Sujet Précédent Sujet Suivant

Virus, ver, trojan??? Besoin d'aide.

Fermé
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 - 5 févr. 2009 à 23:03
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 - 17 févr. 2009 à 10:25
Bonjour,

Je viens d'acheter un asus Eee box et... j'ai déjà quelque chose de louche.

J'ai des fichiers qui ne veulent pas partir de la corbeille... et ils ne viennent pas de ce pc mais de mon DD externe.

Quelqu'un peut-il m'aider dans les démarches a suivre pour m'en débarrasser définitivement? Je viens de mettre un pc de côté car sa CG venait de rendre l'âme et je pense que cette infection y est pour quelque chose.

Comment désinfecter mon pc et surtout comment le faire pour mon DD externe?

Merci d'avance.
A voir également:

32 réponses

  • 1
  • 2
Réponse 1 / 32
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 3
10 févr. 2009 à 20:12
Le lien me donne: Page not found


Par contre maintenant j'ai certains sites qui ne s'affichent plus comme avant. Comme Gmail par exemple. Je suis obligé de l'afficher en html simplifié.
1
Réponse 2 / 32
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 3
10 févr. 2009 à 20:25
Merci. Cela ne m'a donné aucun rapport.

Je viens aussi de remarquer que je ne peux lire les vidéos youtube par exemple. Et en vérifiant si flash était bien installé sur mon pc via le site tout m'indique que c'est ok. Une idée?


Edit: ça ne se passe que sur firefox, sur explorer tout va bien.
1
Réponse 3 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
6 févr. 2009 à 02:36
bonjour


telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.

0
Réponse 4 / 32
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 3
6 févr. 2009 à 11:41
Voici le scan:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:41, on 7/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ALaunch] c:\sysprep\ALaunch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ASUS Easy Update] C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
6 févr. 2009 à 13:30
pour voir télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 6 / 32
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 3
6 févr. 2009 à 13:55
Quand je lance combofix après avoir tout faait en ce qui concerne l'antivirus, pare feu, antispywere... ça m'affiche:

32788R22FWJFW\hidec.exe:

Windows ne parvient pas a accéder au périphérique, au chemin d'accès ou au fichier spécifié.Vous ne disposez peut-être pas des autorisations appropriées pour avoir accès a cet élément.


Alors que je suis en tant qu'admin du pc.
0
Réponse 7 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
6 févr. 2009 à 14:01
1)le tea timer de spybot egalement, tu l as mis sur off.

as tu eu des alertes lors du telechargement de combo fix?


si tu n y arrive pas alors passe alors a celui la.je pense qu il faut mieux commencer a vec combo fix et ensuite verifier avec celui la.
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.

garde le et lance un scan tout les mois comme indique.

si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.



2)apres refais un rapport hijack et colle le.


0
Réponse 8 / 32
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 3
9 févr. 2009 à 18:35
Bon... désolé du retard mais j'ai eu du fil a retordre lol

J'ai du télécharger trojan remover pour que combofix soit utilisable même en mode sans echec....

Voici ce qu'il me dit:

ComboFix 09-02-08.02 - Miguel 2009-02-10 18:24:45.2 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.843 [GMT 1:00]
Lancé depuis: c:\documents and settings\Miguel\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-10 au 2009-02-10 ))))))))))))))))))))))))))))))))))))
.

2009-02-10 18:13 . 2009-02-10 18:13 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-10 18:11 . 2009-02-10 18:13 <REP> d-------- c:\program files\Trojan Remover
2009-02-10 18:11 . 2009-02-10 18:11 <REP> d-------- c:\documents and settings\Miguel\Application Data\Simply Super Software
2009-02-10 18:11 . 2009-02-10 18:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-10 18:11 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-02-10 18:11 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-02-10 18:11 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-02-10 18:11 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-02-10 18:11 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-02-09 22:01 . 2009-02-09 22:01 <REP> d-------- c:\program files\Windows Media Connect 2
2009-02-09 22:01 . 2009-02-09 22:01 1,320 --a------ c:\windows\system32\spupdsvc.inf
2009-02-09 21:58 . 2009-02-09 21:59 <REP> d-------- c:\windows\system32\drivers\UMDF
2009-02-09 14:47 . 2009-02-09 14:47 <REP> d-------- c:\documents and settings\Miguel\Application Data\MSNInstaller
2009-02-09 14:46 . 2009-02-09 14:46 <REP> d-------- c:\windows\LastGood
2009-02-09 12:38 . 2009-02-10 11:20 <REP> d-------- c:\program files\PokerStars
2009-02-08 19:25 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-08 19:25 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-08 19:25 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-08 00:12 . 2009-02-08 00:14 <REP> d-------- c:\documents and settings\Miguel\Application Data\Template
2009-02-08 00:11 . 2009-02-08 00:11 0 --a------ c:\documents and settings\Miguel\Application Data\wklnhst.dat
2009-02-07 17:32 . 2009-02-07 17:32 <REP> d-------- c:\documents and settings\Miguel\Application Data\Malwarebytes
2009-02-07 17:32 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-07 17:31 . 2009-02-07 17:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 17:31 . 2009-02-07 17:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 17:31 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 14:11 . 2009-02-09 21:58 <REP> d-------- c:\windows\system32\LogFiles
2009-02-07 12:37 . 2009-02-07 14:11 <REP> d-------- c:\program files\Metin2_France
2009-02-07 11:40 . 2009-02-07 11:40 <REP> d-------- c:\program files\Trend Micro
2009-02-07 03:03 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-07 03:03 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-07 03:03 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 03:03 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-07 03:02 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-07 03:00 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-02-06 23:23 . 2009-02-07 00:13 <REP> d-------- c:\program files\PKR
2009-02-06 23:15 . 2009-02-07 12:08 <REP> d-------- c:\documents and settings\Miguel\Application Data\skypePM
2009-02-06 23:15 . 2009-02-06 23:15 32 --a------ c:\documents and settings\All Users\Application Data\ezsid.dat
2009-02-06 23:14 . 2009-02-06 23:14 <REP> d-------- c:\program files\Skype
2009-02-06 23:14 . 2009-02-06 23:14 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-02-06 23:14 . 2009-02-07 12:09 <REP> d-------- c:\documents and settings\Miguel\Application Data\Skype
2009-02-06 23:14 . 2009-02-06 23:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-02-06 21:58 . 2009-02-09 19:41 <REP> d--h----- C:\$AVG8.VAULT$
2009-02-06 21:52 . 2009-02-06 21:52 <REP> d-------- c:\documents and settings\Miguel\Application Data\vlc
2009-02-06 21:40 . 2009-02-06 21:40 <REP> d-------- c:\windows\system32\drivers\Avg
2009-02-06 21:40 . 2009-02-06 21:40 <REP> d-------- c:\program files\AVG
2009-02-06 21:40 . 2009-02-06 21:40 <REP> d-------- c:\documents and settings\Miguel\Application Data\AVGTOOLBAR
2009-02-06 21:40 . 2009-02-10 18:22 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-06 21:40 . 2009-02-06 21:40 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-06 21:40 . 2009-02-06 21:40 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-06 21:31 . 2009-02-06 21:31 <REP> d-------- c:\program files\MSBuild
2009-02-06 21:30 . 2009-02-06 21:30 <REP> d-------- c:\program files\Microsoft.NET
2009-02-06 21:27 . 2009-02-06 21:27 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-06 21:26 . 2009-02-06 21:30 <REP> d-------- c:\windows\SHELLNEW
2009-02-06 21:26 . 2009-02-09 03:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 21:25 . 2009-02-06 21:25 <REP> dr-h----- C:\MSOCache
2009-02-06 21:22 . 2009-02-06 21:22 <REP> d-------- c:\program files\VideoLAN
2009-02-06 21:12 . 2009-02-06 21:12 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-06 21:12 . 2009-02-06 21:15 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 21:08 . 2009-02-06 21:08 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-06 21:06 . 2009-02-06 21:06 0 --a------ c:\windows\nsreg.dat
2009-02-06 21:05 . 2008-09-04 19:45 45,056 --------- c:\windows\selfupdt.exe
2009-02-06 21:02 . 2009-02-06 21:02 <REP> d---s---- c:\documents and settings\Miguel\UserData
2009-02-06 20:54 . 2009-02-06 20:54 0 --a------ c:\windows\system32\drivers\1043_ASUSTeK_B202.alu
2009-02-06 20:43 . 2008-08-19 12:58 <REP> d--h----- c:\documents and settings\Miguel\Voisinage réseau
2009-02-06 20:43 . 2008-08-19 12:58 <REP> d--h----- c:\documents and settings\Miguel\Voisinage d'impression
2009-02-06 20:43 . 2008-08-19 11:03 <REP> d--h----- c:\documents and settings\Miguel\Modèles
2009-02-06 20:43 . 2009-02-10 18:11 <REP> dr------- c:\documents and settings\Miguel\Mes documents
2009-02-06 20:43 . 2008-08-19 12:58 <REP> dr------- c:\documents and settings\Miguel\Menu Démarrer
2009-02-06 20:43 . 2009-02-06 20:44 <REP> dr------- c:\documents and settings\Miguel\Favoris
2009-02-06 20:43 . 2009-02-10 18:25 <REP> d-------- c:\documents and settings\Miguel\Bureau
2009-02-06 20:43 . 2008-08-19 12:38 <REP> d-------- c:\documents and settings\Miguel\Application Data\InstallShield
2009-02-06 20:43 . 2009-02-06 21:02 <REP> d-------- c:\documents and settings\Miguel

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 20:08 --------- d-----w c:\program files\Java
2009-02-06 20:05 --------- d-----w c:\program files\ASUS
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-07_17.53.53,15 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-06 20:30:53 248,632 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-02-09 02:07:48 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2009-02-06 20:30:53 781,104 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-02-09 02:04:51 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2009-02-06 20:31:19 118,112 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2009-02-09 02:05:05 120,408 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2009-02-06 20:31:19 609,104 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-02-09 02:05:04 611,392 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
- 2008-04-14 12:00:00 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-10-26 18:49:48 1,011,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u00021090100C0400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-26 18:49:46 970,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u00021090100C0400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-26 18:12:58 396,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u00021090200C0400000000000F01FEC\12.0.4518\MOC.EXE
+ 2006-10-26 19:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u00021090200C0400000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u00021090200C0400000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-10-02 18:51:22 8,436,776 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u00021090200C0400000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u00021090200C0400000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 04:00:34 1,767,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u00021090200C0400000000000F01FEC\12.0.6215\PPCNV.DLL
+ 2007-08-24 04:00:48 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u00021090200C0400000000000F01FEC\12.0.6215\PXBCOM.EXE
+ 2006-10-27 14:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 20:18:12 162,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 14:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 14:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 14:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 14:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 19:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 19:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 19:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 19:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 19:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 19:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 19:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 19:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 14:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 19:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 19:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 19:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 19:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 19:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 19:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 14:40:34 208,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 19:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 14:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 18:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 20:30:42 65,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 14:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 19:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 19:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 18:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 18:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 14:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 13:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 18:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 14:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 19:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 19:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 19:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 14:10:08 1,439,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 14:10:10 5,456,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 14:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 20:42:00 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2009-02-06 20:31:19 609,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2009-02-06 20:31:19 118,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2006-10-26 18:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 19:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 14:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 14:01:34 10,371,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-26 20:18:06 66,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2007-03-22 16:03:50 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 13:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 18:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 19:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 20:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 19:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 12:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 14:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 18:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 12:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 18:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 18:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 19:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-26 19:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 19:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-26 19:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 19:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 19:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 14:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 19:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 19:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 19:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-09-15 15:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-07-26 17:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 14:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 14:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 14:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 14:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 20:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 14:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 14:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2009-02-06 20:30:53 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 19:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 19:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 14:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 19:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 20:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 20:42:12 744,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 19:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 19:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 19:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 19:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 20:18:16 502,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 14:21:58 277,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 13:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-09-29 23:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-26 22:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-26 21:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 14:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2009-02-06 20:30:53 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 13:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 14:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 20:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2007-10-05 19:37:38 17,927,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-28 22:38:10 500,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 22:38:46 9,584,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-10-05 19:44:24 14,168,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-10-02 18:51:22 8,436,776 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-28 22:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 22:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2009-02-09 02:05:23 251,272 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\PPTPIA.DLL
+ 2007-08-28 23:38:22 2,016,656 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-24 02:43:28 138,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-28 22:39:14 625,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 02:43:36 593,296 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-28 22:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 16:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-02 19:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 04:14:14 13,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2006-10-27 13:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002159FA00C0400000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 13:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002159FA00C0400000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 18:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002159FA00C0400000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 13:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002159FA00C0400000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 19:08:00 1,764,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002159FA00C0400000000000F01FEC\12.0.4518\PPCNV.DLL
+ 2006-10-26 19:07:50 67,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002159FA00C0400000000000F01FEC\12.0.4518\PXBCOM.EXE
- 2009-02-06 20:33:06 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-09 02:14:12 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2009-02-06 20:33:06 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-09 02:14:13 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-06 20:33:06 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-09 02:14:12 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2009-02-06 20:33:06 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-09 02:14:13 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-06 20:33:06 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-09 02:14:13 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-06 20:33:06 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-09 02:14:13 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-06 20:33:06 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-09 02:14:12 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2009-02-06 20:33:06 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-09 02:14:12 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-06 20:33:06 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-09 02:14:13 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-06 20:33:06 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-09 02:14:13 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-02-06 20:33:06 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-09 02:14:12 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-19 12:56:33 35,600 ----a-r c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-02-09 02:13:41 35,600 ----a-r c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-02-06 20:26:23 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
+ 2009-02-09 02:07:23 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
- 2008-08-19 12:56:18 49,936 ----a-r c:\windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-02-09 02:12:37 49,936 ----a-r c:\windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
- 2008-08-19 10:07:10 8,738 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2009-02-07 21:08:04 8,972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
- 2008-08-19 10:07:06 76,507 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-02-07 21:08:49 76,507 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2008-08-19 10:07:10 2,092 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-02-07 21:08:49 2,398 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2008-04-14 12:00:00 8,704 ----a-w c:\windows\system32\asferror.dll
+ 2006-11-03 08:56:54 7,680 ----a-w c:\windows\system32\asferror.dll
+ 2006-10-18 20:47:08 276,992 ------w c:\windows\system32\audiodev.dll
- 2008-04-14 12:00:00 286,720 ----a-w c:\windows\system32\blackbox.dll
+ 2006-10-18 20:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
- 2008-04-14 12:00:00 159,232 ----a-w c:\windows\system32\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
- 2008-04-14 12:00:00 8,704 -c--a-w c:\windows\system32\dllcache\asferror.dll
+ 2006-11-03 08:56:54 7,680 -c--a-w c:\windows\system32\dllcache\asferror.dll
- 2008-04-14 12:00:00 286,720 -c--a-w c:\windows\system32\dllcache\blackbox.dll
+ 2006-10-18 20:47:10 542,720 -c--a-w c:\windows\system32\dllcache\blackbox.dll
- 2008-04-14 12:00:00 159,232 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
- 2008-04-14 12:00:00 695,808 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
- 2008-04-14 12:00:00 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-18 20:47:14 11,264 -c--a-w c:\windows\system32\dllcache\LAPRXY.dll
- 2008-06-10 02:11:20 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2006-10-18 19:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-04-14 12:00:00 310,272 -c--a-w c:\windows\system32\dllcache\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP43DMOD.dll
- 2008-04-14 12:00:00 384,512 -c--a-w c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP4SDMOD.dll
- 2008-04-14 12:00:00 240,640 -c--a-w c:\windows\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MPG4DMOD.dll
- 2008-04-14 12:00:00 368,640 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2006-11-03 08:57:06 244,224 -c--a-w c:\windows\system32\dllcache\mpvis.dll
- 2008-04-14 12:00:00 259,072 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
- 2008-04-14 12:00:00 52,736 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
- 2008-04-14 12:00:00 201,728 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
- 2008-04-14 12:00:00 356,352 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-10-18 20:47:16 414,208 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2008-04-14 12:00:00 246,272 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
- 2008-04-14 12:00:00 237,568 -c--a-w c:\windows\system32\dllcache\qasf.dll
+ 2006-10-18 20:47:18 211,456 -c--a-w c:\windows\system32\dllcache\qasf.dll
- 2008-04-14 12:00:00 778,240 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-03 09:02:28 1,680,384 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
- 2008-04-14 12:00:00 208,896 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
- 2008-04-14 12:00:00 408,064 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 -c--a-w c:\windows\system32\dllcache\WMADMOD.dll
- 2008-04-14 12:00:00 670,720 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 -c--a-w c:\windows\system32\dllcache\WMADMOE.dll
- 2008-04-14 12:00:00 230,912 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2006-10-18 20:47:18 222,208 -c--a-w c:\windows\system32\dllcache\WMASF.dll
- 2008-04-14 12:00:00 27,136 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
- 2008-04-14 12:00:00 23,552 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
- 2008-04-14 12:00:00 200,704 -c--a-w c:\windows\system32\dllcache\wmerror.dll
+ 2006-11-03 08:58:42 272,384 -c--a-w c:\windows\system32\dllcache\wmerror.dll
- 2008-04-14 12:00:00 151,552 -c--a-w c:\windows\system32\dllcache\wmidx.dll
+ 2006-10-18 20:47:20 157,184 -c--a-w c:\windows\system32\dllcache\wmidx.dll
- 2008-06-10 05:11:46 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
+ 2006-10-18 20:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
- 2008-04-14 12:00:00 4,874,240 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2008-04-14 12:00:00 114,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
- 2008-04-14 12:00:00 98,304 -c--a-w c:\windows\system32\dllcache\wmpband.dll
+ 2006-11-03 08:58:48 96,256 -c--a-w c:\windows\system32\dllcache\wmpband.dll
- 2008-04-14 12:00:00 233,472 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
- 2008-04-14 12:00:00 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2006-11-03 08:59:00 64,000 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
- 2008-04-14 12:00:00 2,985,984 -c--a-w c:\windows\system32\dllcache\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 -c--a-w c:\windows\system32\dllcache\wmploc.dll
- 2008-04-14 12:00:00 102,400 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
- 2008-04-14 12:00:00 759,296 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
- 2008-04-14 12:00:00 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2008-04-14 12:00:00 485,376 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 -c--a-w c:\windows\system32\dllcache\WMSPDMOD.dll
- 2008-04-14 12:00:00 897,024 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 -c--a-w c:\windows\system32\dllcache\WMSPDMOE.dll
- 2008-11-07 15:45:32 2,174,976 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2006-10-18 20:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
- 2008-04-14 12:00:00 809,984 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
- 2008-04-14 12:00:00 1,001,472 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-10-18 19:00:00 38,528 ------w c:\windows\system32\drivers\wpdusb.sys
+ 2006-09-28 17:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-28 18:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2006-10-18 19:00:46 249,856 ------w c:\windows\system32\drmupgds.exe
- 2008-04-14 12:00:00 695,808 ----a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
- 2006-10-26 13:10:08 1,190,688 ----a-w c:\windows\system32\FM20.DLL
+ 2007-08-23 00:03:38 1,195,888 ----a-w c:\windows\system32\FM20.DLL
- 2008-04-14 12:00:00 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2006-10-18 20:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2008-06-10 02:11:20 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2006-10-18 19:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2006-10-18 20:47:14 212,992 ------w c:\windows\system32\MFPLAT.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MP43DECD.dll
- 2008-04-14 12:00:00 310,272 ----a-w c:\windows\system32\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
+ 2006-10-18 20:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2008-04-14 12:00:00 384,512 ----a-w c:\windows\system32\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2008-04-14 12:00:00 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
+ 2006-10-02 14:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2008-04-14 12:00:00 259,072 ----a-w c:\windows\system32\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2008-04-14 12:00:00 52,736 ----a-w c:\windows\system32\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
- 2008-04-14 12:00:00 201,728 ----a-w c:\windows\system32\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2008-04-14 12:00:00 356,352 ----a-w c:\windows\system32\msscp.dll
+ 2006-10-18 20:47:16 414,208 ----a-w c:\windows\system32\msscp.dll
- 2008-04-14 12:00:00 246,272 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-10-18 20:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-18 20:47:18 101,888 ------w c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 20:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 20:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 20:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
- 2008-04-14 12:00:00 237,568 ----a-w c:\windows\system32\qasf.dll
+ 2006-10-18 20:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2006-09-25 16:58:48 14,640 ------w c:\windows\system32\spmsg.dll
+ 2006-10-18 20:58:00 8,704 ------w c:\windows\system32\uwdf.exe
+ 2006-10-18 20:47:18 4,096 ------w c:\windows\system32\wdfapi.dll
+ 2006-10-18 20:58:00 8,704 ------w c:\windows\system32\wdfmgr.exe
- 2008-04-14 12:00:00 408,064 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 ----a-w c:\windows\system32\WMADMOD.dll
- 2008-04-14 12:00:00 670,720 ----a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2008-04-14 12:00:00 230,912 ----a-w c:\windows\system32\wmasf.dll
+ 2006-10-18 20:47:18 222,208 ----a-w c:\windows\system32\WMASF.dll
- 2008-04-14 12:00:00 27,136 ----a-w c:\windows\system32\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2008-04-14 12:00:00 23,552 ----a-w c:\windows\system32\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
+ 2006-10-18 20:47:18 429,056 ------w c:\windows\system32\wmdrmdev.dll
+ 2006-10-18 20:47:20 348,672 ------w c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 20:47:20 535,040 ------w c:\windows\system32\wmdrmsdk.dll
- 2008-04-14 12:00:00 200,704 ----a-w c:\windows\system32\wmerror.dll
+ 2006-11-03 08:58:42 272,384 ----a-w c:\windows\system32\wmerror.dll
- 2008-04-14 12:00:00 151,552 ----a-w c:\windows\system32\wmidx.dll
+ 2006-10-18 20:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2008-06-10 05:11:46 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
+ 2006-10-18 20:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
- 2008-04-14 12:00:00 4,874,240 ----a-w c:\windows\system32\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 ----a-w c:\windows\system32\wmp.dll
- 2008-04-14 12:00:00 114,688 ----a-w c:\windows\system32\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
- 2008-04-14 12:00:00 233,472 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2006-10-18 20:47:20 1,661,440 ------w c:\windows\system32\wmpencen.dll
- 2008-04-14 12:00:00 2,985,984 ----a-w c:\windows\system32\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-18 20:47:20 613,376 ------w c:\windows\system32\wmpmde.dll
+ 2006-10-18 20:47:20 130,048 ------w c:\windows\system32\wmpps.dll
- 2008-04-14 12:00:00 102,400 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-10-18 20:47:20 204,288 ------w c:\windows\system32\wmpsrcwp.dll
- 2008-04-14 12:00:00 759,296 ----a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2008-04-14 12:00:00 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2008-04-14 12:00:00 485,376 ----a-w c:\windows\system32\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
- 2008-04-14 12:00:00 897,024 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
+ 2006-10-18 20:47:22 4,096 ------w c:\windows\system32\WMVADVD.dll
+ 2006-10-18 20:47:22 4,096 ------w c:\windows\system32\WMVADVE.DLL
- 2008-11-07 15:45:32 2,174,976 ----a-w c:\windows\system32\WMVCore.dll
+ 2006-10-18 20:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2006-10-18 20:47:22 1,543,680 ------w c:\windows\system32\WMVDECOD.dll
- 2008-04-14 12:00:00 809,984 ----a-w c:\windows\system32\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2008-04-14 12:00:00 1,001,472 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 1,574,912 ------w c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 20:47:22 1,382,912 ------w c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 20:47:22 767,488 ------w c:\windows\system32\WMVSENCD.dll
+ 2006-10-18 20:47:22 656,896 ------w c:\windows\system32\WMVXENCD.dll
+ 2006-10-18 20:47:22 629,760 ------w c:\windows\system32\wpd_ci.dll
+ 2006-10-18 20:47:22 35,840 ------w c:\windows\system32\wpdconns.dll
+ 2006-10-18 20:47:22 154,624 ------w c:\windows\system32\wpdmtp.dll
+ 2006-10-18 20:47:22 63,488 ------w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 2,603,008 ------w c:\windows\system32\WpdShext.dll
+ 2006-10-18 19:00:14 17,408 ------w c:\windows\system32\wpdshextautoplay.exe
+ 2006-11-02 10:52:12 44,032 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-18 20:47:22 133,632 ------w c:\windows\system32\WPDShServiceObj.dll
+ 2006-10-18 20:47:22 356,352 ------w c:\windows\system32\wpdsp.dll
+ 2006-09-28 19:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-28 17:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-28 17:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 17:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-28 17:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"cdoosoft"="c:\windows\system32\olhrwef.exe" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [2006-11-03 317440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
"ASUS Easy Update"="c:\program files\ASUS\ASUS Easy Update\ALU.exe" [2008-10-16 188416]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1235736]
"ALaunch"="c:\sysprep\ALaunch.exe" [BU]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-05 1237896]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-08-19 1585152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-06 97928]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-06 231704]
S2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\RALINK\Common\RalinkRegistryWriter.exe [2008-08-19 69632]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2009-02-07 23856]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-08-19 637824]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - SPUPDSVC
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Miguel\Application Data\Mozilla\Firefox\Profiles\rj830ybl.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 18:26:49
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-10 18:29:15
ComboFix-quarantined-files.txt 2009-02-10 17:29:13

Avant-CF: 27.917.651.968 octets libres
Après-CF: 27,907,514,368 octets libres

542 --- E O F --- 2009-02-09 02:14:14



Je vais faire de suite un scan hijackthis et je le poste dés qu'il est prêt.


Edit: voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:00, on 10/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ASUS Easy Update] C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ALaunch] c:\sysprep\ALaunch.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
0
Réponse 9 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
9 févr. 2009 à 22:51
fait voir le rapport de trojan remover.

passe le scan de malware byte comme indique dans un message precedent car il manque quelquechose , trojan remover a du enleve quelquechose car il n apparait qu une clef de registre encore mais pas le fichier.

depuis quand as tu ce probleme?
0
Réponse 10 / 32
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 3
10 févr. 2009 à 01:18
Pour trojan remover:

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2563. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 1:12:24 11 févr. 2009
Using Database v7282
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Miguel\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Miguel\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
1:12:24: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
1:12:24: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
1:12:24: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
1:12:25: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
-R- 141848 bytes
Created: 19/08/2008 12:33
Modified: 8/11/2007 16:56
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
-R- 166424 bytes
Created: 19/08/2008 12:33
Modified: 8/11/2007 16:56
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
-R- 137752 bytes
Created: 19/08/2008 12:33
Modified: 8/11/2007 16:56
Company: Intel Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
-R- 16876032 bytes
Created: 19/08/2008 12:37
Modified: 3/07/2008 9:51
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 10/10/2007 18:51
Modified: 10/10/2007 18:51
Company: Adobe Systems Incorporated
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
--------------------
Value Name: ASUS Easy Update
Value Data: C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
188416 bytes
Created: 6/02/2009 21:06
Modified: 16/10/2008 16:07
Company:
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1237896 bytes
Created: 10/02/2009 18:11
Modified: 5/02/2009 19:52
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 8/07/2008 23:27
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
1:12:30: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
1:12:30: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
1:12:31: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
1:12:31: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 3/11/2006 10:03
Modified: 3/11/2006 10:03
Company: [no info]
----------

************************************************************
1:12:31: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 19/08/2008 11:05
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
--------------------

************************************************************
1:12:33: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
21361 bytes
Created: 19/08/2008 12:38
Modified: 19/08/2008 12:38
Company: Cisco Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
-R- 5851488 bytes
Created: 19/08/2008 12:33
Modified: 30/10/2007 9:00
Company: Intel Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
----------
Key: MTsensor
ImagePath: system32\DRIVERS\ASACPI.sys
C:\WINDOWS\system32\DRIVERS\ASACPI.sys
-R- 5810 bytes
Created: 19/08/2008 12:27
Modified: 13/08/2004 11:56
Company:
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007 3:19
Modified: 24/08/2007 3:19
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006 14:03
Modified: 26/10/2006 14:03
Company: Microsoft Corporation
----------
Key: RalinkRegistryWriter
ImagePath: C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
69632 bytes
Created: 19/08/2008 12:38
Modified: 13/05/2008 14:12
Company: Ralink Technology, Corp.
----------
Key: RT80x86
ImagePath: system32\DRIVERS\RT2860.sys
C:\WINDOWS\system32\DRIVERS\RT2860.sys
637824 bytes
Created: 19/08/2008 12:38
Modified: 1/07/2008 12:12
Company: Ralink Technology, Corp.
----------
Key: RTSTOR
ImagePath: system32\drivers\RTSTOR.SYS
C:\WINDOWS\system32\drivers\RTSTOR.SYS
47360 bytes
Created: 19/08/2008 12:38
Modified: 16/01/2008 18:58
Company: Realtek Semiconductor Corp.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{20447A79-7DF2-452A-AC41-ABE1175692C4}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------

************************************************************
1:12:37: Scanning -----VXD ENTRIES-----

************************************************************
1:12:37: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
-R- 208896 bytes
Created: 19/08/2008 12:33
Modified: 30/10/2007 8:39
Company: Intel Corporation
----------

************************************************************
1:12:38: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
1:12:38: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll"
C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
339968 bytes
Created: 21/01/2008 15:48
Modified: 21/01/2008 15:48
Company: Sun Microsystems, Inc.
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007 21:54
Modified: 10/05/2007 21:54
Company: Adobe Systems, Inc.
----------

************************************************************
1:12:38: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 22:08
Modified: 22/10/2006 22:08
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1879896 bytes
Created: 6/02/2009 21:12
Modified: 26/01/2009 15:31
Company: Safer Networking Limited
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
----------

************************************************************
1:12:39: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------

************************************************************
1:12:40: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
1:12:40: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
1:12:40: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
1:12:40: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
1:12:40: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 19/08/2008 12:58
Modified: 19/08/2008 11:07
Company: [no info]
--------------------
Ralink Wireless Utility.lnk - links to C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\RALINK\Common\RaUI.exe
1585152 bytes
Created: 19/08/2008 12:38
Modified: 16/06/2008 14:47
Company: Ralink Technology, Corp.
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
1:12:41: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
1:12:41: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
1:12:41: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 9/02/2009 23:31
Modified: 9/02/2009 23:31
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 9/02/2009 23:31
Modified: 9/02/2009 23:31
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
1:12:43: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxpers.exe - file already scanned
--------------------
C:\WINDOWS\RTHDCPL.EXE - file already scanned
--------------------
C:\WINDOWS\system32\igfxsrvc.exe
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\ASUS\ASUS Easy Update\ALU.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
--------------------
C:\Program Files\RALINK\Common\RaUI.exe
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Miguel\Application Data\Simply Super Software\Trojan Remover\rjc110.exe
FileSize: 2929528
[This is a Trojan Remover component]
--------------------

************************************************************
1:12:49: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.be/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 1:12:49 11 févr. 2009
Total Scan time: 00:00:24
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2563. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 18:14:42 10 févr. 2009
Using Database v7282
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Miguel\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Miguel\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
18:14:42: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
18:14:42: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
18:14:42: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
18:14:44: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
-R- 141848 bytes
Created: 19/08/2008 12:33
Modified: 8/11/2007 16:56
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
-R- 166424 bytes
Created: 19/08/2008 12:33
Modified: 8/11/2007 16:56
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
-R- 137752 bytes
Created: 19/08/2008 12:33
Modified: 8/11/2007 16:56
Company: Intel Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
-R- 16876032 bytes
Created: 19/08/2008 12:37
Modified: 3/07/2008 9:51
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 10/10/2007 18:51
Modified: 10/10/2007 18:51
Company: Adobe Systems Incorporated
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
--------------------
Value Name: ASUS Easy Update
Value Data: C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
188416 bytes
Created: 6/02/2009 21:06
Modified: 16/10/2008 16:07
Company:
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1235736 bytes
Created: 6/02/2009 21:40
Modified: 6/02/2009 21:40
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
-R- 57344 bytes
Created: 19/08/2008 12:37
Modified: 19/06/2008 9:20
Company: Realtek Semiconductor Corp.
--------------------
Value Name: ALaunch
Value Data: c:\sysprep\ALaunch.exe
c:\sysprep\ALaunch.exe [file not found to scan]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1237896 bytes
Created: 10/02/2009 18:11
Modified: 5/02/2009 19:52
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 8/07/2008 23:27
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - entry is globally excluded
--------------------
Value Name: cdoosoft
Value Data: C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\olhrwef.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: MPlayer2_FixUp
Value Data: C:\WINDOWS\inf\unregmp2.exe /Fixups
C:\WINDOWS\inf\unregmp2.exe
317440 bytes
Created: 8/07/2008 23:27
Modified: 3/11/2006 9:58
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
18:14:48: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
18:14:48: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
18:14:48: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
18:14:48: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 3/11/2006 10:03
Modified: 3/11/2006 10:03
Company: [no info]
----------

************************************************************
18:14:49: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 19/08/2008 11:05
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
--------------------

************************************************************
18:14:50: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
21361 bytes
Created: 19/08/2008 12:38
Modified: 19/08/2008 12:38
Company: Cisco Systems, Inc.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231704 bytes
Created: 6/02/2009 21:40
Modified: 6/02/2009 21:40
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
97928 bytes
Created: 6/02/2009 21:40
Modified: 6/02/2009 21:40
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 6/02/2009 21:40
Modified: 6/02/2009 21:40
Company: AVG Technologies CZ, s.r.o.
----------
Key: catchme
ImagePath: \??\C:\ComboFix\catchme.sys - this file is globally excluded
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
-R- 5851488 bytes
Created: 19/08/2008 12:33
Modified: 30/10/2007 9:00
Company: Intel Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
----------
Key: MTsensor
ImagePath: system32\DRIVERS\ASACPI.sys
C:\WINDOWS\system32\DRIVERS\ASACPI.sys
-R- 5810 bytes
Created: 19/08/2008 12:27
Modified: 13/08/2004 11:56
Company:
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007 3:19
Modified: 24/08/2007 3:19
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006 14:03
Modified: 26/10/2006 14:03
Company: Microsoft Corporation
----------
Key: RalinkRegistryWriter
ImagePath: C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
69632 bytes
Created: 19/08/2008 12:38
Modified: 13/05/2008 14:12
Company: Ralink Technology, Corp.
----------
Key: RT80x86
ImagePath: system32\DRIVERS\RT2860.sys
C:\WINDOWS\system32\DRIVERS\RT2860.sys
637824 bytes
Created: 19/08/2008 12:38
Modified: 1/07/2008 12:12
Company: Ralink Technology, Corp.
----------
Key: RTSTOR
ImagePath: system32\drivers\RTSTOR.SYS
C:\WINDOWS\system32\drivers\RTSTOR.SYS
47360 bytes
Created: 19/08/2008 12:38
Modified: 16/01/2008 18:58
Company: Realtek Semiconductor Corp.
----------
Key: spupdsvc
ImagePath: C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\system32\spupdsvc.exe
23856 bytes
Created: 7/02/2009 3:00
Modified: 25/09/2006 17:58
Company: Microsoft Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{20447A79-7DF2-452A-AC41-ABE1175692C4}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------

************************************************************
18:14:57: Scanning -----VXD ENTRIES-----

************************************************************
18:14:57: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
-R- 208896 bytes
Created: 19/08/2008 12:33
Modified: 30/10/2007 8:39
Company: Intel Corporation
----------

************************************************************
18:14:57: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 6/02/2009 21:40
Modified: 6/02/2009 21:40
Company: AVG Technologies CZ, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
18:14:57: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll"
C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
339968 bytes
Created: 21/01/2008 15:48
Modified: 21/01/2008 15:48
Company: Sun Microsystems, Inc.
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007 21:54
Modified: 10/05/2007 21:54
Company: Adobe Systems, Inc.
----------

************************************************************
18:14:57: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 22:08
Modified: 22/10/2006 22:08
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
455960 bytes
Created: 6/02/2009 21:40
Modified: 6/02/2009 21:40
Company: AVG Technologies CZ, s.r.o.
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1879896 bytes
Created: 6/02/2009 21:12
Modified: 26/01/2009 15:31
Company: Safer Networking Limited
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
----------
Key: {A057A204-BACC-4D26-9990-79A187E2698E}
BHO: C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
2055960 bytes
Created: 6/02/2009 21:40
Modified: 6/02/2009 21:40
Company: AVG, Technologies CZ, s.r.o
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 6/02/2009 21:08
Modified: 6/02/2009 21:08
Company: Sun Microsystems, Inc.
----------

************************************************************
18:14:59: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 8/07/2008 23:26
Modified: 14/04/2008 13:00
Company: Microsoft Corporation
----------

************************************************************
18:14:59: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
18:14:59: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
18:14:59: Scanning ----- APPINIT_DLLS -----
The HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key appears to be locked
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 6/02/2009 21:40
Modified: 6/02/2009 21:40
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
18:15:00: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
18:15:00: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 19/08/2008 12:58
Modified: 19/08/2008 11:07
Company: [no info]
--------------------
Ralink Wireless Utility.lnk - links to C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\RALINK\Common\RaUI.exe
1585152 bytes
Created: 19/08/2008 12:38
Modified: 16/06/2008 14:47
Company: Ralink Technology, Corp.
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
18:15:01: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
18:15:01: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
18:15:01: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 9/02/2009 23:31
Modified: 9/02/2009 23:31
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 9/02/2009 23:31
Modified: 9/02/2009 23:31
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
18:15:02: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxpers.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxsrvc.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
--------------------
C:\WINDOWS\RTHDCPL.EXE - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe - file already scanned
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Documents and Settings\Miguel\Application Data\Simply Super Software\Trojan Remover\ign41B.exe
FileSize: 2929528
[This is a Trojan Remover component]
--------------------

************************************************************
18:15:07: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.asus.com/fr/
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.be/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 18:15:07 10 févr. 2009
Total Scan time: 00:00:24
************************************************************


Je ferais demain en rentrant du boulot alors avec malware bytes. J'ai le problème depuis assez longtemps mais sur un autre PC qui a claqué. Ensuite j'ai acheté celui ci et dès que j'ai branché mon DD externe dessus ... rebelote.

J'ai aussi désinstallé AVG car il était périmé. Je dois regarder pour un autre antivirus.
0
Réponse 11 / 32
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 3
10 févr. 2009 à 12:44
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1735
Windows 5.1.2600 Service Pack 3

11/02/2009 5:31:28
mbam-log-2009-02-11 (05-31-28).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 95381
Temps écoulé: 22 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 12 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
10 févr. 2009 à 13:45
refais un scan hijack et colle le . merci.
0
Réponse 13 / 32
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 3
10 févr. 2009 à 13:47
voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:57, on 11/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ASUS Easy Update] C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
0
Réponse 14 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
10 févr. 2009 à 14:00
a priorii c est parti. ce qu il y avait d infectieux mais aucun rapport ne me le trace donc etrange.

comment fonctionne ton pc?pas trop lent au demarrage?

on va voir pour ameliorer ta securite.


A)il reste je crois une clef a enlever
1)Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :

http://oldtimer.geekstogo.com/OTMoveIt3.exe


2)Une fois téléchargé double-clique sur OTMoveIt3.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :


:processes
explorer.exe

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]




et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
clique sur move it pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.



B)Télécharge ToolsCleaner sur ton bureau.(pour enlever ce que je t ai fait telecharger comme fix)
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


ensuite :

Clic sur "démarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"

¤ coche la case "désactiver la Restauration du systéme sur tous les lecteurs", puis clic sur "appliquer"
¤ décoche la case et clic sur "appliquer" puis "ok".

Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:

Clic sur "démarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé. Si un jour tu décides tu pourras revenir en arrière à la date créée.


Tuto : http://www.libellules.ch/desactiver_restauration.php
0
Réponse 15 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
10 févr. 2009 à 14:49
du monde va peut etre venir nous aider car je ne suis pas sur du resultat.

passe cela.
Télécharges FindyKill de Chiquitine29

Fais un clique droit sur le lien et choisis "enregistrer la cible sous ...." , destination le bureau .

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

--> Entre dans le dossier " FindyKill "

Double clic sur " FindyKill.bat " (et pas sur autre chose!) pour lancer l'outil .

->choisis l'option 1 . Puis laisses travailler ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
0
Réponse 16 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
10 févr. 2009 à 14:59
le a) et b) du message 12 inutil pour l instant surtout le a).
0
Réponse 17 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
10 févr. 2009 à 15:06
et mille excuse pas d antivirus.regarde les differents messages precedents , celui la est priritaire.
http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal

+tuto
https://www.malekal.com/avira-free-security-antivirus-gratuit/


bien configurer antivir.configuration puis mode expert a cocher puis dans scanner et recherche , cocher tout les fichiers ainsi que analyse de rootkit et priorite de scanner eleve.
0
Réponse 18 / 32
SLB177 Messages postés 91 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 12 février 2020 3
10 févr. 2009 à 15:33
Oups... j'ai fait la a) du message 12 quand j'ai vu que c'était inutile.

Sinon pour mon pc tout a toujours été... pas de lag ni ralentissements ni rien mais j'avais des alertes avec AVG et les fichiers a la corbeille qui ne s'effaçaient pas. Pour l'instant ça a l'air réglé. Maintenant j'ai juste peur pour mon DD externe que je sais pas s'il est encore infecté ou pas... ainsi qu'une clé USB que j'utilise fréquemment.

L'élément majeur était un truc "kamsoft" et en faisant des recherches sur le net,ça laisse a croire qu'il se propage via les périphériques amovibles... et sur la clé USB j'ai ADOBER que j'ai jamais réussi a enlever.

Je fais donc tout le reste en soirée car je pars dans 5 min. Je te posterai tout ce qu'il faut.

Un grand merci pour ton aide en tout cas.
0
Réponse 19 / 32
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
10 févr. 2009 à 16:30
passe plutot cela a la place de findykill

2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.
0
Réponse 20 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
10 févr. 2009 à 20:15
voici le nouveau lien Flash Disinfector de sUBs
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses