> Tous les forums > Forum Sécurité
 Mon PC redémarre toutes les 3minutes : braviax?
Ajouter un message à la discussion
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]
PopYet
  Posté le 16/08/2009 @ 14:49 
Aller en bas de la page 
Petit astucien

Bonjour,

Depuis ce matin, mon ordinateur (IBM ThinkPad T43) n'arrete pas de rebooter automatiquement au bout de 3 voire 4 minutes, meme en mode sans echec. J'ai checké au niveau des drivers, CD, alimentation, ventilo, ca semble etre autre chose.

Parrallement, je suis contaminé par Braviax et cie (cru.dat + figaro.sys), et je n'arrive pas à me débarasser de ces s********.

J'ai essayé Malware, ccleaner, smitfraudfix, combofix (qui ne demarre pas??).

Y a-t-il un lien entre le virus et le redémarrage?

Quelqu'un pourrait-il m'aider à résoudre mon problème.

D'avance merci.

PS : pour ne rien arranger, mon lecteur CD est mort, donc pas de restauration windows possible... Je dois nettoyer de l'intérieur.

Publicité
nardino
 Posté le 16/08/2009 à 15:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour,

Tu ne conserves que clavier et souris.

En mode sans échec avec prise en charge réseau, tu charges CF ici et tu le lances sous ce mode.

Poste le rapport.

@+



Modifié par nardino le 16/08/2009 15:13
mendek747
 Posté le 16/08/2009 à 15:35 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Salut j'ai exactement le meme probleme je suis infecter par une armada que je n'arrive pas a supprimer

Braviax.exe, figaro.sys dans system32, trojan Fraudo ou fraudlo et le fichier wisdstr.exe...j'ai un pop up windows fake qui me dit que mon ordi est infecté (nan sans blague)

J'ai fait trojan remover, antimalware malewarebytes, avast analyse avant demmarage, et la je suis passer a antivir avira...

A chaque fois il sont reperer et supprimer mais il reviennent sans cesse. Et quand je supprime un des fichiers mon ordi redemmarre sans prevenir !!

ça serait tres tres tres sympa si vous pouvez nous aider sa m'enerve !!!

PopYet
 Posté le 16/08/2009 à 15:37 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Merci Nardino,

J'ai lancé l'application Combofix.

Voici en attendant le log hijackthis, est ce que tu peux m'aider à y voir clair?

Merci!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:41, on 16/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\p.franc\Bureau\Antivir.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s-marimba:6560
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*;172.29.*;;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: HLIeBar - {0A120D41-244B-11D5-8122-005004F6D77D} - C:\Program Files\HumanLinks2\bin\HLIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: fqbewlna - {CF83D74E-ED31-490D-B8EA-DA20D79F79EB} - C:\WINDOWS\fqbewlna.dll (file missing)
O3 - Toolbar: fqbewlna - {1874B855-8ABC-4348-AD35-A59A57A69F8A} - C:\WINDOWS\fqbewlna.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKLM\..\Run: [rts] C:\WINDOWS\rts.exe
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [srvmntapp] C:\WINDOWS\system32\tonadaxs.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\p.franc\msword98.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKLM\..\Policies\Explorer\Run: [Q4gq2m20j2] C:\Documents and Settings\All Users\Application Data\shubupej\inwnoter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\Software\..\Telephony: DomainName = de-pedagogie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: syshosts - {D56E1A64-8589-4EC3-9F9A-AE5DF5C3C581} - syshosts.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 9253 bytes

PopYet
 Posté le 16/08/2009 à 15:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Info supplémentaire,

le combofix se déroule bien jusqu'à la phase d'édition du log.

A ce moment, le virus? fait rebooter l'ordi avant que que le rapport ne s'affiche...

J'ai entraperçu que combofix avait deleté multes documents apparamment infectés.

J'ai recommencé la manoeuvre, et il a resupprimé juste 2 fichiers : braviax.exe & un autre que je n'ai pas eu le temps de noter.

PopYet
 Posté le 16/08/2009 à 15:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

3e tentative :

combofix tente d'éliminer : braviax.exe (dans deux emplacements), cru629 (dans deux emplacements), & wisdstr.exe.

Et toujours un reboot avant l'édition du log... sic!

clbugnot
 Posté le 16/08/2009 à 17:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour mendek747, bienvenue sur PCA !

Crée ton propre sujet plutôt que de te greffer sur celui-ci. Reviens sur la page d'accueil du forum Sécurité, clique sur Créez une nouvelle discussion, en haut à droite, et expose ton problème.

Cordialement.

nardino
 Posté le 16/08/2009 à 18:38 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour.

Nous allons tenter une autre action à l'aide d'un antivirus en LiveCD.

Prends DrWEbCureIt : Antivirus en live cd

Ensuite retente un Combofix.

@+

PopYet
 Posté le 16/08/2009 à 18:54 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

La solution me parait intéressante, le probleme est que mon lecteur cd ne fonctionne plus...

Est-il possible de faire la meme manip avec un disque dur externe?

D avance merci!

nardino
 Posté le 16/08/2009 à 19:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour.

Avec un lecteur externe oui.

Mais sur un disque j'ai un doute.

Sinon tu as encore la solution de démonter ton disque interne et de le monter dans un boitier externe ou en esclave sur un autre pc et de le faire analyser par l'entivrus en titre.

@+

PopYet
 Posté le 16/08/2009 à 19:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Je n ai pas de lecteur CD ext, et je ne sais pas comment monter un disque dur en esclave ou sur boitier...

Ny a-t-il pas moyen de faire le ménage à partir de msdos? ou d empecher que l ordi redemarre le temps d eradiquer les virus?

merci

nardino
 Posté le 16/08/2009 à 21:21 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonsoir.

Si je connaissais le moyen, je ne manquerais pas de t'en faire part.

Tu sais qu'un lecteur graveur neuf coute une 20 d'euros ?

Essaie de copier le fichier iso sur une clé USB et de booter dessus.

@+

PopYet
 Posté le 25/08/2009 à 18:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonsoir Nardino,

J'ai finalement réussi à supprimer braviax grace à l'installation de avira et de online armor comme pare feu.

En revanche, je n'arrive pas à éradiquer de mon ordinateur (T43 Thinkpad avec Windows xp pro) le malware Pcantivirus 2010 ainsi que plusieurs autre tels lcw.exe, ou BN.tmp.

J'ai executé à de multiples reprises Spybot, Malwarebytes, et CCleaner.

Voici ci -dessous le log HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:25, on 25/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AhnRpta.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Assistant UltraNav\UNavTray.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\pp11.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\p.franc\Bureau\Antivir.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s-marimba:6560
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*;172.29.*;;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: HLIeBar - {0A120D41-244B-11D5-8122-005004F6D77D} - C:\Program Files\HumanLinks2\bin\HLIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [pp] C:\windows\pp11.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\P95B7~1.FRA\LOCALS~1\Temp\herss.exe
O4 - HKLM\..\Policies\Explorer\Run: [Q4gq2m20j2] C:\Documents and Settings\All Users\Application Data\shubupej\inwnoter.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [braviax] (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\Software\..\Telephony: DomainName = de-pedagogie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O18 - Protocol: Skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Avira antivir Planificateur (antivirschedulerservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira antivir Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Online Armor Helper Service (oacat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Online Armor (svconlinearmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 10728 bytes

D'avance merci pour votre aide.

Bonne soirée

Fill
 Posté le 25/08/2009 à 18:40 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

Re,

C'est toujours lié à Braviax. Nardino va s'occuper de ça si tu suis ses consignes jusqu'au bout.

Fill

PopYet
 Posté le 25/08/2009 à 19:37 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

ok, merci bcp!

nardino
 Posté le 25/08/2009 à 22:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonsoir.

Tu supprimes la version de Combofix dont tu disposes.

Tu télécharges ces trois programmes et la console de récupération correspondant à ton système.(Pour XP seulement)

-Combofix sur ton bureau
Tu n'y touches plus pour le moment

-Malwarebytes'Anti-Malware
Tu l'installes et tu le mets à jour sans lancer de scan et tu le refermes.

-CCleaner
Clique sur : CCleaner v2.22.968- Slim / No Toolbar / 1.010KB / Download now...(en bas)..
Installes-le.
Dans Options, Avancé, tu retires la coche devant : Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
Dans la page principale , onglet Applications, décoche antivir Desktop si tu utilises cet antivirus afin de ne pas vider la quarantaine.
Tu le fermes également.

-Consoles de récupération.
Tu télécharges celle qui correspond à ta configuration, sur ton bureau, sans modifier le nom proposé au téléchargement.

Avec pack SP2/SP3
http://www.microsoft.com/downloads/details.aspx?displaylang=fr&FamilyID=15491f07-99f7-4a2d-983d-81c2137ff464 Microsoft Windows XP Édition familiale
http://www.microsoft.com/downloads/details.aspx?displaylang=fr&FamilyID=535d248d-5e10-49b5-b80c-0a0205368124 Microsoft Windows XP Professionnel

-Tu redémarres en mode sans échec sans prise en charge réseau.
Après la fermeture de la première fenêtre du BIOS, au tout début de la phase de démarrage du PC (boot), appuyer sur F8.
Une fenêtre de type DOS s'ouvre, sélectionner Mode sans échec à l'aide des flèches du clavier et cliquer sur Entrée (Enter)
Ne t'inquiète pas de l'aspect, Windows démarre avec le minimum nécessaire et peut prendre quelque minutes pour démarrer.
Il faut choisir la même session qu'en mode normal et non pas la session Administrateur qui n'apparaît que sous ce mode (Sous XP).

-Tu fais un scan complet avec Malwarebytes'Anti-Malware et tu supprimes toute la sélection à la fin.

-Tu lances Combofix.exe renommé (Premier lien) pour installer l'outil
Tu installes la console de récupération comme suit :



Quand cela te sera demandé, Clique sur Yes et sur OUI pour accepter le contrat de licence.



Une la console installée, tu verras une fenêtre Congratulations..., tu cliques sur YES/Oui pour faire un scan de recherche de malfaisants.
Cela va prendre au moins 10 minutes.
L'ordinateur va redémarrer.
Un fenêtre bleue va s'ouvrir.
Attends que le rapport s'affiche avant de lancer quoique ce soit.
Poste ce rapport par copier-coller ainsi que celui de MBAM.
Il sera enregistré en C:\Combofix.txt au besoin pour le retrouver.

@+

PopYet
 Posté le 28/08/2009 à 16:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonjour Nardino,

Voici les deux logs mbam et combofix.

Une petite précision toutefois : il m'a été impossible de démarrer le mode sans echec autrement qu'avec une prise en charge reseau, mon ordi ayant été configuré par mon école et donc relié au réseau de celle-ci pour l'authentification. Est-ce que ça change la done pour les scans?

Et autre chose : j'ai mal interpréter tes instructions pour combofix, il a donc effectué un premier scan sans console de recupération. Tu trouveras ci-dessous le premier log édité. J'ai par la suite relancé un combofix, avec la console de recupération, mais il ne m'a pas édité de log la seconde fois...

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2708
Windows 5.1.2600 Service Pack 2 (Safe Mode)

28/08/2009 15:10:43
mbam-log-2009-08-28 (15-10-43).txt

Type de recherche: Examen complet (B:\|C:\|D:\|E:\|I:\|)
Eléments examinés: 281727
Temps écoulé: 42 minute(s), 9 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 98

Processus mémoire infecté(s):
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\pp11.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CXM3W1AJ\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\sm.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\braviax.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP617\A0262455.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262570.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262571.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262572.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262574.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262575.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262585.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262586.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262587.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262614.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262833.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0262917.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0263184.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0263440.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0263485.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0263532.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0263537.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0263539.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0263540.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP619\A0263549.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP620\A0266560.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP620\A0266594.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP620\A0267592.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP620\A0267636.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP620\A0267646.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP620\A0267647.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN10.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN11.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN12.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN13.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN14.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN15.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN16.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN17.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN18.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN19.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN1A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN1B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN1C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN1D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN1E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BND.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\BN10.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\BN11.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\BND.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\BNE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\BNF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\ld12.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\pp11.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\wpv771250547022.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\zazodin_1250666133.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\temp01\_scui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
D:\sm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\sm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP616\A0262409.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
I:\ej10fkdo.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
I:\sm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP617\A0262469.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP620\A0266563.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\p.franc\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\e8main0.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\p.franc\Local Settings\temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\p.franc\Local Settings\temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146120114.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464949.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465651.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

PopYet
 Posté le 28/08/2009 à 16:06 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

et voici le log combofix part 1 :

ComboFix 09-08-27.A0 - P.Franc 28/08/2009 15:15.5.1 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.769 [GMT 8:00]
Running from: c:\documents and settings\p.franc\Bureau\Combofix.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\asedaxixu.pif
c:\documents and settings\All Users\Application Data\degopyj.bin
c:\documents and settings\All Users\Application Data\ecywobipa._sy
c:\documents and settings\All Users\Application Data\egakuxace.scr
c:\documents and settings\All Users\Application Data\ehiquxeby.com
c:\documents and settings\All Users\Application Data\fywupy.reg
c:\documents and settings\All Users\Application Data\lofimow.dl
c:\documents and settings\All Users\Application Data\makajir.lib
c:\documents and settings\All Users\Application Data\nyqaliru.ban
c:\documents and settings\All Users\Application Data\nyxusige._dl
c:\documents and settings\All Users\Application Data\samesilomo.ban
c:\documents and settings\All Users\Application Data\ujywa.inf
c:\documents and settings\All Users\Application Data\vequk.vbs
c:\documents and settings\All Users\Application Data\wuqej.dll
c:\documents and settings\All Users\Application Data\wuxyrumud.com
c:\documents and settings\All Users\Application Data\yqyhiqac.dl
c:\documents and settings\All Users\Documents\cibadehig.dl
c:\documents and settings\All Users\Documents\hikesili.sys
c:\documents and settings\All Users\Documents\hiwukaxyk.reg
c:\documents and settings\All Users\Documents\ibuwyxuwaf.vbs
c:\documents and settings\All Users\Documents\iguh.bat
c:\documents and settings\All Users\Documents\obybecej.vbs
c:\documents and settings\All Users\Documents\porudox.bin
c:\documents and settings\All Users\Documents\tobef.bat
c:\documents and settings\All Users\Documents\uhin.ban
c:\documents and settings\All Users\Documents\ukah.inf
c:\documents and settings\All Users\Documents\wivegaq.sys
c:\documents and settings\LocalService\Application Data\ahawuziqyv._sy
c:\documents and settings\LocalService\Application Data\etiluc.ban
c:\documents and settings\LocalService\Application Data\gyhydipo.exe
c:\documents and settings\LocalService\Application Data\isytiwev.bat
c:\documents and settings\LocalService\Application Data\kiwisyr.ban
c:\documents and settings\LocalService\Application Data\oloteme.vbs
c:\documents and settings\LocalService\Application Data\oroz.inf
c:\documents and settings\LocalService\Application Data\ozyn.ban
c:\documents and settings\LocalService\Application Data\vihorog.pif
c:\documents and settings\LocalService\Application Data\wuzepy.ban
c:\documents and settings\LocalService\Cookies\uvanimuw.dl
c:\documents and settings\LocalService\Local Settings\Application Data\domarira.exe
c:\documents and settings\LocalService\Local Settings\Application Data\gisehukax.dll
c:\documents and settings\LocalService\Local Settings\Application Data\gyhelakufi.dll
c:\documents and settings\LocalService\Local Settings\Application Data\muxo.exe
c:\documents and settings\LocalService\Local Settings\Application Data\ozaqapigyw.com
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\digefure.dl
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\esucida.scr
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\zehezecuvo.pif
c:\documents and settings\p.franc\Application Data\nexutubym.inf
c:\documents and settings\p.franc\Application Data\sikumari.exe
c:\documents and settings\p.franc\Application Data\ulabat.ban
c:\documents and settings\p.franc\Application Data\xufywix.com
c:\documents and settings\p.franc\Application Data\ynazavu.lib
c:\documents and settings\p.franc\Local Settings\Application Data\itofijazo.reg
c:\documents and settings\p.franc\Local Settings\Application Data\otinetyv.ban
c:\documents and settings\p.franc\Local Settings\Application Data\ukofo.exe
C:\lcw.exe
C:\ljnhwt.bat
c:\program files\Fichiers communs\aqama.ban
c:\program files\Fichiers communs\esyvab.inf
c:\program files\Fichiers communs\jiwezocywo.ban
c:\program files\Fichiers communs\kojihex.ban
c:\program files\Fichiers communs\kudedokolu.reg
c:\program files\Fichiers communs\obag.pif
c:\program files\Fichiers communs\owed.dll
c:\program files\Fichiers communs\oxaweze.sys
c:\program files\Fichiers communs\taliryvuf.sys
c:\program files\Fichiers communs\ufotuneq.ban
c:\windows\acaxilimi.ban
c:\windows\avogy.bin
c:\windows\bekafov.bin
c:\windows\cisuhabas.exe
c:\windows\dycy.pif
c:\windows\erysyl.bin
c:\windows\etozy.dl
c:\windows\fotax._dl
c:\windows\guvy.ban
c:\windows\lexutowami.dll
c:\windows\mugusuryvo._dl
c:\windows\qygim.bat
c:\windows\ricyw.reg
c:\windows\system32\digocydyk._dl
c:\windows\system32\ehebesihyg.ban
c:\windows\system32\esocaguf.scr
c:\windows\system32\etacycuhy.dl
c:\windows\system32\lubekyco.reg
c:\windows\system32\mepixaju.dll
c:\windows\system32\omewybon.dll
c:\windows\system32\pirylovy.reg
c:\windows\system32\puqaf.sys
c:\windows\system32\ususohe.sys
c:\windows\system32\wecezi.dl
c:\windows\system32\yvojamage.reg
c:\windows\tukuceqena.dl
c:\windows\ukap.scr
c:\windows\upatiw.reg
c:\windows\uxasolu.inf
c:\windows\vafolenuv._dl
c:\windows\wpd99.drv
c:\windows\ydivisy.inf
c:\windows\ygiwonu.inf
c:\windows\yvepevo.scr
c:\windows\zeguhajo.scr
D:\Autorun.inf
D:\lcw.exe
D:\ljnhwt.bat
E:\autorun.inf
E:\lcw.exe
E:\ljnhwt.bat
I:\autorun.inf
I:\lcw.exe
I:\ljnhwt.bat

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-28 06:15 . 2009-08-28 06:15 -------- d-----w- c:\program files\CCleaner
2009-08-28 06:12 . 2009-08-03 05:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-28 06:12 . 2009-08-03 05:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 02:04 . 2009-08-27 07:55 94016 ----a-w- c:\windows\system32\dllcache\agp440.sys
2009-08-22 10:38 . 2009-08-25 09:31 625824 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-19 04:03 . 2009-08-19 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-08-19 04:03 . 2009-08-19 04:04 -------- d-----w- c:\documents and settings\p.franc\Application Data\OnlineArmor
2009-08-19 04:00 . 2009-07-10 21:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-08-19 04:00 . 2009-07-10 21:17 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-08-19 04:00 . 2009-07-10 21:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-08-19 04:00 . 2009-08-19 04:00 -------- d-----w- c:\program files\Tall Emu
2009-08-19 02:43 . 2009-08-19 02:43 -------- d-----w- C:\PC_Antispyware2010
2009-08-19 02:18 . 2009-08-28 06:02 -------- d-----w- c:\windows\temp01
2009-08-18 13:59 . 2009-03-30 02:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-18 13:59 . 2009-03-24 08:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-18 13:59 . 2009-02-13 04:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-18 13:59 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-18 13:58 . 2009-08-18 13:58 -------- d-----w- c:\program files\Avira
2009-08-18 13:58 . 2009-08-18 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-16 12:10 . 2009-08-28 06:04 47744 ----a-w- c:\windows\system32\drivers\a6b05311.sys
2009-08-16 11:49 . 2009-08-16 11:59 -------- d-s---w- C:\49019-CF
2009-08-16 11:37 . 2009-08-16 11:37 16641 ----a-w- c:\windows\owajybital.dat
2009-08-15 16:12 . 2009-08-15 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-15 15:57 . 2009-08-15 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment.temp
2009-08-15 04:18 . 2009-08-15 12:59 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-08-15 04:15 . 2009-08-15 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-08-15 04:12 . 2009-08-15 04:12 18964 ----a-w- c:\windows\system32\ufyfimipyz.com
2009-08-14 08:35 . 2009-08-14 08:35 3584 ----a-w- c:\windows\system32\drivers\naunbt52u52.sys
2009-08-14 08:35 . 2009-08-14 08:27 50688 ----a-w- c:\windows\rts.exe
2009-08-14 08:25 . 2009-08-14 08:25 12729 ----a-w- c:\windows\pikinese.dat
2009-08-14 08:19 . 2009-08-14 08:19 13423 ----a-w- c:\windows\enugikyn.com
2009-08-14 05:53 . 2009-08-19 01:24 -------- d-----w- c:\documents and settings\p.franc\SmitfraudFix
2009-08-13 18:17 . 2009-08-13 18:17 -------- d-----w- C:\Themes
2009-08-13 18:17 . 2009-08-13 18:17 13868 ----a-w- c:\windows\lofavyd.dat
2009-08-13 18:17 . 2009-08-13 18:17 11131 ----a-w- c:\windows\system32\ytyhupy.dat
2009-08-10 18:31 . 2009-08-10 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apowersoft
2009-08-10 17:46 . 2009-08-13 18:11 -------- d-----w- c:\documents and settings\p.franc\Application Data\Eltima Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 06:12 . 2008-10-25 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-28 06:03 . 2008-03-22 17:50 -------- d-----w- c:\program files\DNA
2009-08-28 06:03 . 2008-03-22 17:50 -------- d-----w- c:\documents and settings\p.franc\Application Data\DNA
2009-08-27 20:42 . 2008-03-22 17:50 -------- d-----w- c:\documents and settings\p.franc\Application Data\BitTorrent
2009-08-27 07:55 . 2004-09-17 14:58 94016 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2009-08-25 09:31 . 1979-12-31 22:00 625824 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-25 09:22 . 2005-08-31 11:52 -------- d-----w- c:\program files\Network Associates
2009-08-25 09:22 . 2005-08-31 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2009-08-25 06:18 . 2005-08-31 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-19 04:03 . 1979-12-31 22:00 73832 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 04:03 . 1979-12-31 22:00 464966 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-19 02:43 . 2009-08-19 02:43 10347 ----a-w- c:\program files\Fichiers communs\isysinajo.lib
2009-08-19 01:51 . 2007-08-03 19:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-16 11:40 . 2005-08-31 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-14 07:03 . 2006-01-24 17:06 -------- d-----w- c:\program files\CursorXP
2009-08-13 18:23 . 2008-09-14 03:41 -------- d-----w- c:\program files\Enigma Software Group
2009-07-20 09:06 . 2005-10-30 17:32 92040 -c--a-w- c:\documents and settings\p.franc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 05:57 . 2009-06-05 05:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 03:42 . 2009-06-17 17:45 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 03:42 . 2007-10-20 04:56 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

------- Sigcheck -------

[-] 2004-08-05 03:00 1884672 90E794C5D2D368686FE71B4A0354462C c:\windows\explorer.exe


[7] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[7] 2004-08-05 03:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2009-08-25 09:31 625824 8D97165A08B70DEE8839EE5109993345 c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-25 09:31 625824 8D97165A08B70DEE8839EE5109993345 c:\windows\system32\drivers\ntfs.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-16_07.45.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 18:19 . 2007-11-06 18:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-08-25 06:17 . 2009-08-25 06:17 74240 c:\windows\temp01\zlib.dll
- 2009-08-15 13:18 . 2009-08-15 13:18 74240 c:\windows\temp01\zlib.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 69632 c:\windows\temp01\zip.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 69632 c:\windows\temp01\zip.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 90112 c:\windows\temp01\YzToolBar.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 90112 c:\windows\temp01\YzToolBar.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 57344 c:\windows\temp01\YzToolBar.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 57344 c:\windows\temp01\YzToolBar.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 12288 c:\windows\temp01\xpcom.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 12288 c:\windows\temp01\xpcom.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 50176 c:\windows\temp01\xmlprovi.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 50176 c:\windows\temp01\xmlprovi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 28672 c:\windows\temp01\xhpi.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 28672 c:\windows\temp01\xhpi.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 51712 c:\windows\temp01\wzcsapi.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 51712 c:\windows\temp01\wzcsapi.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 33792 c:\windows\temp01\wups2.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 33792 c:\windows\temp01\wups2.dll
+ 2009-08-19 03:18 . 2009-08-19 03:18 24064 c:\windows\temp01\wups.dll
- 2009-08-15 22:17 . 2009-08-15 22:17 24064 c:\windows\temp01\wups.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 43520 c:\windows\temp01\wuauclt.exe
- 2009-08-15 04:00 . 2009-08-15 04:00 43520 c:\windows\temp01\wuauclt.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 18432 c:\windows\temp01\wtsapi32.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 18432 c:\windows\temp01\wtsapi32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 25088 c:\windows\temp01\wsock32.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 25088 c:\windows\temp01\wsock32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 19968 c:\windows\temp01\wshtcpip.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 19968 c:\windows\temp01\wshtcpip.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 57344 c:\windows\temp01\wshfr.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 57344 c:\windows\temp01\wshfr.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 65536 c:\windows\temp01\wshext.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 65536 c:\windows\temp01\wshext.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 81408 c:\windows\temp01\wscsvc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 81408 c:\windows\temp01\wscsvc.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 19968 c:\windows\temp01\ws2help.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 19968 c:\windows\temp01\ws2help.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 82944 c:\windows\temp01\ws2_32.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 82944 c:\windows\temp01\ws2_32.dll
- 2009-08-15 08:56 . 2009-08-15 08:56 86016 c:\windows\temp01\wmpshell.dll
+ 2009-08-19 06:15 . 2009-08-19 06:15 86016 c:\windows\temp01\wmpshell.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 99328 c:\windows\temp01\wmiutils.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 99328 c:\windows\temp01\wmiutils.dll
+ 2009-08-19 03:36 . 2009-08-19 03:36 77312 c:\windows\temp01\wmipicmp.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 89088 c:\windows\temp01\wmiaprpl.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 89088 c:\windows\temp01\wmiaprpl.dll
+ 2009-08-26 05:58 . 2009-08-26 05:58 45568 c:\windows\temp01\wmi2xml.dll
- 2009-08-15 09:00 . 2009-08-15 09:00 34304 c:\windows\temp01\WMDMPS.dll
+ 2009-08-20 06:51 . 2009-08-20 06:51 34304 c:\windows\temp01\WMDMPS.dll
+ 2009-08-20 06:51 . 2009-08-20 06:51 30208 c:\windows\temp01\WMDMLOG.dll
- 2009-08-15 09:00 . 2009-08-15 09:00 30208 c:\windows\temp01\WMDMLOG.dll
+ 2009-08-21 20:32 . 2009-08-21 20:32 44544 c:\windows\temp01\WLXQuickTimeShellExt.dll
+ 2009-08-21 20:32 . 2009-08-21 20:32 12800 c:\windows\temp01\WLXPhotoBase.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 53760 c:\windows\temp01\winsta.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 53760 c:\windows\temp01\winsta.dll
+ 2009-08-19 03:18 . 2009-08-19 03:18 17408 c:\windows\temp01\winshfhc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 16896 c:\windows\temp01\winrnr.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 16896 c:\windows\temp01\winrnr.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 32768 c:\windows\temp01\winipsec.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 32768 c:\windows\temp01\winipsec.dll
+ 2009-08-19 09:33 . 2009-08-19 09:33 82944 c:\windows\temp01\wdmaud.sys
- 2009-08-15 03:59 . 2009-08-15 03:59 82944 c:\windows\temp01\wdmaud.sys
- 2009-08-15 03:59 . 2009-08-15 03:59 23552 c:\windows\temp01\wdmaud.drv
+ 2009-08-19 03:09 . 2009-08-19 03:09 23552 c:\windows\temp01\wdmaud.drv
+ 2009-08-21 20:29 . 2009-08-21 20:29 49152 c:\windows\temp01\wdigest.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 38912 c:\windows\temp01\wdfmgr.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 38912 c:\windows\temp01\wdfmgr.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 43520 c:\windows\temp01\wbemsvc.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 43520 c:\windows\temp01\wbemsvc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 18944 c:\windows\temp01\wbemprox.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 18944 c:\windows\temp01\wbemprox.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 71680 c:\windows\temp01\wbemcons.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 71680 c:\windows\temp01\wbemcons.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 69632 c:\windows\temp01\vsupdcpl.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 69632 c:\windows\temp01\vsupdcpl.dll
+ 2009-08-19 10:31 . 2009-08-19 10:31 29184 c:\windows\temp01\VsTskMgr.exe
+ 2009-08-19 03:34 . 2009-08-19 03:34 86016 c:\windows\temp01\VSPlugin.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 86016 c:\windows\temp01\VSPlugin.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 18944 c:\windows\temp01\version.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 18944 c:\windows\temp01\version.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 31744 c:\windows\temp01\verify.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 31744 c:\windows\temp01\verify.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 28672 c:\windows\temp01\verclsid.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 28672 c:\windows\temp01\verclsid.exe
- 2009-08-15 04:00 . 2009-08-15 04:00 26112 c:\windows\temp01\vdmdbg.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 26112 c:\windows\temp01\vdmdbg.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 26112 c:\windows\temp01\utildll.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 26112 c:\windows\temp01\utildll.dll
+ 2009-08-25 09:29 . 2009-08-25 09:29 65536 c:\windows\temp01\UserSpace.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 25088 c:\windows\temp01\userinit.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 25088 c:\windows\temp01\userinit.exe
- 2009-08-15 13:19 . 2009-08-15 13:19 26496 c:\windows\temp01\USBSTOR.SYS
+ 2009-08-19 06:06 . 2009-08-19 06:06 26496 c:\windows\temp01\USBSTOR.SYS
- 2009-08-15 03:59 . 2009-08-15 03:59 16896 c:\windows\temp01\usbmon.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 16896 c:\windows\temp01\usbmon.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 81920 c:\windows\temp01\UpdRes.Dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 81920 c:\windows\temp01\UpdRes.Dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 57344 c:\windows\temp01\UpdPlug.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 57344 c:\windows\temp01\UpdPlug.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 87040 c:\windows\temp01\updaterc.dll
+ 2009-08-26 02:09 . 2009-08-26 02:09 61440 c:\windows\temp01\unpack.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 13824 c:\windows\temp01\uniplat.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 13824 c:\windows\temp01\uniplat.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 78848 c:\windows\temp01\unimdmat.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 78848 c:\windows\temp01\unimdmat.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 13312 c:\windows\temp01\umdmxfrm.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 13312 c:\windows\temp01\umdmxfrm.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 36864 c:\windows\temp01\ucstartup.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 36864 c:\windows\temp01\ucstartup.exe
+ 2009-08-20 09:06 . 2009-08-20 09:06 50688 c:\windows\temp01\twain_32.dll
- 2009-08-15 08:57 . 2009-08-15 08:57 15360 c:\windows\temp01\tsd32.dll
+ 2009-08-19 06:16 . 2009-08-19 06:16 15360 c:\windows\temp01\tsd32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 90624 c:\windows\temp01\trkwks.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 90624 c:\windows\temp01\trkwks.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 69632 c:\windows\temp01\TrayRes.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 69632 c:\windows\temp01\TrayRes.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 31232 c:\windows\temp01\traffic.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 31232 c:\windows\temp01\traffic.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 81920 c:\windows\temp01\TpShocks.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 81920 c:\windows\temp01\TpShocks.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 65536 c:\windows\temp01\TpScrex.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 65536 c:\windows\temp01\TpScrex.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 77824 c:\windows\temp01\TPONSCR.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 77824 c:\windows\temp01\TPONSCR.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 32768 c:\windows\temp01\TpKmpSvc.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 32768 c:\windows\temp01\TpKmpSvc.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 94208 c:\windows\temp01\TPHKMGR.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 94208 c:\windows\temp01\TPHKMGR.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 24576 c:\windows\temp01\tphk_2k.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 24576 c:\windows\temp01\tphk_2k.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 77824 c:\windows\temp01\TPHDEXLG.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 77824 c:\windows\temp01\TPHDEXLG.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 40960 c:\windows\temp01\TP4HOOK.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 40960 c:\windows\temp01\TP4HOOK.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 40960 c:\windows\temp01\TP4EX.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 40960 c:\windows\temp01\TP4EX.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 61440 c:\windows\temp01\tfswapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 61440 c:\windows\temp01\tfswapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 46592 c:\windows\temp01\tcpmon.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 46592 c:\windows\temp01\tcpmon.dll
+ 2009-08-19 09:33 . 2009-08-19 09:33 60800 c:\windows\temp01\sysaudio.sys
- 2009-08-15 03:59 . 2009-08-15 03:59 60800 c:\windows\temp01\sysaudio.sys
- 2009-08-15 03:59 . 2009-08-15 03:59 65536 c:\windows\temp01\SynTPFcs.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 65536 c:\windows\temp01\SynTPFcs.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 94208 c:\windows\temp01\SynTPAPI.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 94208 c:\windows\temp01\SynTPAPI.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 73728 c:\windows\temp01\SynCOM.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 73728 c:\windows\temp01\SynCOM.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 54272 c:\windows\temp01\swmidi.sys
+ 2009-08-19 09:33 . 2009-08-19 09:33 54272 c:\windows\temp01\swmidi.sys
- 2009-08-15 03:59 . 2009-08-15 03:59 14336 c:\windows\temp01\svchost.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 14336 c:\windows\temp01\svchost.exe
+ 2009-08-21 04:58 . 2009-08-21 04:58 12288 c:\windows\temp01\STINTL.DLL
+ 2009-08-19 03:18 . 2009-08-19 03:18 68096 c:\windows\temp01\sti.dll
- 2009-08-15 04:12 . 2009-08-15 04:12 68096 c:\windows\temp01\sti.dll
- 2009-08-15 13:18 . 2009-08-15 13:18 40960 c:\windows\temp01\ssubtmr6.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 40960 c:\windows\temp01\ssubtmr6.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 34816 c:\windows\temp01\ssdpapi.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 34816 c:\windows\temp01\ssdpapi.dll
+ 2009-08-19 04:01 . 2009-08-19 04:01 67584 c:\windows\temp01\srclient.dll
- 2009-08-15 16:33 . 2009-08-15 16:33 67584 c:\windows\temp01\srclient.dll
+ 2009-08-19 06:08 . 2009-08-19 06:08 58368 c:\windows\temp01\srchctls.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 74752 c:\windows\temp01\spoolss.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 74752 c:\windows\temp01\spoolss.dll

PopYet
 Posté le 28/08/2009 à 16:07 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Combofix part2 :

+ 2009-08-21 10:45 . 2009-08-21 10:45 26624 c:\windows\temp01\SoftwareUpdateLocalized.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 36864 c:\windows\temp01\SNGPlug.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 36864 c:\windows\temp01\SNGPlug.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 98304 c:\windows\temp01\smime3.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 98304 c:\windows\temp01\smime3.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 73728 c:\windows\temp01\slserv.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 73728 c:\windows\temp01\slserv.exe
+ 2009-08-26 03:43 . 2009-08-26 03:43 98304 c:\windows\temp01\slbiop.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 41984 c:\windows\temp01\sirenacm.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 41984 c:\windows\temp01\sirenacm.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 19968 c:\windows\temp01\ShUtilRc.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 19968 c:\windows\temp01\ShUtilRc.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 98304 c:\windows\temp01\shstat.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 98304 c:\windows\temp01\shstat.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 13312 c:\windows\temp01\ShStat.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 13312 c:\windows\temp01\ShStat.DLL
+ 2009-08-19 03:13 . 2009-08-19 03:13 86016 c:\windows\temp01\shlext.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 65536 c:\windows\temp01\shimeng.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 65536 c:\windows\temp01\shimeng.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 25088 c:\windows\temp01\shfolder.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 25088 c:\windows\temp01\shfolder.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 13824 c:\windows\temp01\shext.dll
- 2009-08-15 08:59 . 2009-08-15 08:59 13824 c:\windows\temp01\shext.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 14848 c:\windows\temp01\serwvdrv.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 14848 c:\windows\temp01\serwvdrv.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 53248 c:\windows\temp01\Sensor.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 53248 c:\windows\temp01\Sensor.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 38912 c:\windows\temp01\sens.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 38912 c:\windows\temp01\sens.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 32256 c:\windows\temp01\SEmalRes.Dll
- 2009-08-15 04:00 . 2009-08-15 04:00 32256 c:\windows\temp01\SEmalRes.Dll
- 2009-08-15 03:59 . 2009-08-15 03:59 65536 c:\windows\temp01\SecureFrameworkFactory.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 65536 c:\windows\temp01\SecureFrameworkFactory.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 55808 c:\windows\temp01\secur32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 55808 c:\windows\temp01\secur32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 18944 c:\windows\temp01\seclogon.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 18944 c:\windows\temp01\seclogon.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 10112 c:\windows\temp01\secdrv.sys
+ 2009-08-19 03:08 . 2009-08-19 03:08 10112 c:\windows\temp01\secdrv.sys
+ 2009-08-19 03:09 . 2009-08-19 03:09 45056 c:\windows\temp01\ScrptRes_InUse.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 45056 c:\windows\temp01\ScrptRes_InUse.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 94208 c:\windows\temp01\ScriptSubSys.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 94208 c:\windows\temp01\ScriptSubSys.dll
+ 2009-08-25 09:21 . 2009-08-25 09:21 45056 c:\windows\temp01\scriptproxy.dll
- 2009-08-15 04:10 . 2009-08-15 04:10 45056 c:\windows\temp01\scriptproxy.dll
- 2009-08-15 22:18 . 2009-08-15 22:18 22016 c:\windows\temp01\sclgntfy.dll
+ 2009-08-19 03:32 . 2009-08-19 03:32 22016 c:\windows\temp01\sclgntfy.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 71168 c:\windows\temp01\scarddlg.dll
+ 2009-08-19 12:55 . 2009-08-19 12:55 45056 c:\windows\temp01\Scan.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 64000 c:\windows\temp01\samlib.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 64000 c:\windows\temp01\samlib.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 61440 c:\windows\temp01\S24MUDLL.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 61440 c:\windows\temp01\S24MUDLL.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 33792 c:\windows\temp01\rundll32.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 33792 c:\windows\temp01\rundll32.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 44032 c:\windows\temp01\rtutils.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 44032 c:\windows\temp01\rtutils.dll
+ 2009-08-19 16:41 . 2009-08-19 16:41 90112 c:\windows\temp01\rsvpsp.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 59904 c:\windows\temp01\regsvc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 59904 c:\windows\temp01\regsvc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 58880 c:\windows\temp01\rastapi.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 58880 c:\windows\temp01\rastapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 61440 c:\windows\temp01\rasman.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 61440 c:\windows\temp01\rasman.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 12288 c:\windows\temp01\rasctrs.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 12288 c:\windows\temp01\rasctrs.dll
+ 2009-08-26 02:08 . 2009-08-26 02:08 18944 c:\windows\temp01\qmgrprxy.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 86016 c:\windows\temp01\QCWLICON.EXE
- 2009-08-15 03:59 . 2009-08-15 03:59 86016 c:\windows\temp01\QCWLICON.EXE
+ 2009-08-19 03:08 . 2009-08-19 03:08 77824 c:\windows\temp01\QCONSVC.EXE
- 2009-08-15 03:59 . 2009-08-15 03:59 77824 c:\windows\temp01\QCONSVC.EXE
- 2009-08-15 03:59 . 2009-08-15 03:59 49152 c:\windows\temp01\QconRes.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 49152 c:\windows\temp01\QconRes.dll
+ 2009-08-22 16:03 . 2009-08-22 16:03 20480 c:\windows\temp01\python.exe
- 2009-08-15 16:00 . 2009-08-15 16:00 20480 c:\windows\temp01\python.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 36864 c:\windows\temp01\PWRMGRRT.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 36864 c:\windows\temp01\PWRMGRRT.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 65536 c:\windows\temp01\PWRMGRIF.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 65536 c:\windows\temp01\PWRMGRIF.DLL
- 2009-08-15 04:11 . 2009-08-15 04:11 86016 c:\windows\temp01\pthreadVC2.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 86016 c:\windows\temp01\pthreadVC2.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 34304 c:\windows\temp01\pstorsvc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 34304 c:\windows\temp01\pstorsvc.dll
- 2009-08-15 04:04 . 2009-08-15 04:04 43520 c:\windows\temp01\pstorec.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 43520 c:\windows\temp01\pstorec.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 65536 c:\windows\temp01\PSNGive.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 65536 c:\windows\temp01\PSNGive.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 10752 c:\windows\temp01\pschdprf.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 10752 c:\windows\temp01\pschdprf.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 98816 c:\windows\temp01\psbase.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 98816 c:\windows\temp01\psbase.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 23040 c:\windows\temp01\psapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 17408 c:\windows\temp01\powrprof.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 17408 c:\windows\temp01\powrprof.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 39424 c:\windows\temp01\pngfilt.dll
- 2009-08-15 04:10 . 2009-08-15 04:10 39424 c:\windows\temp01\pngfilt.dll
+ 2009-08-20 09:06 . 2009-08-20 09:06 53248 c:\windows\temp01\Plugin.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 11776 c:\windows\temp01\plds4.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 11776 c:\windows\temp01\plds4.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 14848 c:\windows\temp01\plc4.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 14848 c:\windows\temp01\plc4.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 15360 c:\windows\temp01\pjlmon.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 15360 c:\windows\temp01\pjlmon.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 12288 c:\windows\temp01\perfts.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 12288 c:\windows\temp01\perfts.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 35840 c:\windows\temp01\perfproc.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 35840 c:\windows\temp01\perfproc.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 26624 c:\windows\temp01\perfos.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 26624 c:\windows\temp01\perfos.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 17408 c:\windows\temp01\perfnet.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 17408 c:\windows\temp01\perfnet.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 27136 c:\windows\temp01\perfdisk.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 27136 c:\windows\temp01\perfdisk.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 42496 c:\windows\temp01\perfctrs.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 42496 c:\windows\temp01\perfctrs.dll
+ 2009-08-19 08:54 . 2009-08-19 08:54 78336 c:\windows\temp01\PerfCounter.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 78336 c:\windows\temp01\PerfCounter.dll
+ 2009-08-26 05:58 . 2009-08-26 05:58 14336 c:\windows\temp01\pdf995ui5.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 30720 c:\windows\temp01\pdf995mon.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 30720 c:\windows\temp01\pdf995mon.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 65024 c:\windows\temp01\pautoenr.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 65024 c:\windows\temp01\pautoenr.dll
+ 2009-08-20 09:06 . 2009-08-20 09:06 94208 c:\windows\temp01\OPP.dll
+ 2009-08-19 03:59 . 2009-08-19 03:59 53248 c:\windows\temp01\OnlineArmor_Setup.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 83456 c:\windows\temp01\olepro32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 83456 c:\windows\temp01\olepro32.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 69632 c:\windows\temp01\oemdspif.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 69632 c:\windows\temp01\oemdspif.dll
- 2009-08-15 13:06 . 2009-08-15 13:06 98304 c:\windows\temp01\odbcint.dll
+ 2009-08-19 11:18 . 2009-08-19 11:18 98304 c:\windows\temp01\odbcint.dll
- 2009-08-15 13:06 . 2009-08-15 13:06 24576 c:\windows\temp01\odbcbcp.dll
+ 2009-08-20 12:32 . 2009-08-20 12:32 24576 c:\windows\temp01\odbcbcp.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 45056 c:\windows\temp01\OASCpl.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 45056 c:\windows\temp01\OASCpl.dll
+ 2009-08-19 04:03 . 2009-08-19 04:03 73728 c:\windows\temp01\OAnetApi.dll
+ 2009-08-19 04:03 . 2009-08-19 04:03 21504 c:\windows\temp01\OAnet.sys
+ 2009-08-19 04:03 . 2009-08-19 04:03 16384 c:\windows\temp01\OAmon.sys
- 2009-08-15 04:00 . 2009-08-15 04:00 61440 c:\windows\temp01\nvpcpl.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 61440 c:\windows\temp01\nvpcpl.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 36864 c:\windows\temp01\ntsdexts.dll
- 2009-08-15 04:09 . 2009-08-15 04:09 36864 c:\windows\temp01\ntsdexts.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 43520 c:\windows\temp01\ntlanman.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 43520 c:\windows\temp01\ntlanman.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 67072 c:\windows\temp01\ntdsapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 67072 c:\windows\temp01\ntdsapi.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 81920 c:\windows\temp01\nssutil3.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 81920 c:\windows\temp01\nssutil3.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 98304 c:\windows\temp01\nssdbm3.dll
- 2009-08-15 04:02 . 2009-08-15 04:02 98304 c:\windows\temp01\nssdbm3.dll
+ 2009-08-21 05:00 . 2009-08-21 05:00 57344 c:\windows\temp01\nppdf32.dll
+ 2009-08-27 12:59 . 2009-08-27 12:59 65536 c:\windows\temp01\npjp2.dll
- 2009-08-15 13:26 . 2009-08-15 13:26 62464 c:\windows\temp01\notepad.exe
+ 2009-08-25 09:18 . 2009-08-25 09:18 62464 c:\windows\temp01\notepad.exe
+ 2009-08-19 06:08 . 2009-08-19 06:08 72433 c:\windows\temp01\nmdfgds0.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 45056 c:\windows\temp01\nio.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 45056 c:\windows\temp01\nio.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 83456 c:\windows\temp01\netui0.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 83456 c:\windows\temp01\netui0.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 12288 c:\windows\temp01\netrap.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 12288 c:\windows\temp01\netrap.dll
+ 2009-08-19 08:54 . 2009-08-19 08:54 32768 c:\windows\temp01\netfxperf.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 32768 c:\windows\temp01\netfxperf.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 94208 c:\windows\temp01\net.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 94208 c:\windows\temp01\net.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 47104 c:\windows\temp01\ncprov.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 47104 c:\windows\temp01\ncprov.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 36352 c:\windows\temp01\ncobjapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 36352 c:\windows\temp01\ncobjapi.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 24576 c:\windows\temp01\nailog.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 24576 c:\windows\temp01\nailog.dll
+ 2009-08-19 10:31 . 2009-08-19 10:31 61440 c:\windows\temp01\naicondl.dll
+ 2009-08-25 09:21 . 2009-08-25 09:21 77824 c:\windows\temp01\naiavfin.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 45056 c:\windows\temp01\nagshr32.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 45056 c:\windows\temp01\nagshr32.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 90112 c:\windows\temp01\NaEvtRes.Dll
+ 2009-08-19 04:02 . 2009-08-19 04:02 90112 c:\windows\temp01\NaEvtRes.Dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 88064 c:\windows\temp01\mydocs.dll
- 2009-08-15 08:59 . 2009-08-15 08:59 88064 c:\windows\temp01\mydocs.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 54784 c:\windows\temp01\msvcirt.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 54784 c:\windows\temp01\msvcirt.dll
+ 2009-08-21 05:14 . 2009-08-21 05:14 86016 c:\windows\temp01\MSSPELL3.DLL
+ 2009-08-19 03:08 . 2009-08-19 03:08 30208 c:\windows\temp01\mspatcha.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 30208 c:\windows\temp01\mspatcha.dll
+ 2009-08-26 05:58 . 2009-08-26 05:58 32768 c:\windows\temp01\MSOXMLMF.DLL
- 2009-08-15 16:06 . 2009-08-15 16:06 35328 c:\windows\temp01\MSOXEV.DLL
+ 2009-08-19 14:44 . 2009-08-19 14:44 35328 c:\windows\temp01\MSOXEV.DLL
+ 2009-08-19 03:10 . 2009-08-19 03:10 60416 c:\windows\temp01\MSOHEV.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 60416 c:\windows\temp01\MSOHEV.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 15360 c:\windows\temp01\msisip.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 15360 c:\windows\temp01\msisip.dll
+ 2009-08-25 09:20 . 2009-08-25 09:20 78848 c:\windows\temp01\msiexec.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 15360 c:\windows\temp01\msgclient.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 14336 c:\windows\temp01\msdmo.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 14336 c:\windows\temp01\msdmo.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 36864 c:\windows\temp01\mscorie.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 74240 c:\windows\temp01\mscms.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 74240 c:\windows\temp01\mscms.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 57344 c:\windows\temp01\msasn1.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 57344 c:\windows\temp01\msasn1.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 20992 c:\windows\temp01\msacm32.drv
- 2009-08-15 03:59 . 2009-08-15 03:59 20992 c:\windows\temp01\msacm32.drv
+ 2009-08-19 03:09 . 2009-08-19 03:09 72192 c:\windows\temp01\msacm32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 72192 c:\windows\temp01\msacm32.dll
- 2009-08-15 22:18 . 2009-08-15 22:18 47616 c:\windows\temp01\mprui.dll
+ 2009-08-19 03:32 . 2009-08-19 03:32 47616 c:\windows\temp01\mprui.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 87040 c:\windows\temp01\mprapi.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 87040 c:\windows\temp01\mprapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 59904 c:\windows\temp01\mpr.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 59904 c:\windows\temp01\mpr.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 50688 c:\windows\temp01\mmcshext.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 50688 c:\windows\temp01\mmcshext.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 18944 c:\windows\temp01\midimap.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 18944 c:\windows\temp01\midimap.dll
+ 2009-08-19 04:01 . 2009-08-19 04:01 22528 c:\windows\temp01\mfcsubs.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 56832 c:\windows\temp01\mfc90fra.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 57344 c:\windows\temp01\mfc42loc.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 57344 c:\windows\temp01\mfc42loc.dll
+ 2009-08-26 05:58 . 2009-08-26 05:58 35328 c:\windows\temp01\mdiui.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 18944 c:\windows\temp01\mdippr.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 18944 c:\windows\temp01\mdippr.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 17920 c:\windows\temp01\mdimon.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 17920 c:\windows\temp01\mdimon.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 24064 c:\windows\temp01\McShield.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 24064 c:\windows\temp01\McShield.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 91136 c:\windows\temp01\MCPS.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 91136 c:\windows\temp01\MCPS.DLL
+ 2009-08-19 03:08 . 2009-08-19 03:08 86016 c:\windows\temp01\MCPCore.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 86016 c:\windows\temp01\MCPCore.dll
- 2009-08-15 08:59 . 2009-08-15 08:59 69632 c:\windows\temp01\mbamext.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 69632 c:\windows\temp01\mbamext.dll
- 2009-08-15 13:18 . 2009-08-15 13:18 61440 c:\windows\temp01\mbam.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 61440 c:\windows\temp01\mbam.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 13312 c:\windows\temp01\lukeres.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 49152 c:\windows\temp01\LSAWRAPI.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 49152 c:\windows\temp01\LSAWRAPI.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 22016 c:\windows\temp01\lpk.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 22016 c:\windows\temp01\lpk.dll
+ 2009-08-28 06:02 . 2009-08-28 06:02 57344 c:\windows\temp01\Logging.dll
+ 2009-08-19 03:11 . 2009-08-19 03:11 19968 c:\windows\temp01\linkinfo.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 19968 c:\windows\temp01\linkinfo.dll
- 2009-08-15 13:16 . 2009-08-15 13:16 28160 c:\windows\temp01\lang-1036.dll
+ 2009-08-19 03:11 . 2009-08-19 03:11 28160 c:\windows\temp01\lang-1036.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 24576 c:\windows\temp01\jsig.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 24576 c:\windows\temp01\jsig.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 49152 c:\windows\temp01\jqsnotify.exe
+ 2009-08-19 03:13 . 2009-08-19 03:13 49152 c:\windows\temp01\jqsnotify.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 36864 c:\windows\temp01\javaw.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 36864 c:\windows\temp01\javaw.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 44032 c:\windows\temp01\iTunesHelperLocalized.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 44032 c:\windows\temp01\iTunesHelperLocalized.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 42496 c:\windows\temp01\iTunesHelper.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 42496 c:\windows\temp01\iTunesHelper.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 81920 c:\windows\temp01\iTunes.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 43520 c:\windows\temp01\iPodServiceLocalized.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 43520 c:\windows\temp01\iPodServiceLocalized.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 42496 c:\windows\temp01\iPodService.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 42496 c:\windows\temp01\iPodService.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 95744 c:\windows\temp01\iphlpapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 95744 c:\windows\temp01\iphlpapi.dll
+ 2009-08-21 05:03 . 2009-08-21 05:03 57856 c:\windows\temp01\INTLDATE.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 50688 c:\windows\temp01\inetres.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 50688 c:\windows\temp01\inetres.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 75264 c:\windows\temp01\inetpp.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 75264 c:\windows\temp01\inetpp.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 35840 c:\windows\temp01\imgutil.dll
- 2009-08-15 04:10 . 2009-08-15 04:10 35840 c:\windows\temp01\imgutil.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 20992 c:\windows\temp01\ikowin32.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 20992 c:\windows\temp01\ikowin32.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 28672 c:\windows\temp01\IconRes.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 28672 c:\windows\temp01\IconRes.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 61440 c:\windows\temp01\hpi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 61440 c:\windows\temp01\hpi.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 58880 c:\windows\temp01\HPDCMON.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 58880 c:\windows\temp01\HPDCMON.DLL
+ 2009-08-20 09:06 . 2009-08-20 09:06 43520 c:\windows\temp01\HPBAFD32.DLL
+ 2009-08-21 05:03 . 2009-08-21 05:03 72704 c:\windows\temp01\hlink.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 20992 c:\windows\temp01\hid.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 20992 c:\windows\temp01\hid.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 41472 c:\windows\temp01\hhsetup.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 41472 c:\windows\temp01\hhsetup.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 92160 c:\windows\temp01\hhctrlui.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 34304 c:\windows\temp01\guardmsg.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 62976 c:\windows\temp01\GoogleToolbarNotifier.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 62976 c:\windows\temp01\GoogleToolbarNotifier.exe
+ 2009-08-20 05:43 . 2009-08-20 05:43 69632 c:\windows\temp01\Game.exe
+ 2009-08-19 03:13 . 2009-08-19 03:13 33280 c:\windows\temp01\ftpxext.dll
- 2009-08-15 08:59 . 2009-08-15 08:59 33280 c:\windows\temp01\ftpxext.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 44032 c:\windows\temp01\ftl.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 44032 c:\windows\temp01\ftl.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 45056 c:\windows\temp01\FPCALL.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 45056 c:\windows\temp01\FPCALL.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 80896 c:\windows\temp01\faultrep.dll
- 2009-08-15 04:09 . 2009-08-15 04:09 80896 c:\windows\temp01\faultrep.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 36864 c:\windows\temp01\EZMAPRES.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 36864 c:\windows\temp01\EZMAPRES.DLL
- 2009-08-15 04:01 . 2009-08-15 04:01 36864 c:\windows\temp01\EntAPI.dll
+ 2009-08-19 03:35 . 2009-08-19 03:35 36864 c:\windows\temp01\EntAPI.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 90112 c:\windows\temp01\EmCfgCpl.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 90112 c:\windows\temp01\EmCfgCpl.dll
+ 2009-08-19 06:18 . 2009-08-19 06:18 61358 c:\windows\temp01\e8main1.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 61549 c:\windows\temp01\e8main0.dll
- 2009-08-15 04:09 . 2009-08-15 04:09 53248 c:\windows\temp01\dwintl.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 53248 c:\windows\temp01\dwintl.dll
- 2009-08-15 04:09 . 2009-08-15 04:09 10752 c:\windows\temp01\dumprep.exe
+ 2009-08-19 07:12 . 2009-08-19 07:12 10752 c:\windows\temp01\dumprep.exe
+ 2009-08-26 05:58 . 2009-08-26 05:58 93696 c:\windows\temp01\dskquota.dll
- 2009-08-15 04:09 . 2009-08-15 04:09 47104 c:\windows\temp01\drwtsn32.exe
+ 2009-08-19 03:14 . 2009-08-19 03:14 47104 c:\windows\temp01\drwtsn32.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 14336 c:\windows\temp01\drprov.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 14336 c:\windows\temp01\drprov.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 60928 c:\windows\temp01\dpnhupnp.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 60928 c:\windows\temp01\dpnhupnp.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 97280 c:\windows\temp01\dpcdll.dll
+ 2009-08-19 09:33 . 2009-08-19 09:33 97280 c:\windows\temp01\dpcdll.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 61440 c:\windows\temp01\dnssd.dll
+ 2009-08-19 09:33 . 2009-08-19 09:33 61440 c:\windows\temp01\dnssd.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 52864 c:\windows\temp01\DMusic.sys
+ 2009-08-19 09:33 . 2009-08-19 09:33 52864 c:\windows\temp01\DMusic.sys
+ 2009-08-20 05:43 . 2009-08-20 05:43 35840 c:\windows\temp01\dmloader.dll
+ 2009-08-20 05:43 . 2009-08-20 05:43 28672 c:\windows\temp01\dmband.dll
+ 2009-08-20 07:26 . 2009-08-20 07:26 55808 c:\windows\temp01\dfrgres.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 59904 c:\windows\temp01\devenum.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 59904 c:\windows\temp01\devenum.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 77824 c:\windows\temp01\deploy.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 77824 c:\windows\temp01\deploy.dll
+ 2009-08-20 07:26 . 2009-08-20 07:26 25088 c:\windows\temp01\defrag.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 25088 c:\windows\temp01\davclnt.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 25088 c:\windows\temp01\davclnt.dll
+ 2009-08-19 06:22 . 2009-08-19 06:22 72100 c:\windows\temp01\cvasds0.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 33792 c:\windows\temp01\custsat.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 33792 c:\windows\temp01\custsat.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 14848 c:\windows\temp01\CurXP0.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 14848 c:\windows\temp01\CurXP0.dll
+ 2009-08-25 09:20 . 2009-08-25 09:20 34304 c:\windows\temp01\csscan.exe
- 2009-08-16 03:54 . 2009-08-16 03:54 50176 c:\windows\temp01\CSH.DLL
+ 2009-08-19 03:15 . 2009-08-19 03:15 50176 c:\windows\temp01\CSH.DLL

PopYet
 Posté le 28/08/2009 à 16:08 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Combofix part3 :

- 2009-08-15 03:59 . 2009-08-15 03:59 63488 c:\windows\temp01\cryptnet.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 63488 c:\windows\temp01\cryptnet.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 33280 c:\windows\temp01\cryptdll.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 33280 c:\windows\temp01\cryptdll.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 75776 c:\windows\temp01\cryptdlg.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 88576 c:\windows\temp01\CORPerfMonExt.dll
+ 2009-08-19 08:54 . 2009-08-19 08:54 88576 c:\windows\temp01\CORPerfMonExt.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 86016 c:\windows\temp01\core.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 86016 c:\windows\temp01\core.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 50688 c:\windows\temp01\cnbjmon.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 50688 c:\windows\temp01\cnbjmon.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 46592 c:\windows\temp01\CMExt.dll
- 2009-08-15 08:59 . 2009-08-15 08:59 46592 c:\windows\temp01\CMExt.dll
+ 2009-08-25 09:21 . 2009-08-25 09:21 40960 c:\windows\temp01\cmalib.dll
+ 2009-08-19 03:15 . 2009-08-19 03:15 57856 c:\windows\temp01\clusapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 57856 c:\windows\temp01\clusapi.dll
+ 2009-08-19 03:19 . 2009-08-19 03:19 11264 c:\windows\temp01\clb.dll
- 2009-08-16 07:24 . 2009-08-16 07:24 11264 c:\windows\temp01\clb.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 16896 c:\windows\temp01\cfgmgr32.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 16896 c:\windows\temp01\cfgmgr32.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 13824 c:\windows\temp01\ccupdrc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 19456 c:\windows\temp01\ccscherc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 25600 c:\windows\temp01\ccscanrc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 11776 c:\windows\temp01\ccreporc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 17408 c:\windows\temp01\ccquarc.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 22016 c:\windows\temp01\ccmainrc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 56832 c:\windows\temp01\cclic.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 22016 c:\windows\temp01\ccgrdrc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 29696 c:\windows\temp01\ccgenrc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 11776 c:\windows\temp01\ccevrc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 59904 c:\windows\temp01\cabinet.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 59904 c:\windows\temp01\cabinet.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 86016 c:\windows\temp01\C8021FRA.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 86016 c:\windows\temp01\C8021FRA.dll
+ 2009-08-19 06:18 . 2009-08-19 06:18 94366 c:\windows\temp01\c.exe
- 2009-08-15 08:59 . 2009-08-15 08:59 65536 c:\windows\temp01\BTNCopy.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 65536 c:\windows\temp01\BTNCopy.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 17408 c:\windows\temp01\browserdirprovider.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 17408 c:\windows\temp01\browserdirprovider.dll
- 2009-08-15 04:17 . 2009-08-15 04:17 70144 c:\windows\temp01\browselc.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 70144 c:\windows\temp01\browselc.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 28672 c:\windows\temp01\batmeter.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 28672 c:\windows\temp01\batmeter.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 17920 c:\windows\temp01\avwinll.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 49152 c:\windows\temp01\avscan.dll
+ 2009-08-19 03:16 . 2009-08-19 03:16 36352 c:\windows\temp01\avreg.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 43520 c:\windows\temp01\avpref.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 61952 c:\windows\temp01\avipc.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 85504 c:\windows\temp01\avifil32.dll
- 2009-08-15 08:55 . 2009-08-15 08:55 85504 c:\windows\temp01\avifil32.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 66048 c:\windows\temp01\avicap32.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 66048 c:\windows\temp01\avicap32.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 62464 c:\windows\temp01\authz.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 62464 c:\windows\temp01\authz.dll
+ 2009-08-20 09:06 . 2009-08-20 09:06 30208 c:\windows\temp01\atmlib.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 58880 c:\windows\temp01\atl.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 58880 c:\windows\temp01\atl.dll
- 2009-08-15 13:05 . 2009-08-15 13:05 65024 c:\windows\temp01\asycfilt.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 65024 c:\windows\temp01\asycfilt.dll
+ 2009-08-19 08:54 . 2009-08-19 08:54 23552 c:\windows\temp01\Aspnet_perf.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 23552 c:\windows\temp01\Aspnet_perf.dll
+ 2009-08-19 10:58 . 2009-08-19 10:58 28672 c:\windows\temp01\aports.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 44544 c:\windows\temp01\alg.exe
- 2009-08-15 04:01 . 2009-08-15 04:01 44544 c:\windows\temp01\alg.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 70656 c:\windows\temp01\AhnRpta.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 94208 c:\windows\temp01\AgentRes.Dll
- 2009-08-15 03:59 . 2009-08-15 03:59 94208 c:\windows\temp01\AgentRes.Dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 90112 c:\windows\temp01\AgentPlugin.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 90112 c:\windows\temp01\AgentPlugin.dll
+ 2009-08-19 06:08 . 2009-08-19 06:08 42496 c:\windows\temp01\agentdp2.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 53248 c:\windows\temp01\aebb.dll
+ 2009-08-20 08:03 . 2009-08-20 08:03 31744 c:\windows\temp01\AcroRd32Info.exe
+ 2009-08-20 08:03 . 2009-08-20 08:03 65536 c:\windows\temp01\AcroRd32.exe
+ 2009-08-19 03:59 . 2009-08-19 03:59 13312 c:\windows\temp01\_isdecmp.dll
+ 1979-12-31 22:00 . 2009-08-19 04:03 61290 c:\windows\system32\perfc009.dat
+ 2009-08-18 13:59 . 2009-02-13 04:49 28376 c:\windows\system32\drivers\ssmdrv.sys
- 2009-08-15 03:59 . 2009-08-15 03:59 6656 c:\windows\temp01\wuauserv.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 6656 c:\windows\temp01\wuauserv.dll
+ 2009-08-19 04:02 . 2009-08-19 04:02 7168 c:\windows\temp01\wshnetbs.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 8192 c:\windows\temp01\wshirda.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 8192 c:\windows\temp01\wshirda.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 7680 c:\windows\temp01\wmiapres.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 7680 c:\windows\temp01\wmiapres.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 5632 c:\windows\temp01\wmi.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 5632 c:\windows\temp01\wmi.dll
+ 2009-08-19 10:31 . 2009-08-19 10:31 3072 c:\windows\temp01\VsTskMgr.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 9344 c:\windows\temp01\vga.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 9344 c:\windows\temp01\vga.dll
+ 2009-08-19 04:03 . 2009-08-19 04:03 4096 c:\windows\temp01\unlodctr.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 5632 c:\windows\temp01\tapiperf.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 5632 c:\windows\temp01\tapiperf.dll
+ 2009-08-19 09:33 . 2009-08-19 09:33 6400 c:\windows\temp01\splitter.sys
- 2009-08-15 03:59 . 2009-08-15 03:59 6400 c:\windows\temp01\splitter.sys
+ 2009-08-21 10:40 . 2009-08-21 10:40 4608 c:\windows\temp01\SoftwareUpdateFilesLocalized.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 5632 c:\windows\temp01\softpub.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 4608 c:\windows\temp01\shextres.dll
- 2009-08-15 08:59 . 2009-08-15 08:59 4608 c:\windows\temp01\shextres.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 5120 c:\windows\temp01\sfc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 5120 c:\windows\temp01\sfc.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 6656 c:\windows\temp01\sensapi.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 6656 c:\windows\temp01\sensapi.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 5632 c:\windows\temp01\security.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 5632 c:\windows\temp01\security.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 7680 c:\windows\temp01\schedr.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 9728 c:\windows\temp01\scan32.exe
+ 2009-08-19 04:00 . 2009-08-19 04:00 9728 c:\windows\temp01\scan32.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 9728 c:\windows\temp01\rsvpperf.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 9728 c:\windows\temp01\rsvpperf.dll
- 2009-08-15 16:26 . 2009-08-15 16:26 3584 c:\windows\temp01\riched32.dll
+ 2009-08-19 03:18 . 2009-08-19 03:18 3584 c:\windows\temp01\riched32.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 8192 c:\windows\temp01\rasadhlp.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 8192 c:\windows\temp01\rasadhlp.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 8192 c:\windows\temp01\Product.DLL
+ 2009-08-19 03:09 . 2009-08-19 03:09 8192 c:\windows\temp01\Product.DLL
+ 2009-08-19 03:08 . 2009-08-19 03:08 5120 c:\windows\temp01\PMEMNT.SYS
- 2009-08-15 03:59 . 2009-08-15 03:59 5120 c:\windows\temp01\PMEMNT.SYS
- 2009-08-15 04:01 . 2009-08-15 04:01 8192 c:\windows\temp01\ntlsapi.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 8192 c:\windows\temp01\ntlsapi.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 9728 c:\windows\temp01\naiwmain.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 9728 c:\windows\temp01\naiwmain.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 4608 c:\windows\temp01\mssip32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 4608 c:\windows\temp01\msimg32.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 4608 c:\windows\temp01\msimg32.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 2560 c:\windows\temp01\lz32.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 2560 c:\windows\temp01\lz32.dll
- 2009-08-15 04:15 . 2009-08-15 04:15 4096 c:\windows\temp01\ksuser.dll
+ 2009-08-19 06:16 . 2009-08-19 06:16 4096 c:\windows\temp01\ksuser.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 5632 c:\windows\temp01\kbdus.dll
+ 2009-08-19 03:32 . 2009-08-19 03:32 5632 c:\windows\temp01\kbdus.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 6144 c:\windows\temp01\kbdfr.dll
+ 2009-08-19 03:32 . 2009-08-19 03:32 6144 c:\windows\temp01\kbdfr.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 8192 c:\windows\temp01\jp2native.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 8192 c:\windows\temp01\jp2native.dll
+ 2009-08-19 03:36 . 2009-08-19 03:36 3584 c:\windows\temp01\icmp.dll
+ 2009-08-20 09:06 . 2009-08-20 09:06 8192 c:\windows\temp01\HPBF222E.DLL
+ 2009-08-26 05:58 . 2009-08-26 05:58 8192 c:\windows\temp01\HPBF002E.DLL
+ 2009-08-19 11:11 . 2009-08-19 11:11 7680 c:\windows\temp01\HCAppRes.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 4608 c:\windows\temp01\entvutil.exe
- 2009-08-15 04:03 . 2009-08-15 04:03 4608 c:\windows\temp01\entvutil.exe
+ 2009-08-19 03:35 . 2009-08-19 03:35 8320 c:\windows\temp01\EntDrv51.sys
- 2009-08-15 04:01 . 2009-08-15 04:01 8320 c:\windows\temp01\EntDrv51.sys
+ 2009-08-19 09:33 . 2009-08-19 09:33 2944 c:\windows\temp01\drmkaud.sys
- 2009-08-15 03:59 . 2009-08-15 03:59 2944 c:\windows\temp01\drmkaud.sys
+ 2009-08-21 10:40 . 2009-08-21 10:40 5120 c:\windows\temp01\dllhost.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 8704 c:\windows\temp01\dciman32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 8704 c:\windows\temp01\dciman32.dll
- 2009-08-15 15:48 . 2009-08-15 15:48 8192 c:\windows\temp01\d3d8thk.dll
+ 2009-08-19 12:55 . 2009-08-19 12:55 8192 c:\windows\temp01\d3d8thk.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 5120 c:\windows\temp01\cclicrc.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-28 19:54 . 2008-07-28 19:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-08-19 03:23 . 2009-08-19 03:23 204800 c:\windows\temp01\zaSetup_fr.exe
+ 2009-08-19 06:16 . 2009-08-19 06:16 155648 c:\windows\temp01\xvidvfw.dll
- 2009-08-15 08:56 . 2009-08-15 08:56 155648 c:\windows\temp01\xvidvfw.dll
- 2009-08-16 03:54 . 2009-08-16 03:54 197632 c:\windows\temp01\xpsp1res.dll
+ 2009-08-19 10:54 . 2009-08-19 10:54 197632 c:\windows\temp01\xpsp1res.dll
+ 2009-08-20 12:33 . 2009-08-20 12:33 102400 c:\windows\temp01\WoW-3.2.0.10192-to-3.2.0.10314-frFR-patch.exe
- 2009-08-15 08:59 . 2009-08-15 08:59 344064 c:\windows\temp01\wmplayer.exe
+ 2009-08-20 06:51 . 2009-08-20 06:51 344064 c:\windows\temp01\wmplayer.exe
+ 2009-08-27 19:36 . 2009-08-27 19:36 282624 c:\windows\temp01\wmpdxm.dll
- 2009-08-15 13:11 . 2009-08-15 13:11 135168 c:\windows\temp01\wmpasf.dll
+ 2009-08-21 20:31 . 2009-08-21 20:31 135168 c:\windows\temp01\wmpasf.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 145408 c:\windows\temp01\wmisvc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 145408 c:\windows\temp01\wmisvc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 218112 c:\windows\temp01\wmiprvse.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 218112 c:\windows\temp01\wmiprvse.exe
- 2009-08-15 04:01 . 2009-08-15 04:01 144896 c:\windows\temp01\wmiprov.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 144896 c:\windows\temp01\wmiprov.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 156672 c:\windows\temp01\wmipcima.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 156672 c:\windows\temp01\wmipcima.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 126464 c:\windows\temp01\wmiapsrv.exe
- 2009-08-15 04:00 . 2009-08-15 04:00 126464 c:\windows\temp01\wmiapsrv.exe
+ 2009-08-19 04:04 . 2009-08-19 04:04 196608 c:\windows\temp01\wmiadap.exe
+ 2009-08-19 03:13 . 2009-08-19 03:13 229376 c:\windows\temp01\wmasf.dll
- 2009-08-15 04:12 . 2009-08-15 04:12 229376 c:\windows\temp01\wmasf.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 172544 c:\windows\temp01\wldap32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 172544 c:\windows\temp01\wldap32.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 176640 c:\windows\temp01\wintrust.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 176640 c:\windows\temp01\wintrust.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 146944 c:\windows\temp01\winspool.drv
+ 2009-08-19 03:08 . 2009-08-19 03:08 146944 c:\windows\temp01\winspool.drv
- 2009-08-15 04:00 . 2009-08-15 04:00 100352 c:\windows\temp01\winscard.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 100352 c:\windows\temp01\winscard.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 180736 c:\windows\temp01\winmm.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 180736 c:\windows\temp01\winmm.dll
+ 2009-08-19 03:16 . 2009-08-19 03:16 288256 c:\windows\temp01\winhlp32.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 102400 c:\windows\temp01\win32spl.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 102400 c:\windows\temp01\win32spl.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 334336 c:\windows\temp01\wiaservc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 334336 c:\windows\temp01\wiaservc.dll
+ 2009-08-20 09:06 . 2009-08-20 09:06 124928 c:\windows\temp01\wiadss.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 110592 c:\windows\temp01\WD80MAT.DLL
- 2009-08-15 04:00 . 2009-08-15 04:00 110592 c:\windows\temp01\WD80MAT.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 273920 c:\windows\temp01\wbemess.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 273920 c:\windows\temp01\wbemess.dll
+ 2009-08-19 10:36 . 2009-08-19 10:36 178176 c:\windows\temp01\wbemdisp.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 214528 c:\windows\temp01\wbemcomn.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 214528 c:\windows\temp01\wbemcomn.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 177664 c:\windows\temp01\w32time.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 177664 c:\windows\temp01\w32time.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 225280 c:\windows\temp01\vsodscpl.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 225280 c:\windows\temp01\vsodscpl.dll
+ 2009-08-21 04:58 . 2009-08-21 04:58 184320 c:\windows\temp01\VBE6INTL.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 219648 c:\windows\temp01\uxtheme.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 219648 c:\windows\temp01\uxtheme.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 132608 c:\windows\temp01\upnp.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 132608 c:\windows\temp01\upnp.dll
+ 2009-08-22 06:33 . 2009-08-22 06:33 278528 c:\windows\temp01\UpdateSubSys.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 278528 c:\windows\temp01\UpdateSubSys.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 139264 c:\windows\temp01\UpdaterUI.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 139264 c:\windows\temp01\UpdaterUI.exe
+ 2009-08-26 05:58 . 2009-08-26 05:58 199168 c:\windows\temp01\UNIDRVUI.DLL
+ 2009-08-26 05:58 . 2009-08-26 05:58 264704 c:\windows\temp01\UNIDRV.DLL
- 2009-08-15 04:00 . 2009-08-15 04:00 229376 c:\windows\temp01\UNavTray.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 229376 c:\windows\temp01\UNavTray.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 215552 c:\windows\temp01\unacev2.dll
+ 2009-08-19 03:19 . 2009-08-19 03:19 311808 c:\windows\temp01\ulib.dll
- 2009-08-16 07:24 . 2009-08-16 07:24 311808 c:\windows\temp01\ulib.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 155648 c:\windows\temp01\UDS-Update.exe
+ 2009-08-19 03:10 . 2009-08-19 03:10 155648 c:\windows\temp01\UDS-Update.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 204800 c:\windows\temp01\uctoolsex.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 204800 c:\windows\temp01\uctoolsex.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 208896 c:\windows\temp01\UCTools.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 208896 c:\windows\temp01\UCTools.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 270336 c:\windows\temp01\ucgather.exe
- 2009-08-15 04:00 . 2009-08-15 04:00 270336 c:\windows\temp01\ucgather.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 282624 c:\windows\temp01\tvt_gina_api.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 282624 c:\windows\temp01\tvt_gina_api.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 135168 c:\windows\temp01\TraceAPI.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 135168 c:\windows\temp01\TraceAPI.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 106496 c:\windows\temp01\TpShocks.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 106496 c:\windows\temp01\TpShocks.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 225280 c:\windows\temp01\tpfnf7.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 225280 c:\windows\temp01\tpfnf7.dll
+ 2009-08-19 13:54 . 2009-08-19 13:54 311296 c:\windows\temp01\TpFnF5C.exe
- 2009-08-15 16:29 . 2009-08-15 16:29 118784 c:\windows\temp01\tfswshx.dll
+ 2009-08-21 16:31 . 2009-08-21 16:31 118784 c:\windows\temp01\tfswshx.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 126976 c:\windows\temp01\tfswctrl.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 126976 c:\windows\temp01\tfswctrl.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 208896 c:\windows\temp01\TCSubSys.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 208896 c:\windows\temp01\TCSubSys.dll
+ 2009-08-19 10:58 . 2009-08-19 10:58 121344 c:\windows\temp01\TCPIPAddress.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 147456 c:\windows\temp01\TBMon.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 147456 c:\windows\temp01\TBMon.exe
+ 2009-08-19 12:49 . 2009-08-19 12:49 143360 c:\windows\temp01\taskmgr.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 249344 c:\windows\temp01\tapisrv.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 249344 c:\windows\temp01\tapisrv.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 181760 c:\windows\temp01\tapi32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 181760 c:\windows\temp01\tapi32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 110592 c:\windows\temp01\SynTPLpr.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 110592 c:\windows\temp01\SynTPLpr.exe
+ 2009-08-21 08:21 . 2009-08-21 08:21 131072 c:\windows\temp01\Survey.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 131072 c:\windows\temp01\ssl3.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 131072 c:\windows\temp01\ssl3.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 171008 c:\windows\temp01\srsvc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 171008 c:\windows\temp01\srsvc.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 326144 c:\windows\temp01\sqlite3.dll
+ 2009-08-21 10:40 . 2009-08-21 10:40 233472 c:\windows\temp01\SoftwareUpdateAdmin.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 155648 c:\windows\temp01\softokn3.dll
- 2009-08-15 04:02 . 2009-08-15 04:02 155648 c:\windows\temp01\softokn3.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 306176 c:\windows\temp01\slbcsp.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 163840 c:\windows\temp01\shutil.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 163840 c:\windows\temp01\shutil.dll
- 2009-08-15 09:00 . 2009-08-15 09:00 135168 c:\windows\temp01\shsvcs.dll
+ 2009-08-20 06:51 . 2009-08-20 06:51 135168 c:\windows\temp01\shsvcs.dll
- 2009-08-15 08:55 . 2009-08-15 08:55 153088 c:\windows\temp01\shmedia.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 153088 c:\windows\temp01\shmedia.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 142336 c:\windows\temp01\sfc_os.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 142336 c:\windows\temp01\sfc_os.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 241664 c:\windows\temp01\SDMCP.exe
+ 2009-08-19 09:33 . 2009-08-19 09:33 241664 c:\windows\temp01\SDMCP.exe
+ 2009-08-21 12:15 . 2009-08-21 12:15 323584 c:\windows\temp01\Scheduler.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 323584 c:\windows\temp01\Scheduler.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 144896 c:\windows\temp01\schannel.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 144896 c:\windows\temp01\schannel.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 126464 c:\windows\temp01\scewxmlw.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 171520 c:\windows\temp01\sccsccp.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 169984 c:\windows\temp01\sccbase.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 152576 c:\windows\temp01\rsaenh.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 152576 c:\windows\temp01\rsaenh.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 177152 c:\windows\temp01\repdrvfs.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 177152 c:\windows\temp01\repdrvfs.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 262144 c:\windows\temp01\regutils.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 262144 c:\windows\temp01\regutils.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 139264 c:\windows\temp01\RegSrvc.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 139264 c:\windows\temp01\RegSrvc.exe
- 2009-08-15 04:01 . 2009-08-15 04:01 206336 c:\windows\temp01\rasppp.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 206336 c:\windows\temp01\rasppp.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 181248 c:\windows\temp01\rasmans.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 181248 c:\windows\temp01\rasmans.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 237056 c:\windows\temp01\rasapi32.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 237056 c:\windows\temp01\rasapi32.dll
- 2009-08-15 08:59 . 2009-08-15 08:59 125440 c:\windows\temp01\RarExt.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 125440 c:\windows\temp01\RarExt.dll
- 2009-08-15 22:18 . 2009-08-15 22:18 262144 c:\windows\temp01\QConGina.dll
+ 2009-08-19 03:32 . 2009-08-19 03:32 262144 c:\windows\temp01\QConGina.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 151552 c:\windows\temp01\QCMurPI.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 151552 c:\windows\temp01\QCMurPI.dll
- 2009-08-15 09:00 . 2009-08-15 09:00 221184 c:\windows\temp01\qasf.dll
+ 2009-08-20 06:51 . 2009-08-20 06:51 221184 c:\windows\temp01\qasf.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 135168 c:\windows\temp01\PWRMGRTR.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 135168 c:\windows\temp01\PWRMGRTR.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 184320 c:\windows\temp01\PsRegApi.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 184320 c:\windows\temp01\PsRegApi.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 303104 c:\windows\temp01\PsnHttp.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 303104 c:\windows\temp01\PsnHttp.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 118784 c:\windows\temp01\PSNDisp.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 118784 c:\windows\temp01\PSNDisp.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 159744 c:\windows\temp01\PSNAlarm.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 159744 c:\windows\temp01\PSNAlarm.dll
+ 2009-08-20 08:59 . 2009-08-20 08:59 139264 c:\windows\temp01\psicon.dll
- 2009-08-15 16:56 . 2009-08-15 16:56 139264 c:\windows\temp01\psicon.dll
+ 2009-08-26 05:58 . 2009-08-26 05:58 128512 c:\windows\temp01\ps5ui.dll
+ 2009-08-19 03:36 . 2009-08-19 03:36 237056 c:\windows\temp01\provthrd.dll
- 2009-08-15 13:06 . 2009-08-15 13:06 286208 c:\windows\temp01\pdh.dll
+ 2009-08-20 12:32 . 2009-08-20 12:32 286208 c:\windows\temp01\pdh.dll
- 2009-08-15 08:55 . 2009-08-15 08:55 110592 c:\windows\temp01\pdfshell.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 110592 c:\windows\temp01\pdfshell.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 110592 c:\windows\temp01\PcrPlug.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 110592 c:\windows\temp01\PcrPlug.dll
+ 2009-08-26 05:58 . 2009-08-26 05:58 169472 c:\windows\temp01\PCLXL.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 124928 c:\windows\temp01\oledlg.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 124928 c:\windows\temp01\oledlg.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 163328 c:\windows\temp01\oleacc.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 163328 c:\windows\temp01\oleacc.dll
+ 2009-08-27 05:50 . 2009-08-27 05:50 235520 c:\windows\temp01\OISGRAPH.DLL
+ 2009-08-27 05:50 . 2009-08-27 05:50 277504 c:\windows\temp01\OIS.EXE
+ 2009-08-19 11:18 . 2009-08-19 11:18 249856 c:\windows\temp01\odbc32.dll
- 2009-08-15 13:06 . 2009-08-15 13:06 249856 c:\windows\temp01\odbc32.dll
+ 2009-08-19 04:03 . 2009-08-19 04:03 192512 c:\windows\temp01\OADriver.sys
- 2009-08-16 03:54 . 2009-08-16 03:54 145920 c:\windows\temp01\nwprovau.dll
+ 2009-08-19 03:15 . 2009-08-19 03:15 145920 c:\windows\temp01\nwprovau.dll
+ 2009-08-19 03:11 . 2009-08-19 03:11 291328 c:\windows\temp01\ntshrui.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 291328 c:\windows\temp01\ntshrui.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 119808 c:\windows\temp01\ntmarta.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 119808 c:\windows\temp01\ntmarta.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 311296 c:\windows\temp01\nssckbi.dll
- 2009-08-15 04:02 . 2009-08-15 04:02 311296 c:\windows\temp01\nssckbi.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 192512 c:\windows\temp01\nspr4.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 192512 c:\windows\temp01\nspr4.dll
- 2009-08-15 22:18 . 2009-08-15 22:18 312832 c:\windows\temp01\netui2.dll
+ 2009-08-19 03:15 . 2009-08-19 03:15 312832 c:\windows\temp01\netui2.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 245760 c:\windows\temp01\netui1.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 245760 c:\windows\temp01\netui1.dll
+ 2009-08-19 03:32 . 2009-08-19 03:32 200192 c:\windows\temp01\netmsg.dll
- 2009-08-15 22:18 . 2009-08-15 22:18 200192 c:\windows\temp01\netmsg.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 197632 c:\windows\temp01\netman.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 197632 c:\windows\temp01\netman.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 332288 c:\windows\temp01\netapi32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 332288 c:\windows\temp01\netapi32.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 270336 c:\windows\temp01\naXML.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 270336 c:\windows\temp01\naXML.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 188416 c:\windows\temp01\naSPIPE.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 188416 c:\windows\temp01\naSPIPE.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 241664 c:\windows\temp01\naPrdMgr.exe
+ 2009-08-25 09:29 . 2009-08-25 09:29 241664 c:\windows\temp01\naPrdMgr.exe
+ 2009-08-25 09:29 . 2009-08-25 09:29 131072 c:\windows\temp01\naPolicyManager.dll
+ 2009-08-25 09:29 . 2009-08-25 09:29 135168 c:\windows\temp01\naInet.dll
+ 2009-08-19 03:35 . 2009-08-19 03:35 117024 c:\windows\temp01\naiavf5x.sys
- 2009-08-15 04:00 . 2009-08-15 04:00 117024 c:\windows\temp01\naiavf5x.sys
- 2009-08-15 04:00 . 2009-08-15 04:00 180224 c:\windows\temp01\NaEventU.Dll
+ 2009-08-19 04:01 . 2009-08-19 04:01 180224 c:\windows\temp01\NaEventU.Dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 208896 c:\windows\temp01\naCmnLib.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 208896 c:\windows\temp01\naCmnLib.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 106496 c:\windows\temp01\MurocApi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 106496 c:\windows\temp01\MurocApi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 247808 c:\windows\temp01\mswsock.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 247808 c:\windows\temp01\mswsock.dll
+ 2009-08-20 06:51 . 2009-08-20 06:51 311808 c:\windows\temp01\MSWMDM.dll
- 2009-08-15 09:00 . 2009-08-15 09:00 311808 c:\windows\temp01\MSWMDM.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 121856 c:\windows\temp01\msvfw32.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 121856 c:\windows\temp01\msvfw32.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 348160 c:\windows\temp01\msvcr71.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 348160 c:\windows\temp01\msvcr71.dll
- 2009-08-15 16:29 . 2009-08-15 16:29 344064 c:\windows\temp01\msvcr70.dll
+ 2009-08-21 16:31 . 2009-08-21 16:31 344064 c:\windows\temp01\msvcr70.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 129536 c:\windows\temp01\msv1_0.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 129536 c:\windows\temp01\msv1_0.dll
+ 2009-08-19 09:33 . 2009-08-19 09:33 195584 c:\windows\temp01\msutb.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 195584 c:\windows\temp01\msutb.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 286208 c:\windows\temp01\mstask.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 286208 c:\windows\temp01\mstask.dll
- 2009-08-15 09:00 . 2009-08-15 09:00 169472 c:\windows\temp01\MsPMSP.dll
+ 2009-08-20 06:51 . 2009-08-20 06:51 169472 c:\windows\temp01\MsPMSP.dll
+ 2009-08-26 05:58 . 2009-08-26 05:58 255488 c:\windows\temp01\MSPLCRES.DLL
- 2009-08-15 04:00 . 2009-08-15 04:00 105984 c:\windows\temp01\msoert2.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 105984 c:\windows\temp01\msoert2.dll
+ 2009-08-27 05:50 . 2009-08-27 05:50 121344 c:\windows\temp01\MSOCFU.DLL
+ 2009-08-27 05:50 . 2009-08-27 05:50 100352 c:\windows\temp01\MSOCF.DLL
+ 2009-08-19 03:08 . 2009-08-19 03:08 146432 c:\windows\temp01\msls31.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 146432 c:\windows\temp01\msls31.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 159232 c:\windows\temp01\MSIMTF.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 159232 c:\windows\temp01\MSIMTF.dll
+ 2009-08-19 03:36 . 2009-08-19 03:36 231936 c:\windows\temp01\MSGSC8~1.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 294400 c:\windows\temp01\MSCTF.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 294400 c:\windows\temp01\MSCTF.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 270848 c:\windows\temp01\mscoree.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 270848 c:\windows\temp01\mscoree.dll
+ 2009-08-21 05:29 . 2009-08-21 05:29 284160 c:\windows\temp01\MOFL.DLL
- 2009-08-15 04:01 . 2009-08-15 04:01 156160 c:\windows\temp01\modemui.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 156160 c:\windows\temp01\modemui.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 110592 c:\windows\temp01\midutil.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 110592 c:\windows\temp01\midutil.dll
+ 2009-08-21 04:58 . 2009-08-21 04:58 339968 c:\windows\temp01\METCONV.DLL
+ 2009-08-19 03:08 . 2009-08-19 03:08 167936 c:\windows\temp01\MerlinC201.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 167936 c:\windows\temp01\MerlinC201.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 147456 c:\windows\temp01\mdnsNSP.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 147456 c:\windows\temp01\mdnsNSP.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 294912 c:\windows\temp01\McScript_InUse.exe
- 2009-08-15 04:00 . 2009-08-15 04:00 294912 c:\windows\temp01\McScript_InUse.exe
+ 2009-08-19 10:58 . 2009-08-19 10:58 112128 c:\windows\temp01\mapi32.dll
+ 2009-08-25 09:29 . 2009-08-25 09:29 176128 c:\windows\temp01\Management.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 209408 c:\windows\temp01\luke.dll
+ 2009-08-22 10:46 . 2009-08-22 10:46 221696 c:\windows\temp01\logon.scr
- 2009-08-15 03:59 . 2009-08-15 03:59 344576 c:\windows\temp01\localspl.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 344576 c:\windows\temp01\localspl.dll

PopYet
 Posté le 28/08/2009 à 16:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Et combofix part4 :

merci de ton aide !

+ 2009-08-19 03:08 . 2009-08-19 03:08 100352 c:\windows\temp01\loadperf.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 100352 c:\windows\temp01\loadperf.dll
+ 2009-08-19 06:08 . 2009-08-19 06:08 108084 c:\windows\temp01\ljnhwt.bat
- 2009-08-15 04:00 . 2009-08-15 04:00 118784 c:\windows\temp01\ListenServer.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 118784 c:\windows\temp01\ListenServer.dll
- 2009-08-15 09:03 . 2009-08-15 09:03 143360 c:\windows\temp01\libmplayer.dll
+ 2009-08-25 07:05 . 2009-08-25 07:05 143360 c:\windows\temp01\libmplayer.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 172416 c:\windows\temp01\kmixer.sys
- 2009-08-15 03:59 . 2009-08-15 03:59 172416 c:\windows\temp01\kmixer.sys
- 2009-08-15 04:01 . 2009-08-15 04:01 295936 c:\windows\temp01\kerberos.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 295936 c:\windows\temp01\kerberos.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 143360 c:\windows\temp01\jusched.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 143360 c:\windows\temp01\jusched.exe
- 2009-08-15 04:03 . 2009-08-15 04:03 147456 c:\windows\temp01\jpeg.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 147456 c:\windows\temp01\jpeg.dll
+ 2009-08-27 12:59 . 2009-08-27 12:59 208896 c:\windows\temp01\jkernel.dll
+ 2009-08-26 02:08 . 2009-08-26 02:08 143360 c:\windows\temp01\javaws.exe
+ 2009-08-19 03:12 . 2009-08-19 03:12 139264 c:\windows\temp01\java.exe
- 2009-08-15 04:03 . 2009-08-15 04:03 139264 c:\windows\temp01\java.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 102400 c:\windows\temp01\java.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 102400 c:\windows\temp01\java.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 107008 c:\windows\temp01\iTunesRegistry.dll
+ 2009-08-26 03:43 . 2009-08-26 03:43 118784 c:\windows\temp01\iTunesLocalized.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 286720 c:\windows\temp01\iTunesHelper.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 286720 c:\windows\temp01\iTunesHelper.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 184320 c:\windows\temp01\ipsecsvc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 184320 c:\windows\temp01\ipsecsvc.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 332800 c:\windows\temp01\ipnathlp.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 332800 c:\windows\temp01\ipnathlp.dll
+ 2009-08-25 09:29 . 2009-08-25 09:29 278528 c:\windows\temp01\InternetManager.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 155648 c:\windows\temp01\InstantTimeZone.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 155648 c:\windows\temp01\InstantTimeZone.exe
+ 2009-08-26 03:43 . 2009-08-26 03:43 147456 c:\windows\temp01\initpki.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 110080 c:\windows\temp01\imm32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 110080 c:\windows\temp01\imm32.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 144384 c:\windows\temp01\imagehlp.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 144384 c:\windows\temp01\imagehlp.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 155648 c:\windows\temp01\igfxtray.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 155648 c:\windows\temp01\igfxtray.exe
- 2009-08-15 03:59 . 2009-08-15 03:59 167936 c:\windows\temp01\igfxres.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 167936 c:\windows\temp01\igfxres.dll
+ 2009-08-20 09:00 . 2009-08-20 09:00 225280 c:\windows\temp01\igfxpph.dll
- 2009-08-15 16:56 . 2009-08-15 16:56 225280 c:\windows\temp01\igfxpph.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 126976 c:\windows\temp01\igfxhk.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 126976 c:\windows\temp01\igfxhk.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 139264 c:\windows\temp01\igfxdev.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 139264 c:\windows\temp01\igfxdev.dll
+ 2009-08-19 10:58 . 2009-08-19 10:58 254976 c:\windows\temp01\icm32.dll
+ 2009-08-26 05:58 . 2009-08-26 05:58 132608 c:\windows\temp01\HPDJRES.DLL
+ 2009-08-20 09:06 . 2009-08-20 09:06 155648 c:\windows\temp01\HPBF222J.DLL
+ 2009-08-20 09:06 . 2009-08-20 09:06 109568 c:\windows\temp01\HPBF222F.DLL
+ 2009-08-26 05:58 . 2009-08-26 05:58 156160 c:\windows\temp01\HPBF002J.DLL
+ 2009-08-26 05:58 . 2009-08-26 05:58 108032 c:\windows\temp01\HPBF002F.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 126976 c:\windows\temp01\hkcmd.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 126976 c:\windows\temp01\hkcmd.exe
+ 2009-08-19 08:54 . 2009-08-19 08:54 106383 c:\windows\temp01\herss.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 118784 c:\windows\temp01\hccutils.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 118784 c:\windows\temp01\hccutils.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 124928 c:\windows\temp01\gtn.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 124928 c:\windows\temp01\gtn.dll
+ 2009-08-19 12:55 . 2009-08-19 12:55 123904 c:\windows\temp01\glu32.dll
- 2009-08-15 15:48 . 2009-08-15 15:48 123904 c:\windows\temp01\glu32.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 143360 c:\windows\temp01\GenEvtInf.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 143360 c:\windows\temp01\GenEvtInf.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 282112 c:\windows\temp01\gdi32.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 282112 c:\windows\temp01\gdi32.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 110592 c:\windows\temp01\ftcfg.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 110592 c:\windows\temp01\ftcfg.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 320000 c:\windows\temp01\fsshext.8.5.1302.1018.dll
- 2009-08-15 04:12 . 2009-08-15 04:12 320000 c:\windows\temp01\fsshext.8.5.1302.1018.dll
+ 2009-08-25 09:21 . 2009-08-25 09:21 258048 c:\windows\temp01\FrmInst.exe
+ 2009-08-19 03:13 . 2009-08-19 03:13 249856 c:\windows\temp01\freebl3.dll
- 2009-08-15 04:02 . 2009-08-15 04:02 249856 c:\windows\temp01\freebl3.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 185856 c:\windows\temp01\framedyn.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 185856 c:\windows\temp01\framedyn.dll
+ 2009-08-21 05:29 . 2009-08-21 05:29 173056 c:\windows\temp01\FPERSON.DLL
+ 2009-08-19 03:12 . 2009-08-19 03:12 339968 c:\windows\temp01\fontmanager.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 339968 c:\windows\temp01\fontmanager.dll
+ 2009-08-21 04:58 . 2009-08-21 04:58 118272 c:\windows\temp01\FNAME.DLL
+ 2009-08-19 03:13 . 2009-08-19 03:13 302080 c:\windows\temp01\firefox.exe
- 2009-08-15 04:01 . 2009-08-15 04:01 302080 c:\windows\temp01\firefox.exe
+ 2009-08-21 05:29 . 2009-08-21 05:29 114176 c:\windows\temp01\FDATE.DLL
- 2009-08-15 03:59 . 2009-08-15 03:59 212992 c:\windows\temp01\EZEJMNAP.EXE
+ 2009-08-19 03:09 . 2009-08-19 03:09 212992 c:\windows\temp01\EZEJMNAP.EXE
+ 2009-08-19 03:14 . 2009-08-19 03:14 121856 c:\windows\temp01\exts.dll
- 2009-08-15 04:09 . 2009-08-15 04:09 121856 c:\windows\temp01\exts.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 247808 c:\windows\temp01\esscli.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 247808 c:\windows\temp01\esscli.dll
+ 2009-08-20 08:03 . 2009-08-20 08:03 172032 c:\windows\temp01\esdupdate.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 243200 c:\windows\temp01\es.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 243200 c:\windows\temp01\es.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 233472 c:\windows\temp01\EntSrv.dll
+ 2009-08-19 08:54 . 2009-08-19 08:54 233472 c:\windows\temp01\EntSrv.dll
+ 2009-08-19 03:14 . 2009-08-19 03:14 180224 c:\windows\temp01\dwwin.exe
- 2009-08-15 04:09 . 2009-08-15 04:09 180224 c:\windows\temp01\dwwin.exe
- 2009-08-15 04:17 . 2009-08-15 04:17 304128 c:\windows\temp01\duser.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 304128 c:\windows\temp01\duser.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 137216 c:\windows\temp01\dssenh.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 137216 c:\windows\temp01\dssenh.dll
+ 2009-08-20 05:43 . 2009-08-20 05:43 181760 c:\windows\temp01\dsdmo.dll
+ 2009-08-21 20:31 . 2009-08-21 20:31 246784 c:\windows\temp01\drmclien.dll
- 2009-08-15 13:11 . 2009-08-15 13:11 246784 c:\windows\temp01\drmclien.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 148480 c:\windows\temp01\dnsapi.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 148480 c:\windows\temp01\dnsapi.dll
+ 2009-08-20 05:43 . 2009-08-20 05:43 104448 c:\windows\temp01\dmusic.dll
+ 2009-08-20 05:43 . 2009-08-20 05:43 103424 c:\windows\temp01\dmsynth.dll
+ 2009-08-20 05:43 . 2009-08-20 05:43 105984 c:\windows\temp01\dmstyle.dll
+ 2009-08-20 05:43 . 2009-08-20 05:43 181248 c:\windows\temp01\dmime.dll
- 2009-08-15 19:19 . 2009-08-15 19:19 187904 c:\windows\temp01\dinput8.dll
+ 2009-08-19 12:55 . 2009-08-19 12:55 187904 c:\windows\temp01\dinput8.dll
- 2009-08-15 08:56 . 2009-08-15 08:56 165376 c:\windows\temp01\dinput.dll
+ 2009-08-19 06:16 . 2009-08-19 06:16 165376 c:\windows\temp01\dinput.dll
+ 2009-08-19 03:25 . 2009-08-19 03:25 112128 c:\windows\temp01\dhcpcsvc.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 112128 c:\windows\temp01\dhcpcsvc.dll
+ 2009-08-20 12:04 . 2009-08-20 12:04 104960 c:\windows\temp01\dfrgntfs.exe
+ 2009-08-19 03:15 . 2009-08-19 03:15 290816 c:\windows\temp01\devmgr.dll
- 2009-08-15 16:29 . 2009-08-15 16:29 290816 c:\windows\temp01\devmgr.dll
+ 2009-08-19 11:17 . 2009-08-19 11:17 249856 c:\windows\temp01\DelZip179.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 266240 c:\windows\temp01\ddraw.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 266240 c:\windows\temp01\ddraw.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 143360 c:\windows\temp01\dcpr.dll
- 2009-08-15 04:03 . 2009-08-15 04:03 143360 c:\windows\temp01\dcpr.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 275968 c:\windows\temp01\CurXP1.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 275968 c:\windows\temp01\CurXP1.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 128000 c:\windows\temp01\CursorXP.exe
+ 2009-08-19 03:09 . 2009-08-19 03:09 128000 c:\windows\temp01\CursorXP.exe
+ 2009-08-19 03:12 . 2009-08-19 03:12 337920 c:\windows\temp01\cscui.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 337920 c:\windows\temp01\cscui.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 102912 c:\windows\temp01\cscdll.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 102912 c:\windows\temp01\cscdll.dll
+ 2009-08-25 06:17 . 2009-08-25 06:17 148992 c:\windows\temp01\crtdll.dll
- 2009-08-15 13:18 . 2009-08-15 13:18 148992 c:\windows\temp01\crtdll.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 122880 c:\windows\temp01\coptcpl.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 122880 c:\windows\temp01\coptcpl.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 330240 c:\windows\temp01\contactsUX.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 330240 c:\windows\temp01\contactsUX.dll
+ 2009-08-20 09:06 . 2009-08-20 09:06 230912 c:\windows\temp01\compstui.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 281088 c:\windows\temp01\comdlg32.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 281088 c:\windows\temp01\comdlg32.dll
+ 2009-08-27 13:00 . 2009-08-27 13:00 192512 c:\windows\temp01\cmm.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 200192 c:\windows\temp01\certcli.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 200192 c:\windows\temp01\certcli.dll
- 2009-08-15 13:17 . 2009-08-15 13:17 152064 c:\windows\temp01\cdfview.dll
+ 2009-08-23 16:10 . 2009-08-23 16:10 152064 c:\windows\temp01\cdfview.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 167424 c:\windows\temp01\ccupdate.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 303104 c:\windows\temp01\ccsched.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 282624 c:\windows\temp01\ccreport.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 340992 c:\windows\temp01\ccquamgr.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 173568 c:\windows\temp01\ccmsg.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 211456 c:\windows\temp01\cclib.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 225792 c:\windows\temp01\ccguard.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 314368 c:\windows\temp01\ccev.dll
+ 2009-08-19 04:01 . 2009-08-19 04:01 225792 c:\windows\temp01\catsrv.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 323584 c:\windows\temp01\C1XStngs.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 323584 c:\windows\temp01\C1XStngs.dll
+ 2009-08-20 09:06 . 2009-08-20 09:06 218112 c:\windows\temp01\c_g18030.dll
+ 2009-08-21 04:58 . 2009-08-21 04:58 163840 c:\windows\temp01\btsendto_office.dll
+ 2009-08-21 04:58 . 2009-08-21 04:58 131072 c:\windows\temp01\btsendto.dll
+ 2009-08-19 03:15 . 2009-08-19 03:15 118784 c:\windows\temp01\btosif.dll
- 2009-08-16 03:54 . 2009-08-16 03:54 118784 c:\windows\temp01\btosif.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 102400 c:\windows\temp01\bthcrp.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 102400 c:\windows\temp01\bthcrp.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 106496 c:\windows\temp01\bt2k_ins.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 106496 c:\windows\temp01\bt2k_ins.dll
- 2009-08-15 04:01 . 2009-08-15 04:01 129024 c:\windows\temp01\brwsrcmp.dll
+ 2009-08-19 03:13 . 2009-08-19 03:13 129024 c:\windows\temp01\brwsrcmp.dll
+ 2009-08-20 08:03 . 2009-08-20 08:03 102400 c:\windows\temp01\BIB.dll
- 2009-08-15 04:00 . 2009-08-15 04:00 106496 c:\windows\temp01\BBCpl.dll
+ 2009-08-19 04:00 . 2009-08-19 04:00 106496 c:\windows\temp01\BBCpl.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 155648 c:\windows\temp01\avrep.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 208896 c:\windows\temp01\avgnt.exe
+ 2009-08-19 03:12 . 2009-08-19 03:12 166912 c:\windows\temp01\avevtlog.dll
+ 2009-08-19 03:12 . 2009-08-19 03:12 292352 c:\windows\temp01\avarkt.dll
+ 2009-08-19 03:34 . 2009-08-19 03:34 258048 c:\windows\temp01\aspnet_isapi.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 258048 c:\windows\temp01\aspnet_isapi.dll
+ 2009-08-19 06:15 . 2009-08-19 06:15 176640 c:\windows\temp01\appmgmts.dll
- 2009-08-15 08:56 . 2009-08-15 08:56 176640 c:\windows\temp01\appmgmts.dll
+ 2009-08-25 09:21 . 2009-08-25 09:21 147456 c:\windows\temp01\applib.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 147456 c:\windows\temp01\applib.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 126976 c:\windows\temp01\apphelp.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 126976 c:\windows\temp01\apphelp.dll
+ 2009-08-19 06:22 . 2009-08-19 06:22 106383 c:\windows\temp01\am.exe
+ 2009-08-19 03:08 . 2009-08-19 03:08 278528 c:\windows\temp01\Agent.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 278528 c:\windows\temp01\Agent.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 106496 c:\windows\temp01\aevdf.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 352256 c:\windows\temp01\aescript.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 126976 c:\windows\temp01\aescn.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 196608 c:\windows\temp01\aeoffice.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 118784 c:\windows\temp01\aehelp.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 335872 c:\windows\temp01\aegen.dll
+ 2009-08-19 03:09 . 2009-08-19 03:09 176128 c:\windows\temp01\aecore.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 142464 c:\windows\temp01\aec.sys
+ 2009-08-19 09:33 . 2009-08-19 09:33 142464 c:\windows\temp01\aec.sys
- 2009-08-15 04:03 . 2009-08-15 04:03 101888 c:\windows\temp01\advpack.dll
+ 2009-08-19 03:10 . 2009-08-19 03:10 101888 c:\windows\temp01\advpack.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 143360 c:\windows\temp01\adsldpc.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 143360 c:\windows\temp01\adsldpc.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 101888 c:\windows\temp01\actxprxy.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 101888 c:\windows\temp01\actxprxy.dll
+ 2009-08-19 03:08 . 2009-08-19 03:08 194048 c:\windows\temp01\activeds.dll
- 2009-08-15 03:59 . 2009-08-15 03:59 194048 c:\windows\temp01\activeds.dll
- 2009-08-15 16:55 . 2009-08-15 16:55 119296 c:\windows\temp01\aclui.dll
+ 2009-08-19 03:19 . 2009-08-19 03:19 119296 c:\windows\temp01\aclui.dll
+ 1979-12-31 22:00 . 2009-08-19 04:03 398016 c:\windows\system32\perfh009.dat
+ 2009-08-18 13:57 . 2009-08-18 13:57 228352 c:\windows\Installer\21a1b75.msi
+ 2008-07-29 00:05 . 2008-07-29 00:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-03 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 212992]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-07-14 36864]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-01 127035]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-20 135168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UpdaterUI.exe" [2005-09-27 139320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-10 2160840]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-01-24 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2004-11-11 40960]
"UC_SMB"="" [BU]
"TkBellExe"="realsched.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Q4gq2m20j2"="c:\documents and settings\All Users\Application Data\shubupej\inwnoter.exe" [BU]

c:\documents and settings\p.franc\Menu D‚marrer\Programmes\D‚marrage\
Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-9-29 90112]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InstantTimeZone.lnk - c:\program files\InstantTimeZone\InstantTimeZone.exe [2007-1-5 1687738]
Post-it© Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-10 336584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 13:13 49152 ----a-w- c:\progra~1\FICHIE~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 01:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 18:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3772028017-4244622243-1160242127-11260\Scripts\Logon\0\0]
"Script"=\\S-orgues\GPO\Scripts\EPO\clntepo.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteAccess"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [17/08/2005 20:20 59776]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [17/08/2005 20:21 14208]
R1 oamon;OAmon;c:\windows\system32\drivers\OAmon.sys [19/08/2009 12:00 24656]
R1 oanet;OAnet;c:\windows\system32\drivers\OAnet.sys [19/08/2009 12:00 29776]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [17/08/2005 20:21 6016]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [14/07/2009 14:28 28544]
S1 a6b05311;a6b05311;c:\windows\system32\drivers\a6b05311.sys [16/08/2009 20:10 47744]
S1 oadevice;OADriver;c:\windows\system32\drivers\OADriver.sys [19/08/2009 12:00 200784]
S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [17/08/2005 20:20 4608]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [17/08/2005 20:46 4442]
S2 antivirschedulerservice;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/08/2009 21:59 108289]
S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [16/12/2004 10:12 63616]
S2 naunbt52u52;naunbt52u52;c:\windows\system32\drivers\naunbt52u52.sys [14/08/2009 16:35 3584]
S2 oacat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [19/08/2009 12:00 362184]
S2 svconlinearmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [19/08/2009 12:00 3285704]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [23/04/2007 04:12 336944]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\P95B7~1.FRA\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\P95B7~1.FRA\LOCALS~1\Temp\iMSPCLOj.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [17/08/2005 20:41 12288]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [06/09/2005 14:39 129535]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys [23/04/2007 04:09 24176]
.
Contents of the 'Scheduled Tasks' folder

2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = s-marimba:6560
uInternet Settings,ProxyOverride = 192.168.*;172.29.*;;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\p.franc\Application Data\Mozilla\Firefox\Profiles\fzvttem5.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 15:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\progra~1\FICHIE~1\Stardock\mcpstub.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\lameACM.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\alf2cd.acm
.
Completion time: 2009-08-28 15:23
ComboFix-quarantined-files.txt 2009-08-28 07:22
ComboFix2.txt 2009-08-16 11:59

Pre-Run: 2 974 400 512 octets libres
Post-Run: 3 224 006 656 octets libres

1465

nardino
 Posté le 28/08/2009 à 17:23 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour.

Enregistre sur ton bureau le fichier ci-dessous qui correspond à ta version sans en modifier le nom
Microsoft Windows XP Professionnel SP2
Fais un glisser déposer comme le montre l'image ci-dessous

Suis les indications à l'écran
Lance ComboFix et accepte le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.
Un message t'avertira que la console de récupération a été bien installée.
Il va te demander de poursuivre le nettoyage des malfaisants, refuse et ferme l'outil sans redémarrer le pc.

Enchaine avec ce qui suit.


ATTENTION :

Cette procédure a été rédigée pour le cas présent, toute copie sur sur un autre système peut entrainer des dysfonctionnements graves.

Ouvre le bloc-notes :

Tous les programmes-Accessoire-Bloc-notes
Colles-y les lignes écrites ci-dessous :
Veille à ce que Retour à la ligne ne soit pas coché dans Format.

File::
c:\windows\temp01
c:\windows\system32\drivers\a6b05311.sys
c:\windows\owajybital.dat
c:\windows\system32\ufyfimipyz.com
c:\windows\system32\drivers\naunbt52u52.sys
c:\windows\rts.exe
c:\windows\pikinese.dat
c:\windows\enugikyn.com
c:\windows\lofavyd.dat
c:\windows\system32\ytyhupy.dat
c:\program files\Fichiers communs\isysinajo.lib

Folder::
C:\49019-CF
C:\Themes
C:\PC_Antispyware2010

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Q4gq2m20j2"=-


Enregistre-le sous CFScript.txt, sur le bureau
Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe

Combofix va se lancer et faire redémarrer l'ordinateur.
Poste le rapport C:\Combofix.
Donne des infos sur l'évolution de tes problèmes.


@+

PopYet
 Posté le 28/08/2009 à 18:38 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Manips effectuées, voici le log correspondant :

ComboFix 09-08-27.A0 - P.Franc 28/08/2009 18:00.7.1 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.774 [GMT 8:00]
Running from: c:\documents and settings\p.franc\Bureau\Combofix.exe.exe
Command switches used
c:\documents and settings\p.franc\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FILE
:: "c:\program files\Fichiers communs\isysinajo.lib"
"c:\windows\enugikyn.com"
"c:\windows\lofavyd.dat"
"c:\windows\owajybital.dat"
"c:\windows\pikinese.dat"
"c:\windows\rts.exe"
"c:\windows\system32\drivers\a6b05311.sys"
"c:\windows\system32\drivers\naunbt52u52.sys"
"c:\windows\system32\ufyfimipyz.com"
"c:\windows\system32\ytyhupy.dat"
"c:\windows\temp01"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\49019-CF
C:\PC_Antispyware2010
c:\pc_antispyware2010\PC_Antispyware2010.lnk
c:\pc_antispyware2010\Uninstall.lnk
c:\program files\Fichiers communs\isysinajo.lib
C:\Themes
c:\windows\enugikyn.com
c:\windows\lofavyd.dat
c:\windows\owajybital.dat
c:\windows\pikinese.dat
c:\windows\rts.exe
c:\windows\system32\drivers\a6b05311.sys
c:\windows\system32\drivers\naunbt52u52.sys
c:\windows\system32\ufyfimipyz.com
c:\windows\system32\ytyhupy.dat

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_naunbt52u52
-------\Service_a6b05311
-------\Service_naunbt52u52


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-28 06:15 . 2009-08-28 06:15 -------- d-----w- c:\program files\CCleaner
2009-08-28 06:12 . 2009-08-03 05:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-28 06:12 . 2009-08-03 05:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 02:04 . 2009-08-27 07:55 94016 ----a-w- c:\windows\system32\dllcache\agp440.sys
2009-08-19 04:03 . 2009-08-19 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-08-19 04:03 . 2009-08-19 04:04 -------- d-----w- c:\documents and settings\p.franc\Application Data\OnlineArmor
2009-08-19 04:00 . 2009-07-10 21:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-08-19 04:00 . 2009-07-10 21:17 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-08-19 04:00 . 2009-07-10 21:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-08-19 04:00 . 2009-08-19 04:00 -------- d-----w- c:\program files\Tall Emu
2009-08-19 02:18 . 2009-08-28 09:51 -------- d-----w- c:\windows\temp01
2009-08-18 13:59 . 2009-03-30 02:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-18 13:59 . 2009-03-24 08:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-18 13:59 . 2009-02-13 04:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-18 13:59 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-18 13:58 . 2009-08-18 13:58 -------- d-----w- c:\program files\Avira
2009-08-18 13:58 . 2009-08-18 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-15 16:12 . 2009-08-15 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-15 15:57 . 2009-08-15 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment.temp
2009-08-15 04:18 . 2009-08-15 12:59 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-08-15 04:15 . 2009-08-15 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-08-14 05:53 . 2009-08-19 01:24 -------- d-----w- c:\documents and settings\p.franc\SmitfraudFix
2009-08-10 18:31 . 2009-08-10 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apowersoft
2009-08-10 17:46 . 2009-08-13 18:11 -------- d-----w- c:\documents and settings\p.franc\Application Data\Eltima Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 09:53 . 2008-03-22 17:50 -------- d-----w- c:\documents and settings\p.franc\Application Data\DNA
2009-08-28 09:45 . 2007-01-02 19:02 -------- d-----w- c:\documents and settings\p.franc\Application Data\Skype
2009-08-28 08:47 . 2008-07-07 17:53 -------- d-----w- c:\documents and settings\p.franc\Application Data\skypePM
2009-08-28 07:55 . 2005-08-31 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-28 07:31 . 2008-03-22 17:50 -------- d-----w- c:\program files\DNA
2009-08-28 06:12 . 2008-10-25 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-27 20:42 . 2008-03-22 17:50 -------- d-----w- c:\documents and settings\p.franc\Application Data\BitTorrent
2009-08-27 07:55 . 2004-09-17 14:58 94016 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2009-08-25 09:22 . 2005-08-31 11:52 -------- d-----w- c:\program files\Network Associates
2009-08-25 09:22 . 2005-08-31 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2009-08-19 04:03 . 1979-12-31 22:00 73832 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 04:03 . 1979-12-31 22:00 464966 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-19 01:51 . 2007-08-03 19:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-16 11:40 . 2005-08-31 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-14 07:03 . 2006-01-24 17:06 -------- d-----w- c:\program files\CursorXP
2009-08-13 18:23 . 2008-09-14 03:41 -------- d-----w- c:\program files\Enigma Software Group
2009-07-20 09:06 . 2005-10-30 17:32 92040 -c--a-w- c:\documents and settings\p.franc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 05:57 . 2009-06-05 05:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 03:42 . 2009-06-17 17:45 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 03:42 . 2007-10-20 04:56 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

------- Sigcheck -------

[-] 2004-08-05 03:00 1884672 90E794C5D2D368686FE71B4A0354462C c:\windows\explorer.exe


c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2009-08-28_07.20.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 07:36 . 2009-08-28 07:36 10240 c:\windows\temp01\System.dll
+ 2009-08-28 09:51 . 2009-08-28 09:51 25088 c:\windows\temp01\sort.exe
+ 2009-08-28 08:47 . 2009-08-28 08:47 74240 c:\windows\temp01\skypePM.exe
+ 2009-08-28 09:50 . 2009-08-28 09:50 98816 c:\windows\temp01\sed.exe
+ 2009-08-28 09:51 . 2009-08-28 09:51 14336 c:\windows\temp01\runonce.exe
+ 2009-08-28 09:52 . 2009-08-28 09:52 21504 c:\windows\temp01\route.exe
+ 2009-08-28 09:50 . 2009-08-28 09:50 73728 c:\windows\temp01\pv.com
+ 2009-08-28 09:51 . 2009-08-28 09:51 19456 c:\windows\temp01\ping.exe
+ 2009-08-28 09:50 . 2009-08-28 09:50 31232 c:\windows\temp01\NircmdB.exe
+ 2009-08-28 09:50 . 2009-08-28 09:50 31232 c:\windows\temp01\NIRCMD.exe
+ 2009-08-28 09:50 . 2009-08-28 09:50 31232 c:\windows\temp01\n.pif
+ 2009-08-28 09:49 . 2009-08-28 09:49 31232 c:\windows\temp01\iexplore.exe
+ 2009-08-28 07:36 . 2009-08-28 07:36 58880 c:\windows\temp01\helper.exe
+ 2009-08-28 09:51 . 2009-08-28 09:51 39424 c:\windows\temp01\grpconv.exe
+ 2009-08-28 09:50 . 2009-08-28 09:50 80384 c:\windows\temp01\grep.exe
+ 2009-08-28 09:50 . 2009-08-28 09:50 98304 c:\windows\temp01\cscript.exe
+ 2009-08-28 09:48 . 2009-08-28 09:48 51200 c:\windows\temp01\Combofix.exe.exe
+ 2009-08-28 09:52 . 2009-08-28 09:52 31744 c:\windows\temp01\catchme.sys
+ 2009-08-28 09:52 . 2009-08-28 09:52 53248 c:\windows\temp01\catchme.dll
+ 2009-08-28 09:50 . 2009-08-28 09:50 11264 c:\windows\temp01\attrib.exe
+ 2009-08-28 09:49 . 2009-08-28 09:49 1536 c:\windows\temp01\hidec.exe
+ 2009-08-28 09:50 . 2009-08-28 09:50 7680 c:\windows\temp01\chcp.com
+ 2009-08-28 09:50 . 2009-08-28 09:50 212480 c:\windows\temp01\SWXCACLS.exe
+ 2009-08-28 09:50 . 2009-08-28 09:50 151552 c:\windows\temp01\scrrun.dll
+ 2009-08-28 09:50 . 2009-08-28 09:50 159744 c:\windows\temp01\scrobj.dll
+ 2009-08-28 09:51 . 2009-08-28 09:51 151552 c:\windows\temp01\msdart.dll
+ 2009-08-28 09:51 . 2009-08-28 09:51 143360 c:\windows\temp01\msadco.dll
+ 1979-12-31 22:00 . 2007-02-09 11:23 574976 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-03 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 212992]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-07-14 36864]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-01 127035]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-20 135168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UpdaterUI.exe" [2005-09-27 139320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-10 2160840]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-01-24 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2004-11-11 40960]
"UC_SMB"="" [BU]
"TkBellExe"="realsched.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\p.franc\Menu D‚marrer\Programmes\D‚marrage\
Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-9-29 90112]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InstantTimeZone.lnk - c:\program files\InstantTimeZone\InstantTimeZone.exe [2007-1-5 1687738]
Post-it© Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-10 336584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 13:13 49152 ----a-w- c:\progra~1\FICHIE~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 01:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 18:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3772028017-4244622243-1160242127-11260\Scripts\Logon\0\0]
"Script"=\\S-orgues\GPO\Scripts\EPO\clntepo.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteAccess"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [17/08/2005 20:20 59776]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [17/08/2005 20:21 14208]
R1 oamon;OAmon;c:\windows\system32\drivers\OAmon.sys [19/08/2009 12:00 24656]
R1 oanet;OAnet;c:\windows\system32\drivers\OAnet.sys [19/08/2009 12:00 29776]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [17/08/2005 20:21 6016]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [14/07/2009 14:28 28544]
S1 oadevice;OADriver;c:\windows\system32\drivers\OADriver.sys [19/08/2009 12:00 200784]
S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [17/08/2005 20:20 4608]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [17/08/2005 20:46 4442]
S2 antivirschedulerservice;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/08/2009 21:59 108289]
S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [16/12/2004 10:12 63616]
S2 oacat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [19/08/2009 12:00 362184]
S2 svconlinearmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [19/08/2009 12:00 3285704]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [23/04/2007 04:12 336944]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\P95B7~1.FRA\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\P95B7~1.FRA\LOCALS~1\Temp\iMSPCLOj.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [17/08/2005 20:41 12288]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [06/09/2005 14:39 129535]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys [23/04/2007 04:09 24176]
.
Contents of the 'Scheduled Tasks' folder

2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = s-marimba:6560
uInternet Settings,ProxyOverride = 192.168.*;172.29.*;;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\p.franc\Application Data\Mozilla\Firefox\Profiles\fzvttem5.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 18:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\progra~1\FICHIE~1\Stardock\mcpstub.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\lameACM.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\alf2cd.acm
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\FICHIE~1\stardock\SDMCP.exe
.
**************************************************************************
.
Completion time: 2009-08-28 18:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 10:13
ComboFix2.txt 2009-08-28 07:23
ComboFix3.txt 2009-08-16 11:59

Pre-Run: 3 283 505 152 octets libres
Post-Run: 3 214 884 864 octets libres

262

nardino
 Posté le 28/08/2009 à 20:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonsoir.

Où en sont tes problèmes ?

Fais un scan MBAM de contrôle.

Supprime ce fichier :

c:\windows\temp01

Télécharge ce fichier :

http://cjoint.com/?iCuAIbnfKn

Tu le décompresses et tu ouvres le dossier.

Tu cliques sur repar.bat

Poste le nouveau rapport et donnes des infos.

@+

PopYet
 Posté le 28/08/2009 à 23:38 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonsoir,

Après nouvelles manip, 2 fichiers ont été copiés à partir de repar.bat (je suppose qu'il s'agit du beep.sys qui était absent de mon ordi et ntfs).

voici le log mbam :

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2708
Windows 5.1.2600 Service Pack 2

28/08/2009 23:31:59
mbam-log-2009-08-28 (23-31-59).txt

Type de recherche: Examen rapide
Eléments examinés: 106807
Temps écoulé: 9 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Mon ordi parait clean!

Merci infiniment!

nardino
 Posté le 29/08/2009 à 00:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonsoir.

La bête est vaincue.

Dans le menu Windows Exécuter tu tapes Combofix /u et tu valides par OK.

Supprime le fichier C:\Combofix.txt si encore présent.

Désactive la restauration système comme indiqué sur ce lien
Et réactives-la pour recréer automatiquement un point sain de toute infection.

Passe la question en résolu.

@+

Publicité
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
202,79 €Disque dur externe Western Digital Elements Desktop USB 3.0 12 To à 202,79 € livré
Valable jusqu'au 21 Janvier

Amazon Espagne propose actuellement le disque dur externe Western Digital Elements Desktop USB 3.0 12 To à 196,36 € (avec la TVA ajustée). Comptez 6,43 € pour la livraison en France soit un total de 202,79 € livré. On le trouve ailleurs à partir de 280 €. Ce disque dur dispose d'un grande capacité de stockage (12 To) et d'une connectique USB 3.0 qui vous offrira des transferts rapides. Il est compatible USB 2.0. A l'intérieur, vous trouverez un disque à hélium UltraStar DC HC 520 White (12 To, 5400 tr/min, 256 Mo cache, CMR -> source satdream.tech). Le disque peut être démonté et réutilisé dans un ordinateur, un NAS, etc. Une très bonne affaire


> Voir l'offre
99,99 €Set Tefal Ingenio Emotion tous feux même induction (22 pièces) à 99,99 €
Valable jusqu'au 22 Janvier

Cdiscount solde la batterie de cuisine Tefal Ingenio Emotion, tous feux même induction à 99,99 € au lieu de 200 €. Set de 22 pièces - Poêles 22/24/28cm + Casseroles 16/18/20cm - 1,5/2,1/3L + Couvercles - Thermo-Spot® : maîtrise parfaite de la température hermétiques, Sauteuse 24cm, Poêle Wok 26cm, 5 spatules Bienvenue (angle, longue, crêpe, cuillère, louche) + 4 protecteurs + 2 poignées


> Voir l'offre
184,99 €Imprimante 3D Creality Ender 3 v2 à 184,99 € (stock Europe) avec le code BG11c885
Valable jusqu'au 21 Janvier

Banggoodfait une belle promotion sur la toute dernière imprimante 3D Creality Ender 3 v2 à 184,99 € avec le code BG11c885 On la trouve ailleurs autour de 180 €. L'imprimante est expédiée depuis un stock Europe (en Espagne). Elle sera donc rapide et vous êtes sûr de ne pas avoir de douane. 

La Creality Ender 3 v2 est l'une des machines les plus populaires actuellement sur le marché. Et pour cause. Elle dispose d'un volume d’impression de 220 x 220 x 250 mm, est équipée d'un plateau chauffant inspiré du BuildTak, d'un nouvel écran LCD 4.3 pouces et offre des fonctionnalités pratiques comme la reprise de l'impression après une coupure de courant ou le conduit pour le filament étroit. L'imprimante 3D est facile à assembler et le calibrage est aisé grâce aux gros boutons. 


> Voir l'offre

Sujets relatifs
Mon PC redémarre toutes les 2-3 minutes
pc qui redemarre de façon intempestive
un site qui revient toutes les dix minutes
PC qui rame et fenêtres de pub qui s'ouvent toutes seules
Mon ordi redémarre tout seul .....
AdwCleaner 3.310 redemarre mon PC normal?
pub partout dans toutes las pages web
pc lent et redémarre tout seul
PC redémarre sur batterie et secteur
Windows a redémarré après un arrêt non planifié
Plus de sujets relatifs à Mon PC redémarre toutes les 3minutes : braviax?
 > Tous les forums > Forum Sécurité