× Aidez la recherche contre le COVID-19 avec votre ordi ! Rejoignez l'équipe PC Astuces Folding@home
 > Tous les forums > Forum Sécurité
 pc reboot lors de connexion internet + braviaxSujet résolu
Ajouter un message à la discussion
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]
gaby.zeze
  Posté le 16/08/2009 @ 18:49 
Aller en bas de la page 
Petite astucienne

Bonjour,

Après une journée de tentative pour éliminer braviax .. je me permets de poster sur ce forum

Je ne sais pas comment, je suis infectée par braviax et surement d'autres virus. J'ai tout essayé, sdfix, malware, combofix, navilog, et smitfraudfix; les trojans semblent à chaque fois disparus mais des que je reactive ma carte réseau pour me connecter à internet .. mon pc rebbot au bout de 2 minutes et je récupère à nouveau virus et trojans dont braviax ..

Voici le rapport Hijacktis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:21, on 16/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\_Programmes\avast\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221252786765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221297384240
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Update Service (gupdate1c98394c3fa3d08) (gupdate1c98394c3fa3d08) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe

--
End of file - 5166 bytes

Et le rapport Combofix :

ComboFix 09-08-10.06 - Gabrielle 16/08/2009 18:37.17.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1270.864 [GMT 2:00]
Running from: d:\_programmes\avast\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 15:08 . 2009-08-16 15:08 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-16 15:08 . 2009-08-16 15:08 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-16 13:51 . 2009-08-16 14:50 -------- d-----w- c:\program files\Navilog1
2009-08-16 11:58 . 2009-08-16 15:13 -------- d-----w- C:\SDFix
2009-08-16 10:37 . 2009-08-16 10:37 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-08-16 10:33 . 2009-08-16 11:59 -------- d-----w- c:\windows\ERUNT
2009-08-16 10:33 . 2009-08-16 11:16 -------- d-----w- C:\Backups
2009-08-16 09:37 . 2009-08-16 09:37 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-08-16 09:32 . 2009-08-16 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-16 09:32 . 2009-08-16 09:32 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-15 19:37 . 2009-08-16 11:19 -------- d-s---w- C:\Csssx
2009-08-15 19:32 . 2009-08-15 19:32 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-14 16:11 . 2009-08-14 16:11 -------- d-----w- c:\documents and settings\Gabrielle\Mes documents
2009-08-07 08:36 . 2009-08-07 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Ciel
2009-08-07 08:36 . 2009-08-07 08:36 -------- d-----w- c:\program files\Ciel
2009-07-19 14:42 . 2009-08-16 14:52 -------- d-----w- c:\program files\DivX
2009-07-19 09:23 . 2009-07-19 09:23 -------- d-----w- c:\program files\IKEA HomePlanner
2009-07-19 09:23 . 2009-07-19 09:23 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 16:29 . 2004-08-10 12:00 268138 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 16:29 . 2004-08-10 12:00 129006 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-16 14:10 . 2008-11-25 06:56 -------- d-----w- c:\program files\Google
2009-08-16 14:10 . 2008-09-12 20:32 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-08-16 09:27 . 2009-05-02 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-15 19:32 . 2004-08-10 12:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-14 16:26 . 2008-10-29 14:32 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\FileZilla
2009-08-14 16:12 . 2008-09-12 20:38 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-12 19:00 . 2008-12-03 20:22 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-08-12 19:00 . 2008-12-03 20:21 -------- d-----w- c:\program files\Norton Security Scan
2009-07-30 12:21 . 2008-10-02 12:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-24 10:00 . 2008-10-29 14:25 -------- d-----w- c:\program files\EasyPHP 2.0b1
2009-07-09 09:58 . 2008-09-13 08:51 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\Skype
2009-07-09 09:56 . 2008-09-13 14:06 31536 ----a-w- c:\documents and settings\Gabrielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 09:56 . 2008-09-13 08:24 -------- d-----w- c:\program files\Windows Live
2009-07-09 09:54 . 2009-07-09 09:52 -------- d-----w- c:\program files\Microsoft
2009-07-09 09:52 . 2009-07-09 09:52 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-09 09:46 . 2009-07-09 09:46 -------- d-----r- c:\program files\Skype
2009-07-09 09:46 . 2009-07-09 09:46 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-09 09:46 . 2008-09-13 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-09 09:45 . 2009-07-09 09:45 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-09 07:29 . 2008-09-18 19:38 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\skypePM
2009-06-04 16:26 . 2009-06-04 16:26 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\French\setup.exe
2009-05-25 03:21 . 2009-05-25 03:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 03:18 . 2009-05-25 03:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-24 13:30 . 2009-05-24 13:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
.

------- Sigcheck -------


[-] 2004-08-10 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2008-04-13 10:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-15 19:32 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-15 19:32 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-16_13.02.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-16 16:25 . 2009-08-16 16:25 16384 c:\windows\temp\Perflib_Perfdata_5b0.dat
+ 2004-08-10 12:00 . 2009-08-16 16:29 524394 c:\windows\system32\perfh009.dat
+ 2004-08-10 12:00 . 2009-08-16 16:29 170300 c:\windows\system32\perfc009.dat
+ 2008-09-12 20:57 . 2009-08-16 14:53 162728 c:\windows\system32\FNTCACHE.DAT
- 2009-08-16 11:59 . 2009-08-16 11:59 200704 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-08-16 15:03 . 2009-08-16 15:03 200704 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-08-16 15:03 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
- 2009-08-16 11:59 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-08-16 15:03 . 2009-08-16 15:03 6815744 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-10 148888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\French\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20:41 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
S0 virq;virq;c:\windows\system32\drivers\zuxvh.sys --> c:\windows\system32\drivers\zuxvh.sys [?]
S2 gupdate1c98394c3fa3d08;Google Update Service (gupdate1c98394c3fa3d08);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2009 13:12 133104]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 11:12]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003Core.job
- c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-30 21:55]

2009-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003UA.job
- c:\documents and settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-30 21:55]

2009-08-12 c:\windows\Tasks\Norton Security Scan for Gabrielle.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 19:20]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\documents and settings\Gabrielle\Application Data\Mozilla\Firefox\Profiles\wurinhwc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(624)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-08-16 18:43
ComboFix-quarantined-files.txt 2009-08-16 16:43
ComboFix2.txt 2009-08-16 16:17
ComboFix3.txt 2009-08-16 13:17
ComboFix4.txt 2009-08-16 13:04

Pre-Run: 8 315 793 408 octets libres
Post-Run: 8 268 546 048 octets libres

165 --- E O F --- 2008-10-25 09:33

Par avance, merci ....

Gaby

Publicité
Batch_Man
 Posté le 16/08/2009 à 18:52 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour,

J'analyse ton rapport.

A+

gaby.zeze
 Posté le 16/08/2009 à 18:55 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Merci bcp,

Gaby

Batch_Man
 Posté le 16/08/2009 à 18:57 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien
gaby.zeze
 Posté le 16/08/2009 à 21:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Merci Batch_Man

1/ MBAM

Voici le rapport d'analyse :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2069
Windows 5.1.2600 Service Pack 3

16/08/2009 21:26:28
2mbam-log-2009-08-16 (21-26-23).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 236569
Temps écoulé: 1 hour(s), 31 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntivirusPro2009) -> No action taken.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntivirusPro2009) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.

2/ Antivirus

Voici le rapport d'analyse eset online :

C:\Documents and Settings\Gabrielle\Bureau\Nouveau dossier\1 SmitfraudFix.exe multiple threats deleted - quarantined
C:\Documents and Settings\Gabrielle\Bureau\Nouveau dossier\2 SDFix.exe Win32/PrcView application deleted - quarantined
C:\Documents and Settings\Gabrielle\Bureau\Nouveau dossier\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\Documents and Settings\Gabrielle\Bureau\Nouveau dossier\SmitfraudFix\restart.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0XENKHUN\Install[1].exe a variant of Win32/Kryptik.AAL trojan cleaned by deleting - quarantined
C:\Program Files\Navilog1\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe a variant of Win32/Kryptik.AAL trojan cleaned by deleting (after the next restart) - quarantined
C:\Program Files\PC_Antispyware2010\Uninstall.exe a variant of Win32/Kryptik.AAL trojan cleaned by deleting - quarantined
C:\Program Files\PC_Antispyware2010\wscui.cpl Win32/Adware.XPSecurityCenter application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir a variant of Win32/Kryptik.AAL trojan cleaned by deleting - quarantined
C:\SDFix\apps\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\WINDOWS\system32\braviax.exe a variant of Win32/Kryptik.ACE trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\system32\wisdstr.exe a variant of Win32/Kryptik.AAL trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\_scui.cpl Win32/Adware.XPSecurityCenter application cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\system32\dllcache\beep.sys a variant of Win32/UltimateDefender.A trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\dllcache\figaro.sys a variant of Win32/UltimateDefender.A trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\beep.sys a variant of Win32/UltimateDefender.A trojan unable to clean
C:\WINDOWS\temp\BN9.tmp a variant of Win32/Kryptik.ABI trojan cleaned by deleting - quarantined

3/ Précision

Le pc redemarre lorsque je demande à kaspersky de mettre à jour sa base, pratiquement au début de la mise à jour, et redevient infecté.

Lorsque je navigue sur internet, une popup de téléchargement du pluggin flash d'Adobe s'affiche, il me semble avoir cliqué sur oui, et ensuite avoir eu tous ces soucis.

Merci,

Gaby

Batch_Man
 Posté le 16/08/2009 à 21:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Re,

Essaye un autres scan que Kaspersky

Batch_Man

gaby.zeze
 Posté le 16/08/2009 à 21:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Ok, je tente de scanner avec BitDefender.

Merci

Batch_Man
 Posté le 16/08/2009 à 21:52 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Re,

gaby.zeze
 Posté le 16/08/2009 à 23:22 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Voici le rapport BitDefender, dans le doute, j'ai placé les fichiers en quarantaine

J'ai eu un écran bleu à l'installation de BitDefender. Maintenant une fenetre de bitdefender qui m'informe que c\windows\System32\drivers\ntfs.sys est infecté :

Rapport Bitdefender

Produit : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Tâche d'analyse : Analyse complète
Date du journal : 16/08/2009 23:15:08
Chemin du journal : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1250457308_1_01.xml

Analyse des chemins :

Chemin 0000: C:\
Chemin 0001: D:\

Options d’analyse :

Détecter les virus : Oui
Détecter les adwares : Oui
Détecter les spywares : Oui
Analyser les applications : Oui
Détecter les dialers : Oui
Détecter les rootkits : Oui

Options de sélection de cible :

Analyser les clés du registre : Oui
Analyser les cookies : Oui
Analyser les secteurs de boot : Oui
Analyser les processus mémoire : Oui
Analyser les archives : Non
Analyser les fichiers enpaquetés : Oui
Analyser les e-mails : Non
Analyser tous les fichiers : Oui
Analyse heuristique : Oui
Extensions analysées :
Extensions exclues :

Traitement de la cible :

Action par défaut pour les objets infectés : Désinfecter
Action par défaut pour les objets suspects : Aucune
Action par défaut pour les objets camouflés : Aucune
Action par défaut pour les objets infectés : Aucune
Action par défaut pour les objets suspects encryptés : Aucune
Action par défaut pour les objets protégés par mot de passe : Enregistrer comme non analysé

Résumé de l'analyse

Nombre de signatures de virus : 3891338
Plugins archives : 45
Plugins e-mail : 6
Plugins d'analyse : 13
Plugins système : 5
Plugins de décompression : 7

Résumé de l'analyse générale

Eléments analysés : 93809
Eléments infectés : 14
Eléments suspects : 2
Eléments résolus : 16
Éléments non résolus : 0
Eléments protégés : 0
Éléments ultra-compressés : 0
Virus individuels trouvés : 5
Répertoires analysés : 17078
Secteur de boot analysés : 3
Archives analysés : 2
Erreurs I/O : 0
Temps d'analyse : 00:40:20
Fichiers par seconde : 38

Résumé des processus analysés

Analysé : 41
Infecté : 0

Résumé des clés de registre analysées

Analysé : 993
Infecté : 0

Résumé des cookies analysés

Analysé : 9
Infecté : 0

Problèmes résolus

Nom de l'objet Nom de la menace État final
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP11\A0005054.exe Gen:Trojan.Heur.Kq2@vnsTu9oix Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP1\A0000005.exe Gen:Trojan.Heur.lq1@v9pYVvkix Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP1\A0000102.exe Gen:Trojan.Heur.lq1@v9pYVvkix Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP10\A0004675.exe Gen:Trojan.Heur.lq1@v9pYVvkix Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP11\A0005055.exe Gen:Trojan.Heur.lq1@v9pYVvkix Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP11\A0005059.exe Gen:Trojan.Heur.lq1@v9pYVvkix Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP11\A0005061.sys Generic.Malware.P!.80497AAE Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP11\A0005062.sys Generic.Malware.P!.80497AAE Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP11\snapshot\MFEX-2.DAT Generic.Malware.P!.80497AAE Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP1\A0000007.sys Generic.Malware.P!.8C276B52 Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP1\A0000024.sys Generic.Malware.P!.8C276B52 Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP10\A0003491.sys Generic.Malware.P!.8C276B52 Déplacé(s) en quarantaine
C:\WINDOWS\system32\dllcache\ntfs.sys Rootkit.Kobcka.Patched.A Déplacé(s) en quarantaine
C:\WINDOWS\system32\drivers\ntfs.sys Rootkit.Kobcka.Patched.A Déplacé(s) en quarantaine
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP11\A0005056.cpl Trojan.FakeAlert.BIJ Supprimé
C:\System Volume Information\_restore{76FEFEDA-976A-4890-A9C5-B2451C972B34}\RP11\A0005060.cpl Trojan.FakeAlert.BIJ Supprimé


Merci,

Gaby

Publicité
gaby.zeze
 Posté le 16/08/2009 à 23:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Bitdefender ne réussit pas non plus à mettre à jour sa base.

J'ai redémarré le PC après avoir placé les fichiers en quarantaine, au démarrage Bitedefender bloque bien les virus mais le pc est toujours infecté, avec la "fausse alerte windows" qui s'affiche "your computer is infected .."

gaby.zeze
 Posté le 17/08/2009 à 02:08 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Nous avons la solution .. enfin j'espère !

1\ bitdefender pour bloquer les processus et excecutables du braviax

2\ j'ai déposé un beep.sys sain récupéré depuis un autre pc dans c\windows\system32, au cas ou ..

3\ téléchargé braviax remover depuis http://net-studio.org/application/virtual-maid.php

4\ exécuté braviax remover en mode sans echec (F8)

5\ redemarré

6\ mis à jour de la base antivirale bit defender et scan puis nettoyage

Les virus semblent etre partis .. j'espère en tout cas !

Batch_Man, merci pour vos indications précieuses

Gaby

Batch_Man
 Posté le 17/08/2009 à 10:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Salut,

Je doute que ce Braviax Remover soit efficace... D'autant plus que les fichiers système sont patchés.

1/ OAD

  • Télécharge OAD
  • Enregistre le sur ton bureau
  • Double clique sur le OAD pour le lancer
  • Nom de fichier à rechercher: tape ou fais un copier coller de : ntfs.sys
  • Type de recherche: sélectionne l'option 6 puis valide [entree]
  • OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
  • Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
  • Fais un copier / coller de ce rapport dans ton prochain post.
  • Note importante: Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient
  • Recommence avec: beep.sys

2/ Virustotal

  • Sur virustotal fais scanner le fichier en gras: C:\windows\system32\ntfs.sys
  • Recommence avec C:\windows\system32\beep.sys

3/ RSIT

Tu posteras un nouveau rapport RSIT.

Batch_Man

gaby.zeze
 Posté le 17/08/2009 à 11:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Test post

gaby.zeze
 Posté le 17/08/2009 à 11:13 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Bonjour,

1/ OAD

Voici le rapport de recherche beep.sys :

17/08/2009 ---- 10:45:22,46

----------------------------------
§§§§§§ [beep.sys] §§§§§§
----------------------------------
[X] Registre
[ ] Fichier (rapide)
[ ] Fichier (disque systeme)
[X] Fichier (complete)




********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

c:\Documents and Settings\Gabrielle\Bureau\Nouveau dossier\beep.sys
c:\SDFix\apps\Replace\w2k\beep.sys
c:\SDFix\apps\Replace\xp\beep.sys
c:\WINDOWS\system32\dllcache\beep.sys
c:\WINDOWS\system32\drivers\beep.sys
c:\Documents and Settings\Gabrielle\Bureau\Nouveau dossier\beep.sys
c:\SDFix\apps\Replace\w2k\beep.sys
c:\SDFix\apps\Replace\xp\beep.sys
c:\WINDOWS\system32\dllcache\beep.sys
c:\WINDOWS\system32\drivers\beep.sys


*********************
[Même date]
*********************

C:\WINDOWS\system32\drivers\beep.sys

----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

gaby.zeze
 Posté le 17/08/2009 à 11:16 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Voici le rapport de recherche ntfs.sys (1/2) :

17/08/2009 ---- 10:42:14,57

----------------------------------
§§§§§§ [ntfs.sys] §§§§§§
----------------------------------
[X] Registre
[ ] Fichier (rapide)
[ ] Fichier (disque systeme)
[X] Fichier (complete)




********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

c:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
c:\WINDOWS\ServicePackFiles\i386\ntfs.sys
c:\WINDOWS\system32\dllcache\ntfs.sys
c:\WINDOWS\system32\drivers\ntfs.sys
c:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
c:\WINDOWS\ServicePackFiles\i386\ntfs.sys
c:\WINDOWS\system32\dllcache\ntfs.sys
c:\WINDOWS\system32\drivers\ntfs.sys


*********************
[Même date]
*********************

C:\Bootfont.bin
C:\NTDETECT.COM
C:\WINDOWS\Bulles
C:\WINDOWS\clock.avi
C:\WINDOWS\desktop.ini
C:\WINDOWS\explorer.scf
C:\WINDOWS\Granit
C:\WINDOWS\Jour
C:\WINDOWS\msdfmap.ini
C:\WINDOWS\Mur
C:\WINDOWS\Plume.bmp
C:\WINDOWS\Rhododendron.bmp
C:\WINDOWS\Rivière
C:\WINDOWS\Rosace
C:\WINDOWS\SET3.tmp
C:\WINDOWS\SET4.tmp
C:\WINDOWS\SET8.tmp
C:\WINDOWS\TASKMAN.EXE
C:\WINDOWS\Tasse
C:\WINDOWS\twain.dll
C:\WINDOWS\twunk_16.exe
C:\WINDOWS\twunk_32.exe
C:\WINDOWS\Vent
C:\WINDOWS\vmmreg32.dll
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\wmprfFRA.prx
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\explorer.exe
C:\WINDOWS\hh.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\slrundll.exe
C:\WINDOWS\twain_32.dll
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\system32\12520437.cpx
C:\WINDOWS\system32\12520850.cpx
C:\WINDOWS\system32\aaaamon.dll
C:\WINDOWS\system32\acctres.dll
C:\WINDOWS\system32\acelpdec.ax
C:\WINDOWS\system32\acledit.dll
C:\WINDOWS\system32\activeds.tlb
C:\WINDOWS\system32\adptif.dll
C:\WINDOWS\system32\adsnds.dll
C:\WINDOWS\system32\ansi.sys
C:\WINDOWS\system32\apcups.dll
C:\WINDOWS\system32\append.exe
C:\WINDOWS\system32\arp.exe
C:\WINDOWS\system32\asr_ldm.exe
C:\WINDOWS\system32\atkctrs.dll
C:\WINDOWS\system32\atmpvcno.dll
C:\WINDOWS\system32\atrace.dll
C:\WINDOWS\system32\autodisc.dll
C:\WINDOWS\system32\AUTOEXEC.NT
C:\WINDOWS\system32\avicap.dll
C:\WINDOWS\system32\avicap32.dll
C:\WINDOWS\system32\avifile.dll
C:\WINDOWS\system32\avmeter.dll
C:\WINDOWS\system32\avtapi.dll
C:\WINDOWS\system32\avwav.dll
C:\WINDOWS\system32\bios1.rom
C:\WINDOWS\system32\bios4.rom
C:\WINDOWS\system32\bootok.exe
C:\WINDOWS\system32\bootvid.dll
C:\WINDOWS\system32\bootvrfy.exe
C:\WINDOWS\system32\bopomofo.uce
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\cards.dll
C:\WINDOWS\system32\ccfgnt.dll
C:\WINDOWS\system32\cdmodem.dll
C:\WINDOWS\system32\certmgr.msc
C:\WINDOWS\system32\charmap.exe
C:\WINDOWS\system32\Chaînes.scf
C:\WINDOWS\system32\chcp.com
C:\WINDOWS\system32\chkdsk.exe
C:\WINDOWS\system32\chkntfs.exe
C:\WINDOWS\system32\ciadmin.dll
C:\WINDOWS\system32\ciadv.msc
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ckcnv.exe
C:\WINDOWS\system32\clb.dll
C:\WINDOWS\system32\cliconf.chm
C:\WINDOWS\system32\cliconfg.rll
C:\WINDOWS\system32\cmdlib.wsc
C:\WINDOWS\system32\cmmgr32.hlp
C:\WINDOWS\system32\cmos.ram
C:\WINDOWS\system32\cmpbk32.dll
C:\WINDOWS\system32\cnetcfg.dll
C:\WINDOWS\system32\cnvfat.dll
C:\WINDOWS\system32\comcat.dll
C:\WINDOWS\system32\comm.drv
C:\WINDOWS\system32\command.com
C:\WINDOWS\system32\commdlg.dll
C:\WINDOWS\system32\comp.exe
C:\WINDOWS\system32\compact.exe
C:\WINDOWS\system32\compmgmt.msc
C:\WINDOWS\system32\compobj.dll
C:\WINDOWS\system32\CONFIG.TMP
C:\WINDOWS\system32\console.dll
C:\WINDOWS\system32\control.exe
C:\WINDOWS\system32\convert.exe
C:\WINDOWS\system32\country.sys
C:\WINDOWS\system32\crtdll.dll
C:\WINDOWS\system32\csseqchk.dll
C:\WINDOWS\system32\ctl3d32.dll
C:\WINDOWS\system32\ctl3dv2.dll
C:\WINDOWS\system32\ctype.nls
C:\WINDOWS\system32\c_037.nls
C:\WINDOWS\system32\c_10000.nls
C:\WINDOWS\system32\c_10006.nls
C:\WINDOWS\system32\c_10007.nls
C:\WINDOWS\system32\c_10010.nls
C:\WINDOWS\system32\c_10017.nls
C:\WINDOWS\system32\c_10029.nls
C:\WINDOWS\system32\c_10079.nls
C:\WINDOWS\system32\c_10081.nls
C:\WINDOWS\system32\c_10082.nls
C:\WINDOWS\system32\c_1026.nls
C:\WINDOWS\system32\c_1250.nls
C:\WINDOWS\system32\c_1251.nls
C:\WINDOWS\system32\c_1252.nls
C:\WINDOWS\system32\c_1253.nls
C:\WINDOWS\system32\c_1254.nls
C:\WINDOWS\system32\c_1255.nls
C:\WINDOWS\system32\c_1256.nls
C:\WINDOWS\system32\c_1257.nls
C:\WINDOWS\system32\c_1258.nls
C:\WINDOWS\system32\c_20127.nls
C:\WINDOWS\system32\c_20261.nls
C:\WINDOWS\system32\c_20866.nls
C:\WINDOWS\system32\c_20905.nls
C:\WINDOWS\system32\c_21866.nls
C:\WINDOWS\system32\c_28591.nls
C:\WINDOWS\system32\c_28592.nls
C:\WINDOWS\system32\c_28593.nls
C:\WINDOWS\system32\C_28594.NLS
C:\WINDOWS\system32\C_28595.NLS
C:\WINDOWS\system32\C_28597.NLS
C:\WINDOWS\system32\c_28598.nls
C:\WINDOWS\system32\c_28599.nls
C:\WINDOWS\system32\c_28603.nls
C:\WINDOWS\system32\c_28605.nls
C:\WINDOWS\system32\c_437.nls
C:\WINDOWS\system32\c_500.nls
C:\WINDOWS\system32\c_737.nls
C:\WINDOWS\system32\c_775.nls
C:\WINDOWS\system32\c_850.nls
C:\WINDOWS\system32\c_852.nls
C:\WINDOWS\system32\c_855.nls
C:\WINDOWS\system32\c_857.nls
C:\WINDOWS\system32\c_860.nls
C:\WINDOWS\system32\c_861.nls
C:\WINDOWS\system32\c_863.nls
C:\WINDOWS\system32\c_865.nls
C:\WINDOWS\system32\c_866.nls
C:\WINDOWS\system32\c_869.nls
C:\WINDOWS\system32\c_874.nls
C:\WINDOWS\system32\c_875.nls
C:\WINDOWS\system32\c_932.nls
C:\WINDOWS\system32\c_936.nls
C:\WINDOWS\system32\c_949.nls
C:\WINDOWS\system32\c_950.nls
C:\WINDOWS\system32\d3dim.dll
C:\WINDOWS\system32\d3dpmesh.dll
C:\WINDOWS\system32\d3dramp.dll
C:\WINDOWS\system32\d3drm.dll
C:\WINDOWS\system32\d3dxof.dll
C:\WINDOWS\system32\davinci.scr
C:\WINDOWS\system32\dbgeng.dll
C:\WINDOWS\system32\ddeml.dll
C:\WINDOWS\system32\debug.exe
C:\WINDOWS\system32\deskadp.dll
C:\WINDOWS\system32\deskmon.dll
C:\WINDOWS\system32\deskperf.dll
C:\WINDOWS\system32\desktop.ini
C:\WINDOWS\system32\devmgmt.msc
C:\WINDOWS\system32\dfrg.msc
C:\WINDOWS\system32\dfrgres.dll
C:\WINDOWS\system32\dgrpsetu.dll
C:\WINDOWS\system32\dgsetup.dll
C:\WINDOWS\system32\dhcpsapi.dll
C:\WINDOWS\system32\diactfrm.dll
C:\WINDOWS\system32\dimap.dll
C:\WINDOWS\system32\diskcomp.com
C:\WINDOWS\system32\diskcopy.com
C:\WINDOWS\system32\diskmgmt.msc
C:\WINDOWS\system32\diskperf.exe
C:\WINDOWS\system32\dllhst3g.exe
C:\WINDOWS\system32\dmconfig.dll
C:\WINDOWS\system32\dmdskres.dll
C:\WINDOWS\system32\dmintf.dll
C:\WINDOWS\system32\dmocx.dll
C:\WINDOWS\system32\dmview.ocx
C:\WINDOWS\system32\docprop.dll
C:\WINDOWS\system32\doskey.exe
C:\WINDOWS\system32\dosx.exe
C:\WINDOWS\system32\dplay.dll
C:\WINDOWS\system32\dpnmodem.dll
C:\WINDOWS\system32\dpnwsock.dll
C:\WINDOWS\system32\dpserial.dll
C:\WINDOWS\system32\dpwsock.dll
C:\WINDOWS\system32\drmclien.dll
C:\WINDOWS\system32\drmstor.dll
C:\WINDOWS\system32\drwatson.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\ds16gt.dLL
C:\WINDOWS\system32\dsauth.dll
C:\WINDOWS\system32\dsound.vxd
C:\WINDOWS\system32\dssec.dat
C:\WINDOWS\system32\dvdplay.exe
C:\WINDOWS\system32\edit.com
C:\WINDOWS\system32\edit.hlp
C:\WINDOWS\system32\edlin.exe
C:\WINDOWS\system32\ega.cpi
C:\WINDOWS\system32\EqnClass.Dll
C:\WINDOWS\system32\esent97.dll
C:\WINDOWS\system32\esentprf.dll
C:\WINDOWS\system32\esentprf.hxx
C:\WINDOWS\system32\esentprf.ini
C:\WINDOWS\system32\esentutl.exe
C:\WINDOWS\system32\eventcls.dll
C:\WINDOWS\system32\eventquery.vbs
C:\WINDOWS\system32\eventvwr.exe
C:\WINDOWS\system32\eventvwr.msc
C:\WINDOWS\system32\exe2bin.exe
C:\WINDOWS\system32\expand.exe
C:\WINDOWS\system32\fastopen.exe
C:\WINDOWS\system32\fc.exe
C:\WINDOWS\system32\find.exe
C:\WINDOWS\system32\finger.exe
C:\WINDOWS\system32\fixmapi.exe
C:\WINDOWS\system32\fmifs.dll
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\fsmgmt.msc
C:\WINDOWS\system32\fsusd.dll
C:\WINDOWS\system32\fsutil.exe
C:\WINDOWS\system32\ftsrch.dll
C:\WINDOWS\system32\g711codc.ax
C:\WINDOWS\system32\gb2312.uce
C:\WINDOWS\system32\gcdef.dll
C:\WINDOWS\system32\gdi.exe
C:\WINDOWS\system32\geo.nls
C:\WINDOWS\system32\getuname.dll
C:\WINDOWS\system32\glmf32.dll
C:\WINDOWS\system32\gpedit.msc
C:\WINDOWS\system32\gpkcsp.dll
C:\WINDOWS\system32\gpupdate.exe
C:\WINDOWS\system32\graftabl.com
C:\WINDOWS\system32\graphics.com
C:\WINDOWS\system32\graphics.pro
C:\WINDOWS\system32\himem.sys
C:\WINDOWS\system32\hnetmon.dll
C:\WINDOWS\system32\homepage.inf
C:\WINDOWS\system32\hostname.exe
C:\WINDOWS\system32\hticons.dll
C:\WINDOWS\system32\iasacct.dll
C:\WINDOWS\system32\iasads.dll
C:\WINDOWS\system32\iashlpr.dll
C:\WINDOWS\system32\iasnap.dll
C:\WINDOWS\system32\iaspolcy.dll
C:\WINDOWS\system32\iasrecst.dll
C:\WINDOWS\system32\iassam.dll
C:\WINDOWS\system32\iassdo.dll
C:\WINDOWS\system32\iassvcs.dll
C:\WINDOWS\system32\icfgnt5.dll
C:\WINDOWS\system32\icmui.dll
C:\WINDOWS\system32\ideograf.uce
C:\WINDOWS\system32\ifsutil.dll
C:\WINDOWS\system32\igdetect.dll
C:\WINDOWS\system32\iissuba.dll
C:\WINDOWS\system32\inetcplc.dll
C:\WINDOWS\system32\infosoft.dll
C:\WINDOWS\system32\instcat.sql
C:\WINDOWS\system32\iologmsg.dll
C:\WINDOWS\system32\iprop.dll
C:\WINDOWS\system32\iprtprio.dll
C:\WINDOWS\system32\ipsec6.exe
C:\WINDOWS\system32\ipxmontr.dll
C:\WINDOWS\system32\ipxpromn.dll
C:\WINDOWS\system32\ipxrip.dll
C:\WINDOWS\system32\ipxrtmgr.dll
C:\WINDOWS\system32\ipxsap.dll
C:\WINDOWS\system32\ir32_32.dll
C:\WINDOWS\system32\irclass.dll
C:\WINDOWS\system32\jet500.dll
C:\WINDOWS\system32\jgaw400.dll
C:\WINDOWS\system32\jgmd400.dll
C:\WINDOWS\system32\jgsd400.dll
C:\WINDOWS\system32\jgsh400.dll
C:\WINDOWS\system32\jobexec.dll
C:\WINDOWS\system32\jsfr.dll
C:\WINDOWS\system32\kanji_1.uce
C:\WINDOWS\system32\kanji_2.uce
C:\WINDOWS\system32\kb16.com
C:\WINDOWS\system32\KBDAL.DLL
C:\WINDOWS\system32\kbdaze.dll
C:\WINDOWS\system32\kbdazel.dll
C:\WINDOWS\system32\kbdbe.dll
C:\WINDOWS\system32\kbdbene.dll
C:\WINDOWS\system32\kbdblr.dll
C:\WINDOWS\system32\kbdbr.dll
C:\WINDOWS\system32\kbdbu.dll
C:\WINDOWS\system32\kbdca.dll
C:\WINDOWS\system32\kbdcan.dll
C:\WINDOWS\system32\kbdcr.dll
C:\WINDOWS\system32\kbdcz.dll
C:\WINDOWS\system32\kbdcz1.dll
C:\WINDOWS\system32\kbdcz2.dll
C:\WINDOWS\system32\kbdda.dll
C:\WINDOWS\system32\kbddv.dll
C:\WINDOWS\system32\kbdes.dll
C:\WINDOWS\system32\kbdest.dll
C:\WINDOWS\system32\kbdfc.dll
C:\WINDOWS\system32\kbdfi.dll
C:\WINDOWS\system32\kbdfo.dll
C:\WINDOWS\system32\kbdfr.dll
C:\WINDOWS\system32\kbdgae.dll
C:\WINDOWS\system32\kbdgkl.dll
C:\WINDOWS\system32\kbdgr.dll
C:\WINDOWS\system32\kbdgr1.dll
C:\WINDOWS\system32\kbdhe.dll
C:\WINDOWS\system32\kbdhe220.dll
C:\WINDOWS\system32\kbdhe319.dll
C:\WINDOWS\system32\kbdhela2.dll
C:\WINDOWS\system32\kbdhela3.dll
C:\WINDOWS\system32\kbdhept.dll
C:\WINDOWS\system32\kbdhu.dll
C:\WINDOWS\system32\kbdhu1.dll
C:\WINDOWS\system32\kbdic.dll
C:\WINDOWS\system32\kbdir.dll
C:\WINDOWS\system32\kbdit.dll
C:\WINDOWS\system32\kbdit142.dll
C:\WINDOWS\system32\kbdkaz.dll
C:\WINDOWS\system32\kbdkyr.dll
C:\WINDOWS\system32\kbdla.dll
C:\WINDOWS\system32\kbdlt.dll
C:\WINDOWS\system32\kbdlt1.dll
C:\WINDOWS\system32\kbdlv.dll
C:\WINDOWS\system32\kbdlv1.dll
C:\WINDOWS\system32\kbdmac.dll
C:\WINDOWS\system32\kbdmon.dll
C:\WINDOWS\system32\kbdne.dll
C:\WINDOWS\system32\kbdno.dll
C:\WINDOWS\system32\kbdpl.dll
C:\WINDOWS\system32\kbdpl1.dll
C:\WINDOWS\system32\kbdpo.dll
C:\WINDOWS\system32\kbdro.dll
C:\WINDOWS\system32\kbdru.dll
C:\WINDOWS\system32\kbdru1.dll
C:\WINDOWS\system32\kbdsf.dll
C:\WINDOWS\system32\kbdsg.dll
C:\WINDOWS\system32\kbdsl.dll
C:\WINDOWS\system32\kbdsl1.dll
C:\WINDOWS\system32\kbdsp.dll
C:\WINDOWS\system32\kbdsw.dll
C:\WINDOWS\system32\kbdtat.dll
C:\WINDOWS\system32\kbdtuf.dll
C:\WINDOWS\system32\kbdtuq.dll
C:\WINDOWS\system32\kbduk.dll
C:\WINDOWS\system32\kbdur.dll
C:\WINDOWS\system32\kbdus.dll
C:\WINDOWS\system32\kbdusl.dll
C:\WINDOWS\system32\kbdusr.dll
C:\WINDOWS\system32\kbdusx.dll
C:\WINDOWS\system32\kbduzb.dll
C:\WINDOWS\system32\kbdycc.dll
C:\WINDOWS\system32\kbdycl.dll
C:\WINDOWS\system32\kdcom.dll
C:\WINDOWS\system32\key01.sys
C:\WINDOWS\system32\keyboard.drv
C:\WINDOWS\system32\keyboard.sys
C:\WINDOWS\system32\korean.uce
C:\WINDOWS\system32\krnl386.exe
C:\WINDOWS\system32\l3codecx.ax
C:\WINDOWS\system32\label.exe
C:\WINDOWS\system32\langwrbk.dll
C:\WINDOWS\system32\lanman.drv
C:\WINDOWS\system32\lights.exe
C:\WINDOWS\system32\lnkstub.exe
C:\WINDOWS\system32\loadfix.com
C:\WINDOWS\system32\lodctr.exe
C:\WINDOWS\system32\loghours.dll
C:\WINDOWS\system32\login.cmd
C:\WINDOWS\system32\logoff.exe
C:\WINDOWS\system32\lpq.exe
C:\WINDOWS\system32\lpr.exe
C:\WINDOWS\system32\lprmonui.dll
C:\WINDOWS\system32\lusrmgr.msc
C:\WINDOWS\system32\lz32.dll
C:\WINDOWS\system32\lzexpand.dll
C:\WINDOWS\system32\l_except.nls
C:\WINDOWS\system32\l_intl.nls
C:\WINDOWS\system32\mag_hook.dll
C:\WINDOWS\system32\main.cpl
C:\WINDOWS\system32\mapistub.dll
C:\WINDOWS\system32\mcd32.dll
C:\WINDOWS\system32\mcdsrv32.dll
C:\WINDOWS\system32\mchgrcoi.dll
C:\WINDOWS\system32\mciavi.drv
C:\WINDOWS\system32\mcicda.dll
C:\WINDOWS\system32\mciole16.dll
C:\WINDOWS\system32\mciole32.dll
C:\WINDOWS\system32\mciseq.drv
C:\WINDOWS\system32\mciwave.drv
C:\WINDOWS\system32\mdhcp.dll
C:\WINDOWS\system32\mdwmdmsp.dll
C:\WINDOWS\system32\mem.exe
C:\WINDOWS\system32\mfc40.dll
C:\WINDOWS\system32\mfc40loc.dll
C:\WINDOWS\system32\mfc42loc.dll
C:\WINDOWS\system32\mhn.dll
C:\WINDOWS\system32\mib.bin
C:\WINDOWS\system32\migpwd.exe
C:\WINDOWS\system32\mlang.dat
C:\WINDOWS\system32\mll_hp.dll
C:\WINDOWS\system32\mll_mtf.dll
C:\WINDOWS\system32\mll_qic.dll
C:\WINDOWS\system32\mmdriver.inf
C:\WINDOWS\system32\mmdrv.dll
C:\WINDOWS\system32\mmsystem.dll
C:\WINDOWS\system32\mmtask.tsk
C:\WINDOWS\system32\mmutilse.dll
C:\WINDOWS\system32\mode.com
C:\WINDOWS\system32\modex.dll
C:\WINDOWS\system32\mountvol.exe
C:\WINDOWS\system32\mouse.drv
C:\WINDOWS\system32\mpnotify.exe
C:\WINDOWS\system32\mprddm.dll
C:\WINDOWS\system32\mprmsg.dll
C:\WINDOWS\system32\mprui.dll
C:\WINDOWS\system32\mqcertui.dll
C:\WINDOWS\system32\mqgentr.dll
C:\WINDOWS\system32\mqoa.tlb
C:\WINDOWS\system32\mqoa10.tlb
C:\WINDOWS\system32\mqoa20.tlb
C:\WINDOWS\system32\mqperf.dll
C:\WINDOWS\system32\mqperf.ini
C:\WINDOWS\system32\mqprfsym.h
C:\WINDOWS\system32\mrinfo.exe
C:\WINDOWS\system32\msaatext.dll
C:\WINDOWS\system32\msacm.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\msaudite.dll
C:\WINDOWS\system32\mscat32.dll
C:\WINDOWS\system32\mscdexnt.exe
C:\WINDOWS\system32\msdtcprf.h
C:\WINDOWS\system32\msdtcprf.ini
C:\WINDOWS\system32\msencode.dll
C:\WINDOWS\system32\msg.exe
C:\WINDOWS\system32\msg711.acm
C:\WINDOWS\system32\msg723.acm
C:\WINDOWS\system32\msgsm32.acm
C:\WINDOWS\system32\mshearts.exe
C:\WINDOWS\system32\msidntld.dll
C:\WINDOWS\system32\msobjs.dll
C:\WINDOWS\system32\msports.dll
C:\WINDOWS\system32\msr2c.dll
C:\WINDOWS\system32\msr2cenu.dll
C:\WINDOWS\system32\msratelc.dll
C:\WINDOWS\system32\msrclr40.dll
C:\WINDOWS\system32\msrecr40.dll
C:\WINDOWS\system32\mssign32.dll
C:\WINDOWS\system32\mssip32.dll
C:\WINDOWS\system32\msswch.dll
C:\WINDOWS\system32\msswchx.exe
C:\WINDOWS\system32\msvbvm50.dll
C:\WINDOWS\system32\msvcp50.dll
C:\WINDOWS\system32\msvcrt20.dll
C:\WINDOWS\system32\msvidc32.dll
C:\WINDOWS\system32\msvideo.dll
C:\WINDOWS\system32\msxml2r.dll
C:\WINDOWS\system32\msxml3r.dll
C:\WINDOWS\system32\msxmlr.dll
C:\WINDOWS\system32\mycomput.dll
C:\WINDOWS\system32\mypixdx.scr
C:\WINDOWS\system32\narrhook.dll
C:\WINDOWS\system32\nature.scr
C:\WINDOWS\system32\nbtstat.exe
C:\WINDOWS\system32\ncpa.cpl
C:\WINDOWS\system32\ncxpnt.dll
C:\WINDOWS\system32\net.hlp
C:\WINDOWS\system32\netapi.dll
C:\WINDOWS\system32\netevent.dll
C:\WINDOWS\system32\neth.dll
C:\WINDOWS\system32\netmsg.dll
C:\WINDOWS\system32\netui2.dll
C:\WINDOWS\system32\netware.drv
C:\WINDOWS\system32\nlsfunc.exe
C:\WINDOWS\system32\nmevtmsg.dll
C:\WINDOWS\system32\noise.chs
C:\WINDOWS\system32\noise.cht
C:\WINDOWS\system32\noise.dat
C:\WINDOWS\system32\noise.deu
C:\WINDOWS\system32\noise.eng
C:\WINDOWS\system32\noise.enu
C:\WINDOWS\system32\noise.esn
C:\WINDOWS\system32\noise.fra
C:\WINDOWS\system32\noise.ita
C:\WINDOWS\system32\noise.nld
C:\WINDOWS\system32\noise.sve
C:\WINDOWS\system32\noise.tha
C:\WINDOWS\system32\ntdos.sys
C:\WINDOWS\system32\ntdos404.sys
C:\WINDOWS\system32\ntdos411.sys
C:\WINDOWS\system32\ntdos412.sys
C:\WINDOWS\system32\ntdos804.sys
C:\WINDOWS\system32\ntdsbcli.dll
C:\WINDOWS\system32\ntimage.gif
C:\WINDOWS\system32\ntio.sys
C:\WINDOWS\system32\ntio404.sys
C:\WINDOWS\system32\ntio411.sys
C:\WINDOWS\system32\ntio412.sys
C:\WINDOWS\system32\ntio804.sys
C:\WINDOWS\system32\ntlanui.dll
C:\WINDOWS\system32\ntlanui2.dll
C:\WINDOWS\system32\ntmsevt.dll
C:\WINDOWS\system32\ntmsmgr.msc
C:\WINDOWS\system32\ntmsoprq.msc
C:\WINDOWS\system32\ntsd.exe
C:\WINDOWS\system32\ntsdexts.dll
C:\WINDOWS\system32\nw16.exe
C:\WINDOWS\system32\nwapi16.dll
C:\WINDOWS\system32\nwc.cpl
C:\WINDOWS\system32\nwcfg.dll
C:\WINDOWS\system32\nwevent.dll
C:\WINDOWS\system32\nwscript.exe
C:\WINDOWS\system32\odbc16gt.dll
C:\WINDOWS\system32\ole2.dll
C:\WINDOWS\system32\ole2disp.dll
C:\WINDOWS\system32\ole2nls.dll
C:\WINDOWS\system32\oleacc.dll
C:\WINDOWS\system32\oleaccrc.dll
C:\WINDOWS\system32\olecli.dll
C:\WINDOWS\system32\olesvr.dll
C:\WINDOWS\system32\olesvr32.dll
C:\WINDOWS\system32\olethk32.dll
C:\WINDOWS\system32\osuninst.exe
C:\WINDOWS\system32\pagefileconfig.vbs
C:\WINDOWS\system32\panmap.dll
C:\WINDOWS\system32\paqsp.dll
C:\WINDOWS\system32\pathping.exe
C:\WINDOWS\system32\pcl.sep
C:\WINDOWS\system32\pentnt.exe
C:\WINDOWS\system32\perfci.h
C:\WINDOWS\system32\perfci.ini
C:\WINDOWS\system32\perfd009.dat
C:\WINDOWS\system32\perfd00C.dat
C:\WINDOWS\system32\perffilt.h
C:\WINDOWS\system32\perffilt.ini
C:\WINDOWS\system32\perfi009.dat
C:\WINDOWS\system32\perfi00C.dat
C:\WINDOWS\system32\perfmon.msc
C:\WINDOWS\system32\perfnw.dll
C:\WINDOWS\system32\perfts.dll
C:\WINDOWS\system32\perfwci.h
C:\WINDOWS\system32\perfwci.ini
C:\WINDOWS\system32\pifmgr.dll
C:\WINDOWS\system32\ping6.exe
C:\WINDOWS\system32\plustab.dll
C:\WINDOWS\system32\pmspl.dll
C:\WINDOWS\system32\prflbmsg.dll
C:\WINDOWS\system32\print.exe
C:\WINDOWS\system32\prncnfg.vbs
C:\WINDOWS\system32\prndrvr.vbs
C:\WINDOWS\system32\prnjobs.vbs
C:\WINDOWS\system32\prnmngr.vbs
C:\WINDOWS\system32\prnport.vbs
C:\WINDOWS\system32\prnqctl.vbs
C:\WINDOWS\system32\prodspec.ini
C:\WINDOWS\system32\pschdcnt.h
C:\WINDOWS\system32\pschdprf.dll
C:\WINDOWS\system32\pschdprf.ini
C:\WINDOWS\system32\pscript.sep
C:\WINDOWS\system32\psnppagn.dll
C:\WINDOWS\system32\pubprn.vbs
C:\WINDOWS\system32\qappsrv.exe
C:\WINDOWS\system32\qosname.dll
C:\WINDOWS\system32\qwinsta.exe
C:\WINDOWS\system32\rasautou.exe
C:\WINDOWS\system32\rasctrnm.h
C:\WINDOWS\system32\rasctrs.dll
C:\WINDOWS\system32\rasctrs.ini
C:\WINDOWS\system32\rasdial.exe
C:\WINDOWS\system32\rasmontr.dll
C:\WINDOWS\system32\rasmxs.dll
C:\WINDOWS\system32\rasrad.dll
C:\WINDOWS\system32\rasser.dll
C:\WINDOWS\system32\rdpcfgex.dll
C:\WINDOWS\system32\recover.exe
C:\WINDOWS\system32\redir.exe
C:\WINDOWS\system32\regedt32.exe
C:\WINDOWS\system32\regini.exe
C:\WINDOWS\system32\regwiz.exe
C:\WINDOWS\system32\relog.exe
C:\WINDOWS\system32\rend.dll
C:\WINDOWS\system32\replace.exe
C:\WINDOWS\system32\reset.exe
C:\WINDOWS\system32\riched32.dll
C:\WINDOWS\system32\rnr20.dll
C:\WINDOWS\system32\route.exe
C:\WINDOWS\system32\routemon.exe
C:\WINDOWS\system32\routetab.dll
C:\WINDOWS\system32\rpcns4.dll
C:\WINDOWS\system32\rsaci.rat
C:\WINDOWS\system32\rsfsaps.dll
C:\WINDOWS\system32\rsm.exe
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\system32\rsmui.exe
C:\WINDOWS\system32\rsop.msc
C:\WINDOWS\system32\rsopprov.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\rsvp.ini
C:\WINDOWS\system32\rsvpcnts.h
C:\WINDOWS\system32\rsvpmsg.dll
C:\WINDOWS\system32\rsvpperf.dll
C:\WINDOWS\system32\rtm.dll
C:\WINDOWS\system32\runas.exe
C:\WINDOWS\system32\rwinsta.exe
C:\WINDOWS\system32\sc.exe
C:\WINDOWS\system32\scardssp.dll
C:\WINDOWS\system32\sccbase.dll
C:\WINDOWS\system32\scofr.dll
C:\WINDOWS\system32\scredir.dll
C:\WINDOWS\system32\scriptpw.dll
C:\WINDOWS\system32\scrrnfr.dll
C:\WINDOWS\system32\sdpblb.dll
C:\WINDOWS\system32\secpol.msc
C:\WINDOWS\system32\secupd.dat
C:\WINDOWS\system32\secupd.sig
C:\WINDOWS\system32\senscfg.dll
C:\WINDOWS\system32\serialui.dll
C:\WINDOWS\system32\services.msc
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\setup.bmp
C:\WINDOWS\system32\setupdll.dll
C:\WINDOWS\system32\setver.exe
C:\WINDOWS\system32\sfc.exe
C:\WINDOWS\system32\sfmapi.dll
C:\WINDOWS\system32\shadow.exe
C:\WINDOWS\system32\share.exe
C:\WINDOWS\system32\shell.dll
C:\WINDOWS\system32\shellstyle.dll
C:\WINDOWS\system32\shiftjis.uce
C:\WINDOWS\system32\sisbkup.dll
C:\WINDOWS\system32\skdll.dll
C:\WINDOWS\system32\slbcsp.dll
C:\WINDOWS\system32\slbrccsp.dll
C:\WINDOWS\system32\sndvol32.exe
C:\WINDOWS\system32\softpub.dll
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\system32\sortkey.nls
C:\WINDOWS\system32\sound.drv
C:\WINDOWS\system32\space.scr
C:\WINDOWS\system32\spnike.dll
C:\WINDOWS\system32\sprestrt.exe
C:\WINDOWS\system32\sprio600.dll
C:\WINDOWS\system32\sprio800.dll
C:\WINDOWS\system32\spxcoins.dll
C:\WINDOWS\system32\sqlsodbc.chm
C:\WINDOWS\system32\sqlsrv32.rll
C:\WINDOWS\system32\sqlwid.dll
C:\WINDOWS\system32\sqlwoa.dll
C:\WINDOWS\system32\stdole32.tlb
C:\WINDOWS\system32\storage.dll
C:\WINDOWS\system32\streamci.dll
C:\WINDOWS\system32\subrange.uce
C:\WINDOWS\system32\subst.exe
C:\WINDOWS\system32\svcpack.dll
C:\WINDOWS\system32\swprv.dll
C:\WINDOWS\system32\syncapp.exe
C:\WINDOWS\system32\sysedit.exe
C:\WINDOWS\system32\sysinv.dll
C:\WINDOWS\system32\syskey.exe
C:\WINDOWS\system32\sysprint.sep
C:\WINDOWS\system32\sysprtj.sep
C:\WINDOWS\system32\system.drv
C:\WINDOWS\system32\systray.exe
C:\WINDOWS\system32\tapi.dll
C:\WINDOWS\system32\tapiperf.dll
C:\WINDOWS\system32\tapiui.dll
C:\WINDOWS\system32\taskman.exe
C:\WINDOWS\system32\tcmsetup.exe
C:\WINDOWS\system32\tcpmon.ini
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\telephon.cpl
C:\WINDOWS\system32\termcap
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\timer.drv
C:\WINDOWS\system32\toolhelp.dll
C:\WINDOWS\system32\tracert6.exe
C:\WINDOWS\system32\traffic.dll
C:\WINDOWS\system32\tsappcmp.dll
C:\WINDOWS\system32\tsbyuv.dll
C:\WINDOWS\system32\tscon.exe
C:\WINDOWS\system32\tscupgrd.exe
C:\WINDOWS\system32\tsd32.dll
C:\WINDOWS\system32\tsdiscon.exe
C:\WINDOWS\system32\tskill.exe
C:\WINDOWS\system32\tslabels.h
C:\WINDOWS\system32\tslabels.ini
C:\WINDOWS\system32\tsshutdn.exe
C:\WINDOWS\system32\tssoft32.acm
C:\WINDOWS\system32\typelib.dll
C:\WINDOWS\system32\typeperf.exe
C:\WINDOWS\system32\ufat.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\unicode.nls
C:\WINDOWS\system32\unlodctr.exe
C:\WINDOWS\system32\ureg.dll
C:\WINDOWS\system32\user.exe
C:\WINDOWS\system32\usrcntra.dll
C:\WINDOWS\system32\usrcoina.dll
C:\WINDOWS\system32\usrdpa.dll
C:\WINDOWS\system32\usrdtea.dll
C:\WINDOWS\system32\usrfaxa.dll
C:\WINDOWS\system32\usrlbva.dll
C:\WINDOWS\system32\usrlogon.cmd
C:\WINDOWS\system32\usrmlnka.exe
C:\WINDOWS\system32\usrprbda.exe
C:\WINDOWS\system32\usrrtosa.dll
C:\WINDOWS\system32\usrsdpia.dll
C:\WINDOWS\system32\usrshuta.exe
C:\WINDOWS\system32\usrsvpia.dll
C:\WINDOWS\system32\usrv42a.dll
C:\WINDOWS\system32\usrv80a.dll
C:\WINDOWS\system32\usrvoica.dll
C:\WINDOWS\system32\usrvpa.dll
C:\WINDOWS\system32\utildll.dll
C:\WINDOWS\system32\v7vga.rom
C:\WINDOWS\system32\vbsfr.dll
C:\WINDOWS\system32\vcdex.dll
C:\WINDOWS\system32\ver.dll
C:\WINDOWS\system32\verifier.exe
C:\WINDOWS\system32\vfpodbc.dll
C:\WINDOWS\system32\vga.dll
C:\WINDOWS\system32\vga.drv
C:\WINDOWS\system32\vga256.dll
C:\WINDOWS\system32\vga64k.dll
C:\WINDOWS\system32\vjoy.dll
C:\WINDOWS\system32\vssadmin.exe
C:\WINDOWS\system32\vss_ps.dll
C:\WINDOWS\system32\vwipxspx.dll
C:\WINDOWS\system32\vwipxspx.exe
C:\WINDOWS\system32\w32tm.exe
C:\WINDOWS\system32\w32topl.dll
C:\WINDOWS\system32\wbcache.deu
C:\WINDOWS\system32\wbcache.enu
C:\WINDOWS\system32\wbcache.esn
C:\WINDOWS\system32\wbcache.fra
C:\WINDOWS\system32\wbcache.ita
C:\WINDOWS\system32\wbcache.nld
C:\WINDOWS\system32\wbcache.sve
C:\WINDOWS\system32\wbdbase.deu
C:\WINDOWS\system32\wbdbase.enu
C:\WINDOWS\system32\wbdbase.esn
C:\WINDOWS\system32\wbdbase.fra
C:\WINDOWS\system32\wbdbase.ita
C:\WINDOWS\system32\wbdbase.nld
C:\WINDOWS\system32\wbdbase.sve
C:\WINDOWS\system32\wdl.trm
C:\WINDOWS\system32\webfldrs.msi
C:\WINDOWS\system32\webhits.dll
C:\WINDOWS\system32\wfwnet.drv
C:\WINDOWS\system32\wiasf.ax
C:\WINDOWS\system32\wiavusd.dll
C:\WINDOWS\system32\wifeman.dll
C:\WINDOWS\system32\win.com
C:\WINDOWS\system32\win87em.dll
C:\WINDOWS\system32\winchat.exe
C:\WINDOWS\system32\winfax.dll
C:\WINDOWS\system32\winhelp.hlp
C:\WINDOWS\system32\winhlp32.exe
C:\WINDOWS\system32\winmine.exe
C:\WINDOWS\system32\winmsd.exe
C:\WINDOWS\system32\winnls.dll
C:\WINDOWS\system32\winoldap.mod
C:\WINDOWS\system32\winsock.dll
C:\WINDOWS\system32\winspool.exe
C:\WINDOWS\system32\winstrm.dll
C:\WINDOWS\system32\wmerrFRA.dll
C:\WINDOWS\system32\wmimgmt.msc
C:\WINDOWS\system32\wmiprop.dll
C:\WINDOWS\system32\wmiscmgr.dll
C:\WINDOWS\system32\wowdeb.exe
C:\WINDOWS\system32\wowexec.exe
C:\WINDOWS\system32\wowfax.dll
C:\WINDOWS\system32\wowfaxui.dll
C:\WINDOWS\system32\wpgldfsh.scr
C:\WINDOWS\system32\write.exe
C:\WINDOWS\system32\wshatm.dll
C:\WINDOWS\system32\wshfr.dll
C:\WINDOWS\system32\wshisn.dll
C:\WINDOWS\system32\wshnetbs.dll
C:\WINDOWS\system32\wupdmgr.exe
C:\WINDOWS\system32\xenroll.dll
C:\WINDOWS\system32\6to4svc.dll
C:\WINDOWS\system32\aaclient.dll
C:\WINDOWS\system32\access.cpl
C:\WINDOWS\system32\accwiz.exe
C:\WINDOWS\system32\aclui.dll
C:\WINDOWS\system32\activeds.dll
C:\WINDOWS\system32\actmovie.exe
C:\WINDOWS\system32\actxprxy.dll
C:\WINDOWS\system32\adsldp.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\adsmsext.dll
C:\WINDOWS\system32\adsnt.dll
C:\WINDOWS\system32\adsnw.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\ahui.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\alrsvc.dll
C:\WINDOWS\system32\amstream.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\appmgmts.dll
C:\WINDOWS\system32\appmgr.dll
C:\WINDOWS\system32\appwiz.cpl
C:\WINDOWS\system32\asctrls.ocx
C:\WINDOWS\system32\asr_fmt.exe
C:\WINDOWS\system32\asr_pfu.exe
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\at.exe
C:\WINDOWS\system32\ati2cqag.dll
C:\WINDOWS\system32\ati2dvaa.dll
C:\WINDOWS\system32\ati2dvag.dll
C:\WINDOWS\system32\ati3d1ag.dll
C:\WINDOWS\system32\ati3duag.dll
C:\WINDOWS\system32\ativdaxx.ax
C:\WINDOWS\system32\ativmvxx.ax
C:\WINDOWS\system32\ativtmxx.dll
C:\WINDOWS\system32\ativvaxx.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\atmadm.exe
C:\WINDOWS\system32\atmfd.dll
C:\WINDOWS\system32\atmlib.dll
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\audiosrv.dll
C:\WINDOWS\system32\auditusr.exe
C:\WINDOWS\system32\authz.dll
C:\WINDOWS\system32\autochk.exe
C:\WINDOWS\system32\autoconv.exe
C:\WINDOWS\system32\autofmt.exe
C:\WINDOWS\system32\autolfn.exe
C:\WINDOWS\system32\avifil32.dll
C:\WINDOWS\system32\azroles.dll
C:\WINDOWS\system32\basesrv.dll
C:\WINDOWS\system32\batmeter.dll
C:\WINDOWS\system32\batt.dll
C:\WINDOWS\system32\bidispl.dll
C:\WINDOWS\system32\bitsprx2.dll
C:\WINDOWS\system32\bitsprx3.dll
C:\WINDOWS\system32\bitsprx4.dll
C:\WINDOWS\system32\blastcln.exe
C:\WINDOWS\system32\bootcfg.exe
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\browser.dll
C:\WINDOWS\system32\browseui.dll
C:\WINDOWS\system32\browsewm.dll
C:\WINDOWS\system32\bthci.dll
C:\WINDOWS\system32\bthprops.cpl
C:\WINDOWS\system32\bthserv.dll
C:\WINDOWS\system32\btpanui.dll
C:\WINDOWS\system32\cabinet.dll
C:\WINDOWS\system32\cabview.dll
C:\WINDOWS\system32\cacls.exe
C:\WINDOWS\system32\camocx.dll
C:\WINDOWS\system32\capesnpn.dll
C:\WINDOWS\system32\catsrv.dll
C:\WINDOWS\system32\catsrvps.dll
C:\WINDOWS\system32\catsrvut.dll
C:\WINDOWS\system32\cdfview.dll
C:\WINDOWS\system32\cdosys.dll
C:\WINDOWS\system32\certcli.dll
C:\WINDOWS\system32\certmgr.dll
C:\WINDOWS\system32\cfgbkend.dll
C:\WINDOWS\system32\cfgmgr32.dll
C:\WINDOWS\system32\cic.dll
C:\WINDOWS\system32\ciodm.dll
C:\WINDOWS\system32\cipher.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clbcatex.dll
C:\WINDOWS\system32\clbcatq.dll
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\system32\cliconfg.dll
C:\WINDOWS\system32\cliconfg.exe
C:\WINDOWS\system32\clipbrd.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\clusapi.dll
C:\WINDOWS\system32\cmcfg32.dll
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmdial32.dll
C:\WINDOWS\system32\cmdl32.exe
C:\WINDOWS\system32\cmmon32.exe
C:\WINDOWS\system32\cmprops.dll
C:\WINDOWS\system32\cmsetacl.dll
C:\WINDOWS\system32\cmstp.exe
C:\WINDOWS\system32\cmutil.dll
C:\WINDOWS\system32\cnbjmon.dll
C:\WINDOWS\system32\colbact.dll
C:\WINDOWS\system32\comaddin.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\compatui.dll
C:\WINDOWS\system32\compstui.dll
C:\WINDOWS\system32\comrepl.dll
C:\WINDOWS\system32\comres.dll
C:\WINDOWS\system32\comsdupd.exe
C:\WINDOWS\system32\comsnap.dll
C:\WINDOWS\system32\comsvcs.dll
C:\WINDOWS\system32\comuid.dll
C:\WINDOWS\system32\confmsp.dll
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\Copie
C:\WINDOWS\system32\corpol.dll
C:\WINDOWS\system32\credssp.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\crypt32.dll
C:\WINDOWS\system32\cryptdlg.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptext.dll
C:\WINDOWS\system32\cryptnet.dll
C:\WINDOWS\system32\cryptsvc.dll
C:\WINDOWS\system32\cryptui.dll
C:\WINDOWS\system32\cscdll.dll
C:\WINDOWS\system32\cscui.dll
C:\WINDOWS\system32\csrsrv.dll
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\ctfmon.exe

gaby.zeze
 Posté le 17/08/2009 à 11:16 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Voici le rapport de recherche ntfs.sys (2/2):

C:\WINDOWS\system32\d3d8.dll
C:\WINDOWS\system32\d3d8thk.dll
C:\WINDOWS\system32\d3d9.dll
C:\WINDOWS\system32\d3dim700.dll
C:\WINDOWS\system32\danim.dll
C:\WINDOWS\system32\dataclen.dll
C:\WINDOWS\system32\datime.dll
C:\WINDOWS\system32\davclnt.dll
C:\WINDOWS\system32\daxctle.ocx
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\dbmsrpcn.dll
C:\WINDOWS\system32\dbnetlib.dll
C:\WINDOWS\system32\dbnmpntw.dll
C:\WINDOWS\system32\dcache.bin
C:\WINDOWS\system32\dciman32.dll
C:\WINDOWS\system32\dcomcnfg.exe
C:\WINDOWS\system32\ddeshare.exe
C:\WINDOWS\system32\ddraw.dll
C:\WINDOWS\system32\ddrawex.dll
C:\WINDOWS\system32\defrag.exe
C:\WINDOWS\system32\desk.cpl
C:\WINDOWS\system32\devenum.dll
C:\WINDOWS\system32\devmgr.dll
C:\WINDOWS\system32\dfrgfat.exe
C:\WINDOWS\system32\dfrgntfs.exe
C:\WINDOWS\system32\dfrgsnap.dll
C:\WINDOWS\system32\dfrgui.dll
C:\WINDOWS\system32\dfsshlex.dll
C:\WINDOWS\system32\dgnet.dll
C:\WINDOWS\system32\dhcpcsvc.dll
C:\WINDOWS\system32\dhcpmon.dll
C:\WINDOWS\system32\dhcpqec.dll
C:\WINDOWS\system32\diantz.exe
C:\WINDOWS\system32\digest.dll
C:\WINDOWS\system32\dimsntfy.dll
C:\WINDOWS\system32\dimsroam.dll
C:\WINDOWS\system32\dinput.dll
C:\WINDOWS\system32\dinput8.dll
C:\WINDOWS\system32\diskcopy.dll
C:\WINDOWS\system32\diskpart.exe
C:\WINDOWS\system32\dispex.dll
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dmadmin.exe
C:\WINDOWS\system32\dmband.dll
C:\WINDOWS\system32\dmcompos.dll
C:\WINDOWS\system32\dmdlgs.dll
C:\WINDOWS\system32\dmdskmgr.dll
C:\WINDOWS\system32\dmime.dll
C:\WINDOWS\system32\dmloader.dll
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\system32\dmscript.dll
C:\WINDOWS\system32\dmserver.dll
C:\WINDOWS\system32\dmstyle.dll
C:\WINDOWS\system32\dmsynth.dll
C:\WINDOWS\system32\dmusic.dll
C:\WINDOWS\system32\dmutil.dll
C:\WINDOWS\system32\dnsrslvr.dll
C:\WINDOWS\system32\docprop2.dll
C:\WINDOWS\system32\dot3api.dll
C:\WINDOWS\system32\dot3cfg.dll
C:\WINDOWS\system32\dot3dlg.dll
C:\WINDOWS\system32\dot3gpclnt.dll
C:\WINDOWS\system32\dot3msm.dll
C:\WINDOWS\system32\dot3svc.dll
C:\WINDOWS\system32\dot3ui.dll
C:\WINDOWS\system32\dpcdll.dll
C:\WINDOWS\system32\dplaysvr.exe
C:\WINDOWS\system32\dplayx.dll
C:\WINDOWS\system32\dpmodemx.dll
C:\WINDOWS\system32\dpnaddr.dll
C:\WINDOWS\system32\dpnet.dll
C:\WINDOWS\system32\dpnhpast.dll
C:\WINDOWS\system32\dpnhupnp.dll
C:\WINDOWS\system32\dpnlobby.dll
C:\WINDOWS\system32\dpnsvr.exe
C:\WINDOWS\system32\dpvacm.dll
C:\WINDOWS\system32\dpvoice.dll
C:\WINDOWS\system32\dpvsetup.exe
C:\WINDOWS\system32\dpvvox.dll
C:\WINDOWS\system32\dpwsockx.dll
C:\WINDOWS\system32\driverquery.exe
C:\WINDOWS\system32\drprov.dll
C:\WINDOWS\system32\ds32gt.dll
C:\WINDOWS\system32\dsdmo.dll
C:\WINDOWS\system32\dsdmoprp.dll
C:\WINDOWS\system32\dskquota.dll
C:\WINDOWS\system32\dskquoui.dll
C:\WINDOWS\system32\dsound.dll
C:\WINDOWS\system32\dsound3d.dll
C:\WINDOWS\system32\dsprop.dll
C:\WINDOWS\system32\dsprpres.dll
C:\WINDOWS\system32\dsquery.dll
C:\WINDOWS\system32\dssec.dll
C:\WINDOWS\system32\dssenh.dll
C:\WINDOWS\system32\dsuiext.dll
C:\WINDOWS\system32\dswave.dll
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\duser.dll
C:\WINDOWS\system32\dvdupgrd.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dx7vb.dll
C:\WINDOWS\system32\dx8vb.dll
C:\WINDOWS\system32\dxdiag.exe
C:\WINDOWS\system32\dxdiagn.dll
C:\WINDOWS\system32\dxmasf.dll
C:\WINDOWS\system32\eapolqec.dll
C:\WINDOWS\system32\eapp3hst.dll
C:\WINDOWS\system32\eappcfg.dll
C:\WINDOWS\system32\eappgnui.dll
C:\WINDOWS\system32\eapphost.dll
C:\WINDOWS\system32\eappprxy.dll
C:\WINDOWS\system32\eapqec.dll
C:\WINDOWS\system32\eapsvc.dll
C:\WINDOWS\system32\efsadu.dll
C:\WINDOWS\system32\els.dll
C:\WINDOWS\system32\encapi.dll
C:\WINDOWS\system32\ersvc.dll
C:\WINDOWS\system32\esent.dll
C:\WINDOWS\system32\eudcedit.exe
C:\WINDOWS\system32\eventcreate.exe
C:\WINDOWS\system32\eventlog.dll
C:\WINDOWS\system32\eventtriggers.exe
C:\WINDOWS\system32\expsrv.dll
C:\WINDOWS\system32\extrac32.exe
C:\WINDOWS\system32\exts.dll
C:\WINDOWS\system32\faultrep.dll
C:\WINDOWS\system32\faxpatch.exe
C:\WINDOWS\system32\fde.dll
C:\WINDOWS\system32\fdeploy.dll
C:\WINDOWS\system32\feclient.dll
C:\WINDOWS\system32\filemgmt.dll
C:\WINDOWS\system32\findstr.exe
C:\WINDOWS\system32\firewall.cpl
C:\WINDOWS\system32\fldrclnr.dll
C:\WINDOWS\system32\fltlib.dll
C:\WINDOWS\system32\fltmc.exe
C:\WINDOWS\system32\fontext.dll
C:\WINDOWS\system32\fontsub.dll
C:\WINDOWS\system32\fontview.exe
C:\WINDOWS\system32\forcedos.exe
C:\WINDOWS\system32\format.com
C:\WINDOWS\system32\framebuf.dll
C:\WINDOWS\system32\fsquirt.exe
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\fwcfg.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\getmac.exe
C:\WINDOWS\system32\glu32.dll
C:\WINDOWS\system32\gpedit.dll
C:\WINDOWS\system32\gpkrsrc.dll
C:\WINDOWS\system32\gpresult.exe
C:\WINDOWS\system32\gptext.dll
C:\WINDOWS\system32\grpconv.exe
C:\WINDOWS\system32\h323.tsp
C:\WINDOWS\system32\h323msp.dll
C:\WINDOWS\system32\HAL.DLL
C:\WINDOWS\system32\hccoin.dll
C:\WINDOWS\system32\hdwwiz.cpl
C:\WINDOWS\system32\help.exe
C:\WINDOWS\system32\hhctrl.ocx
C:\WINDOWS\system32\hhsetup.dll
C:\WINDOWS\system32\hid.dll
C:\WINDOWS\system32\hidphone.tsp
C:\WINDOWS\system32\hidserv.dll
C:\WINDOWS\system32\hlink.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\hnetwiz.dll
C:\WINDOWS\system32\hotplug.dll
C:\WINDOWS\system32\hsfcisp2.dll
C:\WINDOWS\system32\html.iec
C:\WINDOWS\system32\httpapi.dll
C:\WINDOWS\system32\htui.dll
C:\WINDOWS\system32\hypertrm.dll
C:\WINDOWS\system32\iac25_32.ax
C:\WINDOWS\system32\iasrad.dll
C:\WINDOWS\system32\icaapi.dll
C:\WINDOWS\system32\iccvid.dll
C:\WINDOWS\system32\icm32.dll
C:\WINDOWS\system32\icmp.dll
C:\WINDOWS\system32\icwdial.dll
C:\WINDOWS\system32\icwphbk.dll
C:\WINDOWS\system32\idq.dll
C:\WINDOWS\system32\ieencode.dll
C:\WINDOWS\system32\iexpress.exe
C:\WINDOWS\system32\ifmon.dll
C:\WINDOWS\system32\igmpagnt.dll
C:\WINDOWS\system32\ils.dll
C:\WINDOWS\system32\imaadp32.acm
C:\WINDOWS\system32\imagehlp.dll
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\imeshare.dll
C:\WINDOWS\system32\imm32.dll
C:\WINDOWS\system32\inetcfg.dll
C:\WINDOWS\system32\inetmib1.dll
C:\WINDOWS\system32\inetpp.dll
C:\WINDOWS\system32\inetppui.dll
C:\WINDOWS\system32\inetres.dll
C:\WINDOWS\system32\init32.exe
C:\WINDOWS\system32\initpki.dll
C:\WINDOWS\system32\input.dll
C:\WINDOWS\system32\intl.cpl
C:\WINDOWS\system32\ipconf.tsp
C:\WINDOWS\system32\ipconfig.exe
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\ipmontr.dll
C:\WINDOWS\system32\ipnathlp.dll
C:\WINDOWS\system32\ippromon.dll
C:\WINDOWS\system32\iprtrmgr.dll
C:\WINDOWS\system32\ipsecsnp.dll
C:\WINDOWS\system32\ipsecsvc.dll
C:\WINDOWS\system32\ipsmsnap.dll
C:\WINDOWS\system32\ipv6.exe
C:\WINDOWS\system32\ipv6mon.dll
C:\WINDOWS\system32\ipxroute.exe
C:\WINDOWS\system32\ipxwan.dll
C:\WINDOWS\system32\ir41_32.ax
C:\WINDOWS\system32\ir41_qc.dll
C:\WINDOWS\system32\ir41_qcx.dll
C:\WINDOWS\system32\ir50_32.dll
C:\WINDOWS\system32\ir50_qc.dll
C:\WINDOWS\system32\ir50_qcx.dll
C:\WINDOWS\system32\irprops.cpl
C:\WINDOWS\system32\isign32.dll
C:\WINDOWS\system32\isrdbg32.dll
C:\WINDOWS\system32\itircl.dll
C:\WINDOWS\system32\itss.dll
C:\WINDOWS\system32\iuengine.dll
C:\WINDOWS\system32\ivfsrc.ax
C:\WINDOWS\system32\ixsso.dll
C:\WINDOWS\system32\iyuv_32.dll
C:\WINDOWS\system32\jgdw400.dll
C:\WINDOWS\system32\jgpl400.dll
C:\WINDOWS\system32\joy.cpl
C:\WINDOWS\system32\kbdbhc.dll
C:\WINDOWS\system32\kbdfi1.dll
C:\WINDOWS\system32\kbdinbe1.dll
C:\WINDOWS\system32\kbdinben.dll
C:\WINDOWS\system32\kbdinmal.dll
C:\WINDOWS\system32\kbdiultn.dll
C:\WINDOWS\system32\kbdmaori.dll
C:\WINDOWS\system32\kbdmlt47.dll
C:\WINDOWS\system32\kbdmlt48.dll
C:\WINDOWS\system32\kbdnec.dll
C:\WINDOWS\system32\kbdnepr.dll
C:\WINDOWS\system32\kbdno1.dll
C:\WINDOWS\system32\kbdpash.dll
C:\WINDOWS\system32\kbdsmsfi.dll
C:\WINDOWS\system32\kbdsmsno.dll
C:\WINDOWS\system32\kbdukx.dll
C:\WINDOWS\system32\kd1394.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\keymgr.dll
C:\WINDOWS\system32\kmddsp.tsp
C:\WINDOWS\system32\kmsvc.dll
C:\WINDOWS\system32\ksproxy.ax
C:\WINDOWS\system32\ksuser.dll
C:\WINDOWS\system32\l2gpstore.dll
C:\WINDOWS\system32\l3codeca.acm
C:\WINDOWS\system32\licdll.dll
C:\WINDOWS\system32\licwmi.dll
C:\WINDOWS\system32\linkinfo.dll
C:\WINDOWS\system32\lmhsvc.dll
C:\WINDOWS\system32\lmrt.dll
C:\WINDOWS\system32\loadperf.dll
C:\WINDOWS\system32\localsec.dll
C:\WINDOWS\system32\localspl.dll
C:\WINDOWS\system32\localui.dll
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\logman.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\lpk.dll
C:\WINDOWS\system32\lprhelp.dll
C:\WINDOWS\system32\lsasrv.dll
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\magnify.exe
C:\WINDOWS\system32\makecab.exe
C:\WINDOWS\system32\mcastmib.dll
C:\WINDOWS\system32\mciavi32.dll
C:\WINDOWS\system32\mciqtz32.dll
C:\WINDOWS\system32\mciseq.dll
C:\WINDOWS\system32\mciwave.dll
C:\WINDOWS\system32\mdminst.dll
C:\WINDOWS\system32\mf3216.dll
C:\WINDOWS\system32\mfc40u.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\mfcsubs.dll
C:\WINDOWS\system32\mgmtapi.dll
C:\WINDOWS\system32\microsoft.managementconsole.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\miglibnt.dll
C:\WINDOWS\system32\mimefilt.dll
C:\WINDOWS\system32\mlang.dll
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmcbase.dll
C:\WINDOWS\system32\mmcex.dll
C:\WINDOWS\system32\mmcfxcommon.dll
C:\WINDOWS\system32\mmcndmgr.dll
C:\WINDOWS\system32\mmcperf.exe
C:\WINDOWS\system32\mmcshext.dll
C:\WINDOWS\system32\mmfutil.dll
C:\WINDOWS\system32\mmsys.cpl
C:\WINDOWS\system32\mnmdd.dll
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\mobsync.dll
C:\WINDOWS\system32\mobsync.exe
C:\WINDOWS\system32\modemui.dll
C:\WINDOWS\system32\more.com
C:\WINDOWS\system32\moricons.dll
C:\WINDOWS\system32\mpg4ds32.ax
C:\WINDOWS\system32\mplay32.exe
C:\WINDOWS\system32\mpr.dll
C:\WINDOWS\system32\mprapi.dll
C:\WINDOWS\system32\mprdim.dll
C:\WINDOWS\system32\mqad.dll
C:\WINDOWS\system32\mqbkup.exe
C:\WINDOWS\system32\mqdscli.dll
C:\WINDOWS\system32\mqise.dll
C:\WINDOWS\system32\mqlogmgr.dll
C:\WINDOWS\system32\mqoa.dll
C:\WINDOWS\system32\mqqm.dll
C:\WINDOWS\system32\mqrt.dll
C:\WINDOWS\system32\mqrtdep.dll
C:\WINDOWS\system32\mqsec.dll
C:\WINDOWS\system32\mqsnap.dll
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\mqtrig.dll
C:\WINDOWS\system32\mqupgrd.dll
C:\WINDOWS\system32\mqutil.dll
C:\WINDOWS\system32\msacm32.dll
C:\WINDOWS\system32\msadds32.ax
C:\WINDOWS\system32\msadp32.acm
C:\WINDOWS\system32\msafd.dll
C:\WINDOWS\system32\msapsspc.dll
C:\WINDOWS\system32\msasn1.dll
C:\WINDOWS\system32\msaud32.acm
C:\WINDOWS\system32\msconf.dll
C:\WINDOWS\system32\mscpx32r.dll
C:\WINDOWS\system32\mscpxl32.dll
C:\WINDOWS\system32\msctf.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msctfp.dll
C:\WINDOWS\system32\msdadiag.dll
C:\WINDOWS\system32\msdart.dll
C:\WINDOWS\system32\msdatsrc.tlb
C:\WINDOWS\system32\msdmo.dll
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\msdtclog.dll
C:\WINDOWS\system32\msdtcprx.dll
C:\WINDOWS\system32\msdtctm.dll
C:\WINDOWS\system32\msdtcuiu.dll
C:\WINDOWS\system32\msdxm.ocx
C:\WINDOWS\system32\msdxmlc.dll
C:\WINDOWS\system32\msftedit.dll
C:\WINDOWS\system32\msgina.dll
C:\WINDOWS\system32\msgsvc.dll
C:\WINDOWS\system32\msh261.drv
C:\WINDOWS\system32\msh263.drv
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msident.dll
C:\WINDOWS\system32\msidle.dll
C:\WINDOWS\system32\msieftp.dll
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msihnd.dll
C:\WINDOWS\system32\msimg32.dll
C:\WINDOWS\system32\msimsg.dll
C:\WINDOWS\system32\msimtf.dll
C:\WINDOWS\system32\msisip.dll
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\msnsspc.dll
C:\WINDOWS\system32\msoeacct.dll
C:\WINDOWS\system32\msoert2.dll
C:\WINDOWS\system32\msorcl32.dll
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspatcha.dll
C:\WINDOWS\system32\msprivs.dll
C:\WINDOWS\system32\msrle32.dll
C:\WINDOWS\system32\mssap.dll
C:\WINDOWS\system32\msscds32.ax
C:\WINDOWS\system32\msscript.ocx
C:\WINDOWS\system32\mssha.dll
C:\WINDOWS\system32\msshavmsg.dll
C:\WINDOWS\system32\mstask.dll
C:\WINDOWS\system32\mstinit.exe
C:\WINDOWS\system32\mstlsapi.dll
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\system32\mstscax.dll
C:\WINDOWS\system32\msutb.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvbvm60.dll
C:\WINDOWS\system32\msvcirt.dll
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt40.dll
C:\WINDOWS\system32\msvfw32.dll
C:\WINDOWS\system32\msw3prt.dll
C:\WINDOWS\system32\mswebdvd.dll
C:\WINDOWS\system32\msxml.dll
C:\WINDOWS\system32\msxml2.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\msxml6.dll
C:\WINDOWS\system32\msxml6r.dll
C:\WINDOWS\system32\msyuv.dll
C:\WINDOWS\system32\mtxclu.dll
C:\WINDOWS\system32\mtxdm.dll
C:\WINDOWS\system32\mtxex.dll
C:\WINDOWS\system32\mtxlegih.dll
C:\WINDOWS\system32\mtxoci.dll
C:\WINDOWS\system32\mtxparhd.dll
C:\WINDOWS\system32\mydocs.dll
C:\WINDOWS\system32\napipsec.dll
C:\WINDOWS\system32\napmontr.dll
C:\WINDOWS\system32\napstat.exe
C:\WINDOWS\system32\narrator.exe
C:\WINDOWS\system32\ncobjapi.dll
C:\WINDOWS\system32\nddeapi.dll
C:\WINDOWS\system32\nddeapir.exe
C:\WINDOWS\system32\nddenb32.dll
C:\WINDOWS\system32\ndptsp.tsp
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\netcfgx.dll
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\netid.dll
C:\WINDOWS\system32\netlogon.dll
C:\WINDOWS\system32\netman.dll
C:\WINDOWS\system32\netplwiz.dll
C:\WINDOWS\system32\netrap.dll
C:\WINDOWS\system32\netsetup.cpl
C:\WINDOWS\system32\netsetup.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netshell.dll
C:\WINDOWS\system32\netstat.exe
C:\WINDOWS\system32\netui0.dll
C:\WINDOWS\system32\netui1.dll
C:\WINDOWS\system32\newdev.dll
C:\WINDOWS\system32\nlhtml.dll
C:\WINDOWS\system32\nmmkcert.dll
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\npptools.dll
C:\WINDOWS\system32\nslookup.exe
C:\WINDOWS\system32\ntbackup.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntlanman.dll
C:\WINDOWS\system32\ntlsapi.dll
C:\WINDOWS\system32\ntmarta.dll
C:\WINDOWS\system32\ntmsapi.dll
C:\WINDOWS\system32\ntmsdba.dll
C:\WINDOWS\system32\ntmsmgr.dll
C:\WINDOWS\system32\ntmssvc.dll
C:\WINDOWS\system32\ntprint.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdmd.dll
C:\WINDOWS\system32\nusrmgr.cpl
C:\WINDOWS\system32\nv4_disp.dll
C:\WINDOWS\system32\nwapi32.dll
C:\WINDOWS\system32\nwprovau.dll
C:\WINDOWS\system32\nwwks.dll
C:\WINDOWS\system32\oakley.dll
C:\WINDOWS\system32\objsel.dll
C:\WINDOWS\system32\ocmanage.dll
C:\WINDOWS\system32\odbc32.dll
C:\WINDOWS\system32\odbc32gt.dll
C:\WINDOWS\system32\odbcad32.exe
C:\WINDOWS\system32\odbcbcp.dll
C:\WINDOWS\system32\odbcconf.dll
C:\WINDOWS\system32\odbcconf.exe
C:\WINDOWS\system32\odbcconf.rsp
C:\WINDOWS\system32\odbccp32.cpl
C:\WINDOWS\system32\odbccp32.dll
C:\WINDOWS\system32\odbccr32.dll
C:\WINDOWS\system32\odbccu32.dll
C:\WINDOWS\system32\odbcji32.dll
C:\WINDOWS\system32\odbcjt32.dll
C:\WINDOWS\system32\odbcp32r.dll
C:\WINDOWS\system32\odbctrac.dll
C:\WINDOWS\system32\oddbse32.dll
C:\WINDOWS\system32\odexl32.dll
C:\WINDOWS\system32\odfox32.dll
C:\WINDOWS\system32\odpdx32.dll
C:\WINDOWS\system32\odtext32.dll
C:\WINDOWS\system32\offfilt.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olecli32.dll
C:\WINDOWS\system32\olecnv32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\oleprn.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\onex.dll
C:\WINDOWS\system32\openfiles.exe
C:\WINDOWS\system32\opengl32.dll
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\osuninst.dll
C:\WINDOWS\system32\p2p.dll
C:\WINDOWS\system32\p2pgasvc.dll
C:\WINDOWS\system32\p2pgraph.dll
C:\WINDOWS\system32\p2pnetsh.dll
C:\WINDOWS\system32\p2psvc.dll
C:\WINDOWS\system32\packager.exe
C:\WINDOWS\system32\pautoenr.dll
C:\WINDOWS\system32\pdh.dll
C:\WINDOWS\system32\perfctrs.dll
C:\WINDOWS\system32\perfdisk.dll
C:\WINDOWS\system32\perfmon.exe
C:\WINDOWS\system32\perfnet.dll
C:\WINDOWS\system32\perfos.dll
C:\WINDOWS\system32\perfproc.dll
C:\WINDOWS\system32\photometadatahandler.dll
C:\WINDOWS\system32\photowiz.dll
C:\WINDOWS\system32\pid.dll
C:\WINDOWS\system32\pid.inf
C:\WINDOWS\system32\pidgen.dll
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\pjlmon.dll
C:\WINDOWS\system32\pnrpnsp.dll
C:\WINDOWS\system32\polstore.dll
C:\WINDOWS\system32\powercfg.cpl
C:\WINDOWS\system32\powercfg.exe
C:\WINDOWS\system32\powrprof.dll
C:\WINDOWS\system32\printui.dll
C:\WINDOWS\system32\proctexe.ocx
C:\WINDOWS\system32\profmap.dll
C:\WINDOWS\system32\progman.exe
C:\WINDOWS\system32\proquota.exe
C:\WINDOWS\system32\proxycfg.exe
C:\WINDOWS\system32\psapi.dll
C:\WINDOWS\system32\psbase.dll
C:\WINDOWS\system32\pstorec.dll
C:\WINDOWS\system32\pstorsvc.dll
C:\WINDOWS\system32\ptpusd.dll
C:\WINDOWS\system32\qagent.dll
C:\WINDOWS\system32\qagentrt.dll
C:\WINDOWS\system32\qcap.dll
C:\WINDOWS\system32\qcliprov.dll
C:\WINDOWS\system32\qdv.dll
C:\WINDOWS\system32\qdvd.dll
C:\WINDOWS\system32\qedit.dll
C:\WINDOWS\system32\qedwipes.dll
C:\WINDOWS\system32\qmgr.dll
C:\WINDOWS\system32\qmgrprxy.dll
C:\WINDOWS\system32\qprocess.exe
C:\WINDOWS\system32\query.dll
C:\WINDOWS\system32\qutil.dll
C:\WINDOWS\system32\racpldlg.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\rasapi32.dll
C:\WINDOWS\system32\rasauto.dll
C:\WINDOWS\system32\raschap.dll
C:\WINDOWS\system32\rasdlg.dll
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\rasmans.dll
C:\WINDOWS\system32\rasphone.exe
C:\WINDOWS\system32\rasppp.dll
C:\WINDOWS\system32\rasqec.dll
C:\WINDOWS\system32\rassapi.dll
C:\WINDOWS\system32\rastapi.dll
C:\WINDOWS\system32\rastls.dll
C:\WINDOWS\system32\rcbdyctl.dll
C:\WINDOWS\system32\rcimlby.exe
C:\WINDOWS\system32\rcp.exe
C:\WINDOWS\system32\rdchost.dll
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\rdpdd.dll
C:\WINDOWS\system32\rdpsnd.dll
C:\WINDOWS\system32\rdpwsx.dll
C:\WINDOWS\system32\rdsaddin.exe
C:\WINDOWS\system32\rdshost.exe
C:\WINDOWS\system32\reg.exe
C:\WINDOWS\system32\regapi.dll
C:\WINDOWS\system32\regsvc.dll
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regwizc.dll
C:\WINDOWS\system32\remotepg.dll
C:\WINDOWS\system32\remotesp.tsp
C:\WINDOWS\system32\resutils.dll
C:\WINDOWS\system32\rexec.exe
C:\WINDOWS\system32\rhttpaa.dll
C:\WINDOWS\system32\riched20.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\rpcss.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rsh.exe
C:\WINDOWS\system32\rshx32.dll
C:\WINDOWS\system32\rsmps.dll
C:\WINDOWS\system32\rsnotify.exe
C:\WINDOWS\system32\rsvpsp.dll
C:\WINDOWS\system32\rtcshare.exe
C:\WINDOWS\system32\rtipxmib.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\runonce.exe
C:\WINDOWS\system32\rwnh.dll
C:\WINDOWS\system32\s3gnb.dll
C:\WINDOWS\system32\safrcdlg.dll
C:\WINDOWS\system32\safrdm.dll
C:\WINDOWS\system32\safrslv.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samsrv.dll
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\sbeio.dll
C:\WINDOWS\system32\scarddlg.dll
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\sccsccp.dll
C:\WINDOWS\system32\scecli.dll
C:\WINDOWS\system32\scesrv.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\schedsvc.dll
C:\WINDOWS\system32\schtasks.exe
C:\WINDOWS\system32\sclgntfy.dll
C:\WINDOWS\system32\scrnsave.scr
C:\WINDOWS\system32\sdbinst.exe
C:\WINDOWS\system32\sdhcinst.dll
C:\WINDOWS\system32\secedit.exe
C:\WINDOWS\system32\seclogon.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\security.dll
C:\WINDOWS\system32\sendcmsg.dll
C:\WINDOWS\system32\sendmail.dll
C:\WINDOWS\system32\sens.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\servdeps.dll
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\sethc.exe
C:\WINDOWS\system32\setup.exe
C:\WINDOWS\system32\setupapi.dll
C:\WINDOWS\system32\setupn.exe
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfcfiles.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\shdocvw.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\shfolder.dll
C:\WINDOWS\system32\shgina.dll
C:\WINDOWS\system32\shimeng.dll
C:\WINDOWS\system32\shimgvw.dll
C:\WINDOWS\system32\shlwapi.dll
C:\WINDOWS\system32\shmedia.dll
C:\WINDOWS\system32\shmgrate.exe
C:\WINDOWS\system32\shrpubw.exe
C:\WINDOWS\system32\shscrap.dll
C:\WINDOWS\system32\shsvcs.dll
C:\WINDOWS\system32\shutdown.exe
C:\WINDOWS\system32\sigtab.dll
C:\WINDOWS\system32\sigverif.exe
C:\WINDOWS\system32\simpdata.tlb
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\system32\slayerxp.dll
C:\WINDOWS\system32\slbiop.dll
C:\WINDOWS\system32\slcoinst.dll
C:\WINDOWS\system32\slextspk.dll
C:\WINDOWS\system32\slgen.dll
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\sl_anet.acm
C:\WINDOWS\system32\smbinst.exe
C:\WINDOWS\system32\smlogcfg.dll
C:\WINDOWS\system32\smlogsvc.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\smtpapi.dll
C:\WINDOWS\system32\sndrec32.exe
C:\WINDOWS\system32\snmpapi.dll
C:\WINDOWS\system32\snmpsnap.dll
C:\WINDOWS\system32\sort.exe
C:\WINDOWS\system32\spdwnwxp.exe
C:\WINDOWS\system32\spider.exe
C:\WINDOWS\system32\spiisupd.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\spoolss.dll
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spupdwxp.exe
C:\WINDOWS\system32\sqlsrv32.dll
C:\WINDOWS\system32\sqlunirl.dll
C:\WINDOWS\system32\srclient.dll
C:\WINDOWS\system32\srrstr.dll
C:\WINDOWS\system32\srsvc.dll
C:\WINDOWS\system32\srvsvc.dll
C:\WINDOWS\system32\ss3dfo.scr
C:\WINDOWS\system32\ssbezier.scr
C:\WINDOWS\system32\ssdpapi.dll
C:\WINDOWS\system32\ssdpsrv.dll
C:\WINDOWS\system32\ssflwbox.scr
C:\WINDOWS\system32\ssmarque.scr
C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\ssmyst.scr
C:\WINDOWS\system32\sspipes.scr
C:\WINDOWS\system32\ssstars.scr
C:\WINDOWS\system32\sstext3d.scr
C:\WINDOWS\system32\stclient.dll
C:\WINDOWS\system32\stdole2.tlb
C:\WINDOWS\system32\sti.dll
C:\WINDOWS\system32\stimon.exe
C:\WINDOWS\system32\sti_ci.dll
C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\storprop.dll
C:\WINDOWS\system32\strmdll.dll
C:\WINDOWS\system32\strmfilt.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\synceng.dll
C:\WINDOWS\system32\syncui.dll
C:\WINDOWS\system32\sysdm.cpl
C:\WINDOWS\system32\sysmon.ocx
C:\WINDOWS\system32\sysocmgr.exe
C:\WINDOWS\system32\syssetup.dll
C:\WINDOWS\system32\systeminfo.exe
C:\WINDOWS\system32\t2embed.dll
C:\WINDOWS\system32\tapi3.dll
C:\WINDOWS\system32\tapi32.dll
C:\WINDOWS\system32\tapisrv.dll
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\tasklist.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\tcpmib.dll
C:\WINDOWS\system32\tcpmon.dll
C:\WINDOWS\system32\tcpmonui.dll
C:\WINDOWS\system32\telnet.exe
C:\WINDOWS\system32\termmgr.dll
C:\WINDOWS\system32\termsrv.dll
C:\WINDOWS\system32\themeui.dll
C:\WINDOWS\system32\timedate.cpl
C:\WINDOWS\system32\tlntadmn.exe
C:\WINDOWS\system32\tlntsess.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\tlntsvrp.dll
C:\WINDOWS\system32\tourstart.exe
C:\WINDOWS\system32\tracerpt.exe
C:\WINDOWS\system32\tracert.exe
C:\WINDOWS\system32\tree.com
C:\WINDOWS\system32\trkwks.dll
C:\WINDOWS\system32\tscfgwmi.dll
C:\WINDOWS\system32\tsddd.dll
C:\WINDOWS\system32\tsgqec.dll
C:\WINDOWS\system32\tspkg.dll
C:\WINDOWS\system32\twext.dll
C:\WINDOWS\system32\txflog.dll
C:\WINDOWS\system32\udhisapi.dll
C:\WINDOWS\system32\ulib.dll
C:\WINDOWS\system32\umandlg.dll
C:\WINDOWS\system32\umpnpmgr.dll
C:\WINDOWS\system32\unimdm.tsp
C:\WINDOWS\system32\unimdmat.dll
C:\WINDOWS\system32\uniplat.dll
C:\WINDOWS\system32\untfs.dll
C:\WINDOWS\system32\upnp.dll
C:\WINDOWS\system32\upnpcont.exe
C:\WINDOWS\system32\upnphost.dll
C:\WINDOWS\system32\upnpui.dll
C:\WINDOWS\system32\ups.exe
C:\WINDOWS\system32\usbmon.dll
C:\WINDOWS\system32\usbui.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\usp10.dll
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\vbajet32.dll
C:\WINDOWS\system32\vbisurf.ax
C:\WINDOWS\system32\vdmdbg.dll
C:\WINDOWS\system32\vdmredir.dll
C:\WINDOWS\system32\verclsid.exe
C:\WINDOWS\system32\verifier.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\system32\vidcap.ax
C:\WINDOWS\system32\vssapi.dll
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\w3ssl.dll
C:\WINDOWS\system32\watchdog.sys
C:\WINDOWS\system32\wavemsp.dll
C:\WINDOWS\system32\wdigest.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\webclnt.dll
C:\WINDOWS\system32\webvw.dll
C:\WINDOWS\system32\wextract.exe
C:\WINDOWS\system32\wiaacmgr.exe
C:\WINDOWS\system32\wiadefui.dll
C:\WINDOWS\system32\wiadss.dll
C:\WINDOWS\system32\wiascr.dll
C:\WINDOWS\system32\wiaservc.dll
C:\WINDOWS\system32\wiashext.dll
C:\WINDOWS\system32\wiavideo.dll
C:\WINDOWS\system32\win32spl.dll
C:\WINDOWS\system32\winbrand.dll
C:\WINDOWS\system32\windowscodecs.dll
C:\WINDOWS\system32\windowscodecsext.dll
C:\WINDOWS\system32\winhttp.dll
C:\WINDOWS\system32\winipsec.dll
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winmm.dll
C:\WINDOWS\system32\winntbbu.dll
C:\WINDOWS\system32\winrnr.dll
C:\WINDOWS\system32\winscard.dll
C:\WINDOWS\system32\winshfhc.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\winsrv.dll
C:\WINDOWS\system32\winsta.dll
C:\WINDOWS\system32\wintrust.dll
C:\WINDOWS\system32\winver.exe
C:\WINDOWS\system32\wkssvc.dll
C:\WINDOWS\system32\wlanapi.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\wlnotify.dll
C:\WINDOWS\system32\wmi.dll
C:\WINDOWS\system32\wmp.ocx
C:\WINDOWS\system32\wmpcd.dll
C:\WINDOWS\system32\wmpcore.dll
C:\WINDOWS\system32\wmphoto.dll
C:\WINDOWS\system32\wmpui.dll
C:\WINDOWS\system32\wmsdmoe.dll
C:\WINDOWS\system32\wmstream.dll
C:\WINDOWS\system32\wmv8ds32.ax
C:\WINDOWS\system32\wmvds32.ax
C:\WINDOWS\system32\wow32.dll
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wpnpinst.exe
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscsvc.dll
C:\WINDOWS\system32\wscui.cpl
C:\WINDOWS\system32\wsecedit.dll
C:\WINDOWS\system32\wshbth.dll
C:\WINDOWS\system32\wshcon.dll
C:\WINDOWS\system32\wship6.dll
C:\WINDOWS\system32\wshrm.dll
C:\WINDOWS\system32\wshtcpip.dll
C:\WINDOWS\system32\wsnmp32.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\wstdecod.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\system32\wuauclt1.exe
C:\WINDOWS\system32\wuaueng1.dll
C:\WINDOWS\system32\wuauserv.dll
C:\WINDOWS\system32\wzcdlg.dll
C:\WINDOWS\system32\wzcsapi.dll
C:\WINDOWS\system32\wzcsvc.dll
C:\WINDOWS\system32\xactsrv.dll
C:\WINDOWS\system32\xcopy.exe
C:\WINDOWS\system32\xmllite.dll
C:\WINDOWS\system32\xmlprov.dll
C:\WINDOWS\system32\xmlprovi.dll
C:\WINDOWS\system32\xolehlp.dll
C:\WINDOWS\system32\xpob2res.dll
C:\WINDOWS\system32\xpsp1res.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\xpsp3res.dll
C:\WINDOWS\system32\zipfldr.dll

C:\WINDOWS\system32\drivers\acpiec.sys
C:\WINDOWS\system32\drivers\atmepvc.sys
C:\WINDOWS\system32\drivers\atmuni.sys
C:\WINDOWS\system32\drivers\cbidf2k.sys
C:\WINDOWS\system32\drivers\cdaudio.sys
C:\WINDOWS\system32\drivers\cinemst2.sys
C:\WINDOWS\system32\drivers\cpqdap01.sys
C:\WINDOWS\system32\drivers\dmload.sys
C:\WINDOWS\system32\drivers\dxapi.sys
C:\WINDOWS\system32\drivers\dxgthk.sys
C:\WINDOWS\system32\drivers\fsvga.sys
C:\WINDOWS\system32\drivers\fs_rec.sys
C:\WINDOWS\system32\drivers\ftdisk.sys
C:\WINDOWS\system32\drivers\gm.dls
C:\WINDOWS\system32\drivers\gmreadme.txt
C:\WINDOWS\system32\drivers\ipfltdrv.sys
C:\WINDOWS\system32\drivers\mcd.sys
C:\WINDOWS\system32\drivers\mhndrv.sys
C:\WINDOWS\system32\drivers\mnmdd.sys
C:\WINDOWS\system32\drivers\nikedrv.sys
C:\WINDOWS\system32\drivers\null.sys
C:\WINDOWS\system32\drivers\nwlnkflt.sys
C:\WINDOWS\system32\drivers\nwlnkfwd.sys
C:\WINDOWS\system32\drivers\nwlnknb.sys
C:\WINDOWS\system32\drivers\nwlnkspx.sys
C:\WINDOWS\system32\drivers\oprghdlr.sys
C:\WINDOWS\system32\drivers\parvdm.sys
C:\WINDOWS\system32\drivers\ptilink.sys
C:\WINDOWS\system32\drivers\rasacd.sys
C:\WINDOWS\system32\drivers\raspti.sys
C:\WINDOWS\system32\drivers\rawwan.sys
C:\WINDOWS\system32\drivers\rdpcdd.sys
C:\WINDOWS\system32\drivers\rio8drv.sys
C:\WINDOWS\system32\drivers\riodrv.sys
C:\WINDOWS\system32\drivers\rootmdm.sys
C:\WINDOWS\system32\drivers\smclib.sys
C:\WINDOWS\system32\drivers\tosdvd.sys
C:\WINDOWS\system32\drivers\tsbvcap.sys
C:\WINDOWS\system32\drivers\usbd.sys
C:\WINDOWS\system32\drivers\vdmindvd.sys
C:\WINDOWS\system32\drivers\wmilib.sys
C:\WINDOWS\system32\drivers\ws2ifsl.sys
C:\WINDOWS\system32\drivers\1394bus.sys
C:\WINDOWS\system32\drivers\acpi.sys
C:\WINDOWS\system32\drivers\adv01nt5.dll
C:\WINDOWS\system32\drivers\adv02nt5.dll
C:\WINDOWS\system32\drivers\adv05nt5.dll
C:\WINDOWS\system32\drivers\adv07nt5.dll
C:\WINDOWS\system32\drivers\adv08nt5.dll
C:\WINDOWS\system32\drivers\adv09nt5.dll
C:\WINDOWS\system32\drivers\adv11nt5.dll
C:\WINDOWS\system32\drivers\aec.sys
C:\WINDOWS\system32\drivers\agp440.sys
C:\WINDOWS\system32\drivers\agpcpq.sys
C:\WINDOWS\system32\drivers\alim1541.sys
C:\WINDOWS\system32\drivers\amdagp.sys
C:\WINDOWS\system32\drivers\amdk6.sys
C:\WINDOWS\system32\drivers\amdk7.sys
C:\WINDOWS\system32\drivers\arp1394.sys
C:\WINDOWS\system32\drivers\asyncmac.sys
C:\WINDOWS\system32\drivers\atapi.sys
C:\WINDOWS\system32\drivers\ati1btxx.sys
C:\WINDOWS\system32\drivers\ati1mdxx.sys
C:\WINDOWS\system32\drivers\ati1pdxx.sys
C:\WINDOWS\system32\drivers\ati1raxx.sys
C:\WINDOWS\system32\drivers\ati1rvxx.sys
C:\WINDOWS\system32\drivers\ati1snxx.sys
C:\WINDOWS\system32\drivers\ati1ttxx.sys
C:\WINDOWS\system32\drivers\ati1tuxx.sys
C:\WINDOWS\system32\drivers\ati1xbxx.sys
C:\WINDOWS\system32\drivers\ati1xsxx.sys
C:\WINDOWS\system32\drivers\ati2mtaa.sys
C:\WINDOWS\system32\drivers\ati2mtag.sys
C:\WINDOWS\system32\drivers\atinbtxx.sys
C:\WINDOWS\system32\drivers\atinmdxx.sys
C:\WINDOWS\system32\drivers\atinpdxx.sys
C:\WINDOWS\system32\drivers\atinraxx.sys
C:\WINDOWS\system32\drivers\atinrvxx.sys
C:\WINDOWS\system32\drivers\atinsnxx.sys
C:\WINDOWS\system32\drivers\atinttxx.sys
C:\WINDOWS\system32\drivers\atintuxx.sys
C:\WINDOWS\system32\drivers\atinxbxx.sys
C:\WINDOWS\system32\drivers\atinxsxx.sys
C:\WINDOWS\system32\drivers\atmarpc.sys
C:\WINDOWS\system32\drivers\atmlane.sys
C:\WINDOWS\system32\drivers\atv01nt5.dll
C:\WINDOWS\system32\drivers\atv02nt5.dll
C:\WINDOWS\system32\drivers\atv04nt5.dll
C:\WINDOWS\system32\drivers\atv06nt5.dll
C:\WINDOWS\system32\drivers\atv10nt5.dll
C:\WINDOWS\system32\drivers\battc.sys
C:\WINDOWS\system32\drivers\bridge.sys
C:\WINDOWS\system32\drivers\bthenum.sys
C:\WINDOWS\system32\drivers\bthmodem.sys
C:\WINDOWS\system32\drivers\bthpan.sys
C:\WINDOWS\system32\drivers\bthprint.sys
C:\WINDOWS\system32\drivers\bthusb.sys
C:\WINDOWS\system32\drivers\cdfs.sys
C:\WINDOWS\system32\drivers\cdrom.sys
C:\WINDOWS\system32\drivers\ch7xxnt5.dll
C:\WINDOWS\system32\drivers\classpnp.sys
C:\WINDOWS\system32\drivers\cmbatt.sys
C:\WINDOWS\system32\drivers\compbatt.sys
C:\WINDOWS\system32\drivers\crusoe.sys
C:\WINDOWS\system32\drivers\disk.sys
C:\WINDOWS\system32\drivers\diskdump.sys
C:\WINDOWS\system32\drivers\dmboot.sys
C:\WINDOWS\system32\drivers\dmio.sys
C:\WINDOWS\system32\drivers\dmusic.sys
C:\WINDOWS\system32\drivers\drmk.sys
C:\WINDOWS\system32\drivers\drmkaud.sys
C:\WINDOWS\system32\drivers\dxg.sys
C:\WINDOWS\system32\drivers\fastfat.sys
C:\WINDOWS\system32\drivers\fdc.sys
C:\WINDOWS\system32\drivers\fips.sys
C:\WINDOWS\system32\drivers\flpydisk.sys
C:\WINDOWS\system32\drivers\fltmgr.sys
C:\WINDOWS\system32\drivers\gagp30kx.sys
C:\WINDOWS\system32\drivers\hdaudbus.sys
C:\WINDOWS\system32\drivers\hidbth.sys
C:\WINDOWS\system32\drivers\hidclass.sys
C:\WINDOWS\system32\drivers\hidir.sys
C:\WINDOWS\system32\drivers\hidparse.sys
C:\WINDOWS\system32\drivers\hidusb.sys
C:\WINDOWS\system32\drivers\hsfbs2s2.sys
C:\WINDOWS\system32\drivers\hsfcxts2.sys
C:\WINDOWS\system32\drivers\hsfdpsp2.sys
C:\WINDOWS\system32\drivers\http.sys
C:\WINDOWS\system32\drivers\i8042prt.sys
C:\WINDOWS\system32\drivers\imapi.sys
C:\WINDOWS\system32\drivers\intelppm.sys
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\ipinip.sys
C:\WINDOWS\system32\drivers\ipnat.sys
C:\WINDOWS\system32\drivers\ipsec.sys
C:\WINDOWS\system32\drivers\irbus.sys
C:\WINDOWS\system32\drivers\irenum.sys
C:\WINDOWS\system32\drivers\isapnp.sys
C:\WINDOWS\system32\drivers\kbdclass.sys
C:\WINDOWS\system32\drivers\kmixer.sys
C:\WINDOWS\system32\drivers\ks.sys
C:\WINDOWS\system32\drivers\ksecdd.sys
C:\WINDOWS\system32\drivers\mf.sys
C:\WINDOWS\system32\drivers\modem.sys
C:\WINDOWS\system32\drivers\mouclass.sys
C:\WINDOWS\system32\drivers\mountmgr.sys
C:\WINDOWS\system32\drivers\mqac.sys
C:\WINDOWS\system32\drivers\mrxdav.sys
C:\WINDOWS\system32\drivers\mrxsmb.sys
C:\WINDOWS\system32\drivers\msfs.sys
C:\WINDOWS\system32\drivers\msgpc.sys
C:\WINDOWS\system32\drivers\mskssrv.sys
C:\WINDOWS\system32\drivers\mspclock.sys
C:\WINDOWS\system32\drivers\mspqm.sys
C:\WINDOWS\system32\drivers\mssmbios.sys
C:\WINDOWS\system32\drivers\mtlmnt5.sys
C:\WINDOWS\system32\drivers\mtlstrm.sys
C:\WINDOWS\system32\drivers\mtxparhm.sys
C:\WINDOWS\system32\drivers\mup.sys
C:\WINDOWS\system32\drivers\mutohpen.sys
C:\WINDOWS\system32\drivers\ndis.sys
C:\WINDOWS\system32\drivers\ndistapi.sys
C:\WINDOWS\system32\drivers\ndisuio.sys
C:\WINDOWS\system32\drivers\ndiswan.sys
C:\WINDOWS\system32\drivers\ndproxy.sys
C:\WINDOWS\system32\drivers\netbios.sys
C:\WINDOWS\system32\drivers\netbt.sys
C:\WINDOWS\system32\drivers\nic1394.sys
C:\WINDOWS\system32\drivers\nmnt.sys
C:\WINDOWS\system32\drivers\npfs.sys
C:\WINDOWS\system32\drivers\ntfs.sys
C:\WINDOWS\system32\drivers\ntmtlfax.sys
C:\WINDOWS\system32\drivers\nv4_mini.sys
C:\WINDOWS\system32\drivers\nwlnkipx.sys
C:\WINDOWS\system32\drivers\nwrdr.sys
C:\WINDOWS\system32\drivers\ohci1394.sys
C:\WINDOWS\system32\drivers\p3.sys
C:\WINDOWS\system32\drivers\parport.sys
C:\WINDOWS\system32\drivers\partmgr.sys
C:\WINDOWS\system32\drivers\pci.sys
C:\WINDOWS\system32\drivers\pciidex.sys
C:\WINDOWS\system32\drivers\pcmcia.sys
C:\WINDOWS\system32\drivers\portcls.sys
C:\WINDOWS\system32\drivers\processr.sys
C:\WINDOWS\system32\drivers\psched.sys
C:\WINDOWS\system32\drivers\rasl2tp.sys
C:\WINDOWS\system32\drivers\raspppoe.sys
C:\WINDOWS\system32\drivers\raspptp.sys
C:\WINDOWS\system32\drivers\rdbss.sys
C:\WINDOWS\system32\drivers\rdpdr.sys
C:\WINDOWS\system32\drivers\rdpwd.sys
C:\WINDOWS\system32\drivers\recagent.sys
C:\WINDOWS\system32\drivers\redbook.sys
C:\WINDOWS\system32\drivers\rfcomm.sys
C:\WINDOWS\system32\drivers\rndismp.sys
C:\WINDOWS\system32\drivers\rndismpx.sys
C:\WINDOWS\system32\drivers\s3gnbm.sys
C:\WINDOWS\system32\drivers\scsiport.sys
C:\WINDOWS\system32\drivers\sdbus.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\drivers\serenum.sys
C:\WINDOWS\system32\drivers\serial.sys
C:\WINDOWS\system32\drivers\sffdisk.sys
C:\WINDOWS\system32\drivers\sffp_mmc.sys
C:\WINDOWS\system32\drivers\sffp_sd.sys
C:\WINDOWS\system32\drivers\sfloppy.sys
C:\WINDOWS\system32\drivers\siint5.dll
C:\WINDOWS\system32\drivers\sisagp.sys
C:\WINDOWS\system32\drivers\slnt7554.sys
C:\WINDOWS\system32\drivers\slntamr.sys
C:\WINDOWS\system32\drivers\slnthal.sys
C:\WINDOWS\system32\drivers\slwdmsup.sys
C:\WINDOWS\system32\drivers\smbali.sys
C:\WINDOWS\system32\drivers\sonydcam.sys
C:\WINDOWS\system32\drivers\splitter.sys
C:\WINDOWS\system32\drivers\sr.sys
C:\WINDOWS\system32\drivers\stream.sys
C:\WINDOWS\system32\drivers\swenum.sys
C:\WINDOWS\system32\drivers\swmidi.sys
C:\WINDOWS\system32\drivers\sysaudio.sys
C:\WINDOWS\system32\drivers\tape.sys
C:\WINDOWS\system32\drivers\tdi.sys
C:\WINDOWS\system32\drivers\tdpipe.sys
C:\WINDOWS\system32\drivers\tdtcp.sys
C:\WINDOWS\system32\drivers\termdd.sys
C:\WINDOWS\system32\drivers\tunmp.sys
C:\WINDOWS\system32\drivers\uagp35.sys
C:\WINDOWS\system32\drivers\udfs.sys
C:\WINDOWS\system32\drivers\update.sys
C:\WINDOWS\system32\drivers\usb8023.sys
C:\WINDOWS\system32\drivers\usb8023x.sys
C:\WINDOWS\system32\drivers\usbcamd.sys
C:\WINDOWS\system32\drivers\usbcamd2.sys
C:\WINDOWS\system32\drivers\usbehci.sys
C:\WINDOWS\system32\drivers\usbhub.sys
C:\WINDOWS\system32\drivers\usbintel.sys
C:\WINDOWS\system32\drivers\usbport.sys
C:\WINDOWS\system32\drivers\usbscan.sys
C:\WINDOWS\system32\drivers\usbstor.sys
C:\WINDOWS\system32\drivers\usbuhci.sys
C:\WINDOWS\system32\drivers\usbvideo.sys
C:\WINDOWS\system32\drivers\vchnt5.dll
C:\WINDOWS\system32\drivers\vga.sys
C:\WINDOWS\system32\drivers\viaagp.sys
C:\WINDOWS\system32\drivers\videoprt.sys
C:\WINDOWS\system32\drivers\volsnap.sys
C:\WINDOWS\system32\drivers\wacompen.sys
C:\WINDOWS\system32\drivers\wadv07nt.sys
C:\WINDOWS\system32\drivers\wadv08nt.sys
C:\WINDOWS\system32\drivers\wadv09nt.sys
C:\WINDOWS\system32\drivers\wadv11nt.sys
C:\WINDOWS\system32\drivers\wanarp.sys
C:\WINDOWS\system32\drivers\watv06nt.sys
C:\WINDOWS\system32\drivers\watv10nt.sys
C:\WINDOWS\system32\drivers\wdmaud.sys
C:\WINDOWS\system32\drivers\wmiacpi.sys

----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

gaby.zeze
 Posté le 17/08/2009 à 11:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

2/ Virustotal

A noter, je n'ai pas vu le fichier dans c:/windows/system32/ntfs.sys,

J'ai scanné c/window/system32/drivers/ntfs.sys et dans c/windows/system32/dllcache/ntfs.sys,

De même pour beep.sys

J'ai windows media center.


Voici le rapport c/windows/system32/drivers/ntfs.sys :

Fichier ntfs.sys reçu le 2009.08.16 18:28:38 (UTC)
Situation actuelle: terminé

Résultat: 0/41 (0.00%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.16 -
AhnLab-V3 5.0.0.2 2009.08.15 -
AntiVir 7.9.1.1 2009.08.14 -
Antiy-AVL 2.0.3.7 2009.08.14 -
Authentium 5.1.2.4 2009.08.15 -
Avast 4.8.1335.0 2009.08.15 -
AVG 8.5.0.406 2009.08.16 -
BitDefender 7.2 2009.08.16 -
CAT-QuickHeal 10.00 2009.08.16 -
ClamAV 0.94.1 2009.08.16 -
Comodo 1992 2009.08.16 -
DrWeb 5.0.0.12182 2009.08.16 -
eSafe 7.0.17.0 2009.08.16 -
eTrust-Vet 31.6.6678 2009.08.14 -
F-Prot 4.4.4.56 2009.08.15 -
F-Secure 8.0.14470.0 2009.08.16 -
Fortinet 3.120.0.0 2009.08.16 -
GData 19 2009.08.16 -
Ikarus T3.1.1.64.0 2009.08.16 -
Jiangmin 11.0.800 2009.08.16 -
K7AntiVirus 7.10.819 2009.08.14 -
Kaspersky 7.0.0.125 2009.08.16 -
McAfee 5710 2009.08.15 -
McAfee+Artemis 5710 2009.08.15 -
McAfee-GW-Edition 6.8.5 2009.08.16 -
Microsoft 1.4903 2009.08.16 -
NOD32 4339 2009.08.16 -
Norman 6.01.09 2009.08.14 -
nProtect 2009.1.8.0 2009.08.16 -
Panda 10.0.0.14 2009.08.16 -
PCTools 4.4.2.0 2009.08.16 -
Prevx 3.0 2009.08.16 -
Rising 21.42.62.00 2009.08.16 -
Sophos 4.44.0 2009.08.16 -
Sunbelt 3.2.1858.2 2009.08.16 -
Symantec 1.4.4.12 2009.08.16 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.14 -
VBA32 3.12.10.9 2009.08.16 -
ViRobot 2009.8.14.1885 2009.08.14 -
VirusBuster 4.6.5.0 2009.08.16 -
Information additionnelle
File size: 574976 bytes
MD5 : 78a08dd6a8d65e697c18e1db01c5cdca
SHA1 : c40f3c1fcbd8a61ad5f36e16971feb64407bbc66
SHA256: e0e6f3ed05068e32f1d5c2d2b38cdef4536b8656db6756c66cf6b40b60c8f3da
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x85384
timedatestamp.....: 0x48025BE5 (Sun Apr 13 21:15:49 2008)
machinetype.......: 0x14C (Intel I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x17879 0x17880 6.57 7a0cc809877394dcb00f251125cde1d0
.rdata 0x17B80 0x7078 0x7080 6.30 95baacb27e75d4140da94f3e43c659d6
.data 0x1EC00 0x1B10 0x1B80 0.74 9cb37a38036e823a0152bb209239dffd
PAGE 0x20780 0x64B6B 0x64B80 6.51 7de1f4c3a0a474314fe86e158e01cd73
INIT 0x85300 0x36FE 0x3700 6.07 ded61bc7fa643b884fdf69cc4d48c308
.rsrc 0x88A00 0x3E0 0x400 3.34 7153f5b12fab0213e839e612df3320ab
.reloc 0x88E00 0x37A0 0x3800 6.73 5db2361b4571130ef61ec5a1deac3e22

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 12288:CosOm5JqnuiIT8j4l7yT68kdUDzAGOjICueFWI0m9:eJ+uiIQ4kTTkdUDEPflFWI0
PEiD : -
RDS : NSRL Reference Data Set
-

Voici le rapport c/windows/system32/dllcache/ntfs.sys :


MD5: 78a08dd6a8d65e697c18e1db01c5cdca
First received: 2009.02.11 09:17:52 UTC
Date 2009.08.16 18:28:38 UTC [<1D]
Résultats 0/41

Fichier ntfs.sys reçu le 2009.08.16 18:28:38 (UTC)
Situation actuelle: terminé

Résultat: 0/41 (0.00%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.16 -
AhnLab-V3 5.0.0.2 2009.08.15 -
AntiVir 7.9.1.1 2009.08.14 -
Antiy-AVL 2.0.3.7 2009.08.14 -
Authentium 5.1.2.4 2009.08.15 -
Avast 4.8.1335.0 2009.08.15 -
AVG 8.5.0.406 2009.08.16 -
BitDefender 7.2 2009.08.16 -
CAT-QuickHeal 10.00 2009.08.16 -
ClamAV 0.94.1 2009.08.16 -
Comodo 1992 2009.08.16 -
DrWeb 5.0.0.12182 2009.08.16 -
eSafe 7.0.17.0 2009.08.16 -
eTrust-Vet 31.6.6678 2009.08.14 -
F-Prot 4.4.4.56 2009.08.15 -
F-Secure 8.0.14470.0 2009.08.16 -
Fortinet 3.120.0.0 2009.08.16 -
GData 19 2009.08.16 -
Ikarus T3.1.1.64.0 2009.08.16 -
Jiangmin 11.0.800 2009.08.16 -
K7AntiVirus 7.10.819 2009.08.14 -
Kaspersky 7.0.0.125 2009.08.16 -
McAfee 5710 2009.08.15 -
McAfee+Artemis 5710 2009.08.15 -
McAfee-GW-Edition 6.8.5 2009.08.16 -
Microsoft 1.4903 2009.08.16 -
NOD32 4339 2009.08.16 -
Norman 6.01.09 2009.08.14 -
nProtect 2009.1.8.0 2009.08.16 -
Panda 10.0.0.14 2009.08.16 -
PCTools 4.4.2.0 2009.08.16 -
Prevx 3.0 2009.08.16 -
Rising 21.42.62.00 2009.08.16 -
Sophos 4.44.0 2009.08.16 -
Sunbelt 3.2.1858.2 2009.08.16 -
Symantec 1.4.4.12 2009.08.16 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.14 -
VBA32 3.12.10.9 2009.08.16 -
ViRobot 2009.8.14.1885 2009.08.14 -
VirusBuster 4.6.5.0 2009.08.16 -
Information additionnelle
File size: 574976 bytes
MD5 : 78a08dd6a8d65e697c18e1db01c5cdca
SHA1 : c40f3c1fcbd8a61ad5f36e16971feb64407bbc66
SHA256: e0e6f3ed05068e32f1d5c2d2b38cdef4536b8656db6756c66cf6b40b60c8f3da
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x85384
timedatestamp.....: 0x48025BE5 (Sun Apr 13 21:15:49 2008)
machinetype.......: 0x14C (Intel I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x17879 0x17880 6.57 7a0cc809877394dcb00f251125cde1d0
.rdata 0x17B80 0x7078 0x7080 6.30 95baacb27e75d4140da94f3e43c659d6
.data 0x1EC00 0x1B10 0x1B80 0.74 9cb37a38036e823a0152bb209239dffd
PAGE 0x20780 0x64B6B 0x64B80 6.51 7de1f4c3a0a474314fe86e158e01cd73
INIT 0x85300 0x36FE 0x3700 6.07 ded61bc7fa643b884fdf69cc4d48c308
.rsrc 0x88A00 0x3E0 0x400 3.34 7153f5b12fab0213e839e612df3320ab
.reloc 0x88E00 0x37A0 0x3800 6.73 5db2361b4571130ef61ec5a1deac3e22

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 12288:CosOm5JqnuiIT8j4l7yT68kdUDzAGOjICueFWI0m9:eJ+uiIQ4kTTkdUDEPflFWI0
PEiD : -
RDS : NSRL Reference Data Set
-


Voici le rapport c/windows/system32/drivers/beep.sys :

MD5: da1f27d85e0d1525f6621372e7b685e9
First received: 2008.04.17 05:23:36 UTC
Date 2009.08.16 13:18:04 UTC [<1D]
Résultats 1/41

Fichier beep.sys reçu le 2009.08.16 13:18:04 (UTC)
Situation actuelle: terminé

Résultat: 1/41 (2.44%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.16 -
AhnLab-V3 5.0.0.2 2009.08.15 -
AntiVir 7.9.1.1 2009.08.14 -
Antiy-AVL 2.0.3.7 2009.08.14 -
Authentium 5.1.2.4 2009.08.15 -
Avast 4.8.1335.0 2009.08.15 -
AVG 8.5.0.406 2009.08.16 -
BitDefender 7.2 2009.08.16 -
CAT-QuickHeal 10.00 2009.08.16 -
ClamAV 0.94.1 2009.08.16 -
Comodo 1989 2009.08.16 -
DrWeb 5.0.0.12182 2009.08.16 -
eSafe 7.0.17.0 2009.08.13 Win32.Banker
eTrust-Vet 31.6.6678 2009.08.14 -
F-Prot 4.4.4.56 2009.08.15 -
F-Secure 8.0.14470.0 2009.08.16 -
Fortinet 3.120.0.0 2009.08.16 -
GData 19 2009.08.16 -
Ikarus T3.1.1.64.0 2009.08.16 -
Jiangmin 11.0.800 2009.08.16 -
K7AntiVirus 7.10.819 2009.08.14 -
Kaspersky 7.0.0.125 2009.08.16 -
McAfee 5710 2009.08.15 -
McAfee+Artemis 5710 2009.08.15 -
McAfee-GW-Edition 6.8.5 2009.08.16 -
Microsoft 1.4903 2009.08.16 -
NOD32 4339 2009.08.16 -
Norman 6.01.09 2009.08.14 -
nProtect 2009.1.8.0 2009.08.16 -
Panda 10.0.0.14 2009.08.16 -
PCTools 4.4.2.0 2009.08.16 -
Prevx 3.0 2009.08.16 -
Rising 21.42.62.00 2009.08.16 -
Sophos 4.44.0 2009.08.16 -
Sunbelt 3.2.1858.2 2009.08.15 -
Symantec 1.4.4.12 2009.08.16 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.14 -
VBA32 3.12.10.9 2009.08.16 -
ViRobot 2009.8.14.1885 2009.08.14 -
VirusBuster 4.6.5.0 2009.08.16 -
Information additionnelle
File size: 4224 bytes
MD5 : da1f27d85e0d1525f6621372e7b685e9
SHA1 : e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x66C
timedatestamp.....: 0x3B7D82E5 (Fri Aug 17 22:47:33 2001)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xAD 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xB80 0x3C8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xF80 0x9A 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57

( 0 imports )


( 0 exports )
TrID : File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD : -
RDS : NSRL Reference Data Set

( Topics Entertainment )

Instant Home Design: beep.sys
( Symantec )

Norton SystemWorks 2005: BEEP.SYS
( Compaq )

Compaq Operating System CD: beep.sys
( NewTech Infosystems Inc. )

CD-Maker Plus Edition: beep.sys
( The Learning Company Inc. )

Reader Rabbits Toddler: beep.sys
( Dell )

Reinstallation CD Microsoft Windows XP Professional: beep.sys
( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS, beep.sys
( Sony )

Sony VAIO Recover CDs: BEEP.SYS
( Microsoft )

2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sysApplications, Platforms: beep.sysApplications, Platforms: beep.sysApplications, Platforms, Servers: beep.sysApplications, Platforms, Servers: beep.sysDisc 2438.5: beep.sysImplementing and Supporting Microsoft Windows XP Professional: beep.sysInternet Explorer: beep.sysInternet Explorer Versions: beep.sysMDSN Disc 2441.2: beep.sysMicrosoft Security Resource Kit: beep.sysMicrosoft TechNet Trial Software 2002 Volume 1: beep.sysMicrosoft Windows XP Professional: beep.sysMSDN Disc 1550: beep.sysMSDN Disc 2041: beep.sysMSDN Disc 2053: beep.sysMSDN Disc 2307: beep.sysMSDN Disc 2364: beep.sysMSDN disc 2390: beep.sysMSDN Disc 2428: beep.sysMSDN Disc 2428.1: beep.sysMSDN Disc 2428.2: beep.sysMSDN Disc 2428.4: beep.sysMSDN Disc 2428.5: beep.sysMSDN Disc 2428.8: beep.sysMSDN Disc 2438: beep.sysMSDN Disc 2438.1: beep.sysMSDN Disc 2438.2: beep.sysMSDN DISC 2438.3: beep.sysMSDN Disc 2438.7: beep.sysMSDN Disc 2438.8: beep.sysMSDN Disc 2439: beep.sysMSDN Disc 2439.1: beep.sysMSDN Disc 2439.2: beep.sysMSDN Disc 2439.3: beep.sysMSDN Disc 2439.6: beep.sysMSDN Disc 2439.7: beep.sysMSDN Disc 2439.8: beep.sysMSDN Disc 2440.3: beep.sysMSDN Disc 2440.4: beep.sysMSDN Disc 2440.5: beep.sysMSDN Disc 2441: beep.sysMSDN Disc 2441.1: beep.sysMSDN Disc 2441.5: beep.sysMSDN Disc 2441.6: beep.sysMSDN Disc 2441.7: beep.sysMSDN Disc 2442: beep.sysMSDN Disc 2442.1: beep.sysMSDN Disc 2442.2: beep.sysMSDN Disc 2442.3: beep.sysMSDN Disc 2442.4: beep.sysMSDN Disc 2442.6: beep.sysMSDN Disc 2443: beep.sysMSDN Disc 2443.1: beep.sysMSDN Disc 2443.2: beep.sysMSDN Disc 2443.4: beep.sysMSDN Disc 2444: beep.sysMSDN Disc 2444.1: beep.sysMSDN Disc 2444.3: beep.sysMSDN Disc 2444.3: beep.sysMSDN Disc 2444.4: beep.sysMSDN Disc 2444.6: beep.sysMSDN Disc 2455: beep.sysMSDN Disc 2455.1: beep.sysMSDN disc 2455.2: beep.sysMSDN Disc 2455.6: beep.sysMSDN Disc 2464: beep.sysMSDN Disc 2464.1: beep.sysMSDN Disc 2464.5: beep.sysMSDN Disc 2465: beep.sysMSDN Disc 2465.2: beep.sysMSDN disc 2465.3: beep.sysMSDN Disc 2465.4: beep.sysMSDN Disc 2465.5: beep.sysMSDN Disc 2466: beep.sysMSDN Disc 2466.1: beep.sysMSDN Disc 2466.2: beep.sysMSDN Disc 2466.4: beep.sysMSDN Disc 2476: beep.sysMSDN Disc 2476.1: beep.sysMSDN Disc 2476.2: beep.sysMSDN Disc 2476.4: beep.sysMSDN Disc 2477.2: beep.sysMSDN Disc 3264: beep.sysMSDN Disc2365: beep.sysMSDN Disc2389: beep.sysMSDN Disc2428.3: beep.sysMSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sysOffice XP Professional with FrontPage: beep.sysOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sysPlatforms: beep.sysPlatforms SDKs/DDKs: beep.sysPlatforms, SDK/DDK: beep.sysPlatforms, SDK/DDK: beep.sysPlatforms, SDK/DDK, Developer Tools: beep.sysVirtual PC for Mac Windows XP Home Edition: beep.sysVirtual PC for Mac Windows XP Professional Edition: beep.sysWindows 2000 Versions: beep.sysWindows 98 Versions: beep.sysWindows CE .NET Evaluation Software: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP eMbedded Evaluation Software: beep.sysWindows XP Home Edition: beep.sysWindows XP Home Edition: beep.sysWindows XP Professional: beep.sysWindows XP Professional: beep.sysWindows XP Professional 2002 Service Pack 1: beep.sysWindows XP Tablet PC Edition: beep.sys

Voici le rapport c/windows/system32/dllcache/beep.sys :

MD5: da1f27d85e0d1525f6621372e7b685e9
First received: 2008.04.17 05:23:36 UTC
Date 2009.08.16 13:18:04 UTC [<1D]
Résultats 1/41

Fichier beep.sys reçu le 2009.08.16 13:18:04 (UTC)
Situation actuelle: terminé

Résultat: 1/41 (2.44%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.16 -
AhnLab-V3 5.0.0.2 2009.08.15 -
AntiVir 7.9.1.1 2009.08.14 -
Antiy-AVL 2.0.3.7 2009.08.14 -
Authentium 5.1.2.4 2009.08.15 -
Avast 4.8.1335.0 2009.08.15 -
AVG 8.5.0.406 2009.08.16 -
BitDefender 7.2 2009.08.16 -
CAT-QuickHeal 10.00 2009.08.16 -
ClamAV 0.94.1 2009.08.16 -
Comodo 1989 2009.08.16 -
DrWeb 5.0.0.12182 2009.08.16 -
eSafe 7.0.17.0 2009.08.13 Win32.Banker
eTrust-Vet 31.6.6678 2009.08.14 -
F-Prot 4.4.4.56 2009.08.15 -
F-Secure 8.0.14470.0 2009.08.16 -
Fortinet 3.120.0.0 2009.08.16 -
GData 19 2009.08.16 -
Ikarus T3.1.1.64.0 2009.08.16 -
Jiangmin 11.0.800 2009.08.16 -
K7AntiVirus 7.10.819 2009.08.14 -
Kaspersky 7.0.0.125 2009.08.16 -
McAfee 5710 2009.08.15 -
McAfee+Artemis 5710 2009.08.15 -
McAfee-GW-Edition 6.8.5 2009.08.16 -
Microsoft 1.4903 2009.08.16 -
NOD32 4339 2009.08.16 -
Norman 6.01.09 2009.08.14 -
nProtect 2009.1.8.0 2009.08.16 -
Panda 10.0.0.14 2009.08.16 -
PCTools 4.4.2.0 2009.08.16 -
Prevx 3.0 2009.08.16 -
Rising 21.42.62.00 2009.08.16 -
Sophos 4.44.0 2009.08.16 -
Sunbelt 3.2.1858.2 2009.08.15 -
Symantec 1.4.4.12 2009.08.16 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.14 -
VBA32 3.12.10.9 2009.08.16 -
ViRobot 2009.8.14.1885 2009.08.14 -
VirusBuster 4.6.5.0 2009.08.16 -
Information additionnelle
File size: 4224 bytes
MD5 : da1f27d85e0d1525f6621372e7b685e9
SHA1 : e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x66C
timedatestamp.....: 0x3B7D82E5 (Fri Aug 17 22:47:33 2001)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xAD 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xB80 0x3C8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xF80 0x9A 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57

( 0 imports )


( 0 exports )
TrID : File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD : -
RDS : NSRL Reference Data Set

( Topics Entertainment )

Instant Home Design: beep.sys
( Symantec )

Norton SystemWorks 2005: BEEP.SYS
( Compaq )

Compaq Operating System CD: beep.sys
( NewTech Infosystems Inc. )

CD-Maker Plus Edition: beep.sys
( The Learning Company Inc. )

Reader Rabbits Toddler: beep.sys
( Dell )

Reinstallation CD Microsoft Windows XP Professional: beep.sys
( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS, beep.sys
( Sony )

Sony VAIO Recover CDs: BEEP.SYS
( Microsoft )

2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sysApplications, Platforms: beep.sysApplications, Platforms: beep.sysApplications, Platforms, Servers: beep.sysApplications, Platforms, Servers: beep.sysDisc 2438.5: beep.sysImplementing and Supporting Microsoft Windows XP Professional: beep.sysInternet Explorer: beep.sysInternet Explorer Versions: beep.sysMDSN Disc 2441.2: beep.sysMicrosoft Security Resource Kit: beep.sysMicrosoft TechNet Trial Software 2002 Volume 1: beep.sysMicrosoft Windows XP Professional: beep.sysMSDN Disc 1550: beep.sysMSDN Disc 2041: beep.sysMSDN Disc 2053: beep.sysMSDN Disc 2307: beep.sysMSDN Disc 2364: beep.sysMSDN disc 2390: beep.sysMSDN Disc 2428: beep.sysMSDN Disc 2428.1: beep.sysMSDN Disc 2428.2: beep.sysMSDN Disc 2428.4: beep.sysMSDN Disc 2428.5: beep.sysMSDN Disc 2428.8: beep.sysMSDN Disc 2438: beep.sysMSDN Disc 2438.1: beep.sysMSDN Disc 2438.2: beep.sysMSDN DISC 2438.3: beep.sysMSDN Disc 2438.7: beep.sysMSDN Disc 2438.8: beep.sysMSDN Disc 2439: beep.sysMSDN Disc 2439.1: beep.sysMSDN Disc 2439.2: beep.sysMSDN Disc 2439.3: beep.sysMSDN Disc 2439.6: beep.sysMSDN Disc 2439.7: beep.sysMSDN Disc 2439.8: beep.sysMSDN Disc 2440.3: beep.sysMSDN Disc 2440.4: beep.sysMSDN Disc 2440.5: beep.sysMSDN Disc 2441: beep.sysMSDN Disc 2441.1: beep.sysMSDN Disc 2441.5: beep.sysMSDN Disc 2441.6: beep.sysMSDN Disc 2441.7: beep.sysMSDN Disc 2442: beep.sysMSDN Disc 2442.1: beep.sysMSDN Disc 2442.2: beep.sysMSDN Disc 2442.3: beep.sysMSDN Disc 2442.4: beep.sysMSDN Disc 2442.6: beep.sysMSDN Disc 2443: beep.sysMSDN Disc 2443.1: beep.sysMSDN Disc 2443.2: beep.sysMSDN Disc 2443.4: beep.sysMSDN Disc 2444: beep.sysMSDN Disc 2444.1: beep.sysMSDN Disc 2444.3: beep.sysMSDN Disc 2444.3: beep.sysMSDN Disc 2444.4: beep.sysMSDN Disc 2444.6: beep.sysMSDN Disc 2455: beep.sysMSDN Disc 2455.1: beep.sysMSDN disc 2455.2: beep.sysMSDN Disc 2455.6: beep.sysMSDN Disc 2464: beep.sysMSDN Disc 2464.1: beep.sysMSDN Disc 2464.5: beep.sysMSDN Disc 2465: beep.sysMSDN Disc 2465.2: beep.sysMSDN disc 2465.3: beep.sysMSDN Disc 2465.4: beep.sysMSDN Disc 2465.5: beep.sysMSDN Disc 2466: beep.sysMSDN Disc 2466.1: beep.sysMSDN Disc 2466.2: beep.sysMSDN Disc 2466.4: beep.sysMSDN Disc 2476: beep.sysMSDN Disc 2476.1: beep.sysMSDN Disc 2476.2: beep.sysMSDN Disc 2476.4: beep.sysMSDN Disc 2477.2: beep.sysMSDN Disc 3264: beep.sysMSDN Disc2365: beep.sysMSDN Disc2389: beep.sysMSDN Disc2428.3: beep.sysMSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sysOffice XP Professional with FrontPage: beep.sysOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sysPlatforms: beep.sysPlatforms SDKs/DDKs: beep.sysPlatforms, SDK/DDK: beep.sysPlatforms, SDK/DDK: beep.sysPlatforms, SDK/DDK, Developer Tools: beep.sysVirtual PC for Mac Windows XP Home Edition: beep.sysVirtual PC for Mac Windows XP Professional Edition: beep.sysWindows 2000 Versions: beep.sysWindows 98 Versions: beep.sysWindows CE .NET Evaluation Software: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP eMbedded Evaluation Software: beep.sysWindows XP Home Edition: beep.sysWindows XP Home Edition: beep.sysWindows XP Professional: beep.sysWindows XP Professional: beep.sysWindows XP Professional 2002 Service Pack 1: beep.sysWindows XP Tablet PC Edition: beep.sys

Publicité
gaby.zeze
 Posté le 17/08/2009 à 11:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

3/ RSIT

Voici le rapport log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gabrielle at 2009-08-17 11:04:18
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (34%) free of 22 GB
Total RAM: 1270 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:25, on 17/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gabrielle\Bureau\RSIT.exe
D:\_Programmes\avast\Gabrielle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221252786765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221297384240
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - AppInit_DLLs: cru629.dat
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Google Update Service (gupdate1c98394c3fa3d08) (gupdate1c98394c3fa3d08) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe

--
End of file - 6318 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003UA.job
C:\WINDOWS\tasks\Norton Security Scan for Gabrielle.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-10 148888]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-03-19 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="cru629.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 2009"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-17 11:04:18 ----D---- C:\rsit
2009-08-17 10:42:14 ----A---- C:\resultat.txt
2009-08-17 00:24:10 ----HD---- C:\WINDOWS\PIF
2009-08-17 00:22:50 ----A---- C:\WINDOWS\system32\Copie de user32.dll
2009-08-16 23:34:13 ----A---- C:\WINDOWS\system32\wisdstr.exe
2009-08-16 23:31:41 ----A---- C:\WINDOWS\bdagent.INI
2009-08-16 22:21:58 ----D---- C:\Documents and Settings\Gabrielle\Application Data\BitDefender
2009-08-16 22:21:11 ----D---- C:\Program Files\BitDefender
2009-08-16 22:21:11 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-08-16 22:18:58 ----D---- C:\Program Files\Fichiers communs\BitDefender
2009-08-16 21:55:54 ----SHD---- C:\RECYCLER
2009-08-16 19:19:12 ----D---- C:\Program Files\ESET
2009-08-16 19:16:58 ----A---- C:\WINDOWS\qanuxutyfi.bat
2009-08-16 19:16:58 ----A---- C:\WINDOWS\oxanevikaz.com
2009-08-16 19:16:58 ----A---- C:\Program Files\Fichiers communs\aridahe.dll
2009-08-16 19:16:18 ----D---- C:\PC_Antispyware2010
2009-08-16 19:16:14 ----D---- C:\Program Files\PC_Antispyware2010
2009-08-16 18:43:48 ----A---- C:\ComboFix.txt
2009-08-16 18:23:29 ----A---- C:\WINDOWS\resetlog.txt
2009-08-16 16:08:59 ----SHD---- C:\Config.Msi
2009-08-16 15:51:56 ----D---- C:\Program Files\Navilog1
2009-08-16 14:52:05 ----D---- C:\Qoobox
2009-08-16 13:58:44 ----D---- C:\SDFix
2009-08-16 12:54:19 ----A---- C:\TCleaner.txt
2009-08-16 12:46:22 ----D---- C:\Documents and Settings\Gabrielle\Application Data\WinRAR
2009-08-16 12:33:38 ----D---- C:\WINDOWS\ERUNT
2009-08-16 12:33:37 ----D---- C:\Backups
2009-08-16 12:13:22 ----A---- C:\WINDOWS\system32\tmp.txt
2009-08-16 12:13:19 ----A---- C:\rapport.txt
2009-08-15 21:48:23 ----D---- C:\WINDOWS\Minidump
2009-08-15 21:37:30 ----SD---- C:\Csssx
2009-08-07 10:50:23 ----A---- C:\Ma Petite Entreprise.txt
2009-08-07 10:36:24 ----D---- C:\Program Files\Ciel
2009-08-07 10:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Ciel
2009-07-19 16:43:36 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-07-19 16:43:36 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-07-19 16:43:35 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-07-19 16:42:21 ----D---- C:\Program Files\DivX
2009-07-19 11:23:58 ----D---- C:\Program Files\IKEA HomePlanner
2009-07-19 11:23:34 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

======List of files/folders modified in the last 1 months======

2009-08-17 11:04:25 ----D---- C:\WINDOWS\Prefetch
2009-08-17 10:33:41 ----D---- C:\WINDOWS\system32
2009-08-17 10:33:40 ----D---- C:\WINDOWS\temp
2009-08-17 09:20:27 ----D---- C:\Program Files\Mozilla Firefox
2009-08-17 09:11:23 ----D---- C:\Documents and Settings\Gabrielle\Application Data\FileZilla
2009-08-17 09:05:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-17 09:02:40 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-08-17 09:02:23 ----D---- C:\WINDOWS
2009-08-17 09:01:55 ----D---- C:\WINDOWS\Registration
2009-08-17 02:27:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-17 00:50:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-17 00:34:01 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-17 00:28:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-17 00:28:46 ----D---- C:\WINDOWS\system32\drivers
2009-08-16 22:22:33 ----SHD---- C:\WINDOWS\Installer
2009-08-16 22:22:09 ----HD---- C:\WINDOWS\inf
2009-08-16 22:21:11 ----RD---- C:\Program Files
2009-08-16 22:18:58 ----D---- C:\Program Files\Fichiers communs
2009-08-16 21:01:43 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-08-16 21:00:10 ----D---- C:\Program Files\Norton Security Scan
2009-08-16 19:31:18 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-16 19:19:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-16 18:41:57 ----A---- C:\WINDOWS\system.ini
2009-08-16 18:40:58 ----D---- C:\WINDOWS\AppPatch
2009-08-16 16:12:41 ----D---- C:\WINDOWS\Downloaded Installations
2009-08-16 16:10:50 ----D---- C:\Program Files\Google
2009-08-16 16:10:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-16 16:10:09 ----D---- C:\Program Files\Fichiers communs\Apple
2009-08-16 16:09:00 ----SD---- C:\WINDOWS\Tasks
2009-08-16 16:06:19 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-08-16 13:04:56 ----SHD---- C:\System Volume Information
2009-08-16 13:04:56 ----D---- C:\WINDOWS\system32\Restore
2009-08-16 01:04:30 ----D---- C:\WINDOWS\system32\config
2009-08-16 01:04:17 ----D---- C:\WINDOWS\ERDNT
2009-08-14 18:14:16 ----D---- C:\WINDOWS\system32\Adobe
2009-08-14 18:12:35 ----D---- C:\WINDOWS\WinSxS
2009-08-14 18:12:09 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-14 18:12:04 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-08-08 12:10:14 ----A---- C:\WINDOWS\PEV.exe
2009-08-07 14:49:33 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-30 14:21:15 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-24 12:00:01 ----D---- C:\Program Files\EasyPHP 2.0b1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NETw4x32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 catchme;catchme; \??\C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\catchme.sys []
S3 DOSMEMIO;MEMIO; \??\E:\MEMIO.SYS []
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-10 152984]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2009-03-24 415024]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-03-27 1626112]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S2 gupdate1c98394c3fa3d08;Google Update Service (gupdate1c98394c3fa3d08); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-01-31 133104]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Voici le rapport info.txt

info.txt logfile of random's system information tool 1.06 2009-08-17 11:04:28

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
BitDefender Total Security 2009-->MsiExec.exe /X{46E0C50A-1F67-46B9-B4A6-B153245ECFE7}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
FileZilla Client 3.1.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"D:\_Programmes\avast\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
IKEA Home Planner-->MsiExec.exe /I{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 3.9.5 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Navilog1 3.7.6-->"C:\Program Files\Navilog1\unins000.exe"
Nero 7 Essentials-->MsiExec.exe /X{66EBD70F-A42C-475F-AEDF-277378151036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Fichiers communs\Symantec Shared\NSSSetup\{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}
OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
PC Antispyware 2010-->C:\Program Files\PC_Antispyware2010\Uninstall.exe
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerKit 1.0-->"C:\Program Files\Astase\PowerKit\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WampServer 2.0-->"C:\Program Files\wamp\unins000.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB919803-->"C:\WINDOWS\$NtUninstallKB919803$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yooda Submit-->C:\Program Files\Yooda\Submit\uninstall.exe

=====HijackThis Backups=====

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll (file missing) [2009-08-16]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [2009-08-16]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab [2009-08-16]
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab [2009-08-16]
O20 - AppInit_DLLs: cru629.dat [2009-08-16]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 [2009-08-16]
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll [2009-08-16]
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll [2009-08-16]
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-16]
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-16]
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-16]
O15 - Trusted Zone: http://www.orange.fr [2009-08-16]
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 [2009-08-16]
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gabrielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [2009-08-16]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL [2009-08-16]
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-16]
O23 - Service: Google Update Service (gupdate1c98394c3fa3d08) (gupdate1c98394c3fa3d08) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-16]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [2009-08-16]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-16]
O4 - Startup: ikowin32.exe [2009-08-16]
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-08-16]
O23 - Service: Google Update Service (gupdate1c98394c3fa3d08) (gupdate1c98394c3fa3d08) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-16]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-16]
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-16]
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe [2009-08-16]
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe [2009-08-16]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-16]

======Security center information======

AV: Antivirus BitDefender
FW: Pare-feu BitDefender

======System event log======

Computer Name: INSPIRON
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 8937
Source Name: Service Control Manager
Time Written: 20090807075242.000000+120
Event Type: Informations
User: INSPIRON\Gabrielle

Computer Name: INSPIRON
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 8936
Source Name: Service Control Manager
Time Written: 20090807075242.000000+120
Event Type: Informations
User:

Computer Name: INSPIRON
Event Code: 7036
Message: Le service NMIndexingService est entré dans l'état : en cours d'exécution.

Record Number: 8935
Source Name: Service Control Manager
Time Written: 20090807075242.000000+120
Event Type: Informations
User:

Computer Name: INSPIRON
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de l’iPod.

Record Number: 8934
Source Name: Service Control Manager
Time Written: 20090807075242.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: INSPIRON
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NMIndexingService.

Record Number: 8933
Source Name: Service Control Manager
Time Written: 20090807075242.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: INSPIRON
Event Code: 0
Message:
Record Number: 5
Source Name: iPod Service
Time Written: 20090728210950.000000+120
Event Type: Informations
User:

Computer Name: INSPIRON
Event Code: 0
Message:
Record Number: 4
Source Name: NMIndexingService
Time Written: 20090728210950.000000+120
Event Type: Informations
User:

Computer Name: INSPIRON
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20090728210949.000000+120
Event Type: Informations
User:

Computer Name: INSPIRON
Event Code: 0
Message:
Record Number: 2
Source Name: gupdate1c98394c3fa3d08
Time Written: 20090728210945.000000+120
Event Type: Informations
User:

Computer Name: INSPIRON
Event Code: 1
Message:
Record Number: 1
Source Name: Bonjour Service
Time Written: 20090728210945.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\DivX Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip

-----------------EOF-----------------

Merci,

Gaby

Batch_Man
 Posté le 17/08/2009 à 11:38 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Re,

Beep.sys patché..

1/ Virustotal

Fais scanner ce fichier sur virustotal: C:\SDFix\apps\Replace\xp\beep.sys

2/ OTM

  • Télécharge OTM (de Old_Timer) sur ton bureau,
  • Double-clique sur OTM.exe pour lancer le programme,
  • Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :
:processes
explorer.exe
wscript.exe
cscript.exe
wisdstr.exe
braviax.exe

:files
C:\WINDOWS\system32\Copie de user32.dll
C:\WINDOWS\system32\wisdstr.exe
C:\WINDOWS\qanuxutyfi.bat
C:\WINDOWS\oxanevikaz.com
C:\Program Files\Fichiers communs\aridahe.dll
C:\PC_Antispyware2010
C:\Program Files\PC_Antispyware2010
C:\WINDOWS\system32\tmp.txt
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Regedit32"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010]
[-HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HomeAntivirus2010]
[-HKEY_LOCAL_MACHINE\SOFTWARE\HomeAntivirus2010]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe"=-

:commands
[purity]
[emptytemp]
[reboot]
  • Clique sur MoveIt! pour lancer la suppression,
  • Le résultat appraraîtra dans le cadre Results.
  • Clique sur Exit pour fermer le programme.
  • Poste le rapport qui est situé ici : C:\\\_OTM\MovedFiles
  • Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ OTS

  • Télécharge OTS de Old_Timer sur ton Bureau,
  • Désactive temporairement ton antivirus (pas le pare-feu).
  • !! Tu dois avoir ouvert un compte disposant de droits administrateurs pour exécuter le programme !!
  • Ferme tous les autres programmes à l'exception du navigateur,
  • Fais un double-clic sur le fichier OTS.exe (si tu es sous Vista, fais un clic droit sur OTS.exe et choisis d'exécuter en tant qu'administrateur),
  • Dans la rubrique "Additional Scans" à droite, clique sur "Extras"
  • Coche ces rubriques : NetSvcs, Safe boot Minimal et Safe Boot NetWork.
  • Ne modifie aucun autre paramètre,
  • Ensuite, clique sur le bouton Run Scan dans la barre d'outils,
  • Laisse le programme tourner sans intervenir,
  • Lorsque l'analyse est terminée, le bloc-note va s'ouvrir avec le rapport d'analyse.
  • Cliquer sur le menu Format et vérifier que Retour automatique à la ligne n'est pas coché.
  • Edite le rapport, en plusieurs si nécessaire si un message d'erreur apparait dans ta prochaine réponse quand tu veux le coller sur le forum.
  • Vérifie que la 1ère ligne et la dernière ligne du rapport édité est [code]
  • Réactive l'antivirus.
  • Le rapport étant très long, tu peux m’envoyer celui-ci via : http://www.zshare.net/
    Clique sur Parcourir , va "chercher" ton rapport OTS.txt puis coche "I have read ..." puis clique sur Share it
    Attends un peu puis copie-colle ici le lien en bleu qui va apparaître dans un petit rectangle.

Batch_Man



Modifié par Batch_Man le 17/08/2009 11:51
gaby.zeze
 Posté le 17/08/2009 à 11:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Voici les rapports :

1/ Virustotal

Rapport virustotal C:\SDFix\apps\Replace\xp\beep.sys

MD5: da1f27d85e0d1525f6621372e7b685e9
First received: 2008.04.17 05:23:36 UTC
Date 2009.08.16 13:18:04 UTC [<1D]
Résultats 1/41

Fichier beep.sys reçu le 2009.08.16 13:18:04 (UTC)
Situation actuelle: terminé

Résultat: 1/41 (2.44%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.16 -
AhnLab-V3 5.0.0.2 2009.08.15 -
AntiVir 7.9.1.1 2009.08.14 -
Antiy-AVL 2.0.3.7 2009.08.14 -
Authentium 5.1.2.4 2009.08.15 -
Avast 4.8.1335.0 2009.08.15 -
AVG 8.5.0.406 2009.08.16 -
BitDefender 7.2 2009.08.16 -
CAT-QuickHeal 10.00 2009.08.16 -
ClamAV 0.94.1 2009.08.16 -
Comodo 1989 2009.08.16 -
DrWeb 5.0.0.12182 2009.08.16 -
eSafe 7.0.17.0 2009.08.13 Win32.Banker
eTrust-Vet 31.6.6678 2009.08.14 -
F-Prot 4.4.4.56 2009.08.15 -
F-Secure 8.0.14470.0 2009.08.16 -
Fortinet 3.120.0.0 2009.08.16 -
GData 19 2009.08.16 -
Ikarus T3.1.1.64.0 2009.08.16 -
Jiangmin 11.0.800 2009.08.16 -
K7AntiVirus 7.10.819 2009.08.14 -
Kaspersky 7.0.0.125 2009.08.16 -
McAfee 5710 2009.08.15 -
McAfee+Artemis 5710 2009.08.15 -
McAfee-GW-Edition 6.8.5 2009.08.16 -
Microsoft 1.4903 2009.08.16 -
NOD32 4339 2009.08.16 -
Norman 6.01.09 2009.08.14 -
nProtect 2009.1.8.0 2009.08.16 -
Panda 10.0.0.14 2009.08.16 -
PCTools 4.4.2.0 2009.08.16 -
Prevx 3.0 2009.08.16 -
Rising 21.42.62.00 2009.08.16 -
Sophos 4.44.0 2009.08.16 -
Sunbelt 3.2.1858.2 2009.08.15 -
Symantec 1.4.4.12 2009.08.16 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.14 -
VBA32 3.12.10.9 2009.08.16 -
ViRobot 2009.8.14.1885 2009.08.14 -
VirusBuster 4.6.5.0 2009.08.16 -
Information additionnelle
File size: 4224 bytes
MD5 : da1f27d85e0d1525f6621372e7b685e9
SHA1 : e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x66C
timedatestamp.....: 0x3B7D82E5 (Fri Aug 17 22:47:33 2001)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xAD 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xB80 0x3C8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xF80 0x9A 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57

( 0 imports )


( 0 exports )
TrID : File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD : -

RDS : NSRL Reference Data Set

( Topics Entertainment )

Instant Home Design: beep.sys
( Symantec )

Norton SystemWorks 2005: BEEP.SYS
( Compaq )

Compaq Operating System CD: beep.sys
( NewTech Infosystems Inc. )

CD-Maker Plus Edition: beep.sys
( The Learning Company Inc. )

Reader Rabbits Toddler: beep.sys
( Dell )

Reinstallation CD Microsoft Windows XP Professional: beep.sys
( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS, beep.sys
( Sony )

Sony VAIO Recover CDs: BEEP.SYS
( Microsoft )

2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sysApplications, Platforms: beep.sysApplications, Platforms: beep.sysApplications, Platforms, Servers: beep.sysApplications, Platforms, Servers: beep.sysDisc 2438.5: beep.sysImplementing and Supporting Microsoft Windows XP Professional: beep.sysInternet Explorer: beep.sysInternet Explorer Versions: beep.sysMDSN Disc 2441.2: beep.sysMicrosoft Security Resource Kit: beep.sysMicrosoft TechNet Trial Software 2002 Volume 1: beep.sysMicrosoft Windows XP Professional: beep.sysMSDN Disc 1550: beep.sysMSDN Disc 2041: beep.sysMSDN Disc 2053: beep.sysMSDN Disc 2307: beep.sysMSDN Disc 2364: beep.sysMSDN disc 2390: beep.sysMSDN Disc 2428: beep.sysMSDN Disc 2428.1: beep.sysMSDN Disc 2428.2: beep.sysMSDN Disc 2428.4: beep.sysMSDN Disc 2428.5: beep.sysMSDN Disc 2428.8: beep.sysMSDN Disc 2438: beep.sysMSDN Disc 2438.1: beep.sysMSDN Disc 2438.2: beep.sysMSDN DISC 2438.3: beep.sysMSDN Disc 2438.7: beep.sysMSDN Disc 2438.8: beep.sysMSDN Disc 2439: beep.sysMSDN Disc 2439.1: beep.sysMSDN Disc 2439.2: beep.sysMSDN Disc 2439.3: beep.sysMSDN Disc 2439.6: beep.sysMSDN Disc 2439.7: beep.sysMSDN Disc 2439.8: beep.sysMSDN Disc 2440.3: beep.sysMSDN Disc 2440.4: beep.sysMSDN Disc 2440.5: beep.sysMSDN Disc 2441: beep.sysMSDN Disc 2441.1: beep.sysMSDN Disc 2441.5: beep.sysMSDN Disc 2441.6: beep.sysMSDN Disc 2441.7: beep.sysMSDN Disc 2442: beep.sysMSDN Disc 2442.1: beep.sysMSDN Disc 2442.2: beep.sysMSDN Disc 2442.3: beep.sysMSDN Disc 2442.4: beep.sysMSDN Disc 2442.6: beep.sysMSDN Disc 2443: beep.sysMSDN Disc 2443.1: beep.sysMSDN Disc 2443.2: beep.sysMSDN Disc 2443.4: beep.sysMSDN Disc 2444: beep.sysMSDN Disc 2444.1: beep.sysMSDN Disc 2444.3: beep.sysMSDN Disc 2444.3: beep.sysMSDN Disc 2444.4: beep.sysMSDN Disc 2444.6: beep.sysMSDN Disc 2455: beep.sysMSDN Disc 2455.1: beep.sysMSDN disc 2455.2: beep.sysMSDN Disc 2455.6: beep.sysMSDN Disc 2464: beep.sysMSDN Disc 2464.1: beep.sysMSDN Disc 2464.5: beep.sysMSDN Disc 2465: beep.sysMSDN Disc 2465.2: beep.sysMSDN disc 2465.3: beep.sysMSDN Disc 2465.4: beep.sysMSDN Disc 2465.5: beep.sysMSDN Disc 2466: beep.sysMSDN Disc 2466.1: beep.sysMSDN Disc 2466.2: beep.sysMSDN Disc 2466.4: beep.sysMSDN Disc 2476: beep.sysMSDN Disc 2476.1: beep.sysMSDN Disc 2476.2: beep.sysMSDN Disc 2476.4: beep.sysMSDN Disc 2477.2: beep.sysMSDN Disc 3264: beep.sysMSDN Disc2365: beep.sysMSDN Disc2389: beep.sysMSDN Disc2428.3: beep.sysMSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sysOffice XP Professional with FrontPage: beep.sysOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sysPlatforms: beep.sysPlatforms SDKs/DDKs: beep.sysPlatforms, SDK/DDK: beep.sysPlatforms, SDK/DDK: beep.sysPlatforms, SDK/DDK, Developer Tools: beep.sysVirtual PC for Mac Windows XP Home Edition: beep.sysVirtual PC for Mac Windows XP Professional Edition: beep.sysWindows 2000 Versions: beep.sysWindows 98 Versions: beep.sysWindows CE .NET Evaluation Software: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP eMbedded Evaluation Software: beep.sysWindows XP Home Edition: beep.sysWindows XP Home Edition: beep.sysWindows XP Professional: beep.sysWindows XP Professional: beep.sysWindows XP Professional 2002 Service Pack 1: beep.sysWindows XP Tablet PC Edition: beep.sys

Batch_Man
 Posté le 17/08/2009 à 11:52 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Re,

Donc un Faux positif de Esafe

Fais le reste -->

gaby.zeze
 Posté le 17/08/2009 à 12:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

2/ OTM

Voici le rapport OTM (j'ai eu un message d'erreur windows, redémarrage du pc, ensuite la 2nde fois ca c'est bien déroulé)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named wscript.exe was found!
No active process named cscript.exe was found!
No active process named wisdstr.exe was found!
No active process named braviax.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\Copie de user32.dll not found.
C:\WINDOWS\system32\wisdstr.exe moved successfully.
C:\WINDOWS\qanuxutyfi.bat moved successfully.
C:\WINDOWS\oxanevikaz.com moved successfully.
LoadLibrary failed for C:\Program Files\Fichiers communs\aridahe.dll
C:\Program Files\Fichiers communs\aridahe.dll NOT unregistered.
C:\Program Files\Fichiers communs\aridahe.dll moved successfully.
C:\PC_Antispyware2010 moved successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT moved successfully.
C:\Program Files\PC_Antispyware2010\data moved successfully.
C:\Program Files\PC_Antispyware2010 moved successfully.
C:\WINDOWS\system32\tmp.txt moved successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HomeAntivirus2010\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\HomeAntivirus2010\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 33938751 bytes
->Apple Safari cache emptied: 6380408 bytes

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Gabrielle
->Temp folder emptied: 1964084 bytes
File delete failed. C:\Documents and Settings\Gabrielle\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 4241458 bytes
->Java cache emptied: 43433471 bytes
->FireFox cache emptied: 286732245 bytes
->Google Chrome cache emptied: 557424 bytes
->Apple Safari cache emptied: 24457877 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3400354 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1225817 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 116209 bytes
RecycleBin emptied: 2864 bytes

Total Files Cleaned = 387,62 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08172009_115529

Files moved on Reboot...

Registry entries deleted on Reboot...


Gaby

Batch_Man
 Posté le 17/08/2009 à 12:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Re,

Super, j'attend le rapport OTS car tout ne doit pas avoir été supprimé.

Tu me diras aussi ça il y a des améliorations.

Batch_Man

gaby.zeze
 Posté le 17/08/2009 à 12:14 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Re !

3/ OTS

Voici le rapport OTS (1/2):

[code]
OTS logfile created on: 17/08/2009 12:06:35 - Run 1
OTS by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Gabrielle\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,24 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 55,98% Memory free
2,34 Gb Paging File | 1,86 Gb Available in Paging File | 79,62% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 21,00 Gb Total Space | 7,50 Gb Free Space | 35,74% Space Free | Partition Type: NTFS
Drive D: | 33,48 Gb Total Space | 21,84 Gb Free Space | 65,21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON
Current User Name: Gabrielle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
bdagent.exe -> C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe -> [2009/03/19 16:29:42 | 00,778,240 | ---- | M] (BitDefender S.R.L.)
ehmsas.exe -> C:\WINDOWS\eHome\ehmsas.exe -> [2005/08/05 13:34:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\WINDOWS\ehome\ehtray.exe -> [2005/08/05 13:34:32 | 00,064,512 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/13 19:34:04 | 01,037,824 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/03/27 03:53:01 | 00,307,704 | ---- | M] (Mozilla Corporation)
hkcmd.exe -> C:\WINDOWS\System32\hkcmd.exe -> [2007/03/30 20:00:16 | 00,162,584 | ---- | M] (Intel Corporation)
igfxpers.exe -> C:\WINDOWS\System32\igfxpers.exe -> [2007/03/30 19:59:36 | 00,138,008 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> C:\WINDOWS\System32\igfxsrvc.exe -> [2007/03/30 19:59:26 | 00,252,696 | ---- | M] (Intel Corporation)
igfxtray.exe -> C:\WINDOWS\System32\igfxtray.exe -> [2007/03/30 20:00:02 | 00,138,008 | ---- | M] (Intel Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/04/10 12:56:07 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/04/10 12:56:24 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
livesrv.exe -> C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -> [2009/03/24 13:11:44 | 00,415,024 | ---- | M] (BitDefender SRL)
mcrdsvc.exe -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation)
mdm.exe -> C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
nmbgmonitor.exe -> C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe -> [2007/06/01 10:21:08 | 00,153,136 | ---- | M] (Nero AG)
nmindexingservice.exe -> C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -> [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG)
nmindexstoresvr.exe -> C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe -> [2007/06/01 10:21:30 | 01,209,904 | ---- | M] (Nero AG)
ots.exe -> C:\Documents and Settings\Gabrielle\Bureau\OTS.exe -> [2009/08/17 12:02:49 | 00,514,048 | ---- | M] (OldTimer Tools)
seccenter.exe -> C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe -> [2009/04/15 14:33:08 | 00,438,272 | ---- | M] ()
stsystra.exe -> C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe -> [2007/05/10 10:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.)
vsserv.exe -> C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -> [2009/03/27 15:24:30 | 01,626,112 | ---- | M] (BitDefender S. R. L.)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2008/04/13 19:34:30 | 00,218,112 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2008/04/13 19:34:30 | 00,013,824 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Arrakis3) BitDefender Arrakis Server [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -> [2009/01/20 19:16:20 | 00,172,032 | ---- | M] ()
(aspnet_state) Service d'état ASP.NET [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | Auto | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Service de planification Media Center [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation)
(gupdate1c98394c3fa3d08) Google Update Service (gupdate1c98394c3fa3d08) [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/01/31 13:12:08 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2007/01/04 03:40:21 | 00,136,120 | ---- | M] (Google)
(helpsvc) Aide et support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:33:40 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) Service de l’iPod [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/04/10 12:56:07 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -> [2009/03/24 13:11:44 | 00,415,024 | ---- | M] (BitDefender SRL)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 07:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation)
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -> [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG)
(scan) BitDefender Threat Scanner [Win32_Shared | On_Demand | Stopped] -> C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -> [2009/08/16 22:31:56 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L)
(VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -> [2009/03/27 15:24:30 | 01,626,112 | ---- | M] (BitDefender S. R. L.)
(wampapache) wampapache [Win32_Own | On_Demand | Stopped] -> C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe -> [2008/12/10 00:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation)
(wampmysqld) wampmysqld [Win32_Own | On_Demand | Stopped] -> C:\Program Files\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe -> [2009/02/15 00:22:12 | 06,558,336 | ---- | M] ()
(WMPNetworkSvc) Service Partage réseau du Lecteur Windows Media [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -> [2006/11/21 04:25:44 | 00,045,568 | R--- | M] (Broadcom Corporation)
(bdfm) bdfm [File_System | On_Demand | Running] -> C:\WINDOWS\System32\drivers\bdfm.sys -> [2008/09/18 12:09:12 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA)
(Bdfndisf) BitDefender Firewall NDIS Filter Service [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\bdfndisf.sys -> [2009/02/12 16:52:40 | 00,104,328 | ---- | M] (BitDefender LLC)
(bdfsfltr) bdfsfltr [File_System | On_Demand | Running] -> C:\WINDOWS\System32\drivers\bdfsfltr.sys -> [2008/12/10 20:42:46 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA)
(bdftdif) bdftdif [Kernel | System | Running] -> C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -> [2009/02/26 16:29:40 | 00,137,224 | ---- | M] (BitDefender LLC)
(BDSelfPr) BDSelfPr [Kernel | On_Demand | Running] -> C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -> [2009/01/12 12:27:58 | 00,008,832 | ---- | M] (BitDefender S.R.L.)
(BDVEDISK) BDVEDISK [Kernel | Auto | Running] -> C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -> [2008/10/06 18:16:16 | 00,082,696 | ---- | M] (BitDefender S.R.L.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Pilote de bus Microsoft UAA pour High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/13 09:36:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -> [2005/07/22 11:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -> [2005/07/22 11:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -> [2007/03/30 21:34:14 | 05,704,672 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -> [2004/03/17 11:04:14 | 00,013,059 | ---- | M] (Conexant)
(NETw4x32) Pilote de carte Intel(R) Wireless WiFi Link pour Windows XP 32 bits [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\NETw4x32.sys -> [2007/09/26 06:01:32 | 02,236,032 | ---- | M] (Intel Corporation)
(PCAMPR5) PCAMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\PCAMPR5.SYS -> [2003/09/23 11:38:34 | 00,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(PCANDIS5) PCANDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\PCANDIS5.SYS -> [2006/03/01 19:53:54 | 00,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(Profos) Profos [Kernel | On_Demand | Stopped] -> C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -> [2008/09/02 14:32:06 | 00,013,056 | ---- | M] ()
(Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2008/11/20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -> [2006/11/15 00:16:24 | 00,032,256 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\rimsptsk.sys -> [2006/11/14 19:42:46 | 00,043,520 | ---- | M] (REDC)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\rixdptsk.sys -> [2006/11/14 17:35:20 | 00,037,376 | ---- | M] (REDC)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2008/04/13 09:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\sthda.sys -> [2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\SynTP.sys -> [2006/03/08 12:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.)
(Trufos) Trufos [Kernel | On_Demand | Stopped] -> C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -> [2009/04/03 17:49:38 | 00,039,808 | ---- | M] (BitDefender S.R.L.)
(vmm) Virtual Machine Monitor [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\vmm.sys -> [2007/02/18 00:15:34 | 00,232,816 | ---- | M] (Microsoft Corporation)
(VPCNetS2) Virtual Machine Network Services Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\VMNetSrv.sys -> [2007/01/29 06:20:34 | 00,059,280 | ---- | M] (Microsoft Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -> [2005/07/22 11:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://google.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Gabrielle\Application Data\Mozilla\FireFox\Profiles\wurinhwc.default\prefs.js ->
browser.search.update -> false ->
browser.startup.homepage -> "google.com" ->
extensions.enabledItems -> {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> linkfilter@kaspersky.ru:9.0.0.459 ->
extensions.enabledItems -> {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.0 ->
extensions.enabledItems -> {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.3.7 ->
extensions.enabledItems -> {02450954-cdd9-410f-b1da-db804e18c671}:0.95 ->
extensions.enabledItems -> {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6 ->
extensions.enabledItems -> FFToolbar@bitdefender.com:2.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/04/10 12:56:07 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com -> C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR [C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\] -> [2009/08/16 22:32:08 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/08/16 22:25:35 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/08/16 16:08:20 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions -> ->
HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com -> C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION [C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\] -> [2009/08/16 22:21:28 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Gabrielle\Application Data\mozilla\Extensions -> [2008/09/12 22:17:26 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Gabrielle\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/09/12 22:17:26 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Gabrielle\Application Data\mozilla\Firefox\Profiles\wurinhwc.default\extensions -> [2009/08/17 11:59:02 | 00,097,699 | ---- | M] ()
-> C:\Documents and Settings\Gabrielle\Application Data\mozilla\Firefox\Profiles\wurinhwc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} -> [2009/08/17 11:59:02 | 00,097,699 | ---- | M] ()
-> C:\Documents and Settings\Gabrielle\Application Data\mozilla\Firefox\Profiles\wurinhwc.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} -> [2009/08/17 11:59:02 | 00,097,699 | ---- | M] ()
-> C:\Documents and Settings\Gabrielle\Application Data\mozilla\Firefox\Profiles\wurinhwc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} -> [2009/08/17 11:59:02 | 00,097,699 | ---- | M] ()
-> C:\Documents and Settings\Gabrielle\Application Data\mozilla\Firefox\Profiles\wurinhwc.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} -> [2009/08/17 11:59:02 | 00,097,699 | ---- | M] ()
-> C:\Documents and Settings\Gabrielle\Application Data\mozilla\Firefox\Profiles\wurinhwc.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} -> [2009/08/17 11:59:02 | 00,097,699 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/03/27 03:53:02 | 09,732,600 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/03/27 03:53:02 | 09,732,600 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} -> [2009/03/27 03:53:02 | 09,732,600 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009/03/27 03:53:02 | 09,732,600 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\linkfilter@kaspersky.ru -> [2009/03/27 03:53:02 | 09,732,600 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/08/16 22:25:35 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/03/27 03:53:03 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/03/27 03:53:03 | 00,134,648 | ---- | M] (Mozilla Foundation)
FFComm.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\FFComm.dll -> [2009/03/05 18:08:04 | 00,049,664 | ---- | M] ()
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/08/16 16:08:20 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/04/10 12:55:16 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/03/27 03:53:03 | 00,065,528 | ---- | M] (mozilla.org)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/05/31 11:36:14 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/05/31 11:36:14 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/05/31 11:36:14 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/05/31 11:36:14 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/05/31 11:36:14 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/05/31 11:36:14 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/05/31 11:36:14 | 00,143,360 | ---- | M] (Apple Inc.)
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/05/31 11:36:14 | 00,004,208 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/04/07 20:49:32 | 00,000,000 | ---D | M]
amazon-france.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazon-france.xml -> [2006/09/10 13:35:08 | 00,001,516 | ---- | M] ()
eBay-france.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay-france.xml -> [2008/09/28 09:10:26 | 00,000,757 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/04/16 06:08:20 | 00,001,706 | ---- | M] ()
MediaDICO-fr.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\MediaDICO-fr.xml -> [2006/09/10 13:35:08 | 00,000,748 | ---- | M] ()
wikipedia-fr.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia-fr.xml -> [2008/03/29 15:59:44 | 00,001,426 | ---- | M] ()
yahoo-france.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-france.xml -> [2006/09/12 20:49:04 | 00,000,652 | ---- | M] ()
< HOSTS File > (736 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}" [HKLM] -> C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [BitDefender Toolbar] -> [2009/03/24 13:14:02 | 00,095,536 | ---- | M] (Bitdefender)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BDAgent" -> C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe ["C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"] -> [2009/03/19 16:29:42 | 00,778,240 | ---- | M] (BitDefender S.R.L.)
"BitDefender Antiphishing Helper" -> C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe ["C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"] -> [2009/02/23 11:30:46 | 00,069,632 | ---- | M] (BitDefender)
"ehTray" -> C:\WINDOWS\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/08/05 13:34:32 | 00,064,512 | ---- | M] (Microsoft Corporation)
"HotKeysCmds" -> C:\WINDOWS\System32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2007/03/30 20:00:16 | 00,162,584 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINDOWS\System32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2007/03/30 20:00:02 | 00,138,008 | ---- | M] (Intel Corporation)
"NeroFilterCheck" -> C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe] -> [2007/03/01 15:57:24 | 00,153,136 | ---- | M] (Nero AG)
"Persistence" -> C:\WINDOWS\System32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2007/03/30 19:59:36 | 00,138,008 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" -> C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> [2007/05/10 10:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/04/10 12:56:24 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"] -> [2007/06/01 10:21:08 | 00,153,136 | ---- | M] (Nero AG)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->
< Gabrielle Startup Folder > -> C:\Documents and Settings\Gabrielle\Menu Démarrer\Programmes\Démarrage ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableTaskMgr" -> [0] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221252786765 [WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221297384240 [MUWebControl Class] ->
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab [Java Plug-in 1.5.0] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Java Plug-in 1.6.0_04] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{BE1533C0-625C-4315-84B7-4BB31E662FB7}\\DhcpNameServer -> 192.168.1.1 (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:34:04 | 01,037,824 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/03/30 19:59:06 | 00,204,800 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:34:22 | 00,142,848 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:34:22 | 00,142,848 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe" -> C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe [C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup] -> [2007/05/09 15:26:04 | 01,803,824 | ---- | M] (Nero AG)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009/06/26 15:56:32 | 25,604,904 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Pilote de CD-ROM ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/09/12 21:14:57 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


gaby.zeze
 Posté le 17/08/2009 à 12:14 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

rapport OTS (2/2) :

[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.html [@ = SafariHTML] -> C:\Program Files\Safari\Safari.exe -> [2008/06/17 16:16:14 | 03,463,976 | ---- | M] (Apple Inc.)
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ ->
.html [@ = FirefoxHTML] -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/03/27 03:53:01 | 00,307,704 | ---- | M] (Mozilla Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> [] ->
Ias -> [] ->
Iprip -> [] ->
Irmon -> [] ->
NWCWorkstation -> [] ->
Nwsapagent -> [] ->
WmdmPmSp -> [] ->
MHN -> C:\WINDOWS\System32\mhn.dll [C:\WINDOWS\System32\mhn.dll] -> [2004/08/10 07:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation)
helpsvc -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll] -> [2008/04/13 19:33:40 | 00,038,400 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL[Microsoft PKM KnowledgePluggable Class] -> [2001/01/22 03:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation)
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> [2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation)
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll[Reg Error: Value error.] -> [2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> [2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll[MSDAIPP.BINDER] -> [2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation)
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL[Microsoft Infotech Storage Protocol for IE 4.0] -> [2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll[Reg Error: Value error.] -> [2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation)
mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2001/02/24 02:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation)
wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> C:\Program Files\Windows Live\Mail\mailcomm.dll[Windows Live Mail HTML Asynchronous Pluggable Protocol Handler] -> [2009/02/06 18:53:40 | 00,791,392 | ---- | M] (Microsoft Corporation)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:33:40 | 00,038,400 | ---- | M] (Microsoft Corporation)
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:33:40 | 00,038,400 | ---- | M] (Microsoft Corporation)
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"AntiVirusOverride" -> [0] -> File not found
\\"FirewallOverride" -> [0] -> File not found
\\"AntiVirusDisableNotify" -> [0] -> File not found
\\"FirewallDisableNotify" -> [0] -> File not found
\\"UpdatesDisableNotify" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" -> [0] -> File not found
\\"DoNotAllowExceptions" -> [0] -> File not found
\\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -> C:\WINDOWS\System32\nwprovau.dll -> [2008/04/13 19:33:38 | 00,145,920 | ---- | M] (Microsoft Corporation)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} -> PDFCreator
{059C042E-796A-4ACC-A81A-ECC2010BB78C} -> Windows Live Messenger
{1CB92574-96F2-467B-B793-5CEB35C40C29} -> Image Resizer Powertoy for Windows XP
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Outil de téléchargement Windows Live
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{26A24AE4-039D-4CA4-87B4-2F83216013FF} -> Java(TM) 6 Update 13
{3248F0A8-6813-11D6-A77B-00B0D0150000} -> J2SE Runtime Environment 5.0
{3248F0A8-6813-11D6-A77B-00B0D0160040} -> Java(TM) 6 Update 4
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{41B9E2CF-0B3F-442A-B5B3-592A4A355634} -> iTunes
{46E0C50A-1F67-46B9-B4A6-B153245ECFE7} -> BitDefender Total Security 2009
{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} -> Junk Mail filter update
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml
{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} -> Microsoft Office Live Add-in 1.3
{612B9183-67A9-4B44-9877-2F059E35B86A} -> Broadcom 440x 10/100 Integrated Controller
{63DC2DA0-2A6C-4C38-9249-B75395458657} -> Windows Live Mail
{66EBD70F-A42C-475F-AEDF-277378151036} -> Nero 7 Essentials
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0
{7370DF47-B4F9-4279-BFC3-3F09919F720D} -> Installation Windows Live
{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} -> Windows Live Call
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A7CAA24-7B23-410B-A7C3-F994B0944160} -> Microsoft Virtual PC 2007
{8DC42D05-680B-41B0-8878-6C14D24602DB} -> QuickTime
{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard
{9028040C-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Professional avec FrontPage
{95120000-00AF-040C-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (French)
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} -> Windows Live Sync
{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} -> mDriver
{A122962F-331A-4C2E-93DB-AD92D8A4FB14} -> OpenOffice.org 2.4
{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
{A462213D-EED4-42C2-9A60-7BDD4D4B0B17} -> SigmaTel Audio
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AFA9D219-A7FD-4240-8793-E5C7C9D715F4} -> IKEA Home Planner
{B510A987-487E-4C66-9F4F-D386AC275715} -> TextPad 4.7
{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} -> Safari
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{D103C4BA-F905-437A-8049-DB24763BBE36} -> Skype™ 4.1
{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C} -> Norton Security Scan
{F1362843-0E0E-4F74-8662-724CF101ADCE} -> Skype web features
{F196AC50-7C95-42E1-9947-BDAB18BF3C8C} -> Microsoft .NET Framework 2.0 Language Pack - FRA
4569969E1360D2854474C661EF9B4D54F143EB16 -> Package de pilotes Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
7-Zip -> 7-Zip 4.57
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3 -> Conexant HDA D110 MDC V.92 Modem
EasyPHP_is1 -> EasyPHP 2.0b1
ESET Online Scanner -> ESET Online Scanner v3
FileZilla Client -> FileZilla Client 3.1.2
HDMI -> Intel(R) Graphics Media Accelerator Driver
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
KLiteCodecPack_is1 -> K-Lite Codec Pack 3.9.5 (Standard)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA -> Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Mozilla Firefox (3.0.8) -> Mozilla Firefox (3.0.8)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
Navilog1_is1 -> Navilog1 3.7.6
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NSSSetup.{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C} -> Norton Security Scan (Symantec Corporation)
PhotoFiltre -> PhotoFiltre
Picasa 3 -> Picasa 3
PowerKit_is1 -> PowerKit 1.0
ProInst -> Logiciel Intel(R) PROSet/Wireless
SynTPDeinstKey -> Synaptics Pointing Device Driver
VLC media player -> VideoLAN VLC media player 0.8.6h
WampServer 2_is1 -> WampServer 2.0
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Lecteur Windows Media 11
Windows XP Service -> Windows XP Service Pack 3
WinLiveSuite_Wave3 -> Installation Windows Live
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
XpsEPSC -> XML Paper Specification Shared Components Pack 1.0
Yooda Submit -> Yooda Submit
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
Google Chrome -> Google Chrome
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 17/08/2009 05:52:34 Computer Name = INSPIRON | Source = LoadPerf | ID = 3012 -> Description = Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Application [ Error ] 17/08/2009 05:52:34 Computer Name = INSPIRON | Source = LoadPerf | ID = 3012 -> Description = Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Application [ Error ] 17/08/2009 05:52:34 Computer Name = INSPIRON | Source = LoadPerf | ID = 3011 -> Description = Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le code d'erreur est le premier DWORD de la section Data.
Application [ Error ] 17/08/2009 05:58:23 Computer Name = INSPIRON | Source = COM+ | ID = 135761 -> Description = L'environnement d'exécution a détecté une incohérence dans son état interne qui indique une instabilité possible dans le processus. Cette instabilité peut être provoquée par les composants personnalisés exécutés dans l'application COM+, les composants qu'ils utilisent ou d'autres facteurs. Erreur dans f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), Hr = 8007041d : InitEventCollector fail
Application [ Error ] 17/08/2009 05:58:48 Computer Name = INSPIRON | Source = LoadPerf | ID = 3012 -> Description = Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Application [ Error ] 17/08/2009 05:58:48 Computer Name = INSPIRON | Source = LoadPerf | ID = 3012 -> Description = Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Application [ Error ] 17/08/2009 05:58:48 Computer Name = INSPIRON | Source = LoadPerf | ID = 3011 -> Description = Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le code d'erreur est le premier DWORD de la section Data.
Application [ Error ] 17/08/2009 06:01:48 Computer Name = INSPIRON | Source = LoadPerf | ID = 3012 -> Description = Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Application [ Error ] 17/08/2009 06:01:48 Computer Name = INSPIRON | Source = LoadPerf | ID = 3012 -> Description = Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Application [ Error ] 17/08/2009 06:01:48 Computer Name = INSPIRON | Source = LoadPerf | ID = 3011 -> Description = Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le code d'erreur est le premier DWORD de la section Data.
Media Center [ Error ] 06/08/2009 12:06:37 Computer Name = INSPIRON | Source = Recording | ID = 19 -> Description = Le programme d'enregistrement était endommagé et il a été automatiquement supprimé le 06/08/2009 18:06:37. Vous devrez reprogrammer vos enregistrements.
System [ Error ] 17/08/2009 05:55:29 Computer Name = INSPIRON | Source = Service Control Manager | ID = 7034 -> Description = Le service Machine Debug Manager s'est terminé de façon inattendue pour la 1ème fois.
System [ Error ] 17/08/2009 05:55:29 Computer Name = INSPIRON | Source = Service Control Manager | ID = 7034 -> Description = Le service Service de planification Media Center s'est terminé de façon inattendue pour la 1ème fois.
System [ Error ] 17/08/2009 05:55:30 Computer Name = INSPIRON | Source = Service Control Manager | ID = 7034 -> Description = Le service Java Quick Starter s'est terminé de façon inattendue pour la 1ème fois.
System [ Error ] 17/08/2009 05:55:30 Computer Name = INSPIRON | Source = Service Control Manager | ID = 7031 -> Description = Le service Media Center Extender Service s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 5000 millisecondes : Redémarrer le service.
System [ Error ] 17/08/2009 05:55:30 Computer Name = INSPIRON | Source = Service Control Manager | ID = 7034 -> Description = Le service NMIndexingService s'est terminé de façon inattendue pour la 1ème fois.
System [ Error ] 17/08/2009 05:57:28 Computer Name = INSPIRON | Source = Service Control Manager | ID = 7009 -> Description = Délai (30000 millisecondes) d'attente pour une connexion du service .NET Runtime Optimization Service v2.0.50727_X86.
System [ Error ] 17/08/2009 05:58:23 Computer Name = INSPIRON | Source = DCOM | ID = 10005 -> Description = DCOM a reçu l'erreur "%1053" lors de la mise en route du service COMSysApp avec les arguments "" pour démarrer le serveur : {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
System [ Error ] 17/08/2009 05:58:33 Computer Name = INSPIRON | Source = Service Control Manager | ID = 7009 -> Description = Délai (30000 millisecondes) d'attente pour une connexion du service Application système COM+.
System [ Error ] 17/08/2009 05:58:33 Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000 -> Description = Le service Application système COM+ n'a pas pu démarrer en raison de l'erreur : %%1053
System [ Error ] 17/08/2009 05:58:52 Computer Name = INSPIRON | Source = Service Control Manager | ID = 7023 -> Description = Le service Carte de performance WMI s'est arrêté avec l'erreur : %%2147500037

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Gabrielle\Bureau\OTS.exe -> [2009/08/17 12:02:48 | 00,514,048 | ---- | C] (OldTimer Tools)
_OTM -> C:\_OTM -> [2009/08/17 11:50:12 | 00,000,000 | ---D | C]
OTM.exe -> C:\Documents and Settings\Gabrielle\Bureau\OTM.exe -> [2009/08/17 11:47:23 | 00,408,064 | ---- | C] (OldTimer Tools)
rsit -> C:\rsit -> [2009/08/17 11:04:18 | 00,000,000 | ---D | C]
RSIT.exe -> C:\Documents and Settings\Gabrielle\Bureau\RSIT.exe -> [2009/08/17 11:03:59 | 00,781,909 | ---- | C] ()
OAD.exe -> C:\Documents and Settings\Gabrielle\Bureau\OAD.exe -> [2009/08/17 10:36:47 | 00,152,790 | ---- | C] (Changelog.fr )
hiberfil.sys -> C:\hiberfil.sys -> [2009/08/17 00:35:55 | 13,321,50272 | -HS- | C] ()
PIF -> C:\WINDOWS\PIF -> [2009/08/17 00:24:10 | 00,000,000 | -H-D | C]
beep.sys -> C:\WINDOWS\System32\drivers\beep.sys -> [2009/08/17 00:20:37 | 00,004,224 | R--- | C] (Microsoft Corporation)
beep.sys -> C:\WINDOWS\System32\dllcache\beep.sys -> [2009/08/17 00:20:37 | 00,004,224 | ---- | C] (Microsoft Corporation)
ProductTweaks.xml -> C:\WINDOWS\System32\ProductTweaks.xml -> [2009/08/16 23:33:28 | 00,000,850 | ---- | C] ()
user_gensett.xml -> C:\WINDOWS\System32\user_gensett.xml -> [2009/08/16 23:33:27 | 00,000,385 | ---- | C] ()
bdagent.INI -> C:\WINDOWS\bdagent.INI -> [2009/08/16 23:31:41 | 00,000,121 | ---- | C] ()
bdod.bin -> C:\WINDOWS\System32\bdod.bin -> [2009/08/16 22:32:06 | 00,081,984 | ---- | C] ()
BitDefender Total Security 2009.lnk -> C:\Documents and Settings\All Users\Bureau\BitDefender Total Security 2009.lnk -> [2009/08/16 22:21:59 | 00,001,902 | ---- | C] ()
BitDefender -> C:\Documents and Settings\Gabrielle\Application Data\BitDefender -> [2009/08/16 22:21:58 | 00,000,000 | ---D | C]
BitDefender -> C:\Program Files\BitDefender -> [2009/08/16 22:21:11 | 00,000,000 | ---D | C]
BitDefender -> C:\Documents and Settings\All Users\Application Data\BitDefender -> [2009/08/16 22:21:11 | 00,000,000 | ---D | C]
BitDefender -> C:\Program Files\Fichiers communs\BitDefender -> [2009/08/16 22:18:58 | 00,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2009/08/16 21:55:54 | 00,000,000 | -HSD | C]
ESET -> C:\Program Files\ESET -> [2009/08/16 19:19:12 | 00,000,000 | ---D | C]
dilumyviki.dat -> C:\WINDOWS\dilumyviki.dat -> [2009/08/16 19:16:58 | 00,019,447 | ---- | C] ()
mokahibac.dl -> C:\Program Files\Fichiers communs\mokahibac.dl -> [2009/08/16 19:16:58 | 00,019,425 | ---- | C] ()
puliwowus.reg -> C:\Program Files\Fichiers communs\puliwowus.reg -> [2009/08/16 19:16:58 | 00,019,046 | ---- | C] ()
azebixic.sys -> C:\Documents and Settings\All Users\Application Data\azebixic.sys -> [2009/08/16 19:16:58 | 00,018,726 | ---- | C] ()
cecik.bat -> C:\Documents and Settings\All Users\Documents\cecik.bat -> [2009/08/16 19:16:58 | 00,018,310 | ---- | C] ()
salylopen.dat -> C:\Program Files\Fichiers communs\salylopen.dat -> [2009/08/16 19:16:58 | 00,017,530 | ---- | C] ()
tumagac.pif -> C:\WINDOWS\tumagac.pif -> [2009/08/16 19:16:58 | 00,015,771 | ---- | C] ()
yfasirybub._dl -> C:\WINDOWS\System32\yfasirybub._dl -> [2009/08/16 19:16:58 | 00,015,745 | ---- | C] ()
ygagaty.dat -> C:\WINDOWS\System32\ygagaty.dat -> [2009/08/16 19:16:58 | 00,015,705 | ---- | C] ()
oqowyh._dl -> C:\Documents and Settings\All Users\Application Data\oqowyh._dl -> [2009/08/16 19:16:58 | 00,015,001 | ---- | C] ()
ehidyni._sy -> C:\WINDOWS\ehidyni._sy -> [2009/08/16 19:16:58 | 00,014,807 | ---- | C] ()
degucufy._sy -> C:\WINDOWS\degucufy._sy -> [2009/08/16 19:16:58 | 00,013,672 | ---- | C] ()
ybylynonu.db -> C:\WINDOWS\ybylynonu.db -> [2009/08/16 19:16:58 | 00,010,380 | ---- | C] ()
Config.Msi -> C:\Config.Msi -> [2009/08/16 16:08:59 | 00,000,000 | -HSD | C]
Navilog1 -> C:\Program Files\Navilog1 -> [2009/08/16 15:51:56 | 00,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2009/08/16 14:52:05 | 00,000,000 | ---D | C]
SDFix -> C:\SDFix -> [2009/08/16 13:58:44 | 00,000,000 | ---D | C]
Recent -> C:\Documents and Settings\Gabrielle\Recent -> [2009/08/16 12:53:43 | 00,000,000 | ---D | C]
WinRAR -> C:\Documents and Settings\Gabrielle\Application Data\WinRAR -> [2009/08/16 12:46:22 | 00,000,000 | ---D | C]
user32.dll -> C:\WINDOWS\System32\dllcache\user32.dll -> [2009/08/16 12:37:00 | 00,579,584 | ---- | C] (Microsoft Corporation)
ERUNT -> C:\WINDOWS\ERUNT -> [2009/08/16 12:33:38 | 00,000,000 | ---D | C]
Backups -> C:\Backups -> [2009/08/16 12:33:37 | 00,000,000 | ---D | C]
Nouveau dossier -> C:\Documents and Settings\Gabrielle\Bureau\Nouveau dossier -> [2009/08/16 12:12:34 | 00,000,000 | ---D | C]
mshtml.dll -> C:\WINDOWS\System32\dllcache\cache\mshtml.dll -> [2009/08/16 00:39:10 | 03,593,216 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe -> [2009/08/16 00:39:10 | 02,147,328 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe -> [2009/08/16 00:39:10 | 02,025,984 | ---- | C] (Microsoft Corporation)
sfcfiles.dll -> C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll -> [2009/08/16 00:39:10 | 01,571,840 | ---- | C] (Microsoft Corporation)
kernel32.dll -> C:\WINDOWS\System32\dllcache\cache\kernel32.dll -> [2009/08/16 00:39:10 | 01,054,720 | ---- | C] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\System32\dllcache\cache\explorer.exe -> [2009/08/16 00:39:10 | 01,037,824 | ---- | C] (Microsoft Corporation)
mfc40u.dll -> C:\WINDOWS\System32\dllcache\cache\mfc40u.dll -> [2009/08/16 00:39:10 | 00,927,504 | ---- | C] (Microsoft Corporation)
comres.dll -> C:\WINDOWS\System32\dllcache\cache\comres.dll -> [2009/08/16 00:39:10 | 00,851,968 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\WINDOWS\System32\dllcache\cache\wininet.dll -> [2009/08/16 00:39:10 | 00,826,368 | ---- | C] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\System32\dllcache\cache\comctl32.dll -> [2009/08/16 00:39:10 | 00,617,472 | ---- | C] (Microsoft Corporation)
user32.dll -> C:\WINDOWS\System32\dllcache\cache\user32.dll -> [2009/08/16 00:39:10 | 00,579,584 | ---- | C] (Microsoft Corporation)
winlogon.exe -> C:\WINDOWS\System32\dllcache\cache\winlogon.exe -> [2009/08/16 00:39:10 | 00,512,000 | ---- | C] (Microsoft Corporation)
ntmssvc.dll -> C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll -> [2009/08/16 00:39:10 | 00,438,272 | ---- | C] (Microsoft Corporation)
qmgr.dll -> C:\WINDOWS\System32\dllcache\cache\qmgr.dll -> [2009/08/16 00:39:10 | 00,409,088 | ---- | C] (Microsoft Corporation)
netlogon.dll -> C:\WINDOWS\System32\dllcache\cache\netlogon.dll -> [2009/08/16 00:39:10 | 00,407,040 | ---- | C] (Microsoft Corporation)
rpcss.dll -> C:\WINDOWS\System32\dllcache\cache\rpcss.dll -> [2009/08/16 00:39:10 | 00,399,360 | ---- | C] (Microsoft Corporation)
tcpip.sys -> C:\WINDOWS\System32\dllcache\cache\tcpip.sys -> [2009/08/16 00:39:10 | 00,361,600 | ---- | C] (Microsoft Corporation)
termsrv.dll -> C:\WINDOWS\System32\dllcache\cache\termsrv.dll -> [2009/08/16 00:39:10 | 00,297,984 | ---- | C] (Microsoft Corporation)
scecli.dll -> C:\WINDOWS\System32\dllcache\cache\scecli.dll -> [2009/08/16 00:39:10 | 00,187,392 | ---- | C] (Microsoft Corporation)
ndis.sys -> C:\WINDOWS\System32\dllcache\cache\ndis.sys -> [2009/08/16 00:39:10 | 00,182,656 | ---- | C] (Microsoft Corporation)
appmgmts.dll -> C:\WINDOWS\System32\dllcache\cache\appmgmts.dll -> [2009/08/16 00:39:10 | 00,176,640 | ---- | C] (Microsoft Corporation)
srsvc.dll -> C:\WINDOWS\System32\dllcache\cache\srsvc.dll -> [2009/08/16 00:39:10 | 00,171,520 | ---- | C] (Microsoft Corporation)
aec.sys -> C:\WINDOWS\System32\dllcache\cache\aec.sys -> [2009/08/16 00:39:10 | 00,142,592 | ---- | C] (Microsoft Corporation)
imm32.dll -> C:\WINDOWS\System32\dllcache\cache\imm32.dll -> [2009/08/16 00:39:10 | 00,110,080 | ---- | C] (Microsoft Corporation)
services.exe -> C:\WINDOWS\System32\dllcache\cache\services.exe -> [2009/08/16 00:39:10 | 00,109,056 | ---- | C] (Microsoft Corporation)
rasauto.dll -> C:\WINDOWS\System32\dllcache\cache\rasauto.dll -> [2009/08/16 00:39:10 | 00,088,576 | ---- | C] (Microsoft Corporation)
ws2_32.dll -> C:\WINDOWS\System32\dllcache\cache\ws2_32.dll -> [2009/08/16 00:39:10 | 00,082,432 | ---- | C] (Microsoft Corporation)
spoolsv.exe -> C:\WINDOWS\System32\dllcache\cache\spoolsv.exe -> [2009/08/16 00:39:10 | 00,057,856 | ---- | C] (Microsoft Corporation)
wuauclt.exe -> C:\WINDOWS\System32\dllcache\cache\wuauclt.exe -> [2009/08/16 00:39:10 | 00,053,448 | ---- | C] (Microsoft Corporation)
ip6fw.sys -> C:\WINDOWS\System32\dllcache\cache\ip6fw.sys -> [2009/08/16 00:39:10 | 00,036,608 | ---- | C] (Microsoft Corporation)
msgsvc.dll -> C:\WINDOWS\System32\dllcache\cache\msgsvc.dll -> [2009/08/16 00:39:10 | 00,033,792 | ---- | C] (Microsoft Corporation)
userinit.exe -> C:\WINDOWS\System32\dllcache\cache\userinit.exe -> [2009/08/16 00:39:10 | 00,026,624 | ---- | C] (Microsoft Corporation)
kbdclass.sys -> C:\WINDOWS\System32\dllcache\cache\kbdclass.sys -> [2009/08/16 00:39:10 | 00,025,216 | ---- | C] (Microsoft Corporation)
lpk.dll -> C:\WINDOWS\System32\dllcache\cache\lpk.dll -> [2009/08/16 00:39:10 | 00,022,016 | ---- | C] (Microsoft Corporation)
powrprof.dll -> C:\WINDOWS\System32\dllcache\cache\powrprof.dll -> [2009/08/16 00:39:10 | 00,017,408 | ---- | C] (Microsoft Corporation)
ctfmon.exe -> C:\WINDOWS\System32\dllcache\cache\ctfmon.exe -> [2009/08/16 00:39:10 | 00,015,360 | ---- | C] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\System32\dllcache\cache\svchost.exe -> [2009/08/16 00:39:10 | 00,014,336 | ---- | C] (Microsoft Corporation)
asyncmac.sys -> C:\WINDOWS\System32\dllcache\cache\asyncmac.sys -> [2009/08/16 00:39:10 | 00,014,336 | ---- | C] (Microsoft Corporation)
wscntfy.exe -> C:\WINDOWS\System32\dllcache\cache\wscntfy.exe -> [2009/08/16 00:39:10 | 00,013,824 | ---- | C] (Microsoft Corporation)
lsass.exe -> C:\WINDOWS\System32\dllcache\cache\lsass.exe -> [2009/08/16 00:39:10 | 00,013,312 | ---- | C] (Microsoft Corporation)
acpiec.sys -> C:\WINDOWS\System32\dllcache\cache\acpiec.sys -> [2009/08/16 00:39:10 | 00,012,032 | ---- | C] (Microsoft Corporation)
sfc.dll -> C:\WINDOWS\System32\dllcache\cache\sfc.dll -> [2009/08/16 00:39:10 | 00,005,120 | ---- | C] (Microsoft Corporation)
null.sys -> C:\WINDOWS\System32\dllcache\cache\null.sys -> [2009/08/16 00:39:10 | 00,002,944 | ---- | C] (Microsoft Corporation)
cache -> C:\WINDOWS\System32\dllcache\cache -> [2009/08/16 00:39:10 | 00,000,000 | ---D | C]
ntuser.ini -> C:\Documents and Settings\Gabrielle\ntuser.ini -> [2009/08/15 23:35:25 | 00,000,184 | -HS- | C] ()
Minidump -> C:\WINDOWS\Minidump -> [2009/08/15 21:48:23 | 00,000,000 | ---D | C]
Csssx -> C:\Csssx -> [2009/08/15 21:37:30 | 00,000,000 | --SD | C]
ntfs.sys -> C:\WINDOWS\System32\dllcache\ntfs.sys -> [2009/08/15 21:32:16 | 00,574,976 | ---- | C] (Microsoft Corporation)
Mes documents -> C:\Documents and Settings\Gabrielle\Mes documents -> [2009/08/14 18:11:43 | 00,000,000 | ---D | C]
8080.JPG -> C:\Documents and Settings\Gabrielle\Bureau\8080.JPG -> [2009/08/14 15:34:39 | 00,126,258 | ---- | C] ()
recherche.PNG -> C:\Documents and Settings\Gabrielle\Bureau\recherche.PNG -> [2009/08/14 14:02:07 | 00,145,622 | ---- | C] ()
exemple_index_infecte.php_ -> C:\Documents and Settings\Gabrielle\Bureau\exemple_index_infecte.php_ -> [2009/08/14 13:19:51 | 00,001,722 | ---- | C] ()
image clocheton -> C:\Documents and Settings\Gabrielle\Bureau\image clocheton -> [2009/08/12 11:53:41 | 00,000,000 | ---D | C]
avant.bmp -> C:\Documents and Settings\Gabrielle\Bureau\avant.bmp -> [2009/08/12 10:26:55 | 03,072,054 | ---- | C] ()
Blogosmose's Weblog.png -> C:\Documents and Settings\Gabrielle\Bureau\Blogosmose's Weblog.png -> [2009/08/10 12:29:22 | 00,047,085 | ---- | C] ()
contacts(2).csv -> C:\Documents and Settings\Gabrielle\Bureau\contacts(2).csv -> [2009/08/07 17:33:57 | 00,001,389 | ---- | C] ()
Ciel -> C:\Program Files\Ciel -> [2009/08/07 10:36:24 | 00,000,000 | ---D | C]
Ciel -> C:\Documents and Settings\All Users\Application Data\Ciel -> [2009/08/07 10:36:24 | 00,000,000 | ---D | C]
mail OPI général.xls -> C:\Documents and Settings\Gabrielle\Bureau\mail OPI général.xls -> [2009/08/07 07:56:27 | 00,027,136 | ---- | C] ()
DivX Movies.lnk -> C:\Documents and Settings\Gabrielle\Bureau\DivX Movies.lnk -> [2009/07/19 16:42:21 | 00,001,339 | ---- | C] ()
DivX -> C:\Program Files\DivX -> [2009/07/19 16:42:21 | 00,000,000 | ---D | C]
DivXInstaller.exe -> C:\Documents and Settings\Gabrielle\Bureau\DivXInstaller.exe -> [2009/07/19 16:34:38 | 21,133,528 | ---- | C] (DivX, Inc.)
IKEA Home Planner.lnk -> C:\Documents and Settings\All Users\Bureau\IKEA Home Planner.lnk -> [2009/07/19 11:24:17 | 00,002,303 | ---- | C] ()
IKEA HomePlanner -> C:\Program Files\IKEA HomePlanner -> [2009/07/19 11:23:58 | 00,000,000 | ---D | C]
Wise Installation Wizard -> C:\Program Files\Fichiers communs\Wise Installation Wizard -> [2009/07/19 11:23:34 | 00,000,000 | ---D | C]
iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2009/04/10 18:22:28 | 00,000,037 | ---- | C] ()
avisplitter.INI -> C:\WINDOWS\avisplitter.INI -> [2009/03/02 16:08:21 | 00,000,038 | ---- | C] ()
txmlutil.dll -> C:\WINDOWS\System32\txmlutil.dll -> [2008/10/09 16:31:54 | 00,192,512 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008/10/07 22:18:17 | 00,000,385 | ---- | C] ()
rixdicon.dll -> C:\WINDOWS\System32\rixdicon.dll -> [2008/09/13 12:40:49 | 00,016,480 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/09/13 01:48:05 | 00,000,069 | ---- | C] ()
unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2008/09/13 01:32:45 | 00,164,352 | ---- | C] ()
igfxCoIn_v4814.dll -> C:\WINDOWS\System32\igfxCoIn_v4814.dll -> [2008/09/12 21:34:40 | 00,204,800 | ---- | C] ()
xreglib.dll -> C:\WINDOWS\System32\xreglib.dll -> [2007/01/31 14:50:32 | 00,913,408 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 15:38:54 | 00,235,008 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2004/08/10 14:00:00 | 00,000,507 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2004/08/10 14:00:00 | 00,000,227 | ---- | C] ()

[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\Gabrielle\Bureau\OTS.exe -> [2009/08/17 12:02:49 | 00,514,048 | ---- | M] (OldTimer Tools)
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/08/17 12:01:52 | 00,550,386 | ---- | M] ()
perfh00C.dat -> C:\WINDOWS\System32\perfh00C.dat -> [2009/08/17 12:01:52 | 00,320,616 | ---- | M] ()
perfc00C.dat -> C:\WINDOWS\System32\perfc00C.dat -> [2009/08/17 12:01:52 | 00,154,732 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/08/17 12:01:51 | 00,192,644 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/08/17 12:01:51 | 00,003,888 | ---- | M] ()
Perflib_Perfdata_544.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_544.dat -> [2009/08/17 11:57:27 | 00,016,384 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2009/08/17 11:57:20 | 00,001,050 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/08/17 11:57:09 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/08/17 11:57:06 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/08/17 11:57:03 | 13,321,50272 | -HS- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/08/17 11:57:03 | 00,162,728 | ---- | M] ()
bdod.bin -> C:\WINDOWS\System32\bdod.bin -> [2009/08/17 11:56:23 | 00,081,984 | ---- | M] ()
rtsr.dat -> C:\WINDOWS\Temp\rtsr.dat -> [2009/08/17 11:56:23 | 00,000,014 | ---- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Gabrielle\NTUSER.DAT -> [2009/08/17 11:56:19 | 06,815,744 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\Gabrielle\ntuser.ini -> [2009/08/17 11:56:19 | 00,000,184 | -HS- | M] ()
OTM.exe -> C:\Documents and Settings\Gabrielle\Bureau\OTM.exe -> [2009/08/17 11:47:23 | 00,408,064 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003UA.job -> [2009/08/17 11:27:00 | 00,001,162 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2009/08/17 11:17:00 | 00,001,054 | ---- | M] ()
Microsoft Word.lnk -> C:\Documents and Settings\Gabrielle\Bureau\Microsoft Word.lnk -> [2009/08/17 11:07:40 | 00,002,559 | ---- | M] ()
RSIT.exe -> C:\Documents and Settings\Gabrielle\Bureau\RSIT.exe -> [2009/08/17 11:03:59 | 00,781,909 | ---- | M] ()
OAD.exe -> C:\Documents and Settings\Gabrielle\Bureau\OAD.exe -> [2009/08/17 10:36:48 | 00,152,790 | ---- | M] (Changelog.fr )
GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-329068152-682003330-1003Core.job -> [2009/08/17 09:27:00 | 00,001,110 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\Gabrielle\Local Settings\Application Data\IconCache.db -> [2009/08/17 02:27:06 | 04,846,036 | -H-- | M] ()
ProductTweaks.xml -> C:\WINDOWS\System32\ProductTweaks.xml -> [2009/08/16 23:33:28 | 00,000,850 | ---- | M] ()
user_gensett.xml -> C:\WINDOWS\System32\user_gensett.xml -> [2009/08/16 23:33:27 | 00,000,385 | ---- | M] ()
bdagent.INI -> C:\WINDOWS\bdagent.INI -> [2009/08/16 23:31:41 | 00,000,121 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Gabrielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/08/16 22:45:03 | 00,031,432 | ---- | M] ()
BitDefender Total Security 2009.lnk -> C:\Documents and Settings\All Users\Bureau\BitDefender Total Security 2009.lnk -> [2009/08/16 22:21:59 | 00,001,902 | ---- | M] ()
Norton Security Scan for Gabrielle.job -> C:\WINDOWS\tasks\Norton Security Scan for Gabrielle.job -> [2009/08/16 21:03:01 | 00,000,416 | ---- | M] ()
dilumyviki.dat -> C:\WINDOWS\dilumyviki.dat -> [2009/08/16 19:16:58 | 00,019,447 | ---- | M] ()
mokahibac.dl -> C:\Program Files\Fichiers communs\mokahibac.dl -> [2009/08/16 19:16:58 | 00,019,425 | ---- | M] ()
puliwowus.reg -> C:\Program Files\Fichiers communs\puliwowus.reg -> [2009/08/16 19:16:58 | 00,019,046 | ---- | M] ()
azebixic.sys -> C:\Documents and Settings\All Users\Application Data\azebixic.sys -> [2009/08/16 19:16:58 | 00,018,726 | ---- | M] ()
cecik.bat -> C:\Documents and Settings\All Users\Documents\cecik.bat -> [2009/08/16 19:16:58 | 00,018,310 | ---- | M] ()
salylopen.dat -> C:\Program Files\Fichiers communs\salylopen.dat -> [2009/08/16 19:16:58 | 00,017,530 | ---- | M] ()
tumagac.pif -> C:\WINDOWS\tumagac.pif -> [2009/08/16 19:16:58 | 00,015,771 | ---- | M] ()
yfasirybub._dl -> C:\WINDOWS\System32\yfasirybub._dl -> [2009/08/16 19:16:58 | 00,015,745 | ---- | M] ()
ygagaty.dat -> C:\WINDOWS\System32\ygagaty.dat -> [2009/08/16 19:16:58 | 00,015,705 | ---- | M] ()
oqowyh._dl -> C:\Documents and Settings\All Users\Application Data\oqowyh._dl -> [2009/08/16 19:16:58 | 00,015,001 | ---- | M] ()
ehidyni._sy -> C:\WINDOWS\ehidyni._sy -> [2009/08/16 19:16:58 | 00,014,807 | ---- | M] ()
degucufy._sy -> C:\WINDOWS\degucufy._sy -> [2009/08/16 19:16:58 | 00,013,672 | ---- | M] ()
ybylynonu.db -> C:\WINDOWS\ybylynonu.db -> [2009/08/16 19:16:58 | 00,010,380 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/08/16 18:41:57 | 00,000,227 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/08/16 18:27:18 | 00,005,842 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/08/16 18:27:17 | 00,007,402 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/08/16 18:23:18 | 00,000,736 | ---- | M] ()
hosts.bak -> C:\WINDOWS\System32\drivers\etc\hosts.bak -> [2009/08/16 17:05:38 | 00,000,686 | ---- | M] ()
user32.dll -> C:\WINDOWS\System32\dllcache\user32.dll -> [2009/08/16 12:37:00 | 00,579,584 | ---- | M] (Microsoft Corporation)
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2009/08/16 11:29:35 | 00,003,072 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/08/15 21:27:44 | 00,013,646 | ---- | M] ()
8080.JPG -> C:\Documents and Settings\Gabrielle\Bureau\8080.JPG -> [2009/08/14 15:34:48 | 00,126,258 | ---- | M] ()
recherche.PNG -> C:\Documents and Settings\Gabrielle\Bureau\recherche.PNG -> [2009/08/14 14:02:07 | 00,145,622 | ---- | M] ()
exemple_index_infecte.php_ -> C:\Documents and Settings\Gabrielle\Bureau\exemple_index_infecte.php_ -> [2009/08/14 13:19:51 | 00,001,722 | ---- | M] ()
avant.bmp -> C:\Documents and Settings\Gabrielle\Bureau\avant.bmp -> [2009/08/12 10:26:55 | 03,072,054 | ---- | M] ()
Blogosmose's Weblog.png -> C:\Documents and Settings\Gabrielle\Bureau\Blogosmose's Weblog.png -> [2009/08/10 12:29:23 | 00,047,085 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/08/08 12:10:14 | 00,216,064 | ---- | M] ()
contacts(2).csv -> C:\Documents and Settings\Gabrielle\Bureau\contacts(2).csv -> [2009/08/07 17:33:58 | 00,001,389 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/08/07 14:49:33 | 00,000,069 | ---- | M] ()
Microsoft Excel.lnk -> C:\Documents and Settings\Gabrielle\Bureau\Microsoft Excel.lnk -> [2009/08/07 12:03:18 | 00,002,539 | ---- | M] ()
mail OPI général.xls -> C:\Documents and Settings\Gabrielle\Bureau\mail OPI général.xls -> [2009/08/07 08:23:40 | 00,027,136 | ---- | M] ()
Google Chrome.lnk -> C:\Documents and Settings\Gabrielle\Bureau\Google Chrome.lnk -> [2009/08/04 10:28:23 | 00,002,323 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Gabrielle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/08/03 13:43:00 | 00,048,640 | ---- | M] ()
DivX Movies.lnk -> C:\Documents and Settings\Gabrielle\Bureau\DivX Movies.lnk -> [2009/07/19 16:42:21 | 00,001,339 | ---- | M] ()
DivXInstaller.exe -> C:\Documents and Settings\Gabrielle\Bureau\DivXInstaller.exe -> [2009/07/19 16:37:44 | 21,133,528 | ---- | M] (DivX, Inc.)
IKEA Home Planner.lnk -> C:\Documents and Settings\All Users\Bureau\IKEA Home Planner.lnk -> [2009/07/19 11:25:15 | 00,002,303 | ---- | M] ()
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [2009/05/03 02:35:27 | 00,001,388 | ---- | M] ()
< End of report >
[/code]

4/ Amélioration

Mon test est la mise à jour de la base antivirale kaspersky, j'attends vos instructions avant de tester.

Merci à nouveau de votre aide,

Gaby

Batch_Man
 Posté le 17/08/2009 à 12:29 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Re,

Tu peux me tutoyer

Braviax toujours là ?

1/ Virustotal

Sur virustotal fait scanner ce fichier: C:\WINDOWS\System32\dllcache\user32.dll

2/ OTM

  • Relance OTM (de Old_Timer):
  • Double-clique sur OTM.exe pour lancer le programme,
  • Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :
:files
C:\WINDOWS\dilumyviki.dat
C:\Program Files\Fichiers communs\mokahibac.dl
C:\Program Files\Fichiers communs\puliwowus.reg
C:\Documents and Settings\All Users\Application Data\azebixic.sys
C:\Documents and Settings\All Users\Documents\cecik.bat
C:\Program Files\Fichiers communs\salylopen.dat
C:\WINDOWS\tumagac.pif
C:\WINDOWS\System32\yfasirybub._dl
C:\WINDOWS\System32\ygagaty.dat
C:\Documents and Settings\All Users\Application Data\oqowyh._dl
C:\WINDOWS\ehidyni._sy
C:\WINDOWS\degucufy._sy
C:\WINDOWS\ybylynonu.db
C:\WINDOWS\System32\dllcache\user32.dll
:commands
[reboot]
  • Clique sur MoveIt! pour lancer la suppression,
  • Le résultat appraraîtra dans le cadre Results.
  • Clique sur Exit pour fermer le programme.
  • Poste le rapport qui est situé ici : C:\\\_OTM\MovedFiles
  • Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ OTS

Envoies un nouveau rapport.

Batch_Man



Modifié par Batch_Man le 17/08/2009 12:40
Publicité
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Les bons plans du moment PC Astuces

Tous les Bons Plans
134,48 €Ecran 27 pouces BenQ BL2780 (Full HD, IPS, 75 Hz, ajustement auto de la luminosité) à 134,48 €
Valable jusqu'au 15 Juillet

Amazon propose actuellement l'écran 27 pouces BenQ BL2780 à 134,48 € livré gratuitement alors qu'on le trouve ailleurs à plus de 179 €. Cet écran à LED dispose d'une dalle IPS Full HD (1920x1080) à contours fins, d'un temps de réponse de 5 ms et de connecteurs DP, VGA et HDMI. Cet écran dispose aussi des technologies Flicker-Free et Low Blue Light pour limiter les scintillements et les effets notifs de la lumière bleue. Il peut également adapter automatiquement la luminosité de l’écran à la lumière ambiante. Des haut-parleurs sont intégrés (2x2W).


> Voir l'offre
59,95 €Disque dur Seagate BarraCuda 2 To à 59,95 € avec le code POIDSLOURDS
Valable jusqu'au 15 Juillet

LDLC propose actuellement le disque dur Seagate BarraCuda - 2 To (ST2000DM008) à 59,95 € avec le code POIDSLOURDS. On le trouve ailleurs autour de 69 €. Ce disque dur 3.5 pouces SATA III tourne à 7200tr/min et possède 64Mo de cache. 


> Voir l'offre
129 €Sonde de calibration Datacolor SpyderX Pro à 129 €
Valable jusqu'au 18 Juillet

Amazon fait une promotion sur la sonde de calibration Datacolor SpyderX Pro qui passe à 129 € alors qu'on la trouve ailleurs à partir de 179 €. La livraison est gratuite. Cette solution avancée d'étalonnage vous permettra de régler parfaitement les couleurs de votre écran afin d'avoir un rendu le plus fidèle possible.


> Voir l'offre

Sujets relatifs
erreur lors de la connexion à internet explorer
Trojan lors de la connexion à internet
connexion internet mais impossible d'ouvrir une page web
Démarrages et arrêts lents, connexion internet lente, logiciels lents
installer avira sans connexion internet
connexion internet fait du yoyo
Problème de connexion internet sur PC portable
Problème de connexion proxy IPCop sur Internet Explorer via GPO
connexion internet non désirée bannie par Avira
Connexion internet impossible (proxy) après scan AdwCleaner
Plus de sujets relatifs à pc reboot lors de connexion internet + braviax
 > Tous les forums > Forum Sécurité