High-Tech Santé Médecine Droit-Finances

Réalisation

vidéo numérique

Rechercher : dans
Par :

Win32:Trojan-gen {Other}

Dernière réponse le 28 mai 2009 à 13:22:57 madhi100, le 25 mai 2009 à 11:22:57 
 Signaler ce message aux modérateurs

Bonjour,

Avast détecte un virus Win32:Trojan-gen {Other} à l'emplacement C:\DOCUME~1\Timothee\LOCALS~1\Temp\E_4\com.run. J'ai essayé plusieurs manipulations sans succés. Je suis désormais sans solutions, et ce dû à mes médiocres compétences.

J'ai cru comprendre en lisant les forums que les personnes qui s'y connaissent demandent le rapport de hijackthis. Je me permets donc de le coller ici si cela peut aider à comprendre mon problème.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:29, on 25/05/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\XP-BB7E117D.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Timothee\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [00THotkey] "C:\WINDOWS\System32\00THotkey.exe"
O4 - HKLM\..\Run: [000StTHK] "000StTHK.exe"
O4 - HKLM\..\Run: [TFNF5] "TFNF5.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] "C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [LTSMMSG] "LTSMMSG.exe"
O4 - HKLM\..\Run: [TPSMain] "TPSMain.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] "c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [Drawing System] C:\WINDOWS\System32\ygdwoqlna.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
O4 - HKLM\..\Run: [XP-BB7E117D] C:\WINDOWS\System32\XP-BB7E117D.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\System32\ctfmon.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Timothee\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-BB7E117D.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
End of file - 9967 bytes


Toute aide sera la bienvenue, merci d'avance!!!

Configuration: Windows XP Internet Explorer 6.0

Posez votre question Répondre

1

gen-hackman, le 25 mai 2009 à 11:34:44
  • +1

Salut mets windows à jour via windows update puis :

######## | XP _ Instal & recherche | #######


Telecharge et install UsbFix (de C_XX & Chiquitine29)

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.



G3и-н@¢км@и™©®

   
Répondre à gen-hackman

2

madhi100, le 25 mai 2009 à 14:46:36

Merci d'avoir répondu aussi vite. Cela a pris un peu de temps de faire les mises à jour.

Voila le rapport de Usbfix:

############################## [ UsbFix V3.025 | Scan ]

# User : Timothee (Administrateurs) # TIM
# Update on 22/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 14:38:53 | 25/05/2009

# Intel(R) Pentium(R) M processor 1500MHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 1
# Internet Explorer 6.0.2800.1106
# Windows Firewall Status : Not defined.

# C:\ # Disque fixe local # 55,88 Go (31,29 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 953,73 Mo (922,64 Mo free) [KINGSTON] # FAT
# F:\ # Disque fixe local # 233,7 Go (61,42 Go free) [LACIE] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Documents and Settings\Timothee\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

################## [ Registre Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\System32\\blank.htm"
HKCU_Main: "Search Page"="http://www.google.com"
HKCU_Main: "Start Page"="http://fr.msn.com/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Timothee"
HKLM_logon: "AltDefaultUserName"="Timothee"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon="RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKLM_Run: nwiz="nwiz.exe" /installquiet
HKLM_Run: 00THotkey="C:\WINDOWS\System32\00THotkey.exe"
HKLM_Run: 000StTHK="000StTHK.exe"
HKLM_Run: TFNF5="TFNF5.exe"
HKLM_Run: SigmaTel StacMon="C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe"
HKLM_Run: SynTPLpr="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
HKLM_Run: SynTPEnh="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
HKLM_Run: TouchED="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
HKLM_Run: LTSMMSG="LTSMMSG.exe"
HKLM_Run: TPSMain="TPSMain.exe"
HKLM_Run: TFncKy=TFncKy.exe
HKLM_Run: NDSTray.exe=NDSTray.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
HKLM_Run: PRONoMgr.exe="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe"
HKLM_Run: Drawing System=C:\WINDOWS\System32\ygdwoqlna.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: KernelFaultCheck="%systemroot%\system32\dumprep" 0 -k
HKLM_Run: SpySweeper="C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE="C:\WINDOWS\System32\ctfmon.exe"
HKCU_Run: TOSCDSPD="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
HKCU_Run: MoneyAgent="C:\Program Files\Microsoft Money\System\mnyexpr.exe"
HKCU_Run: Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
HKCU_Run: SpybotSD TeaTimer="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\mitm.exe
Found ! E:\Recycled.exe
Found ! E:\autorun.inf
Found ! F:\autorun.inf

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{2e5fc308-4a6d-11dd-86bb-000e35133187}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{2e5fc308-4a6d-11dd-86bb-000e35133187}\Shell\AutoRun\Command

################## [ Informations # Fichier Suspect ]


################## [ Cracks # Keygens # Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.025 ! ]

   
Répondre à madhi100

3

gen-hackman, le 25 mai 2009 à 14:51:02

Desinstalle spybot , Spysweeper ici present est meilleur ,et, l ayant , tu n as pas besion de spybot derriere.

desinstalle AD-Aware tu n'en as encore moins besoin vu qu il est devenu totalement obsolete

internet explorer n'est pas à jour

ensuite :


######## | Suppression | ########

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


######### | Désinstallation | #######


# Double clic sur le raccourci UsbFix présent sur ton bureau

# Choisi l option Désinstaller .... G3и-н@¢км@и™©®

   
Répondre à gen-hackman

4

madhi100, le 25 mai 2009 à 21:59:01

Rebonjour Gen,

J'ai eu quelques problèmes dans la mise à jour d'internet explorer. Bref, voila le rapport après les modifications et la suppression:

############################## [ UsbFix V3.025 | Cleaning ]

# User : Timothee (Administrateurs) # TIM
# Update on 22/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:48:22 | 25/05/2009

# Intel(R) Pentium(R) M processor 1500MHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090525-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disque fixe local # 55,88 Go (28,28 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 953,73 Mo (924,09 Mo free) [KINGSTON] # FAT
# F:\ # Disque fixe local # 233,7 Go (57,01 Go free) [LACIE] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]


################## [ Listing des fichiers présent ]

[10/10/2003 07:38|--a------|0] - C:\AUTOEXEC.BAT
[25/05/2009 19:04|-rahs----|216] - C:\boot.ini
[30/08/2002 20:00|-rahs----|4952] - C:\Bootfont.bin
[10/10/2003 07:38|--a------|0] - C:\CONFIG.SYS
[10/10/2003 07:38|-rahs----|0] - C:\IO.SYS
[10/10/2003 07:38|-rahs----|0] - C:\MSDOS.SYS
[25/05/2009 18:55|-rahs----|47564] - C:\NTDETECT.COM
[25/05/2009 18:55|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[16/03/2004 13:52|--ah-----|184] - C:\SWSTAMP.TXT
[25/05/2009 21:49|--a------|2680] - C:\UsbFix.txt
[24/05/2009 17:23|--a------|1516899] - E:\TV.exe
[24/05/2009 17:23|--a------|1516899] - E:\Cr‚ation de cabinet.exe
[04/02/2008 13:57|--a------|1612] - E:\BOOTEX.LOG
[17/03/2008 09:34|--a------|143360] - E:\comptes mensuels MARS 2008.xls
[09/05/2009 20:34|--a------|1516899] - E:\Aide Evaluation des risques.exe
[09/05/2009 20:34|--a------|1516899] - E:\Tabac.exe
[09/05/2009 20:34|--a------|1516899] - E:\Polimiroir.exe
[21/11/2007 16:30|--ah-----|4096] - F:\._.Trashes
[22/09/2008 23:16|--ah-----|104452] - F:\.DS_Store
[16/08/2008 17:11|--ah-----|82] - F:\._WEPO Spirituals.sib
[22/09/2008 22:35|--ah-----|82] - F:\._Aranea piece.iMovieProject
[22/09/2008 22:35|--ah-----|82] - F:\._soc.iMovieProject
[16/08/2008 17:11|--ah-----|82] - F:\._Freedom ideas for Peter
[16/08/2008 14:18|--ah-----|82] - F:\._My Great Movie.iMovieProject
[22/09/2008 22:35|--ah-----|82] - F:\._Sounds of Camberwell3.iMovieProject
[22/09/2008 22:35|--ah-----|82] - F:\._Tim movie1.iMovieProject
[22/09/2008 23:13|--ah-----|82] - F:\._Backup.fpbf
[16/08/2008 17:13|--ah-----|82] - F:\._Viva Lucy's Fever Project Invoice
[22/09/2008 23:14|--ah-----|758] - F:\._lucyforde
[16/08/2008 17:11|--ah-----|82] - F:\._cluster.jpg
[31/05/2008 10:45|--ah-----|82] - F:\._DiscLabel 5.1.zip.download
[31/05/2008 12:15|--ah-----|82] - F:\._.TemporaryItems
[16/08/2008 17:11|--ah-----|82] - F:\._Disclabel receipt
[16/08/2008 14:18|--ah-----|82] - F:\._Chisenhale.iMovieProject
[16/08/2008 17:13|--ah-----|82] - F:\._Travel Expenses April 06-April 07
[16/08/2008 17:14|--ah-----|82] - F:\._Lucy Forde Finzi Project Proposal
[16/08/2008 14:18|--ah-----|82] - F:\._Test run.iMovieProject
[22/09/2008 23:16|--ah-----|82] - F:\._Self assessment log of activity.doc
[16/08/2008 17:11|--ah-----|82] - F:\._GSMD 3cHC-SP - Key Points #.doc
[16/08/2008 17:11|--ah-----|82] - F:\._GSMD 3bHC Elective Outline to be.doc
[16/08/2008 17:12|--ah-----|82] - F:\._New York Flight.webarchive
[16/08/2008 17:11|--ah-----|82] - F:\._GSMD 3a.doc
[22/09/2008 23:16|--ah-----|82] - F:\._Self-reflective account
[16/08/2008 17:11|--ah-----|82] - F:\._GSMD 1HC - Mission statem#.doc
[22/09/2008 23:16|--ah-----|82] - F:\._Performing pictures
[16/08/2008 17:11|--ah-----|82] - F:\._Giles Swayne.sib
[16/08/2008 17:47|--ah-----|82] - F:\._A4A New Piece .sib
[16/08/2008 17:11|--ah-----|82] - F:\._WEPO May?June 2008
[16/08/2008 17:11|--ah-----|82] - F:\._WEPO Invoice April 2008
[16/08/2008 17:11|--ah-----|82] - F:\._WEPO Evaluations form Lucy Forde
[22/09/2008 23:16|--ah-----|82] - F:\._General approach to work.doc
[16/08/2008 17:13|--ah-----|82] - F:\._National Express Complaint
[16/08/2008 17:13|--ah-----|82] - F:\._Musicians (Q) 07Dec15.doc.download
[16/08/2008 17:11|--ah-----|82] - F:\._Finale Piece of Debussy.doc
[16/08/2008 17:13|--ah-----|82] - F:\._ThePrintShop2_updater_v206.dmg.download
[22/09/2008 23:16|--ah-----|82] - F:\._How have I developed artistically.doc
[16/08/2008 17:11|--ah-----|82] - F:\._Woldingham Accounts summer term 08.xls
[16/08/2008 17:11|--ah-----|82] - F:\._which registration
[16/08/2008 17:11|--ah-----|82] - F:\._What is a Finzi Scholarship
[16/08/2008 17:14|--ah-----|82] - F:\._Guildhall piece2.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Guildhall piece.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Juniors group 1
[16/08/2008 17:14|--ah-----|82] - F:\._Juniors cellos
[16/08/2008 17:14|--ah-----|82] - F:\._Junior Guildhall Project
[22/09/2008 23:16|--ah-----|82] - F:\._On the flip side to this.doc
[16/08/2008 17:47|--ah-----|82] - F:\._A Dog In the Park String 4tet.sib
[22/09/2008 23:16|--ah-----|82] - F:\._Developing a career pathway.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Batman Theme_1.sib
[20/04/2008 14:09|-rahs----|80384] - F:\eoiiykuxc.exe
[22/09/2008 23:16|--ah-----|82] - F:\._Social and people skills.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Batman Theme_2.sib
[22/09/2008 23:16|--ah-----|82] - F:\._Lucy Forde Self-reflective account.doc
[16/08/2008 17:11|--ah-----|82] - F:\._Viva Lucy's Fever Project 2 invoice
[22/09/2008 23:16|--ah-----|82] - F:\._Lucy Forde log of activity.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Batman Theme_3.sib
[16/08/2008 17:47|--ah-----|82] - F:\._eid.sib
[16/08/2008 17:11|--ah-----|82] - F:\._2hc.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Batman Theme_4.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Charles Dickens project 1.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Cheero cha cha orchestra.sib
[16/08/2008 17:15|--ah-----|82] - F:\._Sounds of Camberwell Evaluation Report.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Cheero cha cha.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Aranea soc list of partners
[16/08/2008 17:47|--ah-----|82] - F:\._Cheero cha cha orchestra 2nd version.sib
[16/08/2008 17:12|--ah-----|82] - F:\._Pachelbel's Canon in D.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Create Alfie's Song.sib
[16/08/2008 17:11|--ah-----|4096] - F:\._cd-label-maker-mac.dmg
[16/08/2008 17:13|--ah-----|82] - F:\._Simpsons Theme.sib
[16/08/2008 17:11|--ah-----|82] - F:\._CCM2 Healthcare Elective Register.xls
[16/08/2008 17:13|--ah-----|82] - F:\._Simpsons page 3.webarchive
[16/08/2008 17:13|--ah-----|82] - F:\._Teachers' pack.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Create Miriam's Song.sib
[16/08/2008 17:11|--ah-----|82] - F:\._Canon Barnett feedback.doc
[16/08/2008 17:11|--ah-----|82] - F:\._cambridge house names
[16/08/2008 17:14|--ah-----|82] - F:\._Timetable 2 for Flute Lessons with Lucy Forde.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Create project 1.sib
[16/08/2008 17:13|--ah-----|82] - F:\._N & N Festival Lucy's Expense Form
[16/08/2008 17:13|--ah-----|82] - F:\._N and N Festival.sib
[16/08/2008 17:14|--ah-----|82] - F:\._London Bela Trio second workshop
[16/08/2008 17:14|--ah-----|82] - F:\._Melvin song.WAV
[16/08/2008 17:11|--ah-----|82] - F:\._Form for Hospitals - Spring Term 08-4.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Debussy Finale Piece_2.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Ding Dong.sib
[16/08/2008 17:11|--ah-----|82] - F:\._finzi info
[16/08/2008 17:14|--ah-----|82] - F:\._Aranea SoC Final Budget
[16/08/2008 17:11|--ah-----|82] - F:\._Finzi Travel Itinerary
[16/08/2008 17:11|--ah-----|82] - F:\._Finzi short list application
[16/08/2008 17:11|--ah-----|82] - F:\._finzi extra bits
[16/08/2008 17:11|--ah-----|82] - F:\._dave and rohanna no text.jpg
[16/08/2008 17:47|--ah-----|82] - F:\._Down in the Jungle_1.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Aranea Final Budget3.xls
[16/08/2008 17:47|--ah-----|82] - F:\._Down in the Jungle creative space_1.sib
[16/08/2008 17:11|--ah-----|82] - F:\._Endellion 4tet Workshop Programme2.doc
[16/08/2008 17:11|--ah-----|82] - F:\._Endellion 4tet Workshop Programme-1.doc
[16/08/2008 17:11|--ah-----|82] - F:\._Council tax refund
[16/08/2008 17:11|--ah-----|82] - F:\._Endellion 4tet Workshop Programme
[16/08/2008 17:47|--ah-----|82] - F:\._Down in the Jungle_2.sib
[16/08/2008 17:11|--ah-----|82] - F:\._CONTRACT Lucy Forde PL MAY 08.doc
[16/08/2008 17:11|--ah-----|82] - F:\._CONTRACT Lucy Forde PL MAY 08-1.doc
[16/08/2008 17:14|--ah-----|82] - F:\._Hospitals info?
[16/08/2008 17:11|--ah-----|82] - F:\._finzi attached form
[16/08/2008 17:10|--ah-----|82] - F:\._Burn Folder.fpbf
[16/08/2008 17:11|--ah-----|82] - F:\._Finzi Application new2.doc
[16/08/2008 17:11|--ah-----|82] - F:\._Finzi Application new
[16/08/2008 17:47|--ah-----|82] - F:\._Down in the Jungle_3.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Down in the Jungle creative space_2.sib
[16/08/2008 17:12|--ah-----|82] - F:\._NLCE CREATE CONCERTS - order and words for Lucy.doc
[16/08/2008 17:12|--ah-----|82] - F:\._Norwich Taxis
[16/08/2008 17:14|--ah-----|82] - F:\._invoice to Aranea
[16/08/2008 17:11|--ah-----|82] - F:\._Freedom running order
[16/08/2008 17:14|--ah-----|82] - F:\._Invoice for Aranea
[16/08/2008 17:14|--ah-----|82] - F:\._Invoice for?
[16/08/2008 17:47|--ah-----|82] - F:\._Down in the Jungle creative space_3.sib
[16/08/2008 17:14|--ah-----|82] - F:\._L Forde Flute lessons
[16/08/2008 17:14|--ah-----|82] - F:\._Kate Harris Invoice
[16/08/2008 17:47|--ah-----|82] - F:\._Down in the Jungle_4.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Create Instrument Inventory and other stuff.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Down in the Jungle_5.sib
[16/08/2008 17:11|--ah-----|82] - F:\._Freedom ideas.doc
[16/08/2008 17:13|--ah-----|82] - F:\._Music and Wellbeing questionnaire
[16/08/2008 17:11|--ah-----|82] - F:\._Freedom ideas
[16/08/2008 17:13|--ah-----|82] - F:\._melvin's real song.WAV
[16/08/2008 17:11|--ah-----|82] - F:\._Apollo Hospital letter
[16/08/2008 17:15|--ah-----|82] - F:\._Songs for Sarah
[16/08/2008 17:15|--ah-----|82] - F:\._Song?poem words
[16/08/2008 17:47|--ah-----|82] - F:\._ESQ Final workshop piece_1.sib
[16/08/2008 17:11|--ah-----|82] - F:\._Apollo Doctor details
[16/08/2008 17:15|--ah-----|82] - F:\._slave trade.doc
[16/08/2008 17:11|--ah-----|82] - F:\._flats to rent
[16/08/2008 17:11|--ah-----|82] - F:\._Disk label registration.doc
[16/08/2008 17:11|--ah-----|4096] - F:\._disclabel_3-2.dmg
[16/08/2008 17:13|--ah-----|82] - F:\._Simpsons page 4.webarchive
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ Final programme
[16/08/2008 17:13|--ah-----|82] - F:\._Simpsons page 2.webarchive
[16/08/2008 17:13|--ah-----|82] - F:\._Simpsons page 1.webarchive
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ Family Day Concert Programme2.doc
[16/08/2008 17:47|--ah-----|82] - F:\._ESQ Final workshop piece_2.sib
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ Family Day Concert Programme
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ Endellion's final running order
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ Blues.sib
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ - Ideas for Workshop.doc
[16/08/2008 17:47|--ah-----|82] - F:\._Fl Ob A Section.sib
[16/08/2008 17:47|--ah-----|82] - F:\._ESQ Final workshop piece_3.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Holistic and Beauty Therapy
[16/08/2008 17:14|--ah-----|82] - F:\._Hen night order
[16/08/2008 17:11|--ah-----|82] - F:\._EmW introduction
[16/08/2008 17:14|--ah-----|82] - F:\._Harrodian Invoice
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ parts.sib
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ MY PROGRAMME SHORT.doc
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ MY PROGRAMME LONG.doc
[16/08/2008 17:14|--ah-----|82] - F:\._Harrodian intro letter
[16/08/2008 17:14|--ah-----|82] - F:\._harrodian Flute Timetable.doc
[16/08/2008 17:11|--ah-----|82] - F:\._Endellion String Quartet rep for workshop
[16/08/2008 17:11|--ah-----|82] - F:\._Endellion String Quartet Concert Programme.doc
[16/08/2008 17:47|--ah-----|82] - F:\._ESQ Final workshop piece_4.sib
[16/08/2008 17:15|--ah-----|82] - F:\._Aranea Changes in the Budget.doc
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ LARGE CONCERT PROGRAMME
[16/08/2008 17:47|--ah-----|82] - F:\._Fl%20Ob A Section.sib
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ Impressions
[16/08/2008 17:11|--ah-----|82] - F:\._Ellin Mai Lee New Invoice Summer term 08.doc
[16/08/2008 17:11|--ah-----|82] - F:\._Education Elective student comments
[16/08/2008 17:13|--ah-----|82] - F:\._UCH and Whipps X programme
[16/08/2008 17:11|--ah-----|82] - F:\._East meets West Diversity.sib
[16/08/2008 17:47|--ah-----|82] - F:\._ESQ Final workshop piece_5.sib
[16/08/2008 17:47|--ah-----|82] - F:\._ESQ Final workshop piece_6.sib
[16/08/2008 17:11|--ah-----|82] - F:\._answers
[16/08/2008 17:14|--ah-----|82] - F:\._East meets west 2nd tune.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Down in the Jungle.sib
[16/08/2008 17:47|--ah-----|82] - F:\._ESQ Final workshop piece_7.sib
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ?NN Ideas from David Waterman
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ?NN Festival recordings needed
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ Timetable details
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ MY ORDER
[?|?|?] - F:\._ESQ Lucy's Plan for the Workshop.doc
[16/08/2008 17:14|--ah-----|82] - F:\._Kariosa ensemble 1st feb 08
[16/08/2008 17:14|--ah-----|82] - F:\._Juniors group 2.doc
[16/08/2008 17:11|--ah-----|82] - F:\._ESQ HELLESDON STRINGS ORDER
[16/08/2008 17:11|--ah-----|82] - F:\._Esq Friday performance.sib
[16/08/2008 17:47|--ah-----|82] - F:\._ESQ Final workshop piece_8.sib
[16/08/2008 17:11|--ah-----|82] - F:\._Aranea Accounts
[16/08/2008 17:47|--ah-----|82] - F:\._ESQ Final workshop piece_9.sib
[16/08/2008 17:11|--ah-----|82] - F:\._Araneainvoice-1.doc
[16/08/2008 17:48|--ah-----|82] - F:\._Storm_4.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Hedwigs Theme_1.sib
[16/08/2008 17:14|--ah-----|82] - F:\._guildhall monday workshop
[16/08/2008 17:11|--ah-----|82] - F:\._Abbey account application
[16/08/2008 17:11|--ah-----|82] - F:\._A4A Final letter
[16/08/2008 17:12|--ah-----|82] - F:\._Calele.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Hedwigs Theme_2.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Hedwigs Theme_3.sib
[16/08/2008 17:12|--ah-----|82] - F:\._Debussy Finale Piece.sib
[16/08/2008 17:12|--ah-----|82] - F:\._David Waterman email
[16/08/2008 17:47|--ah-----|82] - F:\._Esq Friday performance_8.sib
[?|?|?] - F:\._Ref for Angela's present.doc
[16/08/2008 17:12|--ah-----|82] - F:\._BURSARY APPLICATION FORM Lucy Forde.doc
[16/08/2008 17:12|--ah-----|82] - F:\._ANNA'S INTERNET PASSWORD
[16/08/2008 17:13|--ah-----|82] - F:\._N & N Festival Invoice
[16/08/2008 17:13|--ah-----|82] - F:\._Musique et Sante Course
[16/08/2008 17:12|--ah-----|82] - F:\._Expenses April 2007-April 2008
[16/08/2008 17:47|--ah-----|4096] - F:\._InstallScorch.dmg
[16/08/2008 17:12|--ah-----|82] - F:\._eurostar booking
[16/08/2008 17:47|--ah-----|82] - F:\._Esq Friday performance_9.sib
[16/08/2008 17:12|--ah-----|82] - F:\._Expenses April 2007-April 2008.xls
[16/08/2008 17:47|--ah-----|82] - F:\._Esq Friday performance_10.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Lamma badaa.sib
[16/08/2008 17:12|--ah-----|82] - F:\._Charlotte invoice info
[16/08/2008 17:12|--ah-----|82] - F:\._Change to Flute Lessons
[16/08/2008 17:12|--ah-----|82] - F:\._Barbican Invoice
[16/08/2008 17:13|--ah-----|82] - F:\._Mowlem Primary School.doc
[16/08/2008 17:14|--ah-----|82] - F:\._Alchemy Programme
[16/08/2008 17:12|--ah-----|82] - F:\._British Council Project
[16/08/2008 17:12|--ah-----|82] - F:\._British Council Presentation.doc
[16/08/2008 17:12|--ah-----|82] - F:\._British Council Presentation key headings
[16/08/2008 17:47|--ah-----|82] - F:\._Esq Friday performance_11.sib
[16/08/2008 17:15|--ah-----|82] - F:\._Aranea Final Budget
[16/08/2008 17:12|--ah-----|82] - F:\._Bex Burch invoice for instrument hire
[16/08/2008 17:47|--ah-----|82] - F:\._Esq Friday performance_12.sib
[16/08/2008 17:12|--ah-----|82] - F:\._Batman Theme.sib
[16/08/2008 17:13|--ah-----|82] - F:\._Twirl permission form
[16/08/2008 17:47|--ah-----|82] - F:\._Medly for Crimbo.sib
[16/08/2008 17:47|--ah-----|82] - F:\._N and N Festival_1.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Everything is different.sib
[16/08/2008 17:14|--ah-----|82] - F:\._ESQ Final programme2
[16/08/2008 17:12|--ah-----|4096] - F:\._PressIt_litelabel_2-4-2.dmg
[16/08/2008 17:12|--ah-----|4096] - F:\._PressIt_litelabel_2-4-2-1.dmg
[16/08/2008 17:12|--ah-----|82] - F:\._PP1 Healthcare Register 07-08.xls
[16/08/2008 17:13|--ah-----|82] - F:\._The Pink Panther.sib
[16/08/2008 17:47|--ah-----|82] - F:\._new chaos section_1.sib
[16/08/2008 17:12|--ah-----|82] - F:\._Petrushka info.doc
[16/08/2008 17:14|--ah-----|82] - F:\._Guildhall piece4.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Guildhall piece3.sib
[16/08/2008 17:12|--ah-----|82] - F:\._Paypal Australian order
[16/08/2008 17:14|--ah-----|82] - F:\._Creative space
[16/08/2008 17:13|--ah-----|82] - F:\._twirl names
[16/08/2008 17:12|--ah-----|82] - F:\._Percussion Instruments to be insured
[16/08/2008 17:47|--ah-----|82] - F:\._Filling Space section 1.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Good King Wenceleslas.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Hello Song String 4tet.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Lamma badaa variation.sib
[16/08/2008 17:47|--ah-----|82] - F:\._new chaos section.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Oh Come oh ye faithful.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Outhouse rhythm.sib
[16/08/2008 17:12|--ah-----|82] - F:\._NICE Creative Space Meeting
[16/08/2008 17:47|--ah-----|82] - F:\._patterns 2.sib
[16/08/2008 17:47|--ah-----|82] - F:\._patterns 3.sib
[16/08/2008 17:13|--ah-----|82] - F:\._National Express Complaint letter
[16/08/2008 17:13|--ah-----|82] - F:\._National Savings Bank letter
[16/08/2008 17:13|--ah-----|4096] - F:\._Musicnotes_Installer.dmg
[16/08/2008 17:14|--ah-----|82] - F:\._Imogen Moore Invoice
[16/08/2008 17:47|--ah-----|82] - F:\._patterns piece.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Codes acces internet-8.xls
[16/08/2008 17:13|--ah-----|82] - F:\._Simba.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Create Lucy's Arts Adventures questionnaire1
[16/08/2008 17:47|--ah-----|82] - F:\._Percussion for Eid.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Storm.sib
[16/08/2008 17:47|--ah-----|82] - F:\._portway year 6 mars.sib
[16/08/2008 17:47|--ah-----|82] - F:\._rhythmic section.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Section 2.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Section 2b_1.sib
[16/08/2008 17:14|--ah-----|82] - F:\._ESQ Final workshop piece.sib
[16/08/2008 17:14|--ah-----|82] - F:\._ESQ Final rep. for David
[16/08/2008 17:47|--ah-----|82] - F:\._Section 2b.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Section 3b_2.sib
[16/08/2008 17:14|--ah-----|82] - F:\._massage offer.doc
[16/08/2008 17:14|--ah-----|82] - F:\._massage offer
[16/08/2008 17:47|--ah-----|82] - F:\._Section 3b.sib
[16/08/2008 17:47|--ah-----|82] - F:\._SECTION B MELODY 1.sib
[16/08/2008 17:13|--ah-----|82] - F:\._Creative Space Questionnaire Lucy Forde
[16/08/2008 17:14|--ah-----|82] - F:\._India project2
[16/08/2008 17:13|--ah-----|82] - F:\._van hire
[16/08/2008 17:14|--ah-----|82] - F:\._India project
[16/08/2008 17:13|--ah-----|82] - F:\._Creative space questionnaire
[16/08/2008 17:47|--ah-----|82] - F:\._Section1b.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Section3_1a.sib
[16/08/2008 17:47|--ah-----|82] - F:\._Section3.sib
[16/08/2008 17:48|--ah-----|82] - F:\._viva.sib
[16/08/2008 17:47|--ah-----|4096] - F:\._Sibelius41to415Update.dmg
[16/08/2008 17:48|--ah-----|82] - F:\._Simpsons for Trio_1.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Simpsons for Trio_2.sib
[16/08/2008 17:13|--ah-----|82] - F:\._superman theme.sib
[16/08/2008 17:14|--ah-----|82] - F:\._ESQ final workshop programme
[16/08/2008 17:48|--ah-----|82] - F:\._Simpsons for Trio_3.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Spirituals orchestral version_1.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Spirituals orchestral version_2.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Lucy Forde Evaluation for ELD
[16/08/2008 17:13|--ah-----|4096] - F:\._ThePrintShop2_updater_v206.dmg
[16/08/2008 17:14|--ah-----|82] - F:\._Freedom Teachers' pack Final.doc
[16/08/2008 17:48|--ah-----|82] - F:\._Spirituals orchestral version_3.sib
[16/08/2008 17:14|--ah-----|82] - F:\._ESQ Final programme3
[16/08/2008 17:13|--ah-----|82] - F:\._Thoughts from UCH
[16/08/2008 17:14|--ah-----|82] - F:\._ESQ Final programme2-1.doc
[16/08/2008 17:48|--ah-----|82] - F:\._Spirituals orchestral version_4.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Create Lucy's Arts Adventures questionnaire.doc
[16/08/2008 17:14|--ah-----|82] - F:\._Create Lucy's Arts Adventures questionnaire
[16/08/2008 17:13|--ah-----|82] - F:\._Spirituals orchestral version.sib
[16/08/2008 17:48|--ah-----|82] - F:\._superman theme_1.sib
[16/08/2008 17:48|--ah-----|82] - F:\._The Gnomes.sib
[16/08/2008 17:48|--ah-----|82] - F:\._VIVA Bass.sib
[16/08/2008 17:48|--ah-----|82] - F:\._wepo.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Spirituals orchestral version_5.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Day 1 Riffs.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva end new.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Tony Chestnut String 4tet.sib
[16/08/2008 17:48|--ah-----|82] - F:\._viva extra riffs.sib
[16/08/2008 17:48|--ah-----|82] - F:\._viva Final riff .sib
[16/08/2008 17:13|--ah-----|82] - F:\._Simpsons for Trio.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva nedmc rhythms.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Opening no voice.sib
[16/08/2008 17:13|--ah-----|82] - F:\._Sean letter for fee
[16/08/2008 17:13|--ah-----|82] - F:\._Lucy Forde Leap the Gate Evaluation
[16/08/2008 17:14|--ah-----|82] - F:\._Lucy Forde Flute timetable week 1
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Opening string change.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Opening.sib
[16/08/2008 17:48|--ah-----|82] - F:\._viva orchestra b.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva rhythms.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva rhythms2.sib
[16/08/2008 17:13|--ah-----|82] - F:\._Samarjit?Lucy emails
[16/08/2008 17:14|--ah-----|82] - F:\._LPO Lucy Forde's Invoice
[16/08/2008 17:14|--ah-----|82] - F:\._Instant Ideas.doc
[16/08/2008 17:13|--ah-----|82] - F:\._Samarjit questions
[16/08/2008 17:13|--ah-----|82] - F:\._Samarjit email
[16/08/2008 17:13|--ah-----|82] - F:\._Sabita email
[16/08/2008 17:13|--ah-----|82] - F:\._Running order-5.doc
[16/08/2008 17:13|--ah-----|82] - F:\._Running order-2.doc
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Alto Sax.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Creative Space 2 suggested programme
[11/06/2008 07:17|-rahs----|80384] - F:\sflsusywo.exe
[16/08/2008 17:13|--ah-----|82] - F:\._Tortoise Song new.doc
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions.sib
[16/08/2008 17:13|--ah-----|82] - F:\._Lucy Soc Editing
[16/08/2008 17:13|--ah-----|82] - F:\._Lucy Passport jpeg.jpg
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Tune & Bass.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Bongos.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Tune.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Cello.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Clarinet.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Congas.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Double Bass.sib
[16/08/2008 17:48|--ah-----|82] - F:\._viva wind melody.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Drum Kit.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Electric Bass.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Electric Gtr.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Euphonium.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions final score.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Flute.sib
[16/08/2008 17:48|--ah-----|82] - F:\._wepo core day 2.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Keyboard 1.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Lucy Aranea Invoice for porterage
[16/08/2008 17:14|--ah-----|82] - F:\._LPO Playerlink invoice July 08
[16/08/2008 17:48|--ah-----|82] - F:\._WEPO Core.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Keyboard 2.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Letter to city of london for payment
[16/08/2008 17:14|--ah-----|82] - F:\._Junk Rock Questionnaire.doc
[16/08/2008 17:48|--ah-----|82] - F:\._Viva transitions orchestra.sib
[16/08/2008 17:48|--ah-----|82] - F:\._WEPO extracts.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva transitions orchestra2.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva transitions orchestra3.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva transitions orchestra4.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva transitions orchestra5.sib
[16/08/2008 17:48|--ah-----|82] - F:\._WEPOproject3.sib
[16/08/2008 17:14|--ah-----|82] - F:\._India Project Outline
[16/08/2008 17:14|--ah-----|82] - F:\._India File
[16/08/2008 17:14|--ah-----|82] - F:\._Hospitals Round Up Guildhall
[16/08/2008 17:14|--ah-----|82] - F:\._Hospital thoughts.doc
[16/08/2008 17:48|--ah-----|82] - F:\._Viva transitions orchestra6.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Hedwigs Theme.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva transitions orchestra7.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Creative Space 2 final suggested programme.doc
[16/08/2008 17:48|--ah-----|82] - F:\._Viva transitions orchestra8.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Piano.sib
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD 4aHC - Leaders marking criteria for elective students-1.doc
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD 3HC-SP - Outline of #.doc
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD 3dHC-SP - What can #.doc
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC-SP - Outline of Health care projects
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC-SP - Key points for Students
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC-SP - Key Points for Leaders
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC-SP - Hospital Projects Outline
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC-SP - Aims and Processes
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC- Recommendations
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Vibes.sib
[16/08/2008 17:14|--ah-----|44148] - F:\._title lucy and rohanna
[16/08/2008 17:14|--ah-----|82] - F:\._Creative Space 2 new suggested programme.doc
[16/08/2008 17:14|--ah-----|82] - F:\._Creative Space Lucy's short Prog 2.doc
[16/08/2008 17:14|--ah-----|82] - F:\._Creative Space June questionnaire
[16/08/2008 17:14|--ah-----|82] - F:\._Creative Space Create Team Prog 2.doc
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC - Leaders marking criteria for elective students.doc
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC - Final
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD 5HC- Recommendations-1.doc
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD Hospitals Project Questionnaire
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD Hospitals Information for UCH
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD Hospital Work 6708 .doc
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD Hospital Work
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC-SP - What can students gain?
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC Front page
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC - Student Pack
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC - Project Aims and Objectives
[16/08/2008 17:14|--ah-----|82] - F:\._GSMD HC - Mission statement and philosophy of work
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Violin 1.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Aranea Final BudgetJune 08.xls
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Voice 1.sib
[16/08/2008 17:48|--ah-----|82] - F:\._Viva Transitions Voice 2.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Aranea Final Budget Aug 08-1.xls
[16/08/2008 17:48|--ah-----|82] - F:\._We wish You a merry christmas.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Down in the Jungle creative space.sib
[16/08/2008 17:14|--ah-----|82] - F:\._Guildhall Invoice July 2008.doc
[16/08/2008 17:14|--ah-----|82] - F:\._A4A August letter
[16/08/2008 17:14|--ah-----|82] - F:\._Aranea Final Budget Aug 08.xls
[16/08/2008 17:14|--ah-----|82] - F:\._rohanna.jpg
[16/08/2008 17:15|--ah-----|44168] - F:\._title with dave and heather
[16/08/2008 17:15|--ah-----|82] - F:\._lucy and rohanna no text.jpg
[16/08/2008 17:15|--ah-----|82] - F:\._UK-India Music Project
[16/08/2008 17:15|--ah-----|82] - F:\._UCH evaluation summary

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ Informations # Fichier Suspect ]


################## [ Cracks # Keygens # Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.025 ! ]

   
Répondre à madhi100

5

gen-hackman, le 25 mai 2009 à 22:03:44

Tu l'as passé deux fois ? G3и-н@¢км@и™©®

   
Répondre à gen-hackman

6

madhi100, le 25 mai 2009 à 22:09:55

J'ai essayé d'installer windows sp2 puis IE8. Ca n'a pas marché. Je me suis dis que cela n'aurait pas de conséquences sur usbfix. Je l'ai donc lancé. Il a planté au redémarrage de windows. J'ai rebooter puis j'ai de nouveau recommencé à installer windows sp2 et IE8. Après qques heures l'installation a réussi puis j'ai relancé la suppression de usbfix. Elle a marché cette fois ci et voila le rapport qu'il sort. Un problème?

   
Répondre à madhi100

7

gen-hackman, le 25 mai 2009 à 22:14:17

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir


• Copie le texte en gras ci dessous :


C:\mitm.exe
E:\Recycled.exe
E:\autorun.inf
F:\autorun.inf


• Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
• Sauvegarde ce fichier sous le nom de UsbScript.txt

• Glisse maintenant le fichier UsbScript.txt sur le raccourci d'UsbFix présent sur ton bureau comme ceci :


http://sd-1.archive-host.com/membres/up/127028005715545653/U­­SBscript.gif

• Cela va relancer UsbFix,

• Patiente le temps du scan.Le bureau va disparaître c'est normal!

• Ne touche à rien tant que le scan n'est pas terminé.

• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) G3и-н@¢км@и™©®

   
Répondre à gen-hackman

8

madhi100, le 25 mai 2009 à 22:28:23

############################## [ UsbFix V3.025 | Scan ]

# User : Timothee (Administrateurs) # TIM
# Update on 22/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 22:26:47 | 25/05/2009

# Intel(R) Pentium(R) M processor 1500MHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090525-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disque fixe local # 55,88 Go (28,31 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 953,73 Mo (924,09 Mo free) [KINGSTON] # FAT
# F:\ # Disque fixe local # 233,7 Go (57,02 Go free) [LACIE] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

################## [ Registre Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.google.com"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:b0,e1,67,e2,7f,dd,c9,01
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="fr"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Timothee"
HKLM_logon: "AltDefaultUserName"="Timothee"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon="RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKLM_Run: nwiz="nwiz.exe" /installquiet
HKLM_Run: 00THotkey="C:\WINDOWS\System32\00THotkey.exe"
HKLM_Run: 000StTHK="000StTHK.exe"
HKLM_Run: TFNF5="TFNF5.exe"
HKLM_Run: SigmaTel StacMon="C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe"
HKLM_Run: SynTPLpr="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
HKLM_Run: SynTPEnh="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
HKLM_Run: TouchED="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
HKLM_Run: LTSMMSG="LTSMMSG.exe"
HKLM_Run: TPSMain="TPSMain.exe"
HKLM_Run: TFncKy=TFncKy.exe
HKLM_Run: NDSTray.exe=NDSTray.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
HKLM_Run: PRONoMgr.exe="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe"
HKLM_Run: Drawing System=C:\WINDOWS\System32\ygdwoqlna.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: SpySweeper="C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: TOSCDSPD="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
HKCU_Run: MoneyAgent="C:\Program Files\Microsoft Money\System\mnyexpr.exe"
HKCU_Run: Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]


################## [ Informations # Fichier Suspect ]


################## [ Cracks # Keygens # Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.025 ! ]

   
Répondre à madhi100

9

gen-hackman, le 25 mai 2009 à 22:36:52

Tu peux faire l option desinstallation de usbfix

Télécharge Superantispyware (SAS)

Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

- Copie son contenu dans ta réponse.


Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué. G3и-н@¢км@и™©®

   
Répondre à gen-hackman

10

madhi100, le 25 mai 2009 à 23:48:47

Gen,

Le rapport de SUPERAntiSpyware Scan Log est le suivant:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/25/2009 at 11:38 PM

Application Version : 4.26.1002

Core Rules Database Version : 3909
Trace Rules Database Version: 1853

Scan type : Complete Scan
Total Scan Time : 00:43:19

Memory items scanned : 410
Memory threats detected : 0
Registry items scanned : 4885
Registry threats detected : 0
File items scanned : 32348
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\Timothee\Cookies\timothee@atdmt[2].txt
C:\Documents and Settings\Timothee\Cookies\timothee@xiti[1].txt
C:\Documents and Settings\Timothee\Cookies\timothee@msnportal.112.2o7[1].txt
C:\Documents and Settings\Timothee\Cookies\timothee@serving-sys[1].txt
C:\Documents and Settings\Timothee\Cookies\timothee@yourmedia[1].txt
C:\Documents and Settings\Timothee\Cookies\timothee@weborama[1].txt
C:\Documents and Settings\Timothee\Cookies\timothee@bs.serving-sys[2].txt
C:\Documents and Settings\Timothee\Cookies\timothee@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Timothee\Cookies\timothee@advertising[1].txt
C:\Documents and Settings\Timothee\Cookies\timothee@smartadserver[1].txt

   
Répondre à madhi100

11

gen-hackman, le 26 mai 2009 à 00:24:17

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
G3и-н@¢км@и™©®

   
Répondre à gen-hackman

12

madhi100, le 26 mai 2009 à 09:35:02

Rapport "info":

info.txt logfile of random's system information tool 1.06 2009-05-26 09:21:39

======Uninstall list======

--> -c"C:\WINDOWS\System32\TPSDel.dll"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{B5D8CCBF-08D8-46C0-8B04-3BC0CAEDA094}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7646-000000000001}
American Conquest-->C:\Program Files\American Conquest\uninstall.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\CCleaner\uninst.exe"
Commandes TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x40c UNINSTALL
Console TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x40c
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Encyclopédie Microsoft Encarta 2004-->MsiExec.exe /I{04460044-9149-45C6-A806-F2BF9CFCE762}
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Extension Système de Microsoft Money-->MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Formatage de carte mémoire SD TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe" -l0x40c
Gestion d'énergie TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\Gestion d'énergie\Uninst.isu"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wireless-->MsiExec.exe /I{5380063E-2909-4d72-BFA3-625881F2E78B}
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Malwarebytes' Anti-Malware-->"C:\Malwarebytes' Anti-Malware\unins000.exe"
Manuels TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\Setup.exe" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Money-->MsiExec.exe /I{1D643CD2-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office XP Professional-->MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo Premium 9-->C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works-->MsiExec.exe /I{E6BAE954-487E-488B-BC4E-2E69E54E8117}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pilotes Audio SigmaTel AC97-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x40c -nodialog -uninstall
Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x40c
Sélecteur d'installation de Microsoft Works 2004-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP D:\
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\WebrootSecurity\unins000.exe" /Log="C:\DOCUME~1\Timothee\LOCALS~1\Temp\Uninstall.txt"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\Setup.exe" -l0x40c UNINSTALL
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Utilities-->tutildel.exe
Utilitaire Activer/désactiver la tablette tactile TOSHIBA V2.05.00-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
Utilitaire TOSHIBA d'accès direct aux périphériques d’affichage-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
Utilitaire TOSHIBA de changement d'écran-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
web'n'walk USB manager-->C:\Program Files\T-Mobile\web'n'walk USB manager\uninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) [2009-05-25]

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090525-0]

======System event log======

Computer Name: TIM
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 8359
Source Name: Cdrom
Time Written: 20090109220928.000000+000
Event Type: erreur
User:

Computer Name: TIM
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 8358
Source Name: Cdrom
Time Written: 20090109220925.000000+000
Event Type: erreur
User:

Computer Name: TIM
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 8357
Source Name: Cdrom
Time Written: 20090109220922.000000+000
Event Type: erreur
User:

Computer Name: TIM
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 8356
Source Name: Cdrom
Time Written: 20090109220919.000000+000
Event Type: erreur
User:

Computer Name: TIM
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 8355
Source Name: Cdrom
Time Written: 20090109220917.000000+000
Event Type: erreur
User:

=====Application event log=====

Computer Name: TIM
Event Code: 0
Message:
Record Number: 421
Source Name: RegSrvc
Time Written: 20090511081313.000000+000
Event Type: Informations
User:

Computer Name: TIM
Event Code: 0
Message:
Record Number: 420
Source Name: RegSrvc
Time Written: 20090510143201.000000+000
Event Type: Informations
User:

Computer Name: TIM
Event Code: 0
Message:
Record Number: 419
Source Name: RegSrvc
Time Written: 20090509203048.000000+000
Event Type: Informations
User:

Computer Name: TIM
Event Code: 0
Message:
Record Number: 418
Source Name: RegSrvc
Time Written: 20090509090447.000000+000
Event Type: Informations
User:

Computer Name: TIM
Event Code: 0
Message:
Record Number: 417
Source Name: RegSrvc
Time Written: 20090508222715.000000+000
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

   
Répondre à madhi100

13

madhi100, le 26 mai 2009 à 09:37:05

Rapport "log":

Logfile of random's system information tool 1.06 (written by random/random)
Run by Timothee at 2009-05-26 09:21:18
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 29 GB (50%) free of 57 GB
Total RAM: 511 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:31, on 26/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Timothee\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Timothee\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Timothee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [00THotkey] "C:\WINDOWS\System32\00THotkey.exe"
O4 - HKLM\..\Run: [000StTHK] "000StTHK.exe"
O4 - HKLM\..\Run: [TFNF5] "TFNF5.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] "C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [LTSMMSG] "LTSMMSG.exe"
O4 - HKLM\..\Run: [TPSMain] "TPSMain.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] "c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [Drawing System] C:\WINDOWS\System32\ygdwoqlna.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\System32\ctfmon.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Timothee\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-BB7E117D.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
End of file - 9602 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\wrSpySweeper_LD912925D8C424EC08F5B08DC0CE28D0E.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-24 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-24 259696]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-09-24 4861952]
"nwiz"=nwiz.exe /installquiet []
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2003-05-23 253952]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-07-18 73728]
"SigmaTel StacMon"=C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe [2003-08-03 86073]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-05-30 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-05-30 614400]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-03-11 122880]
"LTSMMSG"=C:\WINDOWS\LTSMMSG.exe [2003-04-18 32768]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2003-10-02 266240]
"TFncKy"=TFncKy.exe []
"NDSTray.exe"=NDSTray.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2004-03-16 32881]
"PRONoMgr.exe"=c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
"Drawing System"=C:\WINDOWS\System32\ygdwoqlna.exe []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-13 6345840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2004-08-19 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-15 65536]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 204800]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-06-03 21718312]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-18 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-19 1667584]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-14 1830128]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Timothee\Menu Démarrer\Programmes\Démarrage
Notification de cadeaux MSN.lnk - C:\Documents and Settings\Timothee\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
¡¡¡¡¡¡.lnk - C:\WINDOWS\system32\XP-BB7E117D.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll [2003-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFind"=0
"NoFolderOptions"=0
"NoRun"=0
"NoDrives"=0
"NoDriveAutoRun"=FFFFFFFF
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\System32\ygdwoqlna.exe"="C:\WINDOWS\System32\ygdwoqlna.exe:*:Enabled:Drawing System"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 2 months======

2009-05-26 09:21:18 ----D---- C:\rsit
2009-05-25 22:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-25 22:46:19 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-25 22:46:18 ----D---- C:\Documents and Settings\Timothee\Application Data\SUPERAntiSpyware.com
2009-05-25 22:45:37 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-05-25 21:49:36 ----RASHD---- C:\autorun.inf
2009-05-25 21:47:42 ----A---- C:\UsbFix.txt
2009-05-25 21:20:03 ----HD---- C:\WINDOWS\msdownld.tmp
2009-05-25 21:19:53 ----D---- C:\WINDOWS\ie8updates
2009-05-25 21:18:44 ----D---- C:\WINDOWS\WBEM
2009-05-25 21:16:47 ----HDC---- C:\WINDOWS\ie8
2009-05-25 21:16:47 ----D---- C:\WINDOWS\system32\fr-FR
2009-05-25 21:12:44 ----D---- C:\Program Files\Microsoft Silverlight
2009-05-25 21:08:07 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-25 21:04:57 ----D---- C:\WINDOWS\Prefetch
2009-05-25 20:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-05-25 20:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2009-05-25 20:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2009-05-25 20:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-05-25 19:59:08 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2009-05-25 19:58:02 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2009-05-25 19:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2009-05-25 19:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2009-05-25 19:54:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-05-25 19:53:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-05-25 19:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-05-25 19:50:19 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2009-05-25 19:49:09 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-05-25 19:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2009-05-25 19:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2009-05-25 19:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-05-25 19:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-05-25 19:43:19 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-05-25 19:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-05-25 19:40:17 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-05-25 19:39:06 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-05-25 19:37:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-05-25 19:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-05-25 19:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-05-25 19:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-05-25 19:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-05-25 19:31:49 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-05-25 19:30:35 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-05-25 19:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-05-25 19:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-05-25 19:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-05-25 19:26:01 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-05-25 19:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-05-25 19:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-05-25 19:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2009-05-25 19:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-05-25 19:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-05-25 19:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-05-25 19:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-05-25 19:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-05-25 19:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-05-25 19:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-05-25 19:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-05-25 19:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-05-25 19:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-05-25 19:04:34 ----A---- C:\WINDOWS\setuplog.txt
2009-05-25 18:59:53 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-25 18:50:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-25 18:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB835732$
2009-05-25 18:42:05 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-05-25 18:42:04 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-05-25 18:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB837001$
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\msxbde40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\mswstr10.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\mstext40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\msrepl40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\mspbde40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\msjtes40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\msjter40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\msjet40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\msexcl40.dll
2009-05-25 18:41:27 ----A---- C:\WINDOWS\system32\msexch40.dll
2009-05-25 18:41:26 ----A---- C:\WINDOWS\system32\mswdat10.dll
2009-05-25 18:41:26 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2009-05-25 18:41:26 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2009-05-25 18:41:26 ----A---- C:\WINDOWS\system32\msltus40.dll
2009-05-25 18:41:26 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-05-25 16:03:40 ----D---- C:\WINDOWS\peernet
2009-05-25 16:03:36 ----D---- C:\WINDOWS\provisioning
2009-05-25 15:50:45 ----N---- C:\WINDOWS\system32\ir41_qcx.dll
2009-05-25 15:50:45 ----N---- C:\WINDOWS\system32\ir41_qc.dll
2009-05-25 15:50:45 ----A---- C:\WINDOWS\system32\encdec.dll
2009-05-25 15:50:45 ----A---- C:\WINDOWS\system32\encapi.dll
2009-05-25 15:50:45 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-05-25 15:50:45 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-05-25 15:50:45 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-05-25 15:50:44 ----N---- C:\WINDOWS\system32\ir50_qcx.dll
2009-05-25 15:50:44 ----N---- C:\WINDOWS\system32\ir50_qc.dll
2009-05-25 15:50:44 ----N---- C:\WINDOWS\system32\ir50_32.dll
2009-05-25 15:50:44 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2009-05-25 15:50:44 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-05-25 15:50:44 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2009-05-25 15:50:44 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\wmpasf.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\wmidx.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\wmerror.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\sbe.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-05-25 15:50:43 ----A---- C:\WINDOWS\system32\mssap.dll
2009-05-25 15:50:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-05-25 15:50:42 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-05-25 15:50:42 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
2009-05-25 15:50:42 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2009-05-25 15:50:42 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-05-25 15:50:42 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-05-25 15:50:28 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-05-25 15:50:28 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-05-25 15:50:27 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-05-25 15:50:25 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-05-25 15:50:25 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-05-25 15:49:46 ----A---- C:\WINDOWS\twain_32.dll
2009-05-25 15:49:46 ----A---- C:\WINDOWS\regedit.exe
2009-05-25 15:49:46 ----A---- C:\WINDOWS\hh.exe
2009-05-25 15:49:46 ----A---- C:\WINDOWS\explorer.exe
2009-05-25 15:49:45 ----A---- C:\WINDOWS\winhlp32.exe
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\admparse.dll
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\activeds.dll
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\aclui.dll
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-05-25 15:49:41 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-05-25 15:49:40 ----A---- C:\WINDOWS\system32\asferror.dll
2009-05-25 15:49:40 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-05-25 15:49:40 ----A---- C:\WINDOWS\system32\amstream.dll
2009-05-25 15:49:40 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-05-25 15:49:40 ----A---- C:\WINDOWS\system32\alg.exe
2009-05-25 15:49:40 ----A---- C:\WINDOWS\system32\ahui.exe
2009-05-25 15:49:40 ----A---- C:\WINDOWS\system32\advpack.dll
2009-05-25 15:49:40 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\authz.dll
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\atl.dll
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\at.exe
2009-05-25 15:49:39 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\cabview.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\browseui.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\browser.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\browselc.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\blackbox.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\batt.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-05-25 15:49:38 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-05-25 15:49:37 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-05-25 15:49:37 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-05-25 15:49:37 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-05-25 15:49:37 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-05-25 15:49:37 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-05-25 15:49:37 ----A---- C:\WINDOWS\system32\camocx.dll
2009-05-25 15:49:36 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-05-25 15:49:36 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-05-25 15:49:36 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-05-25 15:49:36 ----A---- C:\WINDOWS\system32\cewmdm.dll
2009-05-25 15:49:36 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-05-25 15:49:36 ----A---- C:\WINDOWS\system32\certcli.dll
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-05-25 15:49:35 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-05-25 15:49:34 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-05-25 15:49:34 ----A---- C:\WINDOWS\system32\comres.dll
2009-05-25 15:49:34 ----A---- C:\WINDOWS\system32\compstui.dll
2009-05-25 15:49:34 ----A---- C:\WINDOWS\system32\compatui.dll
2009-05-25 15:49:34 ----A---- C:\WINDOWS\system32\colbact.dll
2009-05-25 15:49:34 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-05-25 15:49:34 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-05-25 15:49:34 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-05-25 15:49:34 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-05-25 15:49:33 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-05-25 15:49:33 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-05-25 15:49:33 ----A---- C:\WINDOWS\system32\credui.dll
2009-05-25 15:49:33 ----A---- C:\WINDOWS\system32\corpol.dll
2009-05-25 15:49:33 ----A---- C:\WINDOWS\system32\conime.exe
2009-05-25 15:49:33 ----A---- C:\WINDOWS\system32\comuid.dll
2009-05-25 15:49:32 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-05-25 15:49:32 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-05-25 15:49:32 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2009-05-25 15:49:32 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-05-25 15:49:32 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-05-25 15:49:32 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-05-25 15:49:31 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-05-25 15:49:31 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-05-25 15:49:31 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-05-25 15:49:31 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-05-25 15:49:31 ----A---- C:\WINDOWS\system32\csrss.exe
2009-05-25 15:49:31 ----A---- C:\WINDOWS\system32\cscui.dll
2009-05-25 15:49:31 ----A---- C:\WINDOWS\system32\cscript.exe
2009-05-25 15:49:30 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-05-25 15:49:30 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-05-25 15:49:30 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-05-25 15:49:30 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-05-25 15:49:30 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-05-25 15:49:30 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-05-25 15:49:30 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-05-25 15:49:30 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-05-25 15:49:30 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\dinput.dll
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\digest.dll
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\diantz.exe
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\devenum.dll
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\defrag.exe
2009-05-25 15:49:29 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmime.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmband.dll
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-05-25 15:49:28 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dosx.exe
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-05-25 15:49:27 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-05-25 15:49:26 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-05-25 15:49:26 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-05-25 15:49:26 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-05-25 15:49:26 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-05-25 15:49:26 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-05-25 15:49:24 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-05-25 15:49:24 ----A---- C:\WINDOWS\system32\drprov.dll
2009-05-25 15:49:24 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2009-05-25 15:49:24 ----A---- C:\WINDOWS\system32\drmstor.dll
2009-05-25 15:49:24 ----A---- C:\WINDOWS\system32\drmclien.dll
2009-05-25 15:49:23 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-05-25 15:49:23 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-05-25 15:49:23 ----A---- C:\WINDOWS\system32\dsound.dll
2009-05-25 15:49:23 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-05-25 15:49:23 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-05-25 15:49:23 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\duser.dll
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\dswave.dll
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\dssec.dll
2009-05-25 15:49:22 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-05-25 15:49:21 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-05-25 15:49:21 ----A---- C:\WINDOWS\system32\els.dll
2009-05-25 15:49:21 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-05-25 15:49:21 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-05-25 15:49:21 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-05-25 15:49:21 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-05-25 15:49:21 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-05-25 15:49:20 ----A---- C:\WINDOWS\system32\findstr.exe
2009-05-25 15:49:20 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-05-25 15:49:20 ----A---- C:\WINDOWS\system32\feclient.dll
2009-05-25 15:49:20 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-05-25 15:49:20 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-05-25 15:49:20 ----A---- C:\WINDOWS\system32\eventlog.dll
2009-05-25 15:49:20 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-05-25 15:49:20 ----A---- C:\WINDOWS\system32\esent.dll
2009-05-25 15:49:20 ----A---- C:\WINDOWS\system32\es.dll
2009-05-25 15:49:19 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-05-25 15:49:19 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-05-25 15:49:19 ----A---- C:\WINDOWS\system32\glu32.dll
2009-05-25 15:49:19 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-05-25 15:49:19 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-05-25 15:49:19 ----A---- C:\WINDOWS\system32\fontview.exe
2009-05-25 15:49:19 ----A---- C:\WINDOWS\system32\fontext.dll
2009-05-25 15:49:19 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-05-25 15:49:18 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-05-25 15:49:18 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-05-25 15:49:18 ----A---- C:\WINDOWS\system32\htui.dll
2009-05-25 15:49:18 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-05-25 15:49:18 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-05-25 15:49:18 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-05-25 15:49:18 ----A---- C:\WINDOWS\system32\hid.dll
2009-05-25 15:49:18 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\idq.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\icmp.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\icm32.dll
2009-05-25 15:49:17 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\imm32.dll
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\imapi.exe
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\ils.dll
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-05-25 15:49:16 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-05-25 15:49:15 ----A---- C:\WINDOWS\system32\inseng.dll
2009-05-25 15:49:15 ----A---- C:\WINDOWS\system32\input.dll
2009-05-25 15:49:15 ----A---- C:\WINDOWS\system32\initpki.dll
2009-05-25 15:49:15 ----A---- C:\WINDOWS\system32\inetres.dll
2009-05-25 15:49:15 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-05-25 15:49:15 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-05-25 15:49:15 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-05-25 15:49:15 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-05-25 15:49:14 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-05-25 15:49:14 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-05-25 15:49:14 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-05-25 15:49:14 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-05-25 15:49:14 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\itss.dll
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\itircl.dll
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\isign32.dll
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\irmon.dll
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\irftp.exe
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-05-25 15:49:13 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-05-25 15:49:12 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-05-25 15:49:12 ----A---- C:\WINDOWS\system32\krnl386.exe
2009-05-25 15:49:12 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-05-25 15:49:12 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-05-25 15:49:12 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-05-25 15:49:12 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-05-25 15:49:12 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-05-25 15:49:12 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-05-25 15:49:11 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-05-25 15:49:11 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-05-25 15:49:11 ----A---- C:\WINDOWS\system32\linkinfo.dll
2009-05-25 15:49:11 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-05-25 15:49:11 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-05-25 15:49:11 ----A---- C:\WINDOWS\system32\licdll.dll
2009-05-25 15:49:11 ----A---- C:\WINDOWS\system32\laprxy.dll
2009-05-25 15:49:10 ----A---- C:\WINDOWS\system32\logonui.exe
2009-05-25 15:49:10 ----A---- C:\WINDOWS\system32\logagent.exe
2009-05-25 15:49:10 ----A---- C:\WINDOWS\system32\localui.dll
2009-05-25 15:49:10 ----A---- C:\WINDOWS\system32\localsec.dll
2009-05-25 15:49:09 ----A---- C:\WINDOWS\system32\lpk.dll
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\makecab.exe
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\magnify.exe
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\lsass.exe
2009-05-25 15:49:08 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-05-25 15:49:07 ----A---- C:\WINDOWS\system32\mmc.exe
2009-05-25 15:49:07 ----A---- C:\WINDOWS\system32\mlang.dll
2009-05-25 15:49:07 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-05-25 15:49:07 ----A---- C:\WINDOWS\system32\midimap.dll
2009-05-25 15:49:07 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-05-25 15:49:07 ----A---- C:\WINDOWS\system32\mfc42u.dll
2009-05-25 15:49:06 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-05-25 15:49:06 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-05-25 15:49:06 ----A---- C:\WINDOWS\system32\mmsystem.dll
2009-05-25 15:49:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-05-25 15:49:06 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-05-25 15:49:06 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-05-25 15:49:06 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-05-25 15:49:05 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-05-25 15:49:05 ----A---- C:\WINDOWS\system32\mpr.dll
2009-05-25 15:49:05 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-05-25 15:49:05 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2009-05-25 15:49:05 ----A---- C:\WINDOWS\system32\moricons.dll
2009-05-25 15:49:05 ----A---- C:\WINDOWS\system32\modemui.dll
2009-05-25 15:49:05 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-05-25 15:49:05 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-05-25 15:49:04 ----A---- C:\WINDOWS\system32\msctf.dll
2009-05-25 15:49:04 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-05-25 15:49:04 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-05-25 15:49:04 ----A---- C:\WINDOWS\system32\msconf.dll
2009-05-25 15:49:04 ----A---- C:\WINDOWS\system32\mscms.dll
2009-05-25 15:49:04 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-05-25 15:49:04 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-05-25 15:49:04 ----A---- C:\WINDOWS\system32\msafd.dll
2009-05-25 15:49:04 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-05-25 15:49:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-05-25 15:49:03 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-05-25 15:49:03 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-05-25 15:49:03 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-05-25 15:49:03 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-05-25 15:49:03 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-05-25 15:49:03 ----A---- C:\WINDOWS\system32\msdart.dll
2009-05-25 15:49:03 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-05-25 15:49:02 ----A---- C:\WINDOWS\system32\msgina.dll
2009-05-25 15:49:02 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-05-25 15:49:01 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-05-25 15:49:01 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-05-25 15:49:01 ----A---- C:\WINDOWS\system32\mshta.exe
2009-05-25 15:49:00 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-05-25 15:49:00 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-05-25 15:49:00 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-05-25 15:49:00 ----A---- C:\WINDOWS\system32\msidle.dll
2009-05-25 15:49:00 ----A---- C:\WINDOWS\system32\msident.dll
2009-05-25 15:49:00 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-05-25 15:48:59 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-05-25 15:48:59 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-05-25 15:48:59 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-05-25 15:48:59 ----A---- C:\WINDOWS\system32\msnetobj.dll
2009-05-25 15:48:59 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-05-25 15:48:58 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-05-25 15:48:58 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-05-25 15:48:58 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-05-25 15:48:58 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-05-25 15:48:57 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-05-25 15:48:57 ----A---- C:\WINDOWS\system32\mspmsp.dll
2009-05-25 15:48:56 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-05-25 15:48:56 ----A---- C:\WINDOWS\system32\msrating.dll
2009-05-25 15:48:55 ----N---- C:\WINDOWS\system32\mstask.dll
2009-05-25 15:48:55 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-05-25 15:48:55 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-05-25 15:48:55 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-05-25 15:48:55 ----A---- C:\WINDOWS\system32\mstime.dll
2009-05-25 15:48:55 ----A---- C:\WINDOWS\system32\msscp.dll
2009-05-25 15:48:54 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-05-25 15:48:54 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-05-25 15:48:54 ----A---- C:\WINDOWS\system32\msutb.dll
2009-05-25 15:48:54 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-05-25 15:48:53 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-05-25 15:48:53 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-05-25 15:48:53 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-05-25 15:48:53 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-05-25 15:48:53 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-05-25 15:48:53 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-05-25 15:48:52 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-05-25 15:48:52 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-05-25 15:48:52 ----A---- C:\WINDOWS\system32\msxml.dll
2009-05-25 15:48:52 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-05-25 15:48:52 ----A---- C:\WINDOWS\system32\mswmdm.dll
2009-05-25 15:48:52 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\net1.exe
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\net.exe
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\narrator.exe
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-05-25 15:48:51 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-05-25 15:48:50 ----A---- C:\WINDOWS\system32\netrap.dll
2009-05-25 15:48:50 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-05-25 15:48:50 ----A---- C:\WINDOWS\system32\netman.dll
2009-05-25 15:48:50 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-05-25 15:48:50 ----A---- C:\WINDOWS\system32\netid.dll
2009-05-25 15:48:50 ----A---- C:\WINDOWS\system32\netdde.exe
2009-05-25 15:48:50 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-05-25 15:48:50 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-05-25 15:48:49 ----A---- C:\WINDOWS\system32\netshell.dll
2009-05-25 15:48:49 ----A---- C:\WINDOWS\system32\netsh.exe
2009-05-25 15:48:49 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-05-25 15:48:48 ----A---- C:\WINDOWS\system32\npptools.dll
2009-05-25 15:48:48 ----A---- C:\WINDOWS\system32\notepad.exe
2009-05-25 15:48:48 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-05-25 15:48:48 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-05-25 15:48:48 ----A---- C:\WINDOWS\system32\newdev.dll
2009-05-25 15:48:48 ----A---- C:\WINDOWS\system32\netui1.dll
2009-05-25 15:48:48 ----A---- C:\WINDOWS\system32\netui0.dll
2009-05-25 15:48:48 ----A---- C:\WINDOWS\system32\netstat.exe
2009-05-25 15:48:48 ----A---- C:\WINDOWS\notepad.exe
2009-05-25 15:48:47 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2009-05-25 15:48:47 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-05-25 15:48:47 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-05-25 15:48:47 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-05-25 15:48:47 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-05-25 15:48:47 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-05-25 15:48:47 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\occache.dll
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\objsel.dll
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\oakley.dll
2009-05-25 15:48:46 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-05-25 15:48:45 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-05-25 15:48:44 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-05-25 15:48:44 ----A---- C:\WINDOWS\system32\osk.exe
2009-05-25 15:48:44 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-05-25 15:48:44 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-05-25 15:48:44 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-05-25 15:48:44 ----A---- C:\WINDOWS\system32\ole32.dll
2009-05-25 15:48:44 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-05-25 15:48:43 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-05-25 15:48:43 ----A---- C:\WINDOWS\system32\perfos.dll
2009-05-25 15:48:43 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-05-25 15:48:43 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-05-25 15:48:43 ----A---- C:\WINDOWS\system32\pdh.dll
2009-05-25 15:48:43 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-05-25 15:48:43 ----A---- C:\WINDOWS\system32\packager.exe
2009-05-25 15:48:42 ----A---- C:\WINDOWS\system32\profmap.dll
2009-05-25 15:48:42 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-05-25 15:48:42 ----A---- C:\WINDOWS\system32\polstore.dll
2009-05-25 15:48:42 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-05-25 15:48:42 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-05-25 15:48:42 ----A---- C:\WINDOWS\system32\ping.exe
2009-05-25 15:48:42 ----A---- C:\WINDOWS\system32\pid.dll
2009-05-25 15:48:42 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-05-25 15:48:41 ----A---- C:\WINDOWS\system32\qasf.dll
2009-05-25 15:48:41 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-05-25 15:48:41 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-05-25 15:48:41 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-05-25 15:48:41 ----A---- C:\WINDOWS\system32\psbase.dll
2009-05-25 15:48:41 ----A---- C:\WINDOWS\system32\psapi.dll
2009-05-25 15:48:41 ----A---- C:\WINDOWS\system32\proquota.exe
2009-05-25 15:48:41 ----A---- C:\WINDOWS\system32\progman.exe
2009-05-25 15:48:40 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-05-25 15:48:40 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-05-25 15:48:40 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-05-25 15:48:40 ----A---- C:\WINDOWS\system32\qedit.dll
2009-05-25 15:48:40 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-05-25 15:48:40 ----A---- C:\WINDOWS\system32\qdv.dll
2009-05-25 15:48:40 ----A---- C:\WINDOWS\system32\qcap.dll
2009-05-25 15:48:39 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-05-25 15:48:39 ----A---- C:\WINDOWS\system32\raschap.dll
2009-05-25 15:48:39 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-05-25 15:48:39 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-05-25 15:48:39 ----A---- C:\WINDOWS\system32\query.dll
2009-05-25 15:48:39 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rcp.exe
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rastls.dll
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-05-25 15:48:38 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\regsvc.dll
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\regapi.dll
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\reg.exe
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\redir.exe
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-05-25 15:48:37 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rsh.exe
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\riched20.dll
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\rexec.exe
2009-05-25 15:48:36 ----A---- C:\WINDOWS\system32\resutils.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\scecli.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-05-25 15:48:35 ----A---- C:\WINDOWS\system32\runonce.exe
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\sethc.exe
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\sens.dll
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\security.dll
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\secur32.dll
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-05-25 15:48:34 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-05-25 15:48:33 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-05-25 15:48:33 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2009-05-25 15:48:33 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-05-25 15:48:33 ----A---- C:\WINDOWS\system32\sfc.dll
2009-05-25 15:48:33 ----A---- C:\WINDOWS\system32\setup.exe
2009-05-25 15:48:32 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-05-25 15:48:31 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-05-25 15:48:31 ----A---- C:\WINDOWS\system32\shgina.dll
2009-05-25 15:48:31 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-05-25 15:48:31 ----A---- C:\WINDOWS\system32\shell32.dll
2009-05-25 15:48:30 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-05-25 15:48:30 ----A---- C:\WINDOWS\system32\shsvcs.dll
2009-05-25 15:48:30 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-05-25 15:48:30 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-05-25 15:48:30 ----A---- C:\WINDOWS\system

   
Répondre à madhi100

14

gen-hackman, le 26 mai 2009 à 13:10:26

Télécharge SDFix sur ton bureau :
ici :SDFix
ou ici SDFix
ou ici SDFix

--> Double-clique sur SDFix.exe et choisis "Install" .

Tuto

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...


Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normal ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse

Si SDfix ne se lance pas (ça arrive!)

* Démarrer->Exécuter

* Copie/colle ceci :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

* Clique sur ok, et valide.

* Redémarre et essaye de nouveau de lancer SDfix. G3и-н@¢км@и™©®

   
Répondre à gen-hackman

15

madhi100, le 26 mai 2009 à 14:24:38

Voila le rapport SDFix:

[b]SDFix: Version 1.240 /b
Run by Timothee on 26/05/2009 at 14:05

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files /b:

No Trojan Files Found






Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 14:12:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\System32\\ygdwoqlna.exe"="C:\\WINDOWS\\System32\\ygdwoqlna.exe:*:Enabled:Drawing System"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files /b:



[b]Files with Hidden Attributes /b:

Mon 25 May 2009 827 A.SH. --- "C:\WINDOWS\system32\og.dll"
Mon 25 May 2009 2,404 A.SH. --- "C:\WINDOWS\system32\ul.dll"
Mon 25 May 2009 1,516,899 ..SH. --- "C:\WINDOWS\system32\XP-5BAF5D29.EXE"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS00B350A6-FBC6-4FB5-9A37-D31B34B4E241.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS03A5AB1C-9836-4428-9BC5-AC016000647C.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS05173555-7869-4F22-A164-D83F72725D2A.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS06A4E3D0-DC37-4DFF-9A8B-70E4F6A89FC0.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS06CB73FA-719F-4E78-894F-835F8C50C959.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS09BDA6A8-5182-4456-99F0-D09B60A40609.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS09BDDC3D-F62B-4070-A0FE-2F99C995AB4D.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS1062E96B-2393-477D-BCAB-6D097BA06993.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS149AC270-A927-48B2-903E-1037362BEB5C.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS14E58314-81B0-435C-9961-25F703F8DB51.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS156D01E4-8BFF-4BE8-909C-9F375E2ACCE4.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS15D19769-583B-4D62-9BA2-11AB39EB3774.tmp"
Tue 26 May 2009 65,536 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS194F6241-9865-43CF-995E-3292C9B10736.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS1C80CD84-2FF7-4E7D-841D-DD208268FD84.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS1EC995FE-8FDF-46BB-928D-F230AC81723E.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS200CDA0E-5154-47E2-A2A0-232A35D82CB1.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS22FB9FD7-1C99-427E-9045-B410526B7331.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS2442E7E4-0F1F-42F7-B5CD-288C933495B4.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS29FB7D3C-F096-4BC8-A48C-20BFAD977915.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS2A5122BD-DB52-4FF2-95D8-3DE563AEC02A.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS2BB35677-DDDD-4F21-A900-329E39D75241.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS2E516D6C-95ED-4952-979F-E65CB585BE06.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS30FD7248-0FFC-472C-8302-27F9FF63EAE7.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS34D62FE1-1927-4B49-B383-EE11CD2B5CE7.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS35162271-750B-4403-A096-8A5102B56E22.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS35DF75AD-1B91-42CC-8B00-676D074F1BB4.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS38B36542-74BB-4B65-A189-BECD028B330D.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS3E0C565E-4BEF-47A4-A346-1579BCFFE655.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS3E47610D-54D3-4899-B7DE-DE1B6CB280FD.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS43143C88-8DF5-4F1E-BC8B-C3E3EAEC12D6.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS4426B403-FF9B-42EE-A2FB-5BD9E4ED487B.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS448AB50D-B4AB-480C-AAC8-99579CFEB58B.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS4A3A6300-CF0F-453B-8E3C-E9A1D00D894B.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS517B335F-BC7B-44E8-8D70-72582869CD14.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS5351FBB9-F8BE-490F-80D8-E37A49F2BAB5.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS5A3EF787-7A1E-4DE0-9466-2F5F630473E1.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS5D290CF2-F30D-4097-9599-8293F04E968C.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS5E56FC7E-F77C-440F-8439-F7640206E7BB.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS63B2DF6E-F1F6-4B3C-938D-58FD7FEBBA3D.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS677E78C1-F1FF-4547-8BE7-AA27AFB1219D.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS682DCF32-299E-4ABC-BC5D-8FE646258BF7.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS6BF56A47-139D-4676-8AA1-3C17D65B33F3.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS6CD50E74-F5EC-42F7-A7E4-A3839EC1A65A.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS6F9426A1-9689-4238-A519-AA910F451A83.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS734DD195-8DCF-44B1-9296-BE0D476122BC.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS7979817C-A2CD-4A4A-B5CD-14C036ED6E65.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS7F6C9D73-7809-42B7-A968-DE37EC33A1FC.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS80E321BB-6F42-4756-91AD-AB966B052061.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS846E970E-E023-4C52-9C1C-96404894E1B2.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS862B8B72-9839-4732-9EC4-BAA504B33C5F.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS88343B05-3F7A-474F-8395-99E859E0FA15.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS88D50C9B-5EC9-4441-B702-4E574D7D5054.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS8AAE6011-72E3-4E68-A97D-F466BC52125E.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS8AA51014-C8B4-41FB-B03B-17D70B3A4A37.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS9173FB09-B88B-4E51-865F-B83DCFF7FB43.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS944BC51D-3BC9-4F9F-BB79-BF8011862B92.tmp"
Tue 26 May 2009 65,536 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS980733C7-A33B-43D0-81BD-E14BF3F68BB1.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMS9B8D3816-7C16-40EB-A672-C8BCDEAF16F0.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSA4DB1F5D-C2E1-47E9-B2C6-DE498F867F68.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSA78565BC-F794-48EE-B969-DA9A37F35FA2.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSA84D57E0-1FA9-4F98-83D0-FE1B7A847825.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSA91C9FB3-0DDC-4093-BF6E-204D690F8A48.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSAAB0D30B-0460-46CC-BC9F-54AF620751C6.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSB116709C-E393-4B81-9303-23DF0643C736.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSB125FC15-5373-4F16-8A7B-44F3E3984CC6.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSB18BD015-83FD-4874-B033-168F8A6561CC.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSB23FEC5C-3545-45B6-8DEF-81EE0318DCEC.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSB3A2043F-EBA3-4EE0-9623-B51CBD5AB53C.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSB480565D-5DE7-4AAA-8269-837AAEB8AB84.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSB9047586-84D1-4554-AE3D-B0F5756606F1.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSBADFD871-A722-4542-840F-D65B1C802806.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSBC549167-55EC-49A5-8946-6460E076BDC2.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSBDB2EBF0-2ADB-49F7-A225-34CFC7524A1B.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSBF0047FC-21EE-49DF-903D-29C503F2E02F.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSC25E8BA5-EFA8-4297-9439-0749AA6B7D4C.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSC467A8D9-C425-4EEF-B371-A2FF49FDC148.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSC5C58080-E929-4978-B1F5-FB9A7302ADEA.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSC956872D-A913-46F9-8C4B-DFCA78B8AEEE.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSC9D1D9C9-DAE9-4787-B822-62F3BFB84543.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSCAB4C2AB-FCA2-4B06-94E9-C7DB4EA5BF91.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSCDFB60F8-087A-4454-A20B-FF56359FD41B.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSCEA2E106-E943-41DC-BF5F-02EEC3D1B510.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSD1532FB8-0DBD-4A6F-9426-C3D08E0CA30B.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSD426AE4D-CE9A-436B-AEE5-150BBA9F3D7D.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSD6B7BD1D-5D47-49ED-880F-A9E199222BA3.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSD6B48A08-DBB8-4EE0-A404-DC76EFE29039.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSDB392841-5218-4E8B-A151-CCB2026699AB.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSE2943C68-287D-4E5E-88E6-8008A8D5C633.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSE88B9F4B-097A-41DC-8FB9-828FEDDCE7B9.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSEADE1846-E987-4E8F-9BF3-7C388AF926D6.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSEB2491A1-4CE0-4BA6-B4E2-3FF787099F41.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSEC22D3D4-2D2D-4ADB-BA0C-2036771317F8.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSEC6D723B-6BF2-4211-88C7-DAE11E4C466C.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSECA42DF1-B774-4A40-B0A1-1CEE14A4B482.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSEE22C978-473D-44B2-B509-1C2CE8F1F78D.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSEFC96BD3-B8B3-4DB7-813C-F68A5FFC303C.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSEFF7370E-8DA5-4022-A94A-D89D0E588E75.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSF479CBE0-D9E2-4279-A55C-5847B903E1E8.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSF56FF24C-2853-47FA-91FA-BB8625D6EF89.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSF6AC7A11-E91B-4139-A99E-7FDA986072FD.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSF92E523C-0296-460D-A97D-31CBD95003FE.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSF9AA37F9-FD73-41C6-A2DE-570A20126AF8.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSFA33B0AF-E9B8-43B1-96C0-97865FEE9B33.tmp"
Tue 26 May 2009 0 A..H. --- "C:\Program Files\Webroot\WebrootSecurity\wrstemp\SSMSFFE90AF1-A886-4FEA-A2C6-F438C3E29E19.tmp"
Sun 27 Aug 2006 30,208 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\ACCA\Audit\~WRL1165.tmp"
Sun 27 Aug 2006 28,672 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\ACCA\Audit\~WRL1642.tmp"
Sun 27 Aug 2006 25,600 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\ACCA\Audit\~WRL3456.tmp"
Sun 27 Aug 2006 30,208 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\ACCA\Audit\~WRL3569.tmp"
Thu 23 Aug 2007 1,906,688 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Memoire\~WRL0197.tmp"
Thu 30 Aug 2007 2,254,336 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Memoire\~WRL0635.tmp"
Thu 23 Aug 2007 1,905,664 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Memoire\~WRL0827.tmp"
Sun 26 Aug 2007 2,303,488 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Memoire\~WRL0999.tmp"
Sun 26 Aug 2007 2,336,768 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Memoire\~WRL1513.tmp"
Tue 15 May 2007 1,665,024 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Memoire\~WRL1685.tmp"
Tue 15 May 2007 1,872,896 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Memoire\~WRL2699.tmp"
Wed 25 Jul 2007 1,864,704 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Memoire\~WRL3728.tmp"
Tue 21 Aug 2007 1,892,864 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Memoire\~WRL4042.tmp"
Wed 1 Feb 2006 97,280 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Rapports EC\Rapport EC + M‚moire TV\Rapport 4\~WRL0004.tmp"
Fri 20 Feb 2004 501,760 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Documentation comptable\Sygma\SYGMA 311203\sygma 03 Rapports\~WRL0120.tmp"
Thu 10 Oct 2002 130,048 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Documentation comptable\Sygma\SYGMA 311201\travaux pour rapport\pr‚sentation groupe\~WRL2113.TMP"
Tue 22 Oct 2002 153,088 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Documentation comptable\Sygma\SYGMA 311201\travaux pour rapport\pr‚sentation groupe\~WRL2252.TMP"
Mon 14 Oct 2002 128,000 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Documentation comptable\Sygma\SYGMA 311201\travaux pour rapport\RA 311201\~WRL2112.TMP"
Thu 24 Oct 2002 661,504 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Documentation comptable\Sygma\SYGMA 311201\travaux pour rapport\rapports PS\~WRL2861.TMP"
Mon 21 Oct 2002 92,160 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Documentation comptable\Sygma\SYGMA 311201\travaux pour rapport\RA 311201\SIMA\~WRL3960.TMP"
Wed 6 Nov 2002 19,968 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Documentation comptable\Sygma\SYGMA 311201\travaux pour rapport\rapports PS\pr‚sentation annexes V9\~WRL1290.TMP"
Fri 25 Oct 2002 19,968 A..H. --- "C:\Documents and Settings\Timothee\Mes documents\Tim\Documentation comptable\Sygma\SYGMA 311201\travaux pour rapport\rapports PS\pr‚sentation annexes V9\~WRL3458.TMP"

[b]Finished!/b

   
Répondre à madhi100

16

gen-hackman, le 26 mai 2009 à 14:41:40

Tu peux me renvoyer ton rapport incomplet(mais complet cette fois-ci lol) de rsit ?

il est trop long envoie le ici et donnes le lien obtenu en echange

http://www.cijoint.fr/ G3и-н@¢км@и™©®

   
Répondre à gen-hackman

17

madhi100, le 26 mai 2009 à 14:50:38
   
Répondre à madhi100

18

gen-hackman, le 26 mai 2009 à 15:23:52

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\system32\XP-5BAF5D29.EXE
C:\WINDOWS\system32\ul.dll
C:\WINDOWS\system32\og.dll
C:\WINDOWS\system32\wrLZMA.dll
C:\WINDOWS\system32\SsiEfr.exe
C:\WINDOWS\DHO.INI
C:\WINDOWS\System32\DRIVERS\tossdpci.sys

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

ensuite :

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
C:\Documents and Settings\Timothee\Menu Démarrer\Programmes\Démarrage\¡¡¡¡¡¡.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\reg.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
"LTSMMSG"=-
"PRONoMgr.exe"=-
"Drawing System"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=
"swg"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\System32\ygdwoqlna.exe"="C:\WINDOWS\System32\ygdwoqlna.exe:*:Disabled:Drawing System"
"C:\WINDOWS\System32\ygdwoqlna.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
G3и-н@¢км@и™©®

   
Répondre à gen-hackman

28

madhi100, le 26 mai 2009 à 17:02:42

Rapport OTmoveit:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\Timothee\Menu Démarrer\Programmes\Démarrage\¡¡¡¡¡¡.lnk moved successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk moved successfully.
C:\WINDOWS\system32\regsvr32.exe moved successfully.
C:\WINDOWS\system32\reg.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion­\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion­\Run\\LTSMMSG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion­\Run\\PRONoMgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion­\Run\\Drawing System deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion­\Run\\SunJavaUpdateSched deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\­Run\\"MSMSGS"| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\System32\ygdwoqlna.exe"|"C:\WINDOWS\System32\ygdwoqlna.exe:*:Disabled:Drawing System" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\ygdwoqlna.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\hsperfdata_Timothee\1668 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DF6016.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DF868.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DF87E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DF991.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DF9A43.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DF9AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DFA4D6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DFA7EE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DFAE6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DFAFC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Timothee\LOCALS~1\Temp\~DFB3C8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\WFTBYZKT\01[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\WFTBYZKT\getcontextualad[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\WFTBYZKT\synd[5].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\S0H0Z9MB\01[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\O2Y2GQRJ\Marché_immobilier_français[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\O2Y2GQRJ\searchresults[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\94WFVQA3\default[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\94WFVQA3\InboxLight[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\94WFVQA3\ToastFull[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\94WFVQA3\ToastMini[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\80H279Y4\affich-12618693-win32-trojan-gen-other[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\6WMVADAJ\getbanneradjs[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\6WMVADAJ\im[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Timothee\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Timothee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\applet_media9.jar-4dbc1b38-6d9f2171.zip scheduled to be deleted on reboot.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05262009_165047

   
Répondre à madhi100

19

madhi100, le 26 mai 2009 à 16:01:46

Résultat sur : C:\WINDOWS\system32\XP-5BAF5D29.EXE

Fichier XP-5BAF5D29.EXE reçu le 2009.05.26 13:55:05 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.26 Trojan.Peed!IK
AhnLab-V3 5.0.0.2 2009.05.26 Win-Trojan/Xema.variant
AntiVir 7.9.0.168 2009.05.26 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.05.26 Trojan/Win32.VB
Authentium 5.1.2.4 2009.05.26 W32/Nuj.A.gen!Eldorado
Avast 4.8.1335.0 2009.05.25 -
AVG 8.5.0.339 2009.05.26 Downloader.Generic7.AUFP
BitDefender 7.2 2009.05.26 Trojan.Spy.Agent.NXS
CAT-QuickHeal 10.00 2009.05.26 TrojanDownloader.VB.huj
ClamAV 0.94.1 2009.05.26 Trojan.Downloader-56684
Comodo 1199 2009.05.25 -
DrWeb 5.0.0.12182 2009.05.26 Win32.HLLW.Autoruner.2697
eSafe 7.0.17.0 2009.05.24 -
eTrust-Vet 31.6.6522 2009.05.26 Win32/VMalum.EGCV
F-Prot 4.4.4.56 2009.05.26 W32/Nuj.A.gen!Eldorado
F-Secure 8.0.14470.0 2009.05.26 Trojan.Win32.Agent.bkks
Fortinet 3.117.0.0 2009.05.26 -
GData 19 2009.05.26 Trojan.Spy.Agent.NXS
Ikarus T3.1.1.57.0 2009.05.26 -
K7AntiVirus 7.10.744 2009.05.25 Trojan-Downloader.Win32.VB.huj
Kaspersky 7.0.0.125 2009.05.26 Trojan.Win32.Agent.bkks
McAfee 5626 2009.05.25 W32/Autorun.worm.dq.gen
McAfee+Artemis 5626 2009.05.25 W32/Autorun.worm.dq.gen
McAfee-GW-Edition 6.7.6 2009.05.26 Trojan.Dropper.Gen
Microsoft 1.4701 2009.05.26 Worm:Win32/Autorun.DM
NOD32 4104 2009.05.26 Win32/FlyStudio.NFF
Norman 6.01.05 2009.05.26 W32/AutoRun.LRT
nProtect 2009.1.8.0 2009.05.26 -
Panda 10.0.0.14 2009.05.26 W32/Flysky.L.worm
Prevx 3.0 2009.05.26 -
Rising 21.31.14.00 2009.05.26 Worm.Win32.Autorun.eyr
Sophos 4.42.0 2009.05.26 Troj/VB-EBE
Sunbelt 3.2.1858.2 2009.05.25 Trojan.Win32.Agent
Symantec 1.4.4.12 2009.05.26 W32.SillyFDC
TheHacker 6.3.4.3.331 2009.05.25 Trojan/Downloader.VB.huj
TrendMicro 8.950.0.1092 2009.05.26 -
VBA32 3.12.10.6 2009.05.26 Worm.Win32.AutoRun.tbb
ViRobot 2009.5.26.1753 2009.05.26 Trojan.Win32.Downloader.1516899
VirusBuster 4.6.5.0 2009.05.25 -

Information additionnelle
File size: 1516899 bytes
MD5...: 5a4e9be921e1d38c8ab58f7e15a1099c
SHA1..: c16f6e30c4364e347a8f1838b2ee659ea196b716
SHA256: 62d5790487296ae4a4bfac4a56ded04540d00e206c6f2493b16df57270e9­afda
ssdeep: 24576:yIwGBFaKfDK3r32SVhffH4wmw6f0NzdMyfY4v4n6NIxigNNpDVOiyx­Kcaa<BR>5ZU4w9:yGBMfxhfB16fgzqyu6NKiUVOiyxpaa2f<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (62.9%)<BR>Win32 Executable Generic (14.2%)<BR>Win32 Dynamic Link Library (generic) (12.6%)<BR>Clipper DOS Executable (3.3%)<BR>Generic Win/DOS Executable (3.3%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x11af<BR>timedatestamp.....: 0x59bffa3 (Mon Dec 25 05:33:23 1972)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x51bc 0x6000 6.95 8e67fce4a62f3b14519473a258a7a069<BR>.rdata 0x7000 0xa4a 0x1000 3.58 777ac25ec7bba2eed5c97e65e8a812c4<BR>.data 0x8000 0x1f58 0x2000 4.60 9fc6eb88c086ef877f8d80c8f9a1af50<BR>.data 0xa000 0x1e000 0x1e000 6.85 ff4b457942abd7438b4ba656c5af33be<BR>.rsrc 0x28000 0x45b8 0x5000 3.31 648c3a5969b0f4793aef2b2434130798<BR><BR>( 2 imports ) <BR>> KERNEL32.dll: GetProcAddress, LoadLibraryA, CloseHandle, WriteFile, CreateDirectoryA, GetTempPathA, ReadFile, SetFilePointer, CreateFileA, GetModuleFileNameA, GetStringTypeA, LCMapStringW, LCMapStringA, HeapAlloc, HeapFree, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, MultiByteToWideChar, GetStringTypeW<BR>> USER32.dll: MessageBoxA, wsprintfA<BR><BR>( 0 exports ) <BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
packers (Kaspersky): PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF
packers (Authentium): PE-Crypt.CF
packers (F-Prot): PE-Crypt.CF

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.26 Trojan.Peed!IK
AhnLab-V3 5.0.0.2 2009.05.26 Win-Trojan/Xema.variant
AntiVir 7.9.0.168 2009.05.26 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.05.26 Trojan/Win32.VB
Authentium 5.1.2.4 2009.05.26 W32/Nuj.A.gen!Eldorado
Avast 4.8.1335.0 2009.05.25 -
AVG 8.5.0.339 2009.05.26 Downloader.Generic7.AUFP
BitDefender 7.2 2009.05.26 Trojan.Spy.Agent.NXS
CAT-QuickHeal 10.00 2009.05.26 TrojanDownloader.VB.huj
ClamAV 0.94.1 2009.05.26 Trojan.Downloader-56684
Comodo 1199 2009.05.25 -
DrWeb 5.0.0.12182 2009.05.26 Win32.HLLW.Autoruner.2697
eSafe 7.0.17.0 2009.05.24 -
eTrust-Vet 31.6.6522 2009.05.26 Win32/VMalum.EGCV
F-Prot 4.4.4.56 2009.05.26 W32/Nuj.A.gen!Eldorado
F-Secure 8.0.14470.0 2009.05.26 Trojan.Win32.Agent.bkks
Fortinet 3.117.0.0 2009.05.26 -
GData 19 2009.05.26 Trojan.Spy.Agent.NXS
Ikarus T3.1.1.57.0 2009.05.26 -
K7AntiVirus 7.10.744 2009.05.25 Trojan-Downloader.Win32.VB.huj
Kaspersky 7.0.0.125 2009.05.26 Trojan.Win32.Agent.bkks
McAfee 5626 2009.05.25 W32/Autorun.worm.dq.gen
McAfee+Artemis 5626 2009.05.25 W32/Autorun.worm.dq.gen
McAfee-GW-Edition 6.7.6 2009.05.26 Trojan.Dropper.Gen
Microsoft 1.4701 2009.05.26 Worm:Win32/Autorun.DM
NOD32 4104 2009.05.26 Win32/FlyStudio.NFF
Norman 6.01.05 2009.05.26 W32/AutoRun.LRT
nProtect 2009.1.8.0 2009.05.26 -
Panda 10.0.0.14 2009.05.26 W32/Flysky.L.worm
Prevx 3.0 2009.05.26 -
Rising 21.31.14.00 2009.05.26 Worm.Win32.Autorun.eyr
Sophos 4.42.0 2009.05.26 Troj/VB-EBE
Sunbelt 3.2.1858.2 2009.05.25 Trojan.Win32.Agent
Symantec 1.4.4.12 2009.05.26 W32.SillyFDC
TheHacker 6.3.4.3.331 2009.05.25 Trojan/Downloader.VB.huj
TrendMicro 8.950.0.1092 2009.05.26 -
VBA32 3.12.10.6 2009.05.26 Worm.Win32.AutoRun.tbb
ViRobot 2009.5.26.1753 2009.05.26 Trojan.Win32.Downloader.1516899
VirusBuster 4.6.5.0 2009.05.25 -

Information additionnelle
File size: 1516899 bytes
MD5...: 5a4e9be921e1d38c8ab58f7e15a1099c
SHA1..: c16f6e30c4364e347a8f1838b2ee659ea196b716
SHA256: 62d5790487296ae4a4bfac4a56ded04540d00e206c6f2493b16df57270e9afda
ssdeep: 24576:yIwGBFaKfDK3r32SVhffH4wmw6f0NzdMyfY4v4n6NIxigNNpDVOiyxKcaa<BR>5ZU4w9:yGBMfxhfB16fgzqyu6NKiUVOiyxpaa2f<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (62.9%)<BR>Win32 Executable Generic (14.2%)<BR>Win32 Dynamic Link Library (generic) (12.6%)<BR>Clipper DOS Executable (3.3%)<BR>Generic Win/DOS Executable (3.3%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x11af<BR>timedatestamp.....: 0x59bffa3 (Mon Dec 25 05:33:23 1972)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x51bc 0x6000 6.95 8e67fce4a62f3b14519473a258a7a069<BR>.rdata 0x7000 0xa4a 0x1000 3.58 777ac25ec7bba2eed5c97e65e8a812c4<BR>.data 0x8000 0x1f58 0x2000 4.60 9fc6eb88c086ef877f8d80c8f9a1af50<BR>.data 0xa000 0x1e000 0x1e000 6.85 ff4b457942abd7438b4ba656c5af33be<BR>.rsrc 0x28000 0x45b8 0x5000 3.31 648c3a5969b0f4793aef2b2434130798<BR><BR>( 2 imports ) <BR>> KERNEL32.dll: GetProcAddress, LoadLibraryA, CloseHandle, WriteFile, CreateDirectoryA, GetTempPathA, ReadFile, SetFilePointer, CreateFileA, GetModuleFileNameA, GetStringTypeA, LCMapStringW, LCMapStringA, HeapAlloc, HeapFree, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, MultiByteToWideChar, GetStringTypeW<BR>> USER32.dll: MessageBoxA, wsprintfA<BR><BR>( 0 exports ) <BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
packers (Kaspersky): PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF
packers (Authentium): PE-Crypt.CF
packers (F-Prot): PE-Crypt.CF

   
Répondre à madhi100
34 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide