2008-11-16 23:32 . 2004-08-03 23:00 4,399,505 --a--c--- c:\windows\system32\dllcache\nls302en.lex

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 00:37 --------- d-----w c:\program files\Microsoft.NET
2008-11-20 23:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 22:42 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-20 22:25 --------- d-----w c:\program files\Java
2008-11-20 22:03 --------- d-----w c:\program files\Easy Internet signup
2008-11-20 21:56 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-09-09 05:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-20 133104]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-20 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-11-04 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-08 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [29/05/2004 05:31:38 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [04/11/2004 22:45:46 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/11/2008 17:34:31 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [20/11/2008 17:34:31 20560]

*Newly Created Service* - PNKBSTRA
*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-20 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50]

2008-11-21 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\HP_Propri []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-VTTimer - VTTimer.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 12:21:54
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-21 12:22:45
ComboFix-quarantined-files.txt 2008-11-21 17:22:29

Avant-CF: 130 430 287 872 octets libres
Après-CF: 130,477,002,752 octets libres

232

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:18 PM

Posted 22 November 2008 - 09:18 AM

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/ind...howtopic=180735

Suspect::[52]
c:\windows\system32\setupapinew.dll
c:\windows\system32\ntdllnew.dll
c:\windows\system32\d3d10.dll
c:\windows\system32\rpcrt4new.dll
c:\windows\system32\d3dx10.dll
c:\windows\system32\M2000Twn.dll
c:\windows\system32\Nucleus.dll
c:\program files\Fichiers communs\dx.reg


Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

======================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 zerrogh

zerrogh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 22 November 2008 - 07:07 PM

Hey,

Here is the malwarebyte's log:
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 3

2008-11-22 19:03:18
mbam-log-2008-11-22 (19-03-18).txt

Type de recherche: Examen rapide
Eléments examinés: 50783
Temps écoulé: 2 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

This is in french but it mean nothing is infected.

And here my combofix log:

ComboFix 08-11-22.02 - HP_Propriétaire 2008-11-22 18:40:36.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.665 [GMT -5:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 ))))))))))))))))))))))))))))))))))))
.

2008-11-21 22:00 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-11-21 20:04 . 2008-11-21 20:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-21 18:20 . 2008-11-21 20:05 <REP> d-------- c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-21 16:10 . 2008-11-21 16:10 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-11-21 16:07 . 2008-11-21 16:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Logitech
2008-11-21 16:06 . 2008-09-26 10:52 10,384 --a------ c:\windows\system32\drivers\LBeepKE.sys
2008-11-21 16:06 . 2008-11-21 16:06 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-21 16:06 . 2008-11-21 16:06 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-11-21 16:06 . 2008-11-21 16:06 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-21 16:06 . 2008-11-21 16:06 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-11-21 16:05 . 2008-11-21 16:05 <REP> d-------- c:\windows\Drivers
2008-11-21 16:05 . 2008-11-21 16:05 <REP> d-------- c:\program files\Logitech
2008-11-21 16:05 . 2008-11-21 16:05 <REP> d-------- c:\program files\Fichiers communs\Logishrd
2008-11-21 16:05 . 2008-11-21 16:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-11-21 16:05 . 2008-10-27 12:52 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2008-11-21 16:05 . 2008-10-27 12:53 170,512 --a------ c:\windows\system32\kemutb.dll
2008-11-21 16:05 . 2008-10-27 12:53 145,936 --a------ c:\windows\system32\KemUtil.dll
2008-11-21 16:05 . 2008-10-27 12:53 117,264 --a------ c:\windows\system32\KemWnd.dll
2008-11-21 16:05 . 2008-10-27 12:54 84,496 --a------ c:\windows\system32\KemXML.dll
2008-11-21 16:05 . 2002-12-24 13:52 54,016 --a------ c:\windows\system32\drivers\ousb2hub.sys
2008-11-21 16:05 . 2002-12-24 13:52 39,040 --a------ c:\windows\system32\drivers\ousbehci.sys
2008-11-21 16:03 . 2008-11-21 16:03 <REP> d-------- c:\program files\VIA
2008-11-21 16:03 . 2007-06-21 17:01 54,312 --------- c:\windows\system32\agrsmdel.exe
2008-11-21 16:03 . 2008-09-25 17:58 21,656 --a------ c:\windows\system32\drivers\xfilt.sys
2008-11-21 16:03 . 2008-09-25 17:57 12,952 --a------ c:\windows\system32\drivers\videX32.sys
2008-11-21 16:02 . 2008-11-21 16:02 <REP> d-------- c:\windows\Options
2008-11-21 16:01 . 2008-11-21 16:01 <REP> d----c--- c:\windows\system32\DRVSTORE
2008-11-21 16:01 . 2008-11-21 16:01 <REP> d-------- C:\Pilotes-pciv92v4v4l
2008-11-21 16:01 . 2006-11-02 07:21 319,456 --------- c:\windows\system32\difxapi.dll
2008-11-21 16:01 . 2006-10-27 16:26 69,632 --a------ c:\windows\system32\vuins32.dll
2008-11-21 16:01 . 2008-06-25 14:36 43,520 --a------ c:\windows\system32\drivers\fetnd5bv.sys
2008-11-21 15:57 . 2008-11-21 15:58 <REP> d-------- c:\program files\ma-config.com
2008-11-21 15:57 . 2008-11-21 15:57 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-21 15:40 . 2008-11-21 15:40 <REP> d-------- c:\program files\Sun
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\windows\Sun
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SystemRequirementsLab
2008-11-21 12:54 . 2008-11-21 12:54 319 --a------ c:\windows\game.ini
2008-11-20 23:23 . 2008-11-21 23:44 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\teamspeak2
2008-11-20 23:23 . 2008-11-20 23:23 34,064 --a------ c:\windows\system32\lhacm.acm
2008-11-20 23:22 . 2008-11-20 23:23 <REP> d-------- c:\program files\Teamspeak2_RC2
2008-11-20 21:52 . 2008-11-20 21:52 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ventrilo
2008-11-20 21:51 . 2008-11-20 21:51 <REP> d-------- c:\program files\Ventrilo
2008-11-20 21:51 . 2008-11-20 21:51 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-20 21:51 . 2008-11-20 21:51 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-20 21:29 . 2008-11-20 21:29 <REP> d-------- c:\program files\America's Army Server Manager
2008-11-20 21:28 . 2008-11-20 21:48 <REP> d-------- c:\program files\America's Army
2008-11-20 20:28 . 2008-11-20 20:28 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData
2008-11-20 20:28 . 2008-11-20 20:28 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData
2008-11-20 20:25 . 2008-11-22 09:11 <REP> d-------- c:\documents and settings\HP_Propriétaire\Tracing
2008-11-20 20:25 . 2008-11-22 09:11 <REP> d-------- c:\documents and settings\HP_Propriétaire\Tracing
2008-11-20 20:23 . 2008-11-20 20:23 <REP> d-------- c:\program files\Microsoft
2008-11-20 19:51 . 2008-11-20 20:03 <REP> d-------- C:\rsit
2008-11-20 19:51 . 2008-11-20 20:03 <REP> d-------- c:\program files\trend micro
2008-11-20 19:37 . 2008-11-20 19:37 <REP> d-------- c:\program files\Reference Assemblies
2008-11-20 18:44 . 2008-11-22 09:15 242 --a------ c:\windows\system\hpsysdrv.dat
2008-11-20 18:42 . 2008-11-20 18:44 <REP> d-------- c:\windows\I386
2008-11-20 18:34 . 2008-11-22 09:23 <REP> dr------- C:\Program Files
2008-11-20 18:34 . 2008-11-20 18:41 <REP> dr-h----- C:\MSOCache
2008-11-20 18:34 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\Default User\Menu Démarrer
2008-11-20 18:34 . 2008-11-22 09:11 <REP> dr------- c:\documents and settings\All Users\Menu Démarrer
2008-11-20 18:34 . 2008-11-21 19:46 <REP> dr------- c:\documents and settings\All Users\Documents
2008-11-20 18:32 . 2008-11-21 22:00 <REP> dr-hsc--- c:\windows\system32\dllcache
2008-11-20 18:32 . 2008-11-20 18:41 <REP> dr------- c:\windows\system32\config\systemprofile\Menu Démarrer
2008-11-20 18:16 . 2008-04-22 22:20 1,584,149 --a------ c:\windows\system32\setupapinew.dll
2008-11-20 18:16 . 2006-11-02 12:47 1,162,656 --a------ c:\windows\system32\ntdllnew.dll
2008-11-20 18:16 . 2008-04-12 18:13 1,029,126 --a------ c:\windows\system32\d3d10.dll
2008-11-20 18:16 . 2008-05-04 17:42 789,525 --a------ c:\windows\system32\rpcrt4new.dll
2008-11-20 18:16 . 2006-11-29 14:06 440,080 --a------ c:\windows\system32\d3dx10.dll
2008-11-20 18:16 . 2004-12-08 17:57 376,832 --a------ c:\windows\system32\M2000Twn.dll
2008-11-20 18:16 . 2007-04-18 02:13 25,037 --a------ c:\windows\system32\Nucleus.dll
2008-11-20 18:16 . 2008-03-09 07:25 236 --ah----- c:\program files\Fichiers communs\dx.reg
2008-11-20 18:05 . 2008-11-21 17:08 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 18:05 . 2008-11-21 13:20 22,328 --a------ c:\documents and settings\HP_Propriétaire\Application Data\PnkBstrK.sys
2008-11-20 18:04 . 2008-11-20 18:04 <REP> d-------- c:\windows\system32\LogFiles
2008-11-20 18:04 . 2008-11-21 13:20 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-11-20 18:04 . 2008-11-21 17:08 202,352 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-20 18:04 . 2008-11-21 14:22 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-20 17:53 . 2008-11-21 13:08 <REP> d-------- c:\program files\Activision
2008-11-20 17:48 . 2008-11-20 17:48 <REP> d-------- c:\program files\Fichiers communs\Adobe
2008-11-20 17:46 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-11-20 17:46 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-11-20 17:35 . 2008-11-20 17:35 <REP> d-------- c:\windows\ServicePackFiles
2008-11-20 17:35 . 2008-04-13 19:34 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-11-20 17:34 . 2008-11-20 17:34 <REP> d-------- c:\program files\Alwil Software
2008-11-20 17:31 . 2007-08-10 08:18 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-20 17:31 . 2006-12-28 12:01 19,569 --a------ c:\windows\002574_.tmp
2008-11-20 17:30 . 2008-11-20 17:30 <REP> d-------- C:\NVIDIA
2008-11-20 17:27 . 2008-11-20 17:27 <REP> d-------- c:\windows\EHome
2008-11-20 17:25 . 2008-11-20 17:25 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-20 17:25 . 2008-11-20 17:25 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-20 17:24 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-20 17:23 . 2008-11-20 17:23 <REP> d-------- c:\windows\Logs
2008-11-20 17:23 . 2008-11-20 17:24 <REP> d-------- c:\program files\SystemRequirementsLab
2008-11-20 17:22 . 2008-11-20 17:22 <REP> d--hs---- c:\windows\ftpcache
2008-11-20 17:07 . 2008-11-21 22:02 <REP> d-------- c:\windows\nview
2008-11-20 17:07 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-20 17:07 . 2008-11-22 09:15 196,202 --a------ c:\windows\system32\nvapps.xml
2008-11-20 17:07 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-20 17:06 . 2008-11-20 17:06 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-20 17:06 . 2008-11-20 17:06 1,409 --a------ c:\windows\QTFont.for
2008-11-20 16:59 . 2008-04-13 19:33 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-20 16:59 . 2008-11-20 16:59 1,652 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_PP163AA-ABA A800N_YC_0Pavi_QMXK448_E51FCheBLT2_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L40C_M1024_J160_7AMD_8Athlon XP_92.2_#081117_N11063065_Z11C1048C_G.MRK
2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS
2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS
2008-11-20 16:58 . 2008-11-20 17:06 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage réseau
2008-11-20 16:58 . 2008-11-20 17:06 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage réseau
2008-11-20 16:58 . 2004-11-04 14:37 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage d'impression
2008-11-20 16:58 . 2004-11-04 14:37 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Voisinage d'impression
2008-11-20 16:58 . 2008-11-20 18:41 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Modèles
2008-11-20 16:58 . 2008-11-20 18:41 <REP> d--h----- c:\documents and settings\HP_Propriétaire\Modèles
2008-11-20 16:58 . 2008-11-22 09:20 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents
2008-11-20 16:58 . 2008-11-22 09:20 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents
2008-11-20 16:58 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\HP_Propriétaire\Menu Démarrer
2008-11-20 16:58 . 2008-11-20 18:41 <REP> dr------- c:\documents and settings\HP_Propriétaire\Menu Démarrer
2008-11-20 16:58 . 2008-11-20 18:16 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris
2008-11-20 16:58 . 2008-11-20 18:16 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris
2008-11-20 16:58 . 2008-11-22 18:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau
2008-11-20 16:58 . 2008-11-22 18:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau
2008-11-20 16:58 . 2004-11-04 23:22 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView
2008-11-20 16:58 . 2004-11-04 22:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer
2008-11-20 16:58 . 2008-11-20 20:28 <REP> d-------- c:\documents and settings\HP_Propriétaire
2008-11-20 16:57 . 2004-11-04 22:36 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-11-20 16:57 . 2003-09-10 23:36 21,060 --------- c:\windows\system32\drivers\iviaspi.sys
2008-11-20 16:57 . 2003-09-19 01:47 10,368 --------- c:\windows\system32\drivers\pfc.sys
2008-11-20 16:56 . 2008-11-20 16:56 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 04:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 20:39 --------- d-----w c:\program files\Java
2008-11-21 00:37 --------- d-----w c:\program files\Microsoft.NET
2008-11-20 22:42 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-20 22:03 --------- d-----w c:\program files\Easy Internet signup
2008-11-20 21:56 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-10 20:46 69,632 ----a-w c:\windows\KHALMNPR.Exe
2008-09-26 15:53 37,392 ----a-w c:\windows\system32\drivers\LMouFilt.Sys
2008-09-26 15:53 28,816 ----a-w c:\windows\system32\drivers\LUsbFilt.sys
2008-09-26 15:52 35,472 ----a-w c:\windows\system32\drivers\LHidFilt.Sys
2008-09-09 05:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-21_12.22.06,85 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-04-05 23:49:42 64,512 ----a-w c:\windows\agrsmdel.exe
+ 2007-06-21 22:01:28 54,312 ----a-w c:\windows\agrsmdel.exe
- 2008-11-20 23:05:59 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-11-21 18:21:27 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-11-20 23:05:59 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-11-21 18:21:28 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-11-20 23:05:59 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-11-21 18:21:28 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-11-20 23:05:54 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:24 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:54 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:25 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:55 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:25 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:56 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:26 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:56 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:26 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:57 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:26 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:57 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:26 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:57 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:27 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:58 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:27 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:59 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-21 18:21:28 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-20 23:05:59 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-11-21 18:21:28 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-11-20 23:05:59 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-11-21 18:21:28 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-11-20 23:05:59 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-11-21 18:21:29 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-11-20 23:05:59 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-11-21 18:21:29 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-11-20 23:05:59 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-11-21 18:21:27 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2002-12-24 18:52:40 54,016 ------w c:\windows\Drivers\ousb2\ousb2hub.sys
+ 2002-12-24 18:52:40 39,040 ------w c:\windows\Drivers\ousb2\ousbehci.sys
+ 2008-11-21 21:06:38 10,134 ----a-r c:\windows\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe
+ 2008-11-21 21:05:27 10,134 ----a-r c:\windows\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
+ 2008-11-21 19:18:01 10,134 ----a-r c:\windows\Installer\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\ARPPRODUCTICON.exe
+ 2008-11-21 19:19:45 10,134 ----a-r c:\windows\Installer\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\ARPPRODUCTICON.exe
+ 2008-11-22 04:44:57 10,134 ----a-r c:\windows\Installer\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\ARPPRODUCTICON.exe
- 2008-11-20 23:04:44 11,502 ----a-r c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
+ 2008-11-21 18:20:21 11,502 ----a-r c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
+ 2008-11-21 17:54:01 216,358 ----a-r c:\windows\Installer\{E48469CC-635E-4FD5-A122-1497C286D217}\ARPPRODUCTICON.exe
+ 2008-11-22 21:19:33 2,300 ----a-w c:\windows\SoftwareDistribution\EventCache\{5B600A83-8601-458A-87DE-B8C7AD3C2D33}.bin
+ 2008-11-22 02:11:49 2,300 ----a-w c:\windows\SoftwareDistribution\EventCache\{C343480A-A0B6-4CB2-9E07-DAE5D1B854E6}.bin
+ 2006-09-11 20:34:46 13,312 ----a-w c:\windows\system32\agrscoin.dll
+ 2006-10-05 18:10:12 9,216 ----a-w c:\windows\system32\agrsmsvc.exe
+ 2008-04-13 16:45:28 36,864 -c--a-w c:\windows\system32\dllcache\hidclass.sys
+ 2008-04-13 16:45:24 24,960 -c--a-w c:\windows\system32\dllcache\hidparse.sys
+ 2008-04-13 16:45:28 10,368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
+ 2008-04-14 00:04:36 37,632 -c--a-w c:\windows\system32\dllcache\isapnp.sys
+ 2008-04-13 23:53:20 23,680 -c--a-w c:\windows\system32\dllcache\mouclass.sys
+ 2001-08-23 22:04:42 12,288 -c--a-w c:\windows\system32\dllcache\mouhid.sys
+ 2008-10-07 18:33:00 6,133,856 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys
- 2004-06-29 22:07:18 1,268,204 ----a-w c:\windows\system32\drivers\AGRSM.sys
+ 2007-07-16 19:49:34 1,212,288 ----a-w c:\windows\system32\drivers\AGRSM.sys
+ 2006-11-02 12:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2006-11-02 12:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2006-11-02 12:21:54 319,456 -c--a-w c:\windows\system32\DRVSTORE\FETNDIS_65DEB2693536D41917BF3797E3E6B5E4CDBBAEDC\difxapi.dll
+ 2008-06-25 19:36:08 43,520 -c--a-w c:\windows\system32\DRVSTORE\FETNDIS_65DEB2693536D41917BF3797E3E6B5E4CDBBAEDC\fetnd5bv.sys
+ 2006-10-27 21:26:56 69,632 -c--a-w c:\windows\system32\DRVSTORE\FETNDIS_65DEB2693536D41917BF3797E3E6B5E4CDBBAEDC\vuins32.dll
- 2008-11-20 22:42:13 176,264 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-21 21:08:21 179,448 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2003-11-12 06:41:00 41,984 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\fetnd5b.sys
+ 2004-06-29 22:07:18 1,268,204 ----a-w c:\windows\system32\ReinstallBackups\0009\DriverFiles\AGRSM.sys
+ 2004-04-05 23:49:42 64,512 ----a-w c:\windows\system32\ReinstallBackups\0009\DriverFiles\agrsmdel.exe
+ 2004-06-29 22:06:38 88,363 ----a-w c:\windows\system32\ReinstallBackups\0009\DriverFiles\AGRSMMSG.exe
+ 2008-04-14 00:04:36 37,632 ----a-w c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\isapnp.sys
+ 2008-04-13 16:40:32 96,512 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
+ 2004-08-04 04:00:00 3,328 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\pciide.sys
+ 2008-04-13 16:40:30 24,960 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\pciidex.sys
+ 2008-04-13 16:40:32 96,512 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
+ 2008-04-13 16:40:30 24,960 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\pciidex.sys
+ 2008-04-13 16:40:32 5,376 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\viaide.sys
+ 2008-04-14 00:33:28 20,992 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hid.dll
+ 2008-04-13 16:45:28 36,864 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hidclass.sys
+ 2008-04-13 16:45:24 24,960 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hidparse.sys
+ 2008-04-13 16:45:28 10,368 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hidusb.sys
+ 2008-04-13 23:53:20 23,680 ----a-w c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\mouclass.sys
+ 2001-08-23 22:04:42 12,288 ----a-w c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\mouhid.sys
+ 2008-10-07 18:33:00 6,058,112 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_disp.dll
+ 2008-10-07 18:33:00 6,133,856 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_mini.sys
+ 2008-10-07 18:33:00 475,136 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvapi.dll
+ 2008-10-07 18:33:00 122,880 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcod.dll
+ 2008-10-07 18:33:00 13,574,144 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcpl.dll
+ 2008-10-07 18:33:00 1,368,064 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcuda.dll
+ 2008-10-07 18:33:00 3,989,504 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvdisps.dll
+ 2008-10-07 18:33:00 5,799,936 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvdispsr.dll
+ 2008-10-07 18:33:00 3,444,736 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvgames.dll
+ 2008-10-07 18:33:00 3,457,024 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvgamesr.dll
+ 2008-10-07 18:33:00 229,376 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccs.dll
+ 2008-10-07 18:33:00 188,416 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccss.dll
+ 2008-10-07 18:33:00 458,752 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccssr.dll
+ 2008-10-07 18:33:00 86,016 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmctray.dll
+ 2008-10-07 18:33:00 1,257,472 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmobls.dll
+ 2008-10-07 18:33:00 2,854,912 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmoblsr.dll
+ 2008-10-07 18:33:00 286,720 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvnt4cpl.dll
+ 2008-10-07 18:33:00 8,826,880 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvoglnt.dll
+ 2008-10-07 18:33:00 163,908 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvsvc32.exe
+ 2008-10-07 18:33:00 3,764,224 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvvitvs.dll
+ 2008-10-07 18:33:00 4,149,248 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvvitvsr.dll
+ 2008-10-07 18:33:00 81,920 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwddi.dll
+ 2008-10-07 18:33:00 2,686,976 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwss.dll
+ 2008-10-07 18:33:00 2,981,888 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwssr.dll
+ 2007-06-22 17:34:02 1,419,232 ----a-w c:\windows\system32\WdfCoInstaller01005.dll
+ 2008-11-22 14:15:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2008-11-22 14:15:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2006-12-02 03:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-20 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-20 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-11-04 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-08 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-04 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [29/05/2004 05:31:38 241664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [21/11/2008 16:05:44 809488]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [04/11/2004 22:45:46 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-10-27 12:57 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [21/11/2008 16:03:39 12952]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [21/11/2008 16:03:39 21656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/11/2008 17:34:31 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [20/11/2008 17:34:31 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [21/11/2008 16:06:43 10384]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [17/11/2008 08:05:32 195752]
.
Contenu du dossier 'Tâches planifiées'

2008-11-20 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50]

2008-11-22 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\HP_Propri []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 18:42:16
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
.
Heure de fin: 2008-11-22 18:43:10
ComboFix-quarantined-files.txt 2008-11-22 23:43:04
ComboFix2.txt 2008-11-21 17:22:46

Avant-CF: 106 638 766 080 octets libres
Après-CF: 106,700,263,424 octets libres

365

But nothing change, I have the popup, the redirect ... everything.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:18 PM

Posted 23 November 2008 - 12:35 PM

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #5 - Search and clean DNS Hijack by typing 5 and press "Enter"; a text file will appear.

It may bring up a message that ways "Your computer may be victim of a DNS Hijack: 85.255.x.x"
Do you want to set your network to dynamic - DHCP server?

Click on "Yes"

Reboot

Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 zerrogh

zerrogh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 25 November 2008 - 08:06 PM

Hey,
you said:

It may bring up a message that ways "Your computer may be victim of a DNS Hijack: 85.255.x.x"


but I don't get this message :thumbsup:

Here is the log:
SmitFraudFix v2.378

Rapport fait à 20:05:07,62, 2008-11-25
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Mes documents\T‚l‚chargements\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0C7F986B-23AB-4686-A713-57659E34EAA1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:18 PM

Posted 26 November 2008 - 03:10 PM

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 zerrogh

zerrogh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 26 November 2008 - 05:33 PM

SDFix: Version 1.240
Run by Administrateur on 2008-11-26 at 17:14

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 17:27:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Documents and Settings\\HP_Propri‚taire\\Bureau\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Bureau\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :



Files with Hidden Attributes :

Thu 20 Nov 2008 218 A.SHR --- "C:\BOOT.BAK"

Finished!

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:18 PM

Posted 27 November 2008 - 11:20 AM

Run SDFix once again and follow these steps.
  • Type 3 to Download/Run SAV32CLI from Sophos.
  • Follow the on screen prompts and extract the Sophos files to C:\SAV32CLI
  • When the main scanning screen is displayed type 6 to run a Full scan
  • SAV32CLI will start and scan the system for infected files
  • Please be patient as this scan may take some time
  • When the scan has finished post back the SophosReport.txt from the SDFix folder

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 zerrogh

zerrogh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 28 November 2008 - 07:06 PM

hu,
when I press 3,
The program is closing :thumbsup:

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:18 PM

Posted 29 November 2008 - 10:48 AM

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb and a new combofix log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 zerrogh

zerrogh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 01 December 2008 - 10:01 PM

Suppriée = Delete
Quatantaine = Quarantain
Infectées = Infected
Irréparable = "Cant Repair"



RegUBP2b-HP_Propriétaire.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Supprimé.;
ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe;Probablement BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\HP_Propriétaire\Bureau;L'archive contient des éléments infectés;Quarantaine.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\HP_Propriétaire\Bureau\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\HP_Propriétaire\Bureau;L'archive contient des éléments infectés;Quarantaine.;
xcleaner_full_setup.exe\data016;C:\Documents and Settings\HP_Propriétaire\Bureau\xcleaner_full_setup.exe;BackDoor.Pigeon.origin;;
xcleaner_full_setup.exe;C:\Documents and Settings\HP_Propriétaire\Bureau;L'archive contient des éléments infectés;Quarantaine.;
SmitfraudFix (1).exe\SmitfraudFix\Process.exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements\SmitfraudFix (1).exe;Tool.Prockill;;
SmitfraudFix (1).exe\SmitfraudFix\restart.exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements\SmitfraudFix (1).exe;Tool.ShutDown.11;;
SmitfraudFix (1).exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements;L'archive contient des éléments infectés;Quarantaine.;
Process.exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\HP_Propriétaire\Mes documents\Téléchargements\SmitfraudFix;Tool.ShutDown.11;;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;;
juggler.exe;C:\Program Files\X-Cleaner;BackDoor.Pigeon.origin;Irréparable.Quarantaine.;
A0004418.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP10;Probablement BATCH.Virus;;
A0005194.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP14\A0005194.exe;Probablement BATCH.Virus;;
A0005194.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP14\A0005194.exe;Program.PsExec.171;;
A0005194.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP14;L'archive contient des éléments infectés;Quarantaine.;
A0005197.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP14;Probablement BATCH.Virus;;
A0005237.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP15;Probablement BATCH.Virus;;
A0015208.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP17;Tool.Prockill;;
A0015252.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18\A0015252.exe;Tool.Prockill;;
A0015252.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18\A0015252.exe;Tool.ShutDown.11;;
A0015252.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18;L'archive contient des éléments infectés;Quarantaine.;
A0015265.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18;Tool.Prockill;;
A0015267.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18;Tool.ShutDown.11;;
A0015681.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP18;Tool.Prockill;;
A0020810.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.;
A0021813.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.;
A0022812.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.;
A0022879.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.;
A0023876.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP19;Trojan.StartPage.1505;Supprimé.;
A0024847.reg;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;Trojan.StartPage.1505;Supprimé.;
A0024848.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20\A0024848.exe;Probablement BATCH.Virus;;
A0024848.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20\A0024848.exe;Program.PsExec.171;;
A0024848.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;L'archive contient des éléments infectés;Quarantaine.;
A0024849.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20\A0024849.exe;Tool.Prockill;;
A0024849.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;L'archive contient des éléments infectés;Quarantaine.;
A0024850.exe\data016;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20\A0024850.exe;BackDoor.Pigeon.origin;;
A0024850.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;L'archive contient des éléments infectés;Quarantaine.;
A0024851.exe;C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP20;BackDoor.Pigeon.origin;Irréparable.Quarantaine.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;

Edited by zerrogh, 01 December 2008 - 10:05 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users