zahnderz Posté(e) le 3 septembre 2008 Partager Posté(e) le 3 septembre 2008 Salut snooky Me revoila sur la machine a probleme dont je t'ai parle dernierement; ci - dessous le log hijackthis apres que j'ai passe tous les soft, sans succes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:21, on 03/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tel'Africa\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O17 - HKLM\System\CCS\Services\Tcpip\..\{7F3779D0-55CE-4690-B148-3D779FC830F0}: NameServer = 66.36.196.131,66.36.196.209 O17 - HKLM\System\CCS\Services\Tcpip\..\{95C22E96-7628-419F-B8F8-AC35E8B48D45}: NameServer = 66.36.196.131,66.36.196.202,66.36.196.132,66.36.196.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{DB41AD3E-C7B9-4F1A-834F-AAA48AEC6832}: NameServer = 66.36.196.131,66.36.196.202 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 5731 bytes Une idee ?! Merci beaucoup pour toute l'aide que tu fournis Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 3 septembre 2008 Auteur Partager Posté(e) le 3 septembre 2008 @ zahnderz : Passe Combofix et poste le rapport créé. : http://www.bleepingcomputer.com/combofix/f...iliser-combofix Passe SDFix et poste le rapport créé : http://www.site-naheulbeuk.com/sdfix.php Clic droit sur ce lien , puis " Enregsitrer sous ... " ton Bureau : http://assiste.com.free.fr/ftp/deldomains.inf Clic droit sur le fichier DelDomains.inf > Installer . Redémarre le pc et poste un nouveau rapport Hijackthis . Lien vers le commentaire Partager sur d’autres sites More sharing options...
zahnderz Posté(e) le 3 septembre 2008 Partager Posté(e) le 3 septembre 2008 Je fais tout cela en sans echec evidemment ?! Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 3 septembre 2008 Auteur Partager Posté(e) le 3 septembre 2008 Non . Lien vers le commentaire Partager sur d’autres sites More sharing options...
zahnderz Posté(e) le 3 septembre 2008 Partager Posté(e) le 3 septembre 2008 Ok je commence de suite et je te tiens au courant Lien vers le commentaire Partager sur d’autres sites More sharing options...
singalong1 Posté(e) le 3 septembre 2008 Partager Posté(e) le 3 septembre 2008 SAlut Snooky, le dernier HIJACKTHIS Que je t'ai posté était le même ordinateur que l'ancien. J'ai dû remplacer des dlls avec le cd de windows. Bref, as tu un dernier conseil pour mon rapport HIJACK? Merci SNooky: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:12:03, on 03/09/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\system32\crypserv.exe I:\WINDOWS\System32\nvsvc32.exe I:\WINDOWS\system32\HPZipm12.exe I:\Program Files\CyberLink\Shared Files\RichVideo.exe I:\WINDOWS\system32\slserv.exe I:\WINDOWS\System32\svchost.exe I:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe I:\WINDOWS\Explorer.EXE I:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe I:\Program Files\Megaupload\Mega Manager\MegaManager.exe I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe I:\Program Files\Windows Live\Messenger\msnmsgr.exe I:\WINDOWS\System32\msiexec.exe I:\PROGRA~1\MOZILL~1\FIREFOX.EXE I:\Documents and Settings\Simon\Mes documents\programmes\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update-product.net/js.cgi?SIMON_FER...EM04PL0586EA1C2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - I:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - I:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - I:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - I:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VirusKeeper] I:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-21-1292428093-261903793-839522115-1002\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - I:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://I:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://I:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://I:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://I:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - I:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - I:\WINDOWS\web\related.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - I:\Documents and Settings\Simon\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - I:\Program Files\Ares\chatServer.exe (file missing) O23 - Service: Boonty Games - BOONTY - I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - I:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SmartLinkService (SLService) - Smart Link - I:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - I:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe -- End of file - 6049 bytes Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 3 septembre 2008 Auteur Partager Posté(e) le 3 septembre 2008 Désinstaller VirusKeeper et mettre Antivir fr à la place . Lien vers le commentaire Partager sur d’autres sites More sharing options...
zahnderz Posté(e) le 4 septembre 2008 Partager Posté(e) le 4 septembre 2008 Donc voici le resultat 1. ComboFix me dit que la version que j'ai est out of date alors que c'est celle dont tu m'as file le lien; qu'q cela ne tienne je l'ai mis a jour vu que sinon il te dit "run in reduced functionality mode". Il y a eu 48 etapes au lieu de 41 generalement rencontrees et malheureusement pas de log lorsqu'il a reboute (j'ai attendu 30'!) 2. SDFix me dit "to run SDFix tool please reboot to safe mode". Cela a - t - il un inpact sur le resultat ?! A toi de me le dire vu que tu m'as demande de l'utiliser en mode "normal";j'ai pris l'option A dont voici le resultat : System Report ************* Run on 03/09/2008 at 19:22 Microsoft Windows XP [Version 5.1.2600] Current user is an administrator Running Processes: \SystemRoot\System32\smss.exe [536] \??\C:\WINDOWS\system32\csrss.exe [584] \??\C:\WINDOWS\system32\winlogon.exe [608] C:\WINDOWS\system32\services.exe [652] C:\WINDOWS\system32\lsass.exe [664] C:\WINDOWS\system32\svchost.exe [844] C:\WINDOWS\system32\svchost.exe [932] C:\WINDOWS\System32\svchost.exe [1000] C:\WINDOWS\system32\svchost.exe [1072] C:\WINDOWS\system32\svchost.exe [1108] C:\WINDOWS\system32\spoolsv.exe [1336] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1464] C:\Program Files\Bonjour\mDNSResponder.exe [1536] C:\WINDOWS\system32\crypserv.exe [1580] C:\Program Files\Common Files\LightScribe\LSSrvc.exe [1676] C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe [1800] C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [1844] C:\WINDOWS\system32\svchost.exe [1916] C:\WINDOWS\system32\wdfmgr.exe [1972] C:\WINDOWS\system32\svchost.exe [128] C:\WINDOWS\Explorer.EXE [556] C:\WINDOWS\System32\alg.exe [712] C:\WINDOWS\system32\wscntfy.exe [2020] C:\WINDOWS\system32\ctfmon.exe [3472] Drivers: ADDRESS: IMAGE PATH: 804D7000: \WINDOWS\system32\ntoskrnl.exe 806FD000: \WINDOWS\system32\hal.dll F7C4F000: \WINDOWS\system32\KDCOM.DLL F7B5F000: \WINDOWS\system32\BOOTVID.dll F7700000: ACPI.sys F7C51000: \WINDOWS\system32\DRIVERS\WMILIB.SYS F76EF000: pci.sys F774F000: isapnp.sys F7D17000: pciide.sys F79CF000: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F775F000: MountMgr.sys F76D0000: ftdisk.sys F7C53000: dmload.sys F76AA000: dmio.sys F79D7000: PartMgr.sys F776F000: VolSnap.sys F7692000: atapi.sys F777F000: SiSRaid.sys F767A000: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F778F000: disk.sys F779F000: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F765A000: fltMgr.sys F7648000: sr.sys F7632000: DRVMCDB.SYS F77AF000: PxHelp20.sys F761B000: KSecDD.sys F758E000: Ntfs.sys F7561000: NDIS.sys F7D18000: xpinpout.sys F77BF000: Combo-Fix.sys F77CF000: uagp35.sys F7546000: Mup.sys F79DF000: BTHidMgr.sys F793F000: \SystemRoot\system32\DRIVERS\intelppm.sys F6C3F000: \SystemRoot\system32\DRIVERS\sisgrp.sys F6C2B000: \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F794F000: \SystemRoot\system32\DRIVERS\i8042prt.sys F7AC7000: \SystemRoot\system32\DRIVERS\kbdclass.sys F7ACF000: \SystemRoot\system32\DRIVERS\mouclass.sys F795F000: \SystemRoot\system32\DRIVERS\serial.sys F751A000: \SystemRoot\system32\DRIVERS\serenum.sys F7AD7000: \SystemRoot\system32\DRIVERS\fdc.sys F6C17000: \SystemRoot\system32\DRIVERS\parport.sys F796F000: \SystemRoot\system32\DRIVERS\imapi.sys F7C7F000: \SystemRoot\System32\Drivers\DLACDBHM.SYS F797F000: \SystemRoot\system32\DRIVERS\cdrom.sys F798F000: \SystemRoot\system32\DRIVERS\redbook.sys F6BF4000: \SystemRoot\system32\DRIVERS\ks.sys F7ADF000: \SystemRoot\System32\Drivers\GEARAspiWDM.sys F682A000: \SystemRoot\system32\drivers\ALCXWDM.SYS F6806000: \SystemRoot\system32\drivers\portcls.sys F799F000: \SystemRoot\system32\drivers\drmk.sys F7AE7000: \SystemRoot\system32\DRIVERS\usbohci.sys F67E3000: \SystemRoot\system32\DRIVERS\USBPORT.SYS F7AEF000: \SystemRoot\system32\DRIVERS\usbehci.sys F7AF7000: \SystemRoot\system32\DRIVERS\sisnic.sys F7C81000: \SystemRoot\system32\DRIVERS\vncdrv.sys F7E0B000: \SystemRoot\system32\DRIVERS\lmimirr.sys F7E0C000: \SystemRoot\system32\DRIVERS\audstub.sys F79AF000: \SystemRoot\system32\DRIVERS\rasl2tp.sys F7512000: \SystemRoot\system32\DRIVERS\ndistapi.sys F67CC000: \SystemRoot\system32\DRIVERS\ndiswan.sys F79BF000: \SystemRoot\system32\DRIVERS\raspppoe.sys F783F000: \SystemRoot\system32\DRIVERS\raspptp.sys F7AFF000: \SystemRoot\system32\DRIVERS\TDI.SYS F67BB000: \SystemRoot\system32\DRIVERS\psched.sys F784F000: \SystemRoot\system32\DRIVERS\msgpc.sys F7B07000: \SystemRoot\system32\DRIVERS\ptilink.sys F7B0F000: \SystemRoot\system32\DRIVERS\raspti.sys F678A000: \SystemRoot\system32\DRIVERS\rdpdr.sys F785F000: \SystemRoot\system32\DRIVERS\termdd.sys F7C83000: \SystemRoot\system32\DRIVERS\swenum.sys F6731000: \SystemRoot\system32\DRIVERS\update.sys F6C9F000: \SystemRoot\system32\DRIVERS\mssmbios.sys F62B1000: \SystemRoot\System32\Drivers\NDProxy.SYS B5B80000: \SystemRoot\system32\DRIVERS\usbhub.sys F7CF3000: \SystemRoot\system32\DRIVERS\USBD.SYS B5AEF000: \SystemRoot\system32\DRIVERS\flpydisk.sys F7D01000: \SystemRoot\System32\Drivers\Fs_Rec.SYS F7D23000: \SystemRoot\System32\Drivers\Null.SYS F7D03000: \SystemRoot\System32\Drivers\Beep.SYS B5AB7000: \SystemRoot\System32\Drivers\DLARTL_N.SYS B5AAF000: \SystemRoot\System32\drivers\vga.sys F7D07000: \SystemRoot\System32\Drivers\mnmdd.SYS F7D09000: \SystemRoot\System32\DRIVERS\RDPCDD.sys F7A2F000: \SystemRoot\System32\Drivers\Msfs.SYS F7A37000: \SystemRoot\System32\Drivers\Npfs.SYS F522A000: \SystemRoot\system32\DRIVERS\rasacd.sys B57F7000: \SystemRoot\system32\DRIVERS\ipsec.sys B579F000: \SystemRoot\system32\DRIVERS\tcpip.sys B577E000: \SystemRoot\system32\DRIVERS\ipnat.sys B5756000: \SystemRoot\system32\DRIVERS\netbt.sys F6D75000: \SystemRoot\system32\DRIVERS\wanarp.sys B56DC000: \SystemRoot\System32\drivers\afd.sys F6D65000: \SystemRoot\system32\DRIVERS\netbios.sys F7A67000: \SystemRoot\system32\DRIVERS\srvkp.sys B5682000: \SystemRoot\system32\DRIVERS\rdbss.sys B59E3000: \SystemRoot\system32\ckldrv.sys B5613000: \SystemRoot\system32\DRIVERS\mrxsmb.sys F6D55000: \SystemRoot\System32\Drivers\Fips.SYS B5D1F000: \SystemRoot\System32\Drivers\Cdfs.SYS B4DD9000: \SystemRoot\System32\Drivers\dump_diskdump.sys B5D0F000: \SystemRoot\System32\Drivers\dump_SiSRaid.sys BF800000: \SystemRoot\System32\win32k.sys F7C43000: \SystemRoot\System32\drivers\Dxapi.sys B5AF7000: \SystemRoot\System32\watchdog.sys BF9C3000: \SystemRoot\System32\drivers\dxg.sys F7DFA000: \SystemRoot\System32\drivers\dxgthk.sys BF9D5000: \SystemRoot\System32\SiSGRV.dll BFFA0000: \SystemRoot\System32\ATMFD.DLL F6DD5000: \SystemRoot\System32\Drivers\DRVNDDM.SYS B5830000: \SystemRoot\System32\DLA\DLADResN.SYS B4429000: \SystemRoot\System32\DLA\DLAIFS_M.SYS F7BFF000: \SystemRoot\System32\DLA\DLAOPIOM.SYS F7CE7000: \SystemRoot\System32\DLA\DLAPoolM.SYS B5AD7000: \SystemRoot\System32\DLA\DLABOIOM.SYS B4411000: \SystemRoot\System32\DLA\DLAUDFAM.SYS B43FB000: \SystemRoot\System32\DLA\DLAUDF_M.SYS B4DE1000: \SystemRoot\system32\DRIVERS\ndisuio.sys B42DF000: \SystemRoot\system32\DRIVERS\mrxdav.sys B435F000: \SystemRoot\System32\Drivers\Nsynas32.SYS F7CCD000: \SystemRoot\System32\Drivers\ParVdm.SYS B427A000: \SystemRoot\system32\drivers\wdmaud.sys F58A4000: \SystemRoot\system32\drivers\sysaudio.sys F7CD5000: \??\C:\WINDOWS\system32\DRIVERS\FSHOOK.SYS B41DD000: \SystemRoot\system32\DRIVERS\srv.sys F5149000: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys F7C71000: \SystemRoot\System32\Drivers\vnccom.SYS F5AD9000: \SystemRoot\System32\Drivers\TDTCP.SYS B3DF7000: \SystemRoot\System32\Drivers\RDPWD.SYS B3ED2000: \??\C:\WINDOWS\TEMP\catchme.sys 7C900000: \WINDOWS\system32\ntdll.dll Files Created/Modified - 60 Days : C:\ 15 Aug 2008 16:37:34 211 A.... "C:\Boot.bak" 20 Aug 2008 14:59:06 281 A.SHR "C:\boot.ini" 3 Sep 2008 19:11:28 734 003 200 A.SH. "C:\pagefile.sys" C:\WINDOWS\ 3 Sep 2008 19:11:36 0 A.... "C:\WINDOWS\0.log" 3 Sep 2008 19:11:30 2 048 A.S.. "C:\WINDOWS\bootstat.dat" 3 Sep 2008 18:50:58 3 699 044 A.... "C:\WINDOWS\pfirewall.log" 16 Aug 2008 12:36:02 3 985 352 A.... "C:\WINDOWS\pfirewall.log.old" 3 Sep 2008 19:10:24 53 248 A.... "C:\WINDOWS\PSEXESVC.EXE" 3 Sep 2008 10:59:12 1 409 A.... "C:\WINDOWS\QTFont.for" 3 Sep 2008 10:59:12 54 156 A..H. "C:\WINDOWS\QTFont.qfn" 3 Sep 2008 19:11:00 32 572 A.... "C:\WINDOWS\SchedLgU.Txt" 3 Sep 2008 19:16:46 21 853 A.... "C:\WINDOWS\setupapi.log" 15 Aug 2008 16:37:34 309 A.... "C:\WINDOWS\system.ini" 3 Sep 2008 19:11:34 159 A.... "C:\WINDOWS\wiadebug.log" 3 Sep 2008 19:11:32 50 A.... "C:\WINDOWS\wiaservc.log" 16 Aug 2008 15:28:26 604 A.... "C:\WINDOWS\win.ini" 3 Sep 2008 19:14:00 1 890 802 A.... "C:\WINDOWS\WindowsUpdate.log" 14 Aug 2008 17:25:38 94 208 A.... "C:\WINDOWS\$NtUninstallKB953839$\reg00001" 3 Sep 2008 19:11:30 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG" 20 Aug 2008 15:01:24 110 A.... "C:\WINDOWS\erdnt\CFrecovery.bat" 15 Jul 2008 15:41:06 4 676 A.... "C:\WINDOWS\inf\branches.PNF" 15 Jul 2008 15:41:06 1 559 680 A.... "C:\WINDOWS\inf\INFCACHE.1" 15 Aug 2008 15:45:16 41 332 A.... "C:\WINDOWS\inf\mmopt.PNF" 6 Aug 2008 16:08:40 1 549 312 A.... "C:\WINDOWS\Installer\150f6a1.msi" 28 Jul 2008 15:09:10 160 768 A...R "C:\WINDOWS\Installer\1b5ec97.msp" 8 Jul 2008 11:27:36 8 436 736 A...R "C:\WINDOWS\Installer\1b5ecc4.msp" 3 Jul 2008 11:37:46 11 759 104 A...R "C:\WINDOWS\Installer\503f5.msp" 8 Jul 2008 10:09:30 11 887 616 A...R "C:\WINDOWS\Installer\5040a.msp" 16 Jul 2008 10:39:56 5 519 360 A...R "C:\WINDOWS\Installer\95173.msp" 29 Jul 2008 14:52:28 3 259 392 A.... "C:\WINDOWS\Installer\f9a73a.msi" 16 Aug 2008 10:15:58 944 699 A.... "C:\WINDOWS\Installer\MSI24.tmp" 15 Aug 2008 16:37:32 211 ..... "C:\WINDOWS\pss\boot.ini.backup" 15 Aug 2008 16:11:08 313 ..... "C:\WINDOWS\pss\system.ini.backup" 18 Aug 2008 11:48:40 552 A.... "C:\WINDOWS\system32\d3d8caps.dat" 14 Jul 2008 19:19:24 664 A.... "C:\WINDOWS\system32\d3d9caps.dat" 7 Jul 2008 21:32:22 253 952 A.... "C:\WINDOWS\system32\es.dll" 15 Aug 2008 16:38:12 280 536 A.... "C:\WINDOWS\system32\FNTCACHE.DAT" 5 Aug 2008 19:11:02 15 888 504 A.... "C:\WINDOWS\system32\MRT.exe" 14 Jul 2008 12:09:18 62 976 ..... "C:\WINDOWS\system32\tzchange.exe" 14 Aug 2008 17:23:04 609 818 A.... "C:\WINDOWS\system32\TZLog.log" 3 Sep 2008 10:20:52 13 646 A.... "C:\WINDOWS\system32\wpa.dbl" 6 Aug 2008 16:08:40 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" 3 Sep 2008 19:11:32 6 A..H. "C:\WINDOWS\Tasks\SA.DAT" 3 Sep 2008 19:11:32 399 A.... "C:\WINDOWS\temp\error.log" 3 Sep 2008 19:11:32 0 A.... "C:\WINDOWS\temp\ib2" 3 Sep 2008 19:11:32 0 A.... "C:\WINDOWS\temp\ib3" 3 Sep 2008 19:11:32 0 A.... "C:\WINDOWS\temp\ib4" 3 Sep 2008 19:11:34 0 A.... "C:\WINDOWS\temp\ib5" 3 Sep 2008 19:11:34 0 A.... "C:\WINDOWS\temp\ib6" 3 Sep 2008 19:10:24 60 416 A.... "C:\WINDOWS\temp\Perflib_Perfdata__755.dat" 3 Sep 2008 19:18:46 1 015 A.... "C:\WINDOWS\temp\scsE.tmp" 3 Sep 2008 19:11:34 255 A.... "C:\WINDOWS\temp\WGAErrLog.txt" 3 Sep 2008 19:12:10 409 A.... "C:\WINDOWS\temp\WGANotify.settings" 14 Aug 2008 17:23:08 13 064 A.... "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.inf" 14 Aug 2008 17:23:06 402 A.... "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.txt" 14 Aug 2008 17:22:54 12 203 A.... "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.inf" 14 Aug 2008 17:22:46 484 A.... "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.txt" 14 Aug 2008 17:25:36 12 263 A.... "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.inf" 14 Aug 2008 17:25:30 442 A.... "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.txt" 14 Aug 2008 17:23:00 12 326 A.... "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.inf" 14 Aug 2008 17:22:58 493 A.... "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.txt" 14 Aug 2008 17:25:52 12 428 A.... "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.inf" 14 Aug 2008 17:25:50 463 A.... "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.txt" 11 Jul 2008 3:01:40 14 502 A.... "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.inf" 11 Jul 2008 3:01:30 1 921 A.... "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.txt" 14 Aug 2008 17:25:46 12 127 A.... "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.inf" 14 Aug 2008 17:25:44 376 A.... "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.txt" 14 Aug 2008 17:25:40 10 955 A.... "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.inf" 14 Aug 2008 17:25:38 122 A.... "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.txt" 3 Sep 2008 19:11:30 1 040 A.... "C:\WINDOWS\Debug\UserMode\userenv.log" 3 Sep 2008 19:07:42 389 120 A.... "C:\WINDOWS\erdnt\Hiv-backup\default" 3 Sep 2008 19:07:42 673 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.CON" 3 Sep 2008 19:07:42 1 259 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.INF" 3 Sep 2008 19:07:42 24 576 A.... "C:\WINDOWS\erdnt\Hiv-backup\SAM" 3 Sep 2008 19:07:40 53 248 A.... "C:\WINDOWS\erdnt\Hiv-backup\SECURITY" 3 Sep 2008 19:07:42 30 076 928 A.... "C:\WINDOWS\erdnt\Hiv-backup\software" 3 Sep 2008 19:07:42 10 133 504 A.... "C:\WINDOWS\erdnt\Hiv-backup\system" 3 Sep 2008 19:10:28 389 120 A.... "C:\WINDOWS\erdnt\subs\default" 3 Sep 2008 19:10:28 673 A.... "C:\WINDOWS\erdnt\subs\ERDNT.CON" 3 Sep 2008 19:10:28 460 A.... "C:\WINDOWS\erdnt\subs\ERDNT.INF" 3 Sep 2008 19:10:28 24 576 A.... "C:\WINDOWS\erdnt\subs\SAM" 3 Sep 2008 19:10:26 53 248 A.... "C:\WINDOWS\erdnt\subs\SECURITY" 3 Sep 2008 19:10:28 30 076 928 A.... "C:\WINDOWS\erdnt\subs\software" 3 Sep 2008 19:10:38 1 024 A..H. "C:\WINDOWS\erdnt\subs\software.LOG" 3 Sep 2008 19:10:28 10 133 504 A.... "C:\WINDOWS\erdnt\subs\system" 3 Sep 2008 19:10:38 1 024 A..H. "C:\WINDOWS\erdnt\subs\system.LOG" 19 Aug 2008 8:53:50 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00002" 19 Aug 2008 8:53:50 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00003" 19 Aug 2008 8:53:52 110 592 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00004" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00005" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00006" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00007" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00008" 19 Aug 2008 8:53:52 12 288 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00009" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00010" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00011" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00012" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00013" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00014" 19 Aug 2008 8:53:52 8 192 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00015" 19 Aug 2008 8:53:52 16 384 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\reg00016" 6 Aug 2008 16:08:42 27 136 A...R "C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe" 6 Aug 2008 16:08:42 2 238 A...R "C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\Installer.ico" 15 Aug 2008 16:24:08 90 126 A...R "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\Installer.ico" 15 Aug 2008 16:24:08 102 400 A...R "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe" 15 Aug 2008 16:24:08 766 A...R "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\RichText.ico" 16 Aug 2008 15:28:28 593 920 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe" 16 Aug 2008 15:28:28 12 288 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe" 16 Aug 2008 15:28:28 766 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\graph.ico" 16 Aug 2008 15:28:28 86 016 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe" 16 Aug 2008 15:28:28 135 168 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe" 16 Aug 2008 15:28:28 11 264 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe" 16 Aug 2008 15:28:28 27 136 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe" 16 Aug 2008 15:28:28 4 096 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe" 16 Aug 2008 15:28:28 794 624 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe" 16 Aug 2008 15:28:28 249 856 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe" 16 Aug 2008 15:28:28 61 440 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe" 16 Aug 2008 15:28:28 23 040 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe" 16 Aug 2008 15:28:28 286 720 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe" 16 Aug 2008 15:28:28 409 600 A...R "C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe" 16 Aug 2008 12:34:36 38 240 A...R "C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe" 29 Jul 2008 14:52:30 23 558 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A71000000002}\FDFFile.ico" 29 Jul 2008 14:52:30 23 558 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A71000000002}\PDFFile.ico" 29 Jul 2008 14:52:30 23 558 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A71000000002}\PDXFile.ico" 29 Jul 2008 14:52:30 25 214 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A71000000002}\RMFFile.ico" 29 Jul 2008 14:52:30 25 214 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A71000000002}\SC_Reader.exe" 29 Jul 2008 14:52:30 25 214 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A71000000002}\SC_Reader_PM.ico" 29 Jul 2008 14:52:30 23 558 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A71000000002}\XDPFile.ico" 29 Jul 2008 14:52:30 23 558 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A71000000002}\XFDFile.ico" 7 Jul 2008 21:32:22 253 952 A.... "C:\WINDOWS\system32\dllcache\es.dll" 3 Sep 2008 19:11:34 16 384 A.SH. "C:\WINDOWS\temp\Cookies\index.dat" 7 Jul 2008 21:06:44 253 952 A.... "C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll" 7 Jul 2008 21:26:58 253 952 A.... "C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll" 7 Jul 2008 21:23:18 253 952 A.... "C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll" 7 Jul 2008 21:36:46 926 A.... "C:\WINDOWS\$hf_mig$\KB950974\update\branches.inf" 7 Jul 2008 21:59:04 12 431 A.... "C:\WINDOWS\$hf_mig$\KB950974\update\KB950974.CAT" 7 Jul 2008 22:06:48 370 A.... "C:\WINDOWS\$hf_mig$\KB950974\update\update.ver" 7 Jul 2008 21:36:46 678 A.... "C:\WINDOWS\$hf_mig$\KB950974\update\updatebr.inf" 7 Jul 2008 22:02:30 22 171 A.... "C:\WINDOWS\$hf_mig$\KB950974\update\update_SP2QFE.inf" 7 Jul 2008 22:06:10 24 158 A.... "C:\WINDOWS\$hf_mig$\KB950974\update\update_SP3GDR.inf" 7 Jul 2008 22:03:30 24 158 A.... "C:\WINDOWS\$hf_mig$\KB950974\update\update_SP3QFE.inf" 14 Jul 2008 12:03:00 62 976 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe" 11 Jul 2008 13:42:28 62 976 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe" 11 Jul 2008 13:51:52 62 976 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe" 15 Jul 2008 10:20:24 926 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\update\branches.inf" 15 Jul 2008 10:34:26 12 431 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\update\KB951072-v2.CAT" 15 Jul 2008 10:44:22 390 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.ver" 15 Jul 2008 10:20:24 681 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\update\updatebr.inf" 15 Jul 2008 10:38:34 57 337 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\update\update_SP2QFE.inf" 15 Jul 2008 10:43:42 59 324 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\update\update_SP3GDR.inf" 15 Jul 2008 10:37:20 59 324 A.... "C:\WINDOWS\$hf_mig$\KB951072-v2\update\update_SP3QFE.inf" 19 Aug 2008 8:54:28 23 788 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.inf" 19 Aug 2008 8:53:52 7 811 A.... "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.txt" 7 Jul 2008 21:59:04 12 431 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950974.cat" 15 Jul 2008 10:34:26 12 431 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951072-v2.cat" 19 Aug 2008 8:54:32 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp" 20 Aug 2008 15:48:42 686 A.... "C:\WINDOWS\system32\drivers\etc\HOSTS" 3 Sep 2008 19:11:40 145 ..SH. "C:\WINDOWS\temp\History\History.IE5\desktop.ini" 3 Sep 2008 19:11:34 16 384 A.SH. "C:\WINDOWS\temp\History\History.IE5\index.dat" 3 Sep 2008 19:11:40 67 ..SH. "C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini" 3 Sep 2008 19:11:34 16 384 A.SH. "C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat" 3 Sep 2008 19:07:42 229 376 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT" 3 Sep 2008 19:07:42 8 192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat" 3 Sep 2008 19:07:42 229 376 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT" 3 Sep 2008 19:07:42 8 192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat" 3 Sep 2008 19:07:42 53 248 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat" 3 Sep 2008 19:07:42 147 456 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat" 14 Aug 2008 17:23:12 6 A...R "C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\CacheSize.txt" 14 Aug 2008 17:22:10 7 A...R "C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\CacheSize.txt" 3 Sep 2008 19:11:40 67 ..SH. "C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\FXID7J0T\desktop.ini" 3 Sep 2008 19:11:40 67 ..SH. "C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\ICY91CV8\desktop.ini" 3 Sep 2008 19:11:40 67 ..SH. "C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\N6KX95ZL\desktop.ini" 3 Sep 2008 19:11:40 67 ..SH. "C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\RE65KP5Z\desktop.ini" C:\Program Files\ 30 Jul 2008 12:34:12 263 488 A.... "C:\Program Files\Apple Software Update\ScriptingObjectModel.dll" 30 Jul 2008 12:34:12 238 912 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateAdmin.dll" 30 Jul 2008 12:34:12 566 592 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.exe" 30 Jul 2008 12:34:12 349 504 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.dll" 18 Aug 2008 11:34:06 114 509 A.... "C:\Program Files\CCleaner\uninst.exe" 23 Jul 2008 12:39:12 13 952 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll" 23 Jul 2008 12:39:38 7 667 312 A.... "C:\Program Files\Mozilla Firefox\firefox.exe" 23 Jul 2008 12:39:38 200 829 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll" 23 Jul 2008 12:39:38 458 856 A.... "C:\Program Files\Mozilla Firefox\js3250.dll" 23 Jul 2008 12:39:40 161 392 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll" 23 Jul 2008 12:39:40 382 568 A.... "C:\Program Files\Mozilla Firefox\nss3.dll" 23 Jul 2008 12:39:40 276 080 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll" 23 Jul 2008 12:39:40 34 424 A.... "C:\Program Files\Mozilla Firefox\plc4.dll" 23 Jul 2008 12:39:40 30 320 A.... "C:\Program Files\Mozilla Firefox\plds4.dll" 23 Jul 2008 12:39:48 112 232 A.... "C:\Program Files\Mozilla Firefox\smime3.dll" 23 Jul 2008 12:39:48 254 060 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll" 23 Jul 2008 12:39:48 136 808 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll" 23 Jul 2008 12:39:50 132 232 A.... "C:\Program Files\Mozilla Firefox\updater.exe" 23 Jul 2008 12:39:50 13 416 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll" 23 Jul 2008 12:39:50 73 848 A.... "C:\Program Files\Mozilla Firefox\xpcom_compat.dll" 23 Jul 2008 12:39:50 422 000 A.... "C:\Program Files\Mozilla Firefox\xpcom_core.dll" 23 Jul 2008 12:39:50 73 336 A.... "C:\Program Files\Mozilla Firefox\xpicleanup.exe" 23 Jul 2008 12:39:50 12 400 A.... "C:\Program Files\Mozilla Firefox\xpistub.dll" 15 Aug 2008 13:00:46 13 952 A.... "C:\Program Files\Mozilla Thunderbird\AccessibleMarshal.dll" 15 Aug 2008 13:00:50 200 829 A.... "C:\Program Files\Mozilla Thunderbird\freebl3.dll" 15 Aug 2008 13:00:50 458 856 A.... "C:\Program Files\Mozilla Thunderbird\js3250.dll" 15 Aug 2008 13:00:50 107 903 A.... "C:\Program Files\Mozilla Thunderbird\license.html" 15 Aug 2008 13:00:46 23 680 A.... "C:\Program Files\Mozilla Thunderbird\MapiProxy.dll" 15 Aug 2008 13:00:50 11 896 A.... "C:\Program Files\Mozilla Thunderbird\mozMapi32.dll" 15 Aug 2008 13:00:50 145 040 A.... "C:\Program Files\Mozilla Thunderbird\nsldap32v50.dll" 15 Aug 2008 13:00:50 30 352 A.... "C:\Program Files\Mozilla Thunderbird\nsldappr32v50.dll" 15 Aug 2008 13:00:50 161 392 A.... "C:\Program Files\Mozilla Thunderbird\nspr4.dll" 15 Aug 2008 13:00:50 382 568 A.... "C:\Program Files\Mozilla Thunderbird\nss3.dll" 15 Aug 2008 13:00:50 276 080 A.... "C:\Program Files\Mozilla Thunderbird\nssckbi.dll" 15 Aug 2008 13:00:50 34 424 A.... "C:\Program Files\Mozilla Thunderbird\plc4.dll" 15 Aug 2008 13:00:50 30 320 A.... "C:\Program Files\Mozilla Thunderbird\plds4.dll" 15 Aug 2008 13:00:50 112 232 A.... "C:\Program Files\Mozilla Thunderbird\smime3.dll" 15 Aug 2008 13:00:50 254 060 A.... "C:\Program Files\Mozilla Thunderbird\softokn3.dll" 15 Aug 2008 13:00:50 136 808 A.... "C:\Program Files\Mozilla Thunderbird\ssl3.dll" 15 Aug 2008 13:00:52 8 496 752 A.... "C:\Program Files\Mozilla Thunderbird\thunderbird.exe" 15 Aug 2008 13:00:52 132 232 A.... "C:\Program Files\Mozilla Thunderbird\updater.exe" 15 Aug 2008 13:00:52 13 416 A.... "C:\Program Files\Mozilla Thunderbird\xpcom.dll" 15 Aug 2008 13:00:52 73 848 A.... "C:\Program Files\Mozilla Thunderbird\xpcom_compat.dll" 15 Aug 2008 13:00:54 420 464 A.... "C:\Program Files\Mozilla Thunderbird\xpcom_core.dll" 15 Aug 2008 13:00:54 73 336 A.... "C:\Program Files\Mozilla Thunderbird\xpicleanup.exe" 15 Aug 2008 13:00:54 12 400 A.... "C:\Program Files\Mozilla Thunderbird\xpistub.dll" 7 Jul 2008 9:42:00 1 429 840 A.SHR "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" 7 Jul 2008 9:42:04 4 891 472 A.SHR "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" 7 Jul 2008 9:42:06 2 156 368 A.SHR "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" 30 Jul 2008 12:34:12 202 048 A.... "C:\Program Files\Apple Software Update\plugins\EXEInstallPlugin.dll" 30 Jul 2008 12:34:12 128 320 A.... "C:\Program Files\Apple Software Update\plugins\MSIInstallPlugin.dll" 3 Jul 2008 18:33:40 6 421 512 A.... "C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE" 3 Jul 2008 18:36:56 12 313 096 A.... "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" 23 Jul 2008 12:39:20 67 696 A.... "C:\Program Files\Mozilla Firefox\components\jar50.dll" 23 Jul 2008 12:39:20 54 376 A.... "C:\Program Files\Mozilla Firefox\components\jsd3250.dll" 23 Jul 2008 12:39:20 34 952 A.... "C:\Program Files\Mozilla Firefox\components\myspell.dll" 23 Jul 2008 12:39:26 46 720 A.... "C:\Program Files\Mozilla Firefox\components\spellchk.dll" 23 Jul 2008 12:39:28 172 144 A.... "C:\Program Files\Mozilla Firefox\components\xpinstal.dll" 23 Jul 2008 12:39:40 22 664 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll" 23 Jul 2008 12:39:44 117 A.... "C:\Program Files\Mozilla Firefox\res\hiddenWindow.html" 23 Jul 2008 12:39:50 451 880 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" 15 Aug 2008 13:00:46 67 696 A.... "C:\Program Files\Mozilla Thunderbird\components\jar50.dll" 15 Aug 2008 13:00:46 54 376 A.... "C:\Program Files\Mozilla Thunderbird\components\jsd3250.dll" 15 Aug 2008 13:00:46 34 952 A.... "C:\Program Files\Mozilla Thunderbird\components\myspell.dll" 15 Aug 2008 13:00:48 46 720 A.... "C:\Program Files\Mozilla Thunderbird\components\spellchk.dll" 15 Aug 2008 13:00:48 172 144 A.... "C:\Program Files\Mozilla Thunderbird\components\xpinstal.dll" 15 Aug 2008 13:00:52 320 176 A.... "C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe" 21 Jul 2008 16:24:16 176 874 A.... "C:\Program Files\VideoLAN\VLC\uninstall.exe" 30 Jul 2008 12:34:06 25 088 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 26 624 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\de.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:12 24 064 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 26 112 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\es.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 25 088 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\fi.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 26 624 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\fr.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 25 600 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\it.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 24 064 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ja.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 24 064 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ko.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 25 088 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\nb.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 26 624 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\nl.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 25 088 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ru.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 25 088 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\sv.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 24 064 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_CN.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 24 064 A.... "C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_TW.lproj\SoftwareUpdateLocalized.dll" 30 Jul 2008 12:34:06 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\da.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 608 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\de.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:12 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\en.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\fi.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 608 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\fr.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 608 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\it.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ja.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ko.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\nb.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 608 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\nl.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 608 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_CN.lproj\SoftwareUpdateFilesLocalized.dll" 30 Jul 2008 12:34:06 4 096 A.... "C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_TW.lproj\SoftwareUpdateFilesLocalized.dll" 23 Jul 2008 12:39:28 7 168 A.... "C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html" 23 Jul 2008 12:39:32 99 840 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll" 23 Jul 2008 12:39:34 156 544 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll" 23 Jul 2008 12:39:34 14 456 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll" 23 Jul 2008 12:39:36 407 040 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe" 15 Aug 2008 13:00:50 1 562 112 A.... "C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\BrandRes.dll" 15 Aug 2008 13:00:50 156 544 A.... "C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll" 15 Aug 2008 13:00:50 14 456 A.... "C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\qfaservices.dll" 15 Aug 2008 13:00:50 407 040 A.... "C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\talkback.exe" 14 Jul 2008 13:08:20 1 A.... "C:\Program Files\OpenOffice.org 2.4\share\uno_packages\cache\stamp.sys" Files with hidden attributes: Sat 1 Mar 2008 24 ..SH. --- "C:\WINDOWS\S9E9CBC40.tmp" Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Tue 16 Oct 2007 88 ..SHR --- "C:\WINDOWS\system32\7AF72F2172.sys" Thu 19 Jun 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Mon 22 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe" Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe" Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe" Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe" Tue 23 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe" Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe" Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe" Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe" Mon 2 Dec 2002 431,616 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe" Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe" Wed 3 Sep 2008 128,704,971 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT14.tmp" Wed 3 Sep 2008 25,634,737 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BITE.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BITD.tmp" Sat 28 Jul 2007 1,039,189 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\01mp3ins.exe" Sat 7 Jul 2007 169,163 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\367966.EXE" Sat 14 Jul 2007 3,533,478 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\aida32ee_393.exe" Fri 20 Jul 2007 3,458,079 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\FileZilla_2_2_32_setup.exe" Wed 6 Sep 2006 162,063,522 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\GAMES - Spiderman Full PC Game - WORKS.zip" Tue 13 Nov 2007 2,402,832 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Installation de Windows Live.exe" Tue 18 Sep 2007 6,604,628 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\NSS103812.zip" Sat 3 Nov 2007 940,895 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Request for Proposal_Revised3.zip" Mon 6 Aug 2007 3,385 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Samba75_vista.zip" Mon 26 Nov 2007 63,746 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Tigo.zip" Mon 29 Oct 2007 622,434 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Tigo_Artwork.zip" Thu 30 Aug 2007 395,264 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Tracker.zip" Wed 5 Sep 2007 5,820,568 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\YouSendItApplicationSetup1_1.exe" Sat 16 Jun 2007 104,265 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FlashTool_01.zip" Fri 21 Sep 2007 4,799,460 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\Alcatel_OTUF_Installer_1.0.exe" Fri 21 Sep 2007 1,004,654 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\setupalcatel.zip" Fri 21 Sep 2007 365,202 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\usb2ser_cables_drivers.zip" Fri 21 Sep 2007 1,015,190 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\vbrun60.zip" Fri 21 Sep 2007 221,179 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\xpsetup.zip" Fri 23 Mar 2007 258,512,864 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Coreldraw_X3\CorelDRAWGraphicsSuiteX3.exe" Mon 6 Aug 2007 171,302 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\04-Des chattes sexy.zip" Mon 6 Aug 2007 103,866 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\07-Le jeu des 7 differences [interdit -18ans].zip" Mon 6 Aug 2007 729,230 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\08-Le grand test [interdit -18ans].zip" Mon 6 Aug 2007 96,041 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\08-Les plus belles photos cochonnes.zip" Mon 6 Aug 2007 96,041 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\08-Les plus belles photos cochonnes(2).zip" Mon 6 Aug 2007 118,361 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\08-Une technique particuliere.zip" Mon 6 Aug 2007 114,982 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\08-Une belle-mere teste ses gendres.zip" Mon 6 Aug 2007 1,259,492 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\09-Entre si tu veux prendre du plaisir.zip" Mon 6 Aug 2007 343,000 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\09-La connerie de chichi.zip" Mon 6 Aug 2007 18,801 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\09-La grossesse et la facture.zip" Mon 6 Aug 2007 195,815 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\09-Pour agrandir la photo.zip" Mon 6 Aug 2007 127,738 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\09-Que voyez-vous sur cette image.zip" Mon 6 Aug 2007 142,735 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\09-Une prise d'otages.zip" Mon 6 Aug 2007 180,686 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\09-Une blonde a l'ecole.zip" Mon 6 Aug 2007 65,166 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\09-Une grosse cochonne.zip" Mon 6 Aug 2007 436,557 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\10-Des photos insolites sur la france.zip" Mon 6 Aug 2007 833,015 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\21 MARS 2007.zip" Mon 6 Aug 2007 476,354 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\Amour_et_age.zip" Mon 6 Aug 2007 1,605,010 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\Condamne a mort.zip" Mon 6 Aug 2007 1,389,213 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\Hommedemavie.zip" Mon 6 Aug 2007 721,800 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\L'informatique.zip" Mon 6 Aug 2007 441,309 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\Le vibromasseur.zip" Mon 6 Aug 2007 1,813,411 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\Ou es-tu Papa.zip" Mon 6 Aug 2007 121,804 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\Pensee sages.zip" Mon 6 Aug 2007 2,621,959 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\Pertes de memoire.zip" Mon 6 Aug 2007 64,874 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\DIAPO_PPT\trois vampires vont dans un bar.zip" Tue 18 Sep 2007 6,604,628 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\NSS103812.zip" Mon 4 Jun 2007 5,734,679 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Activateur 1.zip" Tue 28 Aug 2007 1,429,665 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\HB_Pictures\HB_Pictures.zip" Tue 4 Dec 2007 101,597,162 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Nouveau\Akon - Konvicted Full Album 2006.zip" Fri 13 Jul 2007 6,629,190 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\NSS103812\NSS103812.exe" Wed 28 Mar 2007 2,349,720 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\PDF MAKER\pdf995s.exe" Wed 28 Mar 2007 5,274,776 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\PDF MAKER\ps2pdf995.exe" Wed 9 Jan 2008 327,983 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\French_CB_back_TelAfrica.jpg.zip" Thu 25 Oct 2007 1,503,062 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\TIGO_Artwork\TIGO_VOUCHER_ARTWORK.zip" Mon 22 Dec 2003 24,576 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\CopySys.exe" Tue 25 Jul 2006 1,376,256 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Install.exe" Wed 24 Jun 1998 1,409,024 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\msvbvm60.dll" Sun 1 Oct 2000 119,568 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\VB6FR.DLL" Mon 12 Feb 2001 184,320 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\VBE6INTL.DLL" Thu 5 Jul 2007 327,983 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\New Folder2\Copy of New Folder\French_CB_back_TelAfrica.jpg.zip" Thu 5 Jul 2007 327,983 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\New Folder2\New Folder\French_CB_back_TelAfrica.jpg.zip" Mon 4 Oct 2004 1,134,592 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\Dames.exe" Sat 12 Aug 2006 6,373,936 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\ScrabbleInstall.exe" Mon 14 May 2007 3,557,552 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\setupfreecall.exe" Thu 10 May 2007 615,516 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\texSMS_V2.1.04.zip" Fri 21 Feb 2003 374,304 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\WinVi32.exe" Wed 17 Jun 1998 140,800 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\acr\setup.exe" Wed 17 Jun 1998 140,800 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\loger_install\setup.exe" Thu 18 Jun 1998 140,800 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\setupalcatel\setup.exe" Thu 1 Jul 1999 1,055,456 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\vbrun60\VBRUN60.EXE" Tue 29 Jul 2003 227,328 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\xpsetup\Setup Xp InpOut.exe" Fri 25 Jul 2003 3,072 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\xpsetup\XPINPOUT.SYS" Wed 29 Mar 2006 97,280 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Coreldraw_X3\CorelDRAW.Graphics.Suite.X3.v13.0.Incl.Keygen-SSG\keygen.exe" Fri 23 Mar 2007 79,213 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Coreldraw_X3\crackbyfull\CorelDRAW Graphics Suite X3 v13.0 keygen by SSG.zip" Thu 20 Sep 2007 2,355,517 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\7048130000.exe" Thu 20 Sep 2007 14,270,334 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\audio_winxp2k_51213890.zip" Tue 20 Feb 2007 19,170,000 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\avg-antivirus_avg_antivirus_7.5.441_version_gratuite_anglais_10997.exe" Tue 18 Sep 2007 6,604,628 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\NSS103812.zip" Thu 12 Oct 2006 12,220,440 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\setupfreAvast.exe" Thu 20 Sep 2007 2,733,824 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\sp27532(2).exe" Thu 20 Sep 2007 3,324,748 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\sp31099(2).exe" Thu 20 Sep 2007 17,521,783 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\tpad_winxp_549056.zip" Tue 27 Mar 2007 235,206 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Company_Profile_Exotic_Systems.zip" Wed 14 Dec 2005 71,441 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Cybergsm_DCT4_1.4.zip" Wed 14 Dec 2005 10,199,148 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\GSM MOBILE phones .rar.zip" Thu 22 Jun 2006 14,512,504 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\My Flash 12 april 2007\audio.exe" Tue 6 Mar 2007 6,441,056 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\My Flash 12 april 2007\Opera_9.10_International_Setup.exe" Sat 14 Jul 2007 3,533,478 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\New Folder\aida32ee_393.exe" Sat 30 Jun 2007 48,737,952 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\New Folder\PC_Suite_2.10.21.exe" Wed 28 Mar 2007 2,349,720 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\New Folder\pdf995s.exe" Wed 28 Mar 2007 5,274,776 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\New Folder\ps2pdf995.exe" Sat 30 Jun 2007 33,939,887 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\New Folder\Update_Service_Setup-2.7.6.8-1.exe" Sat 5 May 2007 1,829,065 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\SERDOC\Celtel.zip" Thu 14 Jun 2007 1,168,582 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\SERDOC\Overview - TrackPRO.zip" Fri 15 Jun 2007 582,330 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\SERDOC\Snippet_Firmware_Remote_Update_1.0.0.zip" Fri 15 Jun 2007 17,642,870 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\SERDOC\SteppConfig_1.7.6_jre1.5.0-setup.zip" Thu 10 May 2007 615,516 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\SERDOC\texSMS_V2.1.04.zip" Thu 12 Apr 2007 66,484 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\ACT files.zip" Tue 27 Mar 2007 1,403,440 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\gmatdiag.exe" Mon 16 Apr 2007 935,638 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\pdfcomp.exe" Mon 5 Sep 2005 1,103,367 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\s-t-i-n-g-e-r.exe" Mon 1 Jan 2007 5,475,840 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\SMSStudioSetup.exe" Fri 26 Jan 2007 1,349,192 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\ymb_setup_mini_fr.exe" Fri 11 Nov 2005 14,174,229 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\Advanced Tool Kit\366523.zip" Mon 21 Feb 2000 2,718,038 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\pgl.zip" Mon 29 Jan 2007 20,229,368 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\Kaspersky Internet Security 2006 6.0.2.614\kis6.0.2.614en.exe" Wed 24 Nov 2004 160,256 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\ssafr730\keygen\keygen.exe" Thu 17 Oct 2002 8,981,440 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Acrobat\ar505fra.exe" Thu 17 Oct 2002 1,774,362 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\prise de controle\client.zip" Thu 25 Oct 2007 725,080 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\prise de controle\server.zip" Tue 13 Aug 2002 54,784 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\XBAR\Setup.exe" Sat 21 Apr 2007 768,968 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\Microsoft\amd_k8_132.exe" Mon 7 May 2007 312 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\Microsoft\FixCool.zip" Mon 7 May 2007 533 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\Microsoft\runit.zip" Mon 27 Oct 2003 102,400 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\AUTORUN.EXE" Mon 27 Oct 2003 192,512 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\NAVIGMA.EXE" Sat 16 Jun 2007 550,932 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\samba_install_01.EXE" Sat 16 Jun 2007 582,330 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Snippet_Firmware_Remote_Update_1.0.0.zip" Wed 13 Oct 2004 9,218,192 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\zone alarm\zaAvSetup_51_033_000.exe" Fri 2 Dec 2005 81,920 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\FTDI XP Drivers for OTUF Hardware V2\FTDI XP Drivers\FTD2XX.dll" Thu 15 Dec 2005 34,639 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\FTDI XP Drivers for OTUF Hardware V2\FTDI XP Drivers\FTD2XX.sys" Wed 5 May 2004 414,720 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Alcatel-Utilities\FTDI XP Drivers for OTUF Hardware V2\FTDI XP Drivers\FTDIUNIN.exe" Fri 23 Mar 2007 258,512,864 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Coreldraw_X3\CorelDRAWGraphicsSuiteX3.exe" Wed 29 Aug 2007 174,285 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Updates_Files\avg_wra_oth_en_75_1.exe" Wed 29 Aug 2007 1,486,720 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Updates_Files\GenuineCheck.exe" Wed 29 Aug 2007 101,380 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Updates_Files\rmstubby.exe" Wed 29 Aug 2007 288,256 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Updates_Files\rmvirut.exe" Wed 29 Aug 2007 883,584 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Updates_Files\WGAPluginInstall.exe" Wed 29 Aug 2007 4,934,480 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Updates_Files\WindowsXP-KB838079-SupportTools-ENU.exe" Tue 9 Nov 1999 23,213 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\new motorola unlocker [found via www.FileDonkey.com]\LPTRUN.EXE" Thu 16 Aug 2007 0 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\new motorola unlocker [found via www.FileDonkey.com]\NEWMOTOR.EXE" Tue 14 Aug 2007 548,864 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\Code Calculator 2.0.exe" Sat 23 Oct 2004 306,821 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\Code Calculator by CyberGSM 2.0 Updated.zip" Sat 23 Oct 2004 80,852 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\DCT3 Codes client 1.3.zip" Sat 23 Oct 2004 236,311 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\DCT4 Code Calculator by Hollowman 5.4.zip" Sat 23 Oct 2004 5,546 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\DCT4Key.zip" Sat 23 Oct 2004 90,358 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\MadOS for 3310 latest edition including DCT3 code calculation! (3310).zip" Tue 14 Aug 2007 208,384 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\NokTool18.exe" Sat 23 Oct 2004 403,588 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\Smart DCT4 Calc 1.17.zip" Sat 23 Oct 2004 333,338 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\Smart DCT4 Calculator Version 218.zip" Sat 23 Oct 2004 27,334 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\Ultimate Unlock Code Calculator by Unique.zip" Fri 23 Feb 2007 749,596 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\TRACKPRO_DOCS\TrackPro\ETSCertificates.zip" Thu 3 Nov 2005 7,143,792 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\Advanced Tool Kit\366523\atkwin.exe" Wed 18 Jan 2006 5,228,293 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\P7000\Firmware\366597.exe" Fri 13 Jan 2006 5,228,293 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\P7000\Firmware\366597ash.exe" Thu 31 Aug 2006 5,186,156 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\P7000\Firmware\366741.exe" Thu 15 Aug 2002 1,508,098 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\drivers\358212.exe" Wed 25 Oct 2000 2,450,503 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\356601.exe" Tue 31 Oct 2000 2,441,464 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\356687.exe" Thu 2 Nov 2000 2,457,673 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\356814.exe" Sat 29 Sep 2001 2,529,962 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\357728.exe" Mon 16 Jul 2001 2,578,824 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\358146.exe" Mon 28 Jan 2002 2,650,377 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\359377.exe" Thu 21 Nov 2002 2,680,321 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\359810.exe" Thu 13 Jun 2002 2,693,931 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\360051.zip" Mon 9 Dec 2002 3,203,396 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\361193.exe" Fri 23 Jan 2004 3,568,934 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\362538.exe" Thu 22 Mar 2007 3,568,235 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\362538.zip" Mon 25 Nov 2002 967 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\Shortcut to 359810.pif" Tue 12 Dec 2006 5,215,946 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5r\Driver\350-Windows-98-2K-Me-Bundle-2.1.exe" Thu 30 Nov 2006 248,189 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5r\Driver\365725(1).exe" Mon 22 Aug 2005 6,789,699 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5r\Firmware\366096.exe" Thu 20 Apr 2006 60,000 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5r\Firmware\366975.exe" Mon 13 May 2002 589,824 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Compta 10.00 FR\Mise … jour du plan comtable en euros.exe" Thu 17 Jul 2003 19,667,944 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Devis Factures 3.00 FR\Install.exe" Fri 3 Oct 2003 15,427 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Crack Ciel\Crack.exe" Mon 2 Dec 2002 107,512 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\ENU\setup.exe" Mon 2 Dec 2002 107,512 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\FRA\setup.exe" Mon 2 Dec 2002 107,512 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\PTG\setup.exe" Wed 19 Nov 1997 59,904 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\prise de controle\Client\SETUP.EXE" Wed 19 Nov 1997 8,192 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\prise de controle\Client\_ISDEL.EXE" Wed 19 Nov 1997 11,264 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\prise de controle\Client\_setup.dll" Wed 19 Nov 1997 59,904 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\prise de controle\server\SETUP.EXE" Wed 19 Nov 1997 8,192 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\prise de controle\server\_ISDEL.EXE" Wed 19 Nov 1997 11,264 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\FDisk_XFs\prise de controle\server\_setup.dll" Mon 16 Sep 1996 426,496 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\LVPro\LVSETUP2.EXE" Mon 27 Oct 2003 71,680 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\setup\Setup.exe" Mon 27 Oct 2003 27,648 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\setup\_ISDel.exe" Mon 27 Oct 2003 34,816 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\setup\_Setup.dll" Thu 1 Oct 1998 45,312 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\BIBLE\Installation\SETUP.EXE" Thu 1 Oct 1998 8,192 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\BIBLE\Installation\_ISDEL.EXE" Thu 1 Oct 1998 11,264 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\BIBLE\Installation\_SETUP.DLL" Sat 5 May 2007 1,829,065 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\SERDOC\Celtel.zip" Thu 14 Jun 2007 1,168,582 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\SERDOC\Overview - TrackPRO.zip" Fri 15 Jun 2007 582,330 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\SERDOC\Snippet_Firmware_Remote_Update_1.0.0.zip" Fri 15 Jun 2007 17,642,870 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\SERDOC\SteppConfig_1.7.6_jre1.5.0-setup.zip" Thu 10 May 2007 615,516 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\SERDOC\texSMS_V2.1.04.zip" Wed 29 Mar 2006 76,800 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Coreldraw_X3\crackbyfull\CorelDRAW Graphics Suite X3 v13.0 keygen by SSG\CorelDRAW.Graphics.Suite.X3.v13.0.Incl.Keygen-SSG\keygen.exe" Wed 29 Mar 2006 97,280 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Coreldraw_X3\CorelDRAW.Graphics.Suite.X3.v13.0.Incl.Keygen-SSG\keygen.exe" Fri 23 Mar 2007 79,213 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Coreldraw_X3\crackbyfull\CorelDRAW Graphics Suite X3 v13.0 keygen by SSG.zip" Thu 8 Mar 2007 2,888,304 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Activateur 1\Activateur 1\Etape 1 wva_b48168\Setup.exe" Tue 6 Mar 2007 2,236,003 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Activateur 1\Activateur 1\Etape 2 new_2007\windows vista 2007.exe" Sat 22 May 2004 69,632 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\DCT4 Code Calculator by Hollowman 5.4\calc.dll" Tue 14 Aug 2007 315,392 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\DCT4 Code Calculator by Hollowman 5.4\Code Calculator 5.4.exe" Tue 14 Aug 2007 606,208 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\Smart DCT4 Calculator Version 218\Code Calculator 3.5.exe" Tue 14 Aug 2007 28,672 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\Smart DCT4 Calculator Version 218\DCT3.exe" Sat 18 Oct 2003 423,096 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\Smart DCT4 Calc 1.17\SmartDCT4Calc_117_setup.exe" Sun 8 Feb 2004 26,624 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\Ultimate Unlock Code Calculator by Unique\GTCLwin.exe" Fri 1 Sep 2006 3,420,672 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\CodeSegment\SMS Studio\SMSStudio.exe" Fri 1 Sep 2006 619,520 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\CodeSegment\SMS Studio\Uninstaller.exe" Fri 23 Feb 2007 749,596 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\TRACKPRO_DOCS\TrackPro\ETSCertificates\ETSCertificates.zip" Wed 27 Apr 2005 358 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\PGPUniversalServer200GPLSource\PGPUniversalServer200GPLSourceInner\PGP-GPLPatches\kernel-utils\irqbalance.sysconfig" Wed 23 Nov 2005 5,186,178 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\P7000\Firmware\Ribbon Barcode\366468.exe" Thu 8 Mar 2007 5,186,063 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\P7000\Firmware\Ribbon Barcode\366468.zip" Tue 30 Oct 2001 2,597,833 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\CBI\358968.exe" Tue 30 Oct 2001 17,078 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\CBI\359024.exe" Tue 6 Apr 2004 3,568,934 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\pgl\362538.exe" Wed 26 Jan 2005 3,576,806 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\pgl\364639.exe" Mon 23 Jun 2003 3,183,256 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\PPI1\361560.exe" Thu 7 Apr 2005 3,886,683 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\PPI3\365634.zip" Tue 13 Dec 2005 3,554,240 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Printronix\T5000\flash\TN5250\364643.exe" Wed 18 Jun 2003 208,896 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Compta 10.00 FR\Install\crun500.dll" Sun 18 Feb 1996 47,616 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Compta 10.00 FR\Install\INSTALL.EXE" Thu 7 Sep 1995 8,192 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Compta 10.00 FR\Install\_isdel.exe" Thu 8 Feb 1996 10,240 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Compta 10.00 FR\Install\_SETUP.DLL" Fri 11 Aug 2000 165,888 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Compta 10.00 FR\Utilitaire Recup Societe\Setup.exe" Fri 20 Jun 2003 208,896 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\CRun500.dll" Sun 18 Feb 1996 47,616 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\INSTALL.EXE" Thu 7 Sep 1995 8,192 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\_isdel.exe" Thu 8 Feb 1996 10,240 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\_SETUP.DLL" Mon 15 Oct 2001 3,023,484 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Help\Formation multim‚dia Ciel Compta\start.exe" Mon 30 Jan 2006 503,808 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\ENU\Data\OpeIcons.dll" Fri 1 Dec 2006 360,448 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\ENU\Data\RasCnxMngr.dll" Thu 29 Jul 2004 36,094 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\ENU\Inf\smusbsmb.sys" Mon 30 Jan 2006 503,808 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\FRA\Data\OpeIcons.dll" Thu 30 Nov 2006 360,448 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\FRA\Data\RasCnxMngr.dll" Thu 29 Jul 2004 36,094 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\FRA\Inf\smusbsmb.sys" Mon 30 Jan 2006 503,808 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\PTG\Data\OpeIcons.dll" Fri 1 Dec 2006 360,448 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\PTG\Data\RasCnxMngr.dll" Thu 29 Jul 2004 36,094 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\VODACOM SOFT\Data\PTG\Inf\smusbsmb.sys" Fri 12 Jul 2002 138,752 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\pqFeatur.dll" Tue 14 Aug 2007 54,272 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\Setup.exe" Sun 10 Mar 2002 1,708,856 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Setup\instmsia.exe" Sun 10 Mar 2002 1,822,520 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Setup\instmsiw.exe" Fri 12 Jul 2002 138,752 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Setup\PQFEATUR.DLL" Tue 14 Aug 2007 196,608 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Setup\setup.exe" Mon 27 Oct 2003 44,928 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\mm_ress\Acrobat\SETUP.EXE" Mon 27 Oct 2003 8,192 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\mm_ress\Acrobat\_ISDEL.EXE" Mon 27 Oct 2003 10,752 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\mm_ress\Acrobat\_SETUP.DLL" Mon 27 Oct 2003 12,288 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\mm_ress\DEPANN\REGOCX32.EXE" Mon 27 Oct 2003 45,312 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\mm_ress\DEPANN\SETUP.EXE" Mon 27 Oct 2003 8,192 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\mm_ress\DEPANN\_ISDEL.EXE" Mon 27 Oct 2003 11,264 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\mm_ress\DEPANN\_SETUP.DLL" Mon 27 Oct 2003 11,974,280 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\setup\DirectX\DX81frn.exe" Mon 27 Oct 2003 7,827,592 A..HR --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\9Dicos\setup\DirectX\DX81NTfrn.exe" Tue 16 May 2006 1,479,057 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\Registry Help Pro 1.2\reghelppro.exe" Tue 14 Aug 2007 1,114,112 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\WinGhost Driver\windrvghost.exe" Wed 18 Aug 1999 28,160 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\AMT-Datasouth\Fastmark 400 203dpi Windows Drivers\UTILITY\OUTPORT.DLL" Thu 19 Aug 1999 179,200 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\AMT-Datasouth\Fastmark 400 203dpi Windows Drivers\UTILITY\UTIL.EXE" Sat 24 Aug 1996 77,712 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\AMT-Datasouth\Fastmark 400 203dpi Windows Drivers\WIN95\ICONLIB.DLL" Tue 11 Jul 1995 197,024 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\AMT-Datasouth\Fastmark 400 203dpi Windows Drivers\WIN95\UNIDRV.DLL" Wed 11 Apr 2001 75,264 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\AMT-Datasouth\XBAR Label Design Software\Disk 1\Setup.exe" Mon 9 Jul 2007 3,202,754 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\Presentations\Printnet\printnet_loop\printnet.zip" Sun 8 Jun 2003 3,680,971 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\Presentations\Printnet\printnet_loop\printnet_loop.exe" Tue 14 Aug 2007 26,112 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Doc Serge\Remote Unlocking Software(mobile phones )\DCT3 Codes client 1.3\dct3_codes_client_v13\dct3_codes_client.exe" Fri 11 Aug 2000 165,888 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Compta 10.00 FR\Install\esauvegarde\install.exe" Tue 6 Nov 2001 5,503,880 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Compta 10.00 FR\Install\esauvegarde\msjavx86_3802.exe" Fri 11 Aug 2000 165,888 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Compta 10.00 FR\Install\esauvegarde\Setup.exe" Fri 11 Aug 2000 165,888 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\e-Commerce\Install.exe" Fri 6 Oct 2000 7,890,088 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\e-Commerce\mdac_typ_4403_12_fr.exe" Tue 6 Nov 2001 5,503,880 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\e-Commerce\msjavx86_3802.exe" Fri 11 Aug 2000 165,888 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\e-Commerce\Setup.exe" Fri 11 Aug 2000 165,888 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\eSauvegarde\Install.exe" Tue 6 Nov 2001 5,503,880 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\eSauvegarde\msjavx86_3802.exe" Fri 11 Aug 2000 165,888 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Ciel Gestion Commerciale 10.00 FR\Install\eSauvegarde\Setup.exe" Fri 30 Mar 2001 59,471 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\CHKDSK.EXE" Fri 30 Mar 2001 66,657 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\COMMAND.COM" Fri 30 Mar 2001 544 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\CONFIG9x.SYS" Fri 30 Mar 2001 530 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\CONFIGME.SYS" Fri 30 Mar 2001 3,877 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\DISPLAY.SYS" Fri 30 Mar 2001 179,583 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\EMM386.EXE" Fri 30 Mar 2001 22,827 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\FDISK.COM" Fri 30 Mar 2001 32,768 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\FLOPPY.EXE" Fri 30 Mar 2001 57,344 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\FLOPPY9x.EXE" Fri 30 Mar 2001 57,856 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\FLOPPYME.EXE" Sun 29 Apr 2001 14,887 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\HIMEM.SYS" Fri 30 Mar 2001 29,594 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\IBMBIO.COM" Fri 30 Mar 2001 30,720 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\IBMDOS.COM" Fri 30 Mar 2001 12,187 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\KEYB.COM" Fri 30 Mar 2001 967 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\LABEL.PIF" Mon 20 May 2002 2,606 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\LOADBM.SYS" Fri 30 Mar 2001 16,025 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\MODE.COM" Fri 30 Mar 2001 0 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\MYDOS.SYS" Fri 30 Mar 2001 21,756 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\NWCDEX.EXE" Sun 15 Sep 2002 90,418 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\PQBOOT.EXE" Fri 20 Jul 2001 501,760 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\PTEDIT32.EXE" Fri 30 Mar 2001 41,038 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\restrmbr.exe" Sun 15 Sep 2002 66,544 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\DOSYSTEM\WRPROG.EXE" Sun 10 Mar 2002 1,708,856 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\DKeeper\instmsia.exe" Sun 10 Mar 2002 1,822,520 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\DKeeper\instmsiw.exe" Tue 14 Aug 2007 131,072 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\DKeeper\setup.exe" Fri 12 Jul 2002 138,752 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\pqFeatur.dll" Tue 14 Aug 2007 0 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\Setup.exe" Sun 10 Mar 2002 1,708,856 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\Setup\instmsia.exe" Sun 10 Mar 2002 1,822,520 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\Setup\instmsiw.exe" Fri 12 Jul 2002 138,752 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\Setup\PQFEATUR.DLL" Tue 14 Aug 2007 196,608 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\Setup\setup.exe" Tue 16 May 2006 76,453 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\Registry Help Pro 1.2\keygen\Registry.Help.Pro.v1.20.WinALL.Incl.Keygen-BRD.zip" Thu 31 May 2001 18,884 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\AMT-Datasouth\Fastmark 400 203dpi Windows Drivers\NT40\I386\ELBDRV.DLL" Mon 14 Oct 1996 72,912 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\AMT-Datasouth\Fastmark 400 203dpi Windows Drivers\NT40\I386\RASDD.DLL" Mon 14 Oct 1996 70,416 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\AMT_DATASOUTH\Training Nov 06\AMT-Datasouth\Fastmark 400 203dpi Windows Drivers\NT40\I386\RASDDUI.DLL" Wed 29 Mar 2006 77,312 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\Flash_128\FLASH_11102007\Coreldraw_X3\crackbyfull\CorelDRAW Graphics Suite X3 v13.0 keygen by SSG\CorelDRAW.Graphics.Suite.X3.v13.0.Incl.Keygen-SSG\keygen.exe" Fri 1 Sep 2006 75,776 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\CodeSegment\SMS Studio\Samples\InfoService\GetHTTPReply.exe" Fri 1 Sep 2006 48,128 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\F__K\Sft\CodeSegment\SMS Studio\Samples\InfoService\PlayAudio.exe" Tue 16 Oct 2001 336,188 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Help\Formation multim‚dia Ciel Compta\PROFK\P1\Profcomp.exe" Tue 16 Oct 2001 611,417 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\DESKTOP\site\CIEL COMPTA\Help\Formation multim‚dia Ciel Compta\PROFK\P2\profprat.exe" Tue 14 Aug 2007 54,272 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Rescueme\Setup.exe" Sun 10 Mar 2002 1,708,856 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Setup\instmsia.exe" Sun 10 Mar 2002 1,822,520 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Setup\instmsiw.exe" Fri 12 Jul 2002 138,752 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Setup\PQFEATUR.DLL" Tue 14 Aug 2007 217,088 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\BTMagic\Setup\setup.exe" Fri 30 Mar 2001 59,471 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\CHKDSK.EXE" Fri 30 Mar 2001 66,657 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\COMMAND.COM" Fri 30 Mar 2001 544 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\CONFIG9x.SYS" Fri 30 Mar 2001 530 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\CONFIGME.SYS" Fri 30 Mar 2001 3,877 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\DISPLAY.SYS" Fri 30 Mar 2001 179,583 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\EMM386.EXE" Fri 30 Mar 2001 22,827 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\FDISK.COM" Fri 30 Mar 2001 32,768 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\FLOPPY.EXE" Fri 30 Mar 2001 57,344 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\FLOPPY9x.EXE" Fri 30 Mar 2001 57,856 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\FLOPPYME.EXE" Sun 29 Apr 2001 14,887 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\HIMEM.SYS" Fri 30 Mar 2001 29,594 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\IBMBIO.COM" Fri 30 Mar 2001 30,720 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\IBMDOS.COM" Fri 30 Mar 2001 12,187 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\KEYB.COM" Fri 30 Mar 2001 967 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\LABEL.PIF" Fri 30 Mar 2001 16,025 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\MODE.COM" Fri 30 Mar 2001 0 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\MYDOS.SYS" Fri 30 Mar 2001 21,756 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\NWCDEX.EXE" Sun 15 Sep 2002 503,808 A..H. --- "C:\Documents and Settings\All Users\Documents\SRVR ADMIN FILES\Serge\SergeDocs\Serge\Nouveau dossier\PArtition Magique 8\RESCUEME\DOSYSTEM\PTEDIT32.EXE" Catchme: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-03 19:19:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000000 "TracesSuccessful"=dword:00000000 "LastTraceFailure"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... C:\Documents and Settings\Tel'Africa\Local Settings\Application Data\Microsoft\Messenger\ginosoft@hotmail.com\SharingMetadata\jeanpaulbindo@hotmail.com\DFSR\Staging\CS{898014B1-E09F-2DF9-674D-E5396D8C6E86}\01\10-{898014B1-E09F-2DF9-674D-E5396D8C6E86}-v1-{392F300E-75DE-4C4C-B78F-A49BC481C88F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Tel'Africa\Local Settings\Application Data\Microsoft\Messenger\ginosoft@hotmail.com\SharingMetadata\vynk7@hotmail.com\DFSR\Staging\CS{35DDD16D-A9FD-C243-DBC5-726E4C7A8A66}\01\11-{35DDD16D-A9FD-C243-DBC5-726E4C7A8A66}-v1-{392F300E-75DE-4C4C-B78F-A49BC481C88F}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 Program Folders: C:\Program Files\ 01-mp3search ABBYY FineReader 8.0 Professional Edition AC3Filter Adobe Ahead AIDA32 - Enterprise System Information Alcatel OTUF Apple Software Update Audacity AVG AvRack Bonjour CCleaner Cellcomm Ciel Common Files ComPlus Applications Corel CyberLink CyberLink DVD Solution DAP DIFX directx DivX EasyPHP1-8 Ericsson ffdshow FileZilla FUJIFILM Grisoft HgProgrammes HSDPA USB Modem ImTOO InstallShield Installation Information Internet Explorer iPod iTunes Java Labeling Software Learning Essentials Lingea Macromedia Mattgo27 Apps MediaXW Messenger Microsoft ActiveSync Microsoft CAPICOM 2.1.0.2 Microsoft Etudes microsoft frontpage Microsoft Office Microsoft.NET Mobile PhoneTools Movie Maker Mozilla Firefox Mozilla Thunderbird MSECache MSN MSN Gaming Zone MSXML 4.0 MSXML 6.0 MySQL Napster NBS Net_MapControl NetMeeting Nokia Norton Internet Security Notepad++ NSS Okidata Online Services OpenOffice.org 2.4 Outlook Express PC Connectivity Solution PDF Compress pdf995 PDFCreator Project64 1.6 PROMT5 QuickTime ReadyAce Realtek AC97 Realtek Sound Manager Recuva Reference Assemblies Roxio Silicon Integrated Systems SiS VGA Utilities V3.75 sisagp SiSLan Skype SlySoft SmartDCT4Calc v1.1.7 Spiderman Scenes Screensaver Spybot - Search & Destroy Steinberg SuperCopier2 Systran Thoosje Sidebar V2.0 TrackPRO TuneUp Utilities 2006 UltraVNC Uninstall Information VideoLAN VirtualDJ Webshots Windows Live Toolbar Windows Media Player Windows NT WindowsUpdate WinRAR Wireless xerox XviD Yahoo! Zero G Registry C:\Program Files\Common Files\ Adobe Apple Cisco Systems Corel DESIGNER InstallShield Java LightScribe Macromedia Microsoft Shared MSSoap Nokia ODBC PC SOFT PCSuite Protexis Sage Services Skype Sonic Shared SpeechEngines SureThing Shared Symantec Shared System Vbox WindowsLiveInstaller Wise Installation Wizard Add/Remove Programs: Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) 3GP Video Converter 3 Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) AC3Filter (remove only) Adobe Flash Player Plugin Adobe Photoshop 7.0.1 Adobe SVG Viewer 3.0 AIDA32 v3.93 Audacity 1.2.6 Bible Reader 1.5.2 CCleaner (remove only) WASAY DPU DebugMux Download Accelerator Plus (DAP) EasyPHP 1.8 FileZilla (remove only) HijackThis 2.0.2 Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 HSDPA USB Modem Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Security Update for Windows XP (KB890046) Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Security Update for Windows XP (KB893756) Windows Installer 3.1 (KB893803) Update for Windows XP (KB894391) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Update for Windows XP (KB898461) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Update for Windows XP (KB900485) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Update for Windows XP (KB908531) Hotfix for Windows XP (KB909394) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows Media Player (KB911564) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Hotfix for Windows XP (KB915865) Update for Windows XP (KB916595) Security Update for Windows XP (KB917344) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Update for Windows XP (KB920872) Security Update for Windows XP (KB921503) Update for Windows XP (KB922582) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows Media Player 6.4 (KB925398) Update for Windows XP (KB925720) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Update for Windows XP (KB927891) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Update for Windows XP (KB930916) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Update for Windows XP (KB931836) Security Update for CAPICOM (KB931906) Security Update for Windows XP (KB932168) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Update for Windows XP (KB936357) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows Internet Explorer 7 (KB938127) Update for Windows XP (KB938828) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows Internet Explorer 7 (KB942615) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Update for Windows XP (KB946627) Security Update for Windows XP (KB946648) Hotfix for Windows Internet Explorer 7 (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Update for Windows XP (KB951072-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Hotfix for Windows XP (KB952287) Security Update for Windows XP (KB952954) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows XP (KB953839) Mapit NetMapControl Light Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Mozilla Firefox (2.0.0.16) Mozilla Thunderbird (2.0.0.16) MSN Microsoft National Language Support Downlevel APIs PDF Compress 1.0 Printronix Advanced Tool Kit Printronix printer drivers SiS VGA Utilities SiS 900 PCI Fast Ethernet Adapter Driver Skype 3.0 Spider-Man 2 Screensaver 1 Spiderman Scenes Screensaver Powered by Advantage SuperCopier2 Systran Professional Premium 4.0 TrackPRO 1.0.0.9 VideoLAN VLC media player 0.8.6c Windows Imaging Component Windows Media Format Runtime Lecteur Windows Media 10 Archiveur WinRAR XML Paper Specification Shared Components Pack 1.0 XviD MPEG-4 Codec CorelDRAW Graphics Suite X3 PDFCreator Nokia PC Suite PC Connectivity Solution Microsoft Encarta 2007 - Études Microsoft Encarta Maths Roxio RecordNow Data MSXML 6.0 Parser (KB933579) Security Update for CAPICOM (KB931906) Roxio DLA SiSRaidPackage OpenOffice.org 2.4 Multimedia Launcher Sonic Update Manager Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 4 EN OKI Network Extension Nokia Connectivity Cable Driver Macromedia Extension Manager Skype Plugin Manager Apple Mobile Device Support Bonjour FontNav Macromedia Dreamweaver 8 CorelDRAW Graphics Suite X3 Mobile PhoneTools Roxio Express Labeler Cellcomm PowerDVD Apple Software Update Java 2 Runtime Environment, SE v1.4.2_08 Microsoft Visual C++ 2005 Redistributable DivX iTunes TuneUp Utilities 2006 DivX Player Microsoft Office Professional Edition 2003 Compatibility Pack for the 2007 Office system Project64 1.6 MP3PowerEncoder Microsoft ActiveSync XBar Lite OKI Color Swatch Utility UltraVNC v1.0.2 Roxio RecordNow Audio Adobe Reader 7.1.0 - Français HSDPA USB Modem Roxio RecordNow Copy Les Indispensables Éducation pour Microsoft Office Microsoft .NET Framework 2.0 Service Pack 1 Microsoft XML Parser PowerProducer Wireless Modem DVD Solution QuickTime MSXML 4.0 SP2 (KB936181) VBA Napster for Windows Media Player MediaXW MySQL Server 5.0 SiSAGP driver Virtual DJ - Atomix Productions LightScribe 1.4.124.1 Microsoft .NET Framework 2.0 Language Pack - FRA Update Manager Realtek AC'97 Audio Mise à jour Encarta_Les Indispensables Éducation Run Values: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "combofix"="C:\\WINDOWS\\system32\\CF19672.exe /c C:\\ComboFix\\Combobatch.bat" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "combofix"="C:\\WINDOWS\\system32\\CF19672.exe /c C:\\ComboFix\\Combobatch.bat" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] "flags"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000] "*combofix"="C:\\WINDOWS\\system32\\CF19672.exe /c C:\\ComboFix\\Combobatch.bat" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\0001] "*FixWareOut"="C:\\WINDOWS\\system32\\cmd.exe /c C:\\fixwareout\\FindT\\XP-2K2.cmd" Bot Check: SERVICE_NAME: wscsvc DISPLAY_NAME : Security Center START_TYPE : 2 AUTO_START SERVICE_NAME: sharedaccess DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) START_TYPE : 2 AUTO_START SERVICE_NAME: wuauserv DISPLAY_NAME : Automatic Updates START_TYPE : 2 AUTO_START SERVICE_NAME: srservice DISPLAY_NAME : System Restore Service START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "restrictanonymous"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] "WaitToKillServiceTimeout"="20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCDisable"=dword:00000000 "SfcScan"=dword:00000000 "Shell"="Explorer.exe" "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions] @="CorelDRAW Shell Extension Component" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "TransportBindName"="\\Device\\" ShellExecuteHooks: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" Environment: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\MySQL\MySQL Server 5.0\bin;C:\Cubit\PostgreSQL\bin;C:\Cubit\PostgreSQL\lib;C:\Program Files\QuickTime\QTSystem windir REG_EXPAND_SZ %SystemRoot% OS REG_SZ Windows_NT PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP SonicCentral REG_SZ C:\Program Files\Common Files\Sonic Shared\Sonic Central\ CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SecurityProviders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Authentication Packages: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Non-Default IFEO Debugger: Non-Default Installed Components: HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969b3b70-8765-11d5-9809-0050bacbf861} StubPath REG_SZ rundll32.exe advpack.dll,LaunchINFSection C:\Program Files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub Non-Default Safeboot Minimal: File Associations: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*" [HKEY_CLASSES_ROOT\http\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\https\shell\open\command] @="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\"" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\regedit\shell\open\command] @="regedit.exe %1" [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" Finished! 3. J'installe ton DelDomain et la, a ma grande surprise ben il "complete" ComboFix et me donne ceci : ComboFix 08-09-01.05 - Tel'Africa 03/09/2008 19:07:50.4 - NTFSx86 Running from: C:\Documents and Settings\Tel'Africa\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Tel'Africa\UserData C:\Documents and Settings\Tel'Africa\UserData\1JRJ9DSE\YL[1].xml C:\Documents and Settings\Tel'Africa\UserData\FQWZB9K9\IsOnIE6tbPromo[1].xml C:\Documents and Settings\Tel'Africa\UserData\index.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PASSWORD ((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-03 10:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 14:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-20 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-20 08:46 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-18 10:34 --------- d-----w C:\Program Files\CCleaner 2008-08-18 10:33 --------- d-----w C:\Program Files\Yahoo! 2008-08-13 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-13 11:36 --------- d-----w C:\DOCUME~1\TEL'AF~1\APPLIC~1\Malwarebytes 2008-08-07 08:48 --------- d-----w C:\Program Files\Apple Software Update 2008-08-06 13:21 --------- d-----w C:\Program Files\Project64 1.6 2008-07-29 13:48 --------- d-----w C:\DOCUME~1\TEL'AF~1\APPLIC~1\AdobeUM 2008-07-21 16:06 --------- d-----w C:\DOCUME~1\TEL'AF~1\APPLIC~1\vlc 2008-07-21 15:23 --------- d-----w C:\Program Files\VideoLAN 2008-07-14 12:07 --------- d-----w C:\DOCUME~1\TEL'AF~1\APPLIC~1\OpenOffice.org2 2008-07-11 02:00 --------- d-----w C:\DOCUME~1\TEL'AF~1\APPLIC~1\Skype 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-19 16:10 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-06-19 10:00 545,280 ----a-w C:\WINDOWS\flashax.exe 2008-06-19 10:00 491,520 ----a-w C:\WINDOWS\Spider-Man 2 Screensaver 1.scr 2008-06-19 10:00 12,288 ----a-w C:\WINDOWS\impborl.dll 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2007-10-16 16:30 88 --sh--r C:\WINDOWS\system32\7AF72F2172.sys . <pre> ----a-w 524,288 2007-06-19 13:24:53 C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 25/05/2007 15:22 63040 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~2\MP3POW~1\CLMP3Enc.ACM "vidc.xvid"= xvid.dll "vidc.mjpg"= C:\Program Files\MediaXW\MediaXW.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\TPOLTWebClient\\TPOLTrack.exe"= "C:\\Program Files\\UltraVNC\\winvnc.exe"= "C:\\TPGPRSServer\\TPGPRSServer.exe"= "C:\\WINDOWS\\system32\\ftp.exe"= "C:\\Program Files\\DAP\\DAP.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Printronix\\atk\\atk.exe"= "C:\\Program Files\\Adobe\\Photoshop 7.0\\ImageReady.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "\\\\V\\SharedDocs\\STARGATE\\GAMES\\installer-5455-845fr-Dragon-Ball-Z-MuGEN-Edition-French.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8768:TCP"= 8768:TCP:Trackpro "8777:TCP"= 8777:TCP:TPGPRSServer "3306:TCP"= 3306:TCP:MySQL "5900:TCP"= 5900:TCP:VNC "23:TCP"= 23:TCP:telnet "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [] R3 amoidatacard;HSDPA USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\amoiusbser.sys [27/06/2007 12:33] R3 D301bus;GW01 USB WMC Bus Driver (WDM);C:\WINDOWS\system32\DRIVERS\D301bus.sys [06/07/2007 10:44] R3 D301mdfl;GW01 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\D301mdfl.sys [06/07/2007 09:44] R3 D301mdm;GW01 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\D301mdm.sys [06/07/2007 09:44] R3 D301mgmt;GW01 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\D301mgmt.sys [06/07/2007 09:44] R3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);C:\WINDOWS\system32\DRIVERS\d301nd5.sys [06/07/2007 09:44] R3 D301obex;GW01 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\D301obex.sys [06/07/2007 09:44] R3 d301unic;GW01 USB WMC Ethernet GW (WDM);C:\WINDOWS\system32\DRIVERS\d301unic.sys [06/07/2007 09:44] R3 empebus;Ericsson Mobile Platform EMPE WMC Bus Driver (WDM);C:\WINDOWS\system32\DRIVERS\empebus.sys [08/08/2007 11:01] R3 empemdfl;Ericsson Mobile Platform EMPE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\empemdfl.sys [08/08/2007 11:01] R3 empemdm;Ericsson Mobile Platform EMPE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\empemdm.sys [08/08/2007 11:01] R3 empemgmt;Ericsson Mobile Platform EMPE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\empemgmt.sys [08/08/2007 11:01] R3 empend5;Ericsson Mobile Platform EMPE USB WMC Ethernet (NDIS);C:\WINDOWS\system32\DRIVERS\empend5.sys [08/08/2007 11:01] R3 empeobex;Ericsson Mobile Platform EMPE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\empeobex.sys [08/08/2007 11:01] R3 empeunic;Ericsson Mobile Platform EMPE USB WMC Ethernet (WDM);C:\WINDOWS\system32\DRIVERS\empeunic.sys [08/08/2007 11:01] R3 PCG_NT;PCG_NT;C:\DOCUME~1\TEL'AF~1\LOCALS~1\Temp\PCG_2K.SYS [] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [23/10/2007 02:45] R3 serport;USB_WIRELESS_MODEM;C:\WINDOWS\system32\DRIVERS\usbdrv.sys [21/06/2006 14:57] R4 LMIRfsClientNP;LMIRfsClientNP;C:\WINDOWS\system32\DRIVERS\LMIRfsClientNP.syS [] S0 xpinpout;xpinpout;C:\WINDOWS\System32\Drivers\xpinpout.sys [25/07/2003 21:05] S2 FSHOOK;FSHOOK;C:\WINDOWS\system32\DRIVERS\FSHOOK.SYS [08/06/2001 11:38] S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [05/04/2007 11:55] S2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [26/06/2004 21:22] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969B3B70-8765-11D5-9809-0050BACBF861}] rundll32.exe advpack.dll,LaunchINFSection C:\Program Files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\DOCUME~1\TEL'AF~1\APPLIC~1\Mozilla\Firefox\Profiles\z82vf8t1.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official . . ------- File Associations (Beta) ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-03 19:25:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL] "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . ------------------------ Other Running Processes ------------------------ . SystemRoot\System32\smss.exe [536] ??\C:\WINDOWS\system32\csrss.exe [584] ??\C:\WINDOWS\system32\winlogon.exe [608] C:\WINDOWS\system32\services.exe [652] C:\WINDOWS\system32\lsass.exe [664] C:\WINDOWS\system32\svchost.exe [844] C:\WINDOWS\system32\svchost.exe [932] C:\WINDOWS\System32\svchost.exe [1000] C:\WINDOWS\system32\svchost.exe [1072] C:\WINDOWS\system32\svchost.exe [1108] C:\WINDOWS\system32\spoolsv.exe [1336] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1464] C:\Program Files\Bonjour\mDNSResponder.exe [1536] C:\WINDOWS\system32\crypserv.exe [1580] C:\Program Files\Common Files\LightScribe\LSSrvc.exe [1676] C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe [1800] C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [1844] C:\WINDOWS\system32\svchost.exe [1916] C:\WINDOWS\system32\wdfmgr.exe [1972] C:\WINDOWS\system32\svchost.exe [128] C:\WINDOWS\System32\alg.exe [712] C:\WINDOWS\system32\wscntfy.exe [2020] C:\WINDOWS\system32\ctfmon.exe [3472] C:\WINDOWS\system32\wuauclt.exe [2420] C:\WINDOWS\system32\cmd.exe [3632] C:\ComboFix\catchme.cfexe [196] . ************************************************************************** . Completion time: 03/09/2008 19:27:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-03 18:27:12 Pre-Run: 19 850 842 112 bytes free Post-Run: 19ÿ751ÿ989ÿ248 bytes free 189 --- E O F --- 2008-08-19 07:54:32 4. Reboot puis Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:33, on 03/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Documents and Settings\Tel'Africa\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O17 - HKLM\System\CCS\Services\Tcpip\..\{7F3779D0-55CE-4690-B148-3D779FC830F0}: NameServer = 66.36.196.131,66.36.196.209 O17 - HKLM\System\CCS\Services\Tcpip\..\{95C22E96-7628-419F-B8F8-AC35E8B48D45}: NameServer = 66.36.196.131,66.36.196.202,66.36.196.132,66.36.196.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{DB41AD3E-C7B9-4F1A-834F-AAA48AEC6832}: NameServer = 66.36.196.131,66.36.196.202 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 5686 bytes Alors ?! PS: Je cherche a donner le plus de details possible pour j'espere aider; si cela n'est pas necessaire fais signe... Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 4 septembre 2008 Auteur Partager Posté(e) le 4 septembre 2008 @ zahnderz : Désinstalle/supprime Spybot / Tune Up Utilities / AVG / Java™ SE Runtime Environment 6 Update 1 Java™ 6 Update 2 Java™ 6 Update 3 Java™ 6 Update 4 Met à jour Java : http://www.java.com/fr/download/installed.jsp Coche et fixe ces lignes avec Hijackthis : O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone Fusionne ce .reg : http://snooky730.free.fr/exploreboard/inde...eenshot/015.reg Lance SmitfraudFix et poste le rapport créé. Lien vers le commentaire Partager sur d’autres sites More sharing options...
zahnderz Posté(e) le 4 septembre 2008 Partager Posté(e) le 4 septembre 2008 Comment fusionner ton reg ?! Lien vers le commentaire Partager sur d’autres sites More sharing options...
zahnderz Posté(e) le 4 septembre 2008 Partager Posté(e) le 4 septembre 2008 La fonction editer ne fonctionnant pas je reposte : J'ai jamais reussi a installer spybot, ecriture cle registre impossible suite a un acces bloque; puis AVG est deja parti depuis le debut; Faut que j'aille fouiller dans le registre ?! Pendant qu'on y est je vire aussi CCleaner ?! Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 4 septembre 2008 Auteur Partager Posté(e) le 4 septembre 2008 Pour le reg , il suffit de double cliquer dessus . Pour Grisoft ( AVG ) et Spybot , oui , recherche et supprime dans le registre . Puis aussi sur ton disque dur .en utilisant la recherche avancée. Tu peux garder Ccleaner . Lien vers le commentaire Partager sur d’autres sites More sharing options...
zahnderz Posté(e) le 4 septembre 2008 Partager Posté(e) le 4 septembre 2008 Bon: Je ne saisis pas bien ce a quoi sert ton reg vu que je m'y connais pas en "fusion"; ce que je sais c'est qu'apres l'avoir ouvert je suis alle chercher les équivalents dans la base de registre et tout est identique a des details pres (0x000003 (3) au lieu de tes simples 000003), a moins que tu me dises qu'il y a une option du genre "importer" dans l'editeur. Ensuite dans cette meme base de registre j'ai tout enleve concernant Grisoft AVG et Spybot, ainsi que les folder y afferant. Je telecharge et lance ton smirtfraudfix... Des infos avant ?! Lien vers le commentaire Partager sur d’autres sites More sharing options...
WarWolf Posté(e) le 4 septembre 2008 Partager Posté(e) le 4 septembre 2008 Salut Snooky, J'ai le pc d'un ami sur le grill, qui possède un pop-up publicitaire assez envahissant qui s'affiche réguilèrement via IE7 et Mozilla. Impossible de le supprimer via plusieurs utilitaires, il demeure invisible. Merci d'avance pour le coup de main. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:44:56, on 04/09/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nosibay\Livesticker\Launcher.exe C:\Users\KINOR\AppData\Local\ssosg.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe C:\Program Files\Micro Application\Dictionnaires Multilingues\TrueTerm.exe C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Nosibay\Livesticker\LiveSticker.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Windows\MSAgent\agentsvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [Web Radio Recorder OLR] C:\PROGRA~1\BVRPSO~1\WEBRAD~1\BVRPOlr.exe /Web Radio Recorder O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [LiveSticker] "C:\Program Files\Nosibay\Livesticker\launcher.exe" O4 - HKCU\..\Run: [ssosg] "c:\users\kinor\appdata\local\ssosg.exe" ssosg O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe O4 - Global Startup: Activer Dictionnaires Multilingues.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRman000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: lsn - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Assistant Retrospect (Retrospect Helper) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10418 bytes Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 4 septembre 2008 Auteur Partager Posté(e) le 4 septembre 2008 @ zahnderz : Tu peux effectivement prendre l'option " Fichier / Importer " de regedit pour fusionner la clé .reg ______________________________________ @ WarWolf : Coche et fixe cette ligne avec Hijackthis : O4 - HKCU\..\Run: [ssosg] "c:\users\kinor\appdata\local\ssosg.exe" ssosg Lance MBAM et poste le rapport créé ( supprime tout ce qu'il trouve ) Lien vers le commentaire Partager sur d’autres sites More sharing options...
zahnderz Posté(e) le 4 septembre 2008 Partager Posté(e) le 4 septembre 2008 "Cannot Import 015.reg. Error accessing the registry" qu'il me dit; puis voila ton rapport de smitfraudFix: SmitFraudFix v2.345 Scan done at 17:55:13,59, 04/09/2008 Run from C:\Documents and Settings\Tel'Africa\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tel'Africa »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tel'Africa\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Au secours... Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 4 septembre 2008 Auteur Partager Posté(e) le 4 septembre 2008 Lance Navilog1 , option 1 et poste le rapport créé : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe SmitfraudFix ne montre rien de mauvais Lien vers le commentaire Partager sur d’autres sites More sharing options...
WarWolf Posté(e) le 4 septembre 2008 Partager Posté(e) le 4 septembre 2008 Le log mbam : Malwarebytes' Anti-Malware 1.26 Version de la base de données: 1112 Windows 6.0.6001 Service Pack 1 04/09/2008 20:57:18 mbam-log-2008-09-04 (20-57-18).txt Type de recherche: Examen complet (C:\|D:\|F:\|) Eléments examinés: 173660 Temps écoulé: 2 hour(s), 59 minute(s), 12 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 20 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\KINOR\Local Settings\Application Data\ehtqaxaa_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Users\KINOR\Local Settings\Application Data\ehtqaxaa_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Users\KINOR\Local Settings\Application Data\ehtqaxaa.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Users\KINOR\Local Settings\Application Data\ssosg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Users\KINOR\Local Settings\Application Data\ssosg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Users\KINOR\Local Settings\Application Data\ssosg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Users\KINOR\Local Settings\Application Data\ssosg.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 5 septembre 2008 Auteur Partager Posté(e) le 5 septembre 2008 @ WarWolf : Lance Clean v2.0 by FRUiT , procédire 1. Redémarre le pc et lance à nouveau MBAM . Poste le rapport créé ainsi qu'un nouveau rapport Hijackthis . Lien vers le commentaire Partager sur d’autres sites More sharing options...
zahnderz Posté(e) le 5 septembre 2008 Partager Posté(e) le 5 septembre 2008 "Paths incorrects - Fix interrompu" qu'on me dit Lien vers le commentaire Partager sur d’autres sites More sharing options...
Poroot Posté(e) le 5 septembre 2008 Partager Posté(e) le 5 septembre 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:01:29 PM, on 09/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\mdm.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA4.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Revo Uninstaller] "C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe" -hunter O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-57989841-630328440-725345543-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'lalalala') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Memo.lnk = C:\Documents and Settings\Mayan\Bureau\RANGEMENT\UTILS\Memo\Memo.exe O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - Unknown owner - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 11540 bytes voila Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 5 septembre 2008 Auteur Partager Posté(e) le 5 septembre 2008 @ zahnderz : Lance ZebRestore , coche tout et valide. Lance SDFix et poste le rapport créé : http://www.site-naheulbeuk.com/sdfix.php ______________________________________ @ Poroot : Retire les balises Quote de ton rapport Désinstalle Spybot . Coche et fixe toutes les lignes 04 , sauf Avira . Lance Clean v2.0 by FRUiT , procédure 1 . Redémarre le pc et réinstalle " par dessus " Antivir fr . Lien vers le commentaire Partager sur d’autres sites More sharing options...
Poroot Posté(e) le 5 septembre 2008 Partager Posté(e) le 5 septembre 2008 @ zahnderz :Lance ZebRestore , coche tout et valide. Lance SDFix et poste le rapport créé : http://www.site-naheulbeuk.com/sdfix.php ______________________________________ @ Poroot : Retire les balises Quote de ton rapport Désinstalle Spybot . Coche et fixe toutes les lignes 04 , sauf Avira . Lance Clean v2.0 by FRUiT , procédure 1 . Redémarre le pc et réinstalle " par dessus " Antivir fr . merci beaucoup, je vais tenter tout ça Lien vers le commentaire Partager sur d’autres sites More sharing options...
Poroot Posté(e) le 5 septembre 2008 Partager Posté(e) le 5 septembre 2008 tout bon parapluie Antivir ouvert dans ma barre des tâches maintenant dans regedit, à propos d'AVG, il reste encore des petites traces, comme des vieux chewing-gums collés sous une table au bahut: dans regedit donc: dossiers: Grisoft/client/{8caractères-4caractères-4caractères-4caractères-12caractères} et dossiers: avg-secure.com/www rien dedans je laisse ou j'essaye encore de décrotter tout ça ? j'suis maniac merci beaucoup en tout cas, et Clean c'est de la bombe! Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 5 septembre 2008 Auteur Partager Posté(e) le 5 septembre 2008 Supprime les clés . @+ Lien vers le commentaire Partager sur d’autres sites More sharing options...
Messages recommandés
Archivé
Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.