| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: rkit/Agent.biiu root kitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.09.2010, 02:19
| #1 |
 |  rkit/Agent.biiu root kit hallo wie alle anderen habe ich mir diesen trojaner eingefangen  WINDOWS XP antivir personnel free ware hat es mir angezeigt [ rkit/Agent.biiu root kit ) ICH HABE DIE ANTI MALWARE AUF DEM LAPTOP UND AKTUALIESIERT LEIDER LAUEFT DER SCAN NICHT BIS ZUM ENDE SONDERN HAENGT IN DIESES DATEI : HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER EGAL OB QUICK ODER FULL SCAN DIE LOGDATEIEN POSTET ICH MORGEN WENN IHR MIR HELFEN KOENNT WAERE DAS SEHR NETT MFG DARKANGEL |
|
24.09.2010, 11:11
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | rkit/Agent.biiu root kitZitat:
Warum musst Du denn gleich schreien?!  
__________________ |
|
25.09.2010, 01:44
| #3 |
| | rkit/Agent.biiu root kit als anhang avira antivir personnel und hijackthis
__________________otl kommt noch ... |
|
25.09.2010, 01:46
| #4 |
| | rkit/Agent.biiu root kitCode:
ATTFilter OTL logfile created on: 24/09/2010 03:33:32 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrateur\Mes documents Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 497,00 Mb Available Physical Memory | 49,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,88 Gb Total Space | 47,61 Gb Free Space | 85,19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 22,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PORTABLE Current User Name: Administrateur Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard ========== Processes (All) ========== PRC - [2010/09/24 03:31:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Mes documents\OTL.exe PRC - [2010/09/09 14:49:46 | 001,122,952 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\FighterSuiteService.exe PRC - [2010/09/09 14:49:39 | 000,979,592 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe PRC - [2010/09/09 14:32:22 | 000,760,768 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files\Fichiers communs\Common Toolkit Suite\AVEngine\AVScanningService.exe PRC - [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2010/04/14 19:25:15 | 002,176,512 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe PRC - [2010/04/14 19:25:15 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/16 18:06:46 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2010/03/05 19:02:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/12/30 18:16:21 | 000,114,688 | ---- | M] () -- C:\Program Files\Tango Mobile\Tango Mobile.exe PRC - [2009/02/09 13:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssvc.exe PRC - [2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008/04/14 04:34:22 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008/04/14 04:34:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtc.exe PRC - [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/14 04:34:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe PRC - [2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008/04/14 04:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2005/10/13 06:37:00 | 000,163,941 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\DeskView\DNAgent\DNAgent.Exe PRC - [2005/10/13 06:37:00 | 000,053,340 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\DeskView\DVAnPMan\DVAnPMan.exe PRC - [2005/07/13 11:37:36 | 014,679,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE ========== Modules (All) ========== MOD - [2010/09/24 03:31:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Mes documents\OTL.exe MOD - [2010/07/27 08:30:01 | 008,518,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2010/07/22 17:48:57 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009/12/08 11:24:28 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009/06/25 10:26:32 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009/03/21 16:07:58 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009/02/09 12:53:55 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009/02/09 12:53:55 | 000,685,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008/10/23 14:36:51 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008/04/14 04:34:34 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008/04/14 04:33:48 | 000,579,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008/04/14 04:33:48 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008/04/14 04:33:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008/04/14 04:33:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008/04/14 04:33:46 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008/04/14 04:33:39 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008/04/14 04:33:38 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008/04/14 04:33:38 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008/04/14 04:33:38 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008/04/14 04:33:38 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008/04/14 04:33:36 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008/04/14 04:33:33 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008/04/14 04:33:30 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008/04/14 04:33:26 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008/04/14 04:33:25 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008/04/14 04:33:21 | 000,851,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008/04/14 04:33:21 | 000,498,688 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008/04/14 04:33:21 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008/04/14 04:31:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2008/04/14 04:30:54 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 20:33:42 | 001,005,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll ========== Win32 Services (All) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010/09/09 14:49:46 | 001,122,952 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service) SRV - [2010/09/09 14:32:22 | 000,760,768 | ---- | M] () [Auto | Running] -- C:/Program Files/Fichiers communs/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service) SRV - [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2010/04/14 19:25:15 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/05 19:02:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/06/10 08:15:17 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation) SRV - [2009/02/09 13:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay) SRV - [2009/02/09 13:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog) SRV - [2009/02/09 12:53:55 | 000,685,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) SRV - [2009/02/09 12:53:55 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Appel de procédure distante (RPC) SRV - [2009/02/09 12:53:55 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch) SRV - [2008/07/07 22:28:20 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem) SRV - [2008/06/20 19:47:22 | 000,247,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) NLA (Network Location Awareness) SRV - [2008/04/14 04:34:28 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv) SRV - [2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\vssvc.exe -- (VSS) SRV - [2008/04/14 04:34:26 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS) SRV - [2008/04/14 04:34:25 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr) SRV - [2008/04/14 04:34:22 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog) SRV - [2008/04/14 04:34:21 | 000,142,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr) SRV - [2008/04/14 04:34:20 | 000,100,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr) SRV - [2008/04/14 04:34:15 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2008/04/14 04:34:15 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2008/04/14 04:34:13 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer) SRV - [2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC) SRV - [2008/04/14 04:34:11 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc) SRV - [2008/04/14 04:34:09 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Localisateur d'appels de procédure distante (RPC) SRV - [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) SRV - [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage) SRV - [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent) SRV - [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp) SRV - [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon) SRV - [2008/04/14 04:34:07 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService) SRV - [2008/04/14 04:34:00 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin) SRV - [2008/04/14 04:34:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv) SRV - [2008/04/14 04:34:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp) SRV - [2008/04/14 04:33:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv) SRV - [2008/04/14 04:33:57 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc) SRV - [2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG) SRV - [2008/04/14 04:33:52 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC) SRV - [2008/04/14 04:33:52 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov) SRV - [2008/04/14 04:33:50 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc) SRV - [2008/04/14 04:33:50 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2008/04/14 04:33:48 | 000,334,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Acquisition d'image Windows (WIA) SRV - [2008/04/14 04:33:48 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost) SRV - [2008/04/14 04:33:48 | 000,178,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time) SRV - [2008/04/14 04:33:48 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt) SRV - [2008/04/14 04:33:48 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient) SRV - [2008/04/14 04:33:48 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter) SRV - [2008/04/14 04:33:46 | 000,297,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService) SRV - [2008/04/14 04:33:46 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv) SRV - [2008/04/14 04:33:46 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice) SRV - [2008/04/14 04:33:46 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver) SRV - [2008/04/14 04:33:46 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks) SRV - [2008/04/14 04:33:46 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV) SRV - [2008/04/14 04:33:41 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes) SRV - [2008/04/14 04:33:41 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection) SRV - [2008/04/14 04:33:41 | 000,135,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility) SRV - [2008/04/14 04:33:40 | 000,194,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule) SRV - [2008/04/14 04:33:40 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS) SRV - [2008/04/14 04:33:40 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon) SRV - [2008/04/14 04:33:39 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) SRV - [2008/04/14 04:33:39 | 000,293,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent) SRV - [2008/04/14 04:33:39 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan) SRV - [2008/04/14 04:33:39 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto) SRV - [2008/04/14 04:33:39 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry) SRV - [2008/04/14 04:33:38 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2008/04/14 04:33:36 | 000,438,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc) SRV - [2008/04/14 04:33:34 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman) SRV - [2008/04/14 04:33:31 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2008/04/14 04:33:30 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) SRV - [2008/04/14 04:33:28 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc) SRV - [2008/04/14 04:33:28 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts) SRV - [2008/04/14 04:33:27 | 000,332,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) SRV - [2008/04/14 04:33:27 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon) SRV - [2008/04/14 04:33:24 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc) SRV - [2008/04/14 04:33:23 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost) Service Protocole EAP (Extensible Authentication Protocol) SRV - [2008/04/14 04:33:22 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) SRV - [2008/04/14 04:33:22 | 000,127,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp) SRV - [2008/04/14 04:33:22 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache) SRV - [2008/04/14 04:33:22 | 000,024,576 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver) SRV - [2008/04/14 04:33:21 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc) SRV - [2008/04/14 04:33:20 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser) SRV - [2008/04/14 04:33:19 | 000,176,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt) SRV - [2008/04/14 04:33:19 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv) SRV - [2008/04/14 04:33:19 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2006/10/18 23:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN) SRV - [2006/09/28 19:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc) SRV - [2005/10/13 06:37:00 | 000,163,941 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\DeskView\DNAgent\DNAgent.Exe -- (DeskView Agent) SRV - [2005/10/13 06:37:00 | 000,114,688 | ---- | M] (Fujitsu Siemens Computers) [On_Demand | Stopped] -- C:\Program Files\DeskView\DVCC\MTAlerting.exe -- (MTAlerting) SRV - [2005/10/13 06:37:00 | 000,053,340 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\DeskView\DVAnPMan\DVAnPMan.exe -- (DVAnPMan) SRV - [2004/08/05 14:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP) SRV - [2004/07/15 02:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra) DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx) DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810) DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3) DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SniF0011.sys -- (SNIF0011) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SniF0010.sys -- (SNIF0010) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u) DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp) DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray) DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint) DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx) DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x) DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m) DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk) DRV - [2010/09/09 14:32:27 | 000,010,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfsfilter.sys -- (AVFSFilter) DRV - [2010/06/21 17:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv) DRV - [2010/03/31 03:58:04 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2010/03/16 18:06:46 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb) DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/10/20 18:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP) DRV - [2009/06/24 13:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD) DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/12/30 12:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2008/12/13 12:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008/08/14 12:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD) DRV - [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip) DRV - [2008/04/14 04:34:54 | 000,139,656 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD) DRV - [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008/04/14 04:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD) DRV - [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2008/04/14 04:10:03 | 000,073,600 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr) DRV - [2008/04/14 04:09:53 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia) DRV - [2008/04/14 04:09:47 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI) DRV - [2008/04/14 04:09:40 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport) DRV - [2008/04/14 04:05:14 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass) DRV - [2008/04/14 04:05:12 | 000,154,496 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio) DRV - [2008/04/14 04:05:07 | 000,800,256 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008/04/14 04:04:35 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp) DRV - [2008/04/14 04:03:26 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm) DRV - [2008/04/14 04:03:25 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde) DRV - [2008/04/14 04:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/04/14 04:00:08 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial) DRV - [2008/04/14 03:57:38 | 000,044,672 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips) DRV - [2008/04/14 03:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook) DRV - [2008/04/14 03:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap) DRV - [2008/04/14 03:53:18 | 000,023,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass) DRV - [2008/04/14 03:53:05 | 000,030,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem) DRV - [2008/04/14 03:52:42 | 000,188,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI) DRV - [2008/04/13 21:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss) DRV - [2008/04/13 21:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2008/04/13 21:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan) DRV - [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS) DRV - [2008/04/13 21:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) Miniport réseau étendu (PPTP) DRV - [2008/04/13 21:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) Miniport réseau étendu (L2TP) DRV - [2008/04/13 21:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec) DRV - [2008/04/13 21:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud) DRV - [2008/04/13 21:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup) DRV - [2008/04/13 21:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio) DRV - [2008/04/13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs) DRV - [2008/04/13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2008/04/13 21:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs) DRV - [2008/04/13 20:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2008/04/13 20:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy) DRV - [2008/04/13 20:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2008/04/13 20:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2008/04/13 20:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp) DRV - [2008/04/13 20:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat) DRV - [2008/04/13 20:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp) DRV - [2008/04/13 20:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched) DRV - [2008/04/13 20:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc) DRV - [2008/04/13 20:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS) DRV - [2008/04/13 20:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2008/04/13 20:54:36 | 000,088,192 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\irda.sys -- (irda) DRV - [2008/04/13 20:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2008/04/13 20:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw) DRV - [2008/04/13 20:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394) DRV - [2008/04/13 20:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394) DRV - [2008/04/13 20:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2008/04/13 20:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394) Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface) DRV - [2008/04/13 20:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp) DRV - [2008/04/13 20:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2008/04/13 20:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub) DRV - [2008/04/13 20:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci) DRV - [2008/04/13 20:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci) DRV - [2008/04/13 20:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud) Filtre de décodeur DRM (Noyau Microsoft) DRV - [2008/04/13 20:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer) DRV - [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2008/04/13 20:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave) DRV - [2008/04/13 20:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi) DRV - [2008/04/13 20:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr) DRV - [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy) DRV - [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk) DRV - [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom) DRV - [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2008/04/13 20:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum) DRV - [2008/04/13 20:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum) DRV - [2008/04/13 20:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2008/04/13 20:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM) DRV - [2008/04/13 20:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2008/04/13 20:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update) DRV - [2008/04/13 20:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008/04/13 20:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios) DRV - [2008/04/13 20:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus) DRV - [2008/04/13 20:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt) DRV - [2008/04/13 20:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2008/04/13 20:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr) DRV - [2008/04/13 20:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008/04/13 20:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008/04/13 20:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs) DRV - [2008/04/13 20:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs) DRV - [2008/04/13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs) DRV - [2008/04/13 19:45:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic) DRV - [2008/04/13 19:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt) DRV - [2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer) DRV - [2008/04/13 19:40:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc) DRV - [2008/04/13 19:40:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk) DRV - [2008/04/13 18:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) Suppresseur d'écho acoustique (Noyau Microsoft) DRV - [2008/04/13 18:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd) DRV - [2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf) DRV - [2005/11/30 10:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005/10/13 06:37:00 | 000,015,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Snidmi.sys -- (snidmi) DRV - [2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2005/08/03 18:21:38 | 001,094,853 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005/07/13 18:26:52 | 003,851,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/04/05 17:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005/02/22 18:01:46 | 000,807,742 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService) DRV - [2004/10/29 20:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R) DRV - [2004/10/18 16:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1) DRV - [2004/08/05 14:00:00 | 000,126,080 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk) DRV - [2004/08/05 14:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2004/08/05 14:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2004/08/05 14:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdaudio.sys -- (Cdaudio) DRV - [2004/08/05 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/05 14:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti) DRV - [2004/08/05 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2004/08/05 14:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt) DRV - [2004/08/05 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2004/08/05 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd) DRV - [2004/08/05 14:00:00 | 000,006,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm) DRV - [2004/08/05 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload) DRV - [2004/08/05 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD) DRV - [2004/08/05 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd) DRV - [2004/08/05 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep) DRV - [2004/08/05 14:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null) DRV - [2004/01/17 22:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2001/08/23 19:21:42 | 000,036,937 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001/08/23 18:15:46 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde) DRV - [2001/08/17 23:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub) DRV - [2001/08/17 23:51:32 | 000,019,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasirda.sys -- (Rasirda) Miniport réseau étendu (IrDA) DRV - [2001/08/01 22:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-484763869-1275210071-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-484763869-1275210071-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-484763869-1275210071-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lepostillon.lu/webmail IE - HKU\S-1-5-21-484763869-1275210071-682003330-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-484763869-1275210071-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/05 19:02:39 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Barre d'outils &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKU\S-1-5-21-484763869-1275210071-682003330-500\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-484763869-1275210071-682003330-500\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-484763869-1275210071-682003330-500\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-484763869-1275210071-682003330-500\..\Toolbar\WebBrowser: (Barre d'outils &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-484763869-1275210071-682003330-500..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-484763869-1275210071-682003330-500..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKU\S-1-5-21-484763869-1275210071-682003330-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\monmvr32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-484763869-1275210071-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} https://static.visiomobile.eu/static_200901/activex/AMC.cab (AxisMediaControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/12/18 10:24:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/03/04 18:34:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{6c7ff670-f55e-11de-aac9-00166f1e3f01}\Shell - "" = AutoRun O33 - MountPoints2\{6c7ff670-f55e-11de-aac9-00166f1e3f01}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within (All) ========== [2010/09/24 03:31:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Mes documents\OTL.exe [2010/09/19 21:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Common Toolkit Suite [2010/09/19 21:45:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8} [2010/06/28 03:53:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/06/11 20:06:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/04/27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl [2010/03/05 18:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\OpenOffice.org 3.2 (fr) Installation Files [2010/03/05 18:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun [2010/02/13 01:08:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010/02/13 00:52:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010/02/13 00:52:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr [2010/02/13 00:52:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010/02/13 00:48:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2010/02/13 00:46:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010/02/09 01:08:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Mes vidéos [2010/02/09 01:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010/02/09 01:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010/02/08 20:12:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010/02/05 17:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\booking button [2010/01/06 01:02:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/01/05 17:18:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2010/01/05 02:56:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010/01/05 02:56:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010/01/05 02:56:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/01/05 02:56:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR [2010/01/03 16:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2009/12/30 22:09:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2009/12/30 19:23:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2009/12/30 18:57:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2009/12/18 10:49:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\RESULT [2009/12/18 10:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2009/12/18 10:42:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options [2009/12/18 10:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2009/12/18 10:42:00 | 002,806,272 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2009/12/18 10:41:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2009/12/18 10:40:43 | 000,088,201 | ---- | C] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe [2009/12/18 10:40:43 | 000,068,096 | ---- | C] (Agere Systems) -- C:\WINDOWS\agrsmdel.exe [2009/12/18 10:40:15 | 000,000,000 | ---D | C] -- C:\fsc.tmp [2009/12/18 10:33:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Mes images [2009/12/18 10:33:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Ma musique [2009/12/18 10:32:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2009/12/18 10:32:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2009/12/18 10:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp [2009/12/18 10:31:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2009/12/18 10:31:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2009/12/18 10:29:42 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2009/12/18 10:29:42 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2009/12/18 10:28:41 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2009/12/18 10:28:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2009/12/18 10:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\fsc [2009/12/18 10:26:43 | 000,000,000 | ---D | C] -- C:\AddOn [2009/12/18 10:24:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2009/12/18 10:23:14 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2009/12/18 10:23:14 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2009/12/18 10:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2009/12/18 10:22:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2009/12/18 10:22:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2009/12/18 10:22:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2009/12/18 10:22:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2009/12/18 10:22:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes images [2009/12/18 10:22:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2009/12/18 10:22:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Ma musique [2009/12/18 10:22:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2009/12/18 10:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2009/12/18 10:22:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos [2009/12/17 21:03:48 | 003,374,512 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourW.exe [2009/12/17 21:01:54 | 000,094,864 | ---- | C] (Groupe de travail Twain) -- C:\WINDOWS\System32\dllcache\twain.dll [2009/12/17 14:12:54 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2009/12/17 14:12:52 | 000,000,000 | R--D | C] -- C:\Program Files [2009/12/17 14:12:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2009/12/17 14:12:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2009/12/17 14:12:17 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2009/12/17 14:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2009/12/17 14:07:52 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2009/12/17 14:07:52 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache [2009/12/17 14:07:52 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2009/12/17 14:07:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1036 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2009/12/17 14:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within (All) ========== [2010/09/24 03:43:54 | 000,585,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\bjlpoijm.sys [2010/09/24 03:31:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Mes documents\OTL.exe [2010/09/23 23:53:33 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{19168D32-670A-4885-83A2-4525E91AE3A9}.job [2010/09/23 21:54:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/09/23 21:29:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/09/23 21:29:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/09/23 19:55:14 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini [2010/09/23 19:55:09 | 004,271,442 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db [2010/09/23 13:12:55 | 002,826,240 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat [2010/09/23 03:15:45 | 000,000,558 | ---- | M] () -- C:\WINDOWS\win.ini [2010/09/23 03:15:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/09/23 03:15:45 | 000,000,212 | -HS- | M] () -- C:\boot.ini [2010/09/23 03:01:23 | 000,000,039 | -H-- | M] () -- C:\WINDOWS\System32\spfid.bin [2010/09/23 03:01:23 | 000,000,039 | -H-- | M] () -- C:\WINDOWS\spfid.bin [2010/09/19 21:45:38 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\SPYWAREfighter.lnk [2010/09/18 03:03:52 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\apiqfw.dat [2010/09/16 03:01:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/09/13 16:56:26 | 000,013,973 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\DEVIS ELECTROLUX.odt [2010/09/13 02:04:35 | 000,013,314 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\DUE KUECHENCHEFS.odt [2010/09/13 00:11:29 | 000,018,995 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\NIKOLA.odt [2010/09/13 00:09:50 | 000,016,999 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\MEIN LEBEN UND ICH.odt [2010/09/12 02:41:48 | 000,022,666 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\ALLES ATZE.odt [2010/09/12 02:40:04 | 000,020,516 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\ALARM COBRA 11 ST 21.odt [2010/09/12 01:05:47 | 000,018,339 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\AUTOHAENDLER.odt [2010/09/11 03:12:44 | 000,021,654 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\DER RESTAURANTTESTER.odt [2010/09/11 03:11:55 | 000,014,729 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\RAUS AUS DEN SCHULDEN.odt [2010/09/09 14:32:27 | 000,010,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\avfsfilter.sys [2010/09/02 17:02:34 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrateur-Scheduled.job [2010/08/30 22:44:41 | 000,467,136 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\tourendownload 2.pdf [2010/08/30 22:43:31 | 000,342,502 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\tourendownload 1.pdf [2010/08/13 04:05:40 | 000,116,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/07/19 03:54:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk [2010/07/15 17:25:19 | 000,015,305 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\alarmcobra 11!!!12-18 [2010/07/01 23:35:02 | 000,010,446 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\SCHWUCHTEL CARLO.odt [2010/07/01 16:47:46 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\SLOW-PCfighter.lnk [2010/06/30 22:04:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010/06/30 22:04:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010/06/30 22:03:59 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk [2010/06/30 21:56:19 | 000,949,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/30 21:56:19 | 000,445,016 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/06/30 21:56:19 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/30 21:56:19 | 000,063,614 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/06/30 21:56:19 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/12 23:19:38 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\DivX Movies.lnk [2010/06/12 23:19:13 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk [2010/06/12 23:18:51 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk [2010/06/12 22:08:24 | 000,000,052 | ---- | M] () -- C:\WINDOWS\SNISTATE.INI [2010/06/11 15:21:15 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk [2010/05/30 18:00:32 | 004,219,203 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ffdshow-rev3233_20100128.zip [2010/05/30 16:20:36 | 000,017,514 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\alarm cobra 11!!!1-12 [2010/05/20 22:53:20 | 000,015,565 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\FAMILY GUY.odt [2010/05/18 14:33:46 | 000,320,176 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\PROMO 19+20+21.pdf [2010/05/17 23:18:07 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/12 23:47:27 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk [2010/05/06 00:37:34 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Promo ETE 2010-1.doc [2010/05/02 16:11:55 | 000,011,641 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\DRAWN TOGETHER.odt [2010/05/01 02:58:47 | 000,014,872 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\MENU RESTAURANT 42 A 56.odt [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl [2010/04/08 02:23:10 | 000,024,410 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\hinter gittern 1- 150 [2010/04/06 16:13:11 | 000,010,427 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\AMERICAIN DAD.odt [2010/04/05 17:29:48 | 000,009,845 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\SOUTH PARK.odt [2010/04/03 17:50:26 | 000,011,309 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\DIE KOCHPROFIS NEXT GENERATION.odt [2010/03/30 06:02:28 | 000,134,879 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\DSC01064.JPG [2010/03/28 17:00:16 | 000,000,462 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\vCard.vcf [2010/03/24 16:03:21 | 000,165,888 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Motorrad_Flyer (FR).ppt [2010/03/24 16:02:17 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Motorrad_Flyer (DE).ppt [2010/03/24 16:01:27 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\FitLine Gutschein.ppt [2010/03/24 16:00:17 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\BeautyLine Gutschein.ppt [2010/03/23 23:46:09 | 000,008,883 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\FILME.odt [2010/03/23 16:25:33 | 000,130,560 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\BeautyLine Bong.ppt [2010/03/23 16:22:48 | 000,224,768 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Motorrad_Flyer.ppt [2010/03/23 16:21:30 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\FitLine Bong.ppt [2010/03/22 23:20:09 | 000,130,560 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Motor.xls [2010/03/19 20:54:16 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Bild.ppt [2010/03/16 23:19:48 | 000,018,488 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/03/16 18:06:46 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2010/03/10 21:29:32 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2010/03/08 20:17:57 | 000,013,915 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\CARTE RESTAURANT HIVER 1ER PARTIE.odt [2010/03/05 19:05:54 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk [2010/03/01 16:39:15 | 000,516,096 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\CATALOGUE TARIF COGEL.xls [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010/02/26 16:14:43 | 000,089,660 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\2dee04246cb1fd18d5bd46c607a1c890_89660.pdf [2010/02/19 21:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll [2010/02/19 21:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll [2010/02/19 21:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll [2010/02/19 21:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll [2010/02/19 21:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll [2010/02/19 21:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010/02/16 05:23:14 | 000,023,401 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\MEDICOPTER [2010/02/16 05:05:16 | 000,023,575 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\hinter gittern [2010/02/13 00:48:23 | 000,252,240 | RHS- | M] () -- C:\ntldr [2010/02/09 01:06:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010/01/28 12:14:06 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\ff_acm.acm [2010/01/28 12:14:04 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/01/05 04:24:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk [2010/01/01 00:00:00 | 000,000,547 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/12/30 18:16:26 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Tango Mobile.lnk [2009/12/18 10:52:42 | 000,010,282 | ---- | M] () -- C:\WINDOWS\SysInf.ini [2009/12/18 10:46:11 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav [2009/12/18 10:46:11 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav [2009/12/18 10:33:56 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf [2009/12/18 10:33:09 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat [2009/12/18 10:31:54 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2009/12/18 10:30:25 | 000,000,579 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2009/12/18 10:24:07 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/12/18 10:24:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009/12/18 10:24:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/12/18 10:24:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini [2009/12/18 10:24:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009/12/18 10:24:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/12/18 10:23:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2009/12/18 10:23:53 | 000,004,205 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2009/12/18 10:23:14 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2009/12/18 10:23:14 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2009/12/18 10:22:24 | 000,021,892 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/12/18 10:22:22 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2009/12/18 10:22:22 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini [2009/12/17 16:19:08 | 000,063,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\Si3112r.PNF [2009/12/17 16:19:08 | 000,020,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\INFCACHE.1 [2009/12/17 16:19:08 | 000,012,228 | ---- | M] () -- C:\WINDOWS\System32\drivers\nvraid.PNF [2009/12/17 16:19:08 | 000,010,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaAHCI.PNF [2009/12/17 16:19:08 | 000,009,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaStor.PNF [2009/12/17 16:19:08 | 000,007,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\viamraid.PNF [2009/12/17 16:19:08 | 000,006,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SiSRaid.PNF [2009/12/17 16:19:07 | 000,012,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\adpu320.PNF [2009/11/21 17:59:39 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb [2009/06/29 10:40:16 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf [2009/05/11 12:49:28 | 000,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009/05/11 12:49:28 | 000,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009/02/17 21:34:34 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys [2009/02/12 23:20:42 | 000,007,466 | ---- | M] () -- C:\WINDOWS\System32\IE8Eula.rtf [2009/01/07 19:20:36 | 000,066,384 | ---- | M] () -- C:\WINDOWS\System32\normnfkc.nls [2009/01/07 19:20:36 | 000,060,294 | ---- | M] () -- C:\WINDOWS\System32\normnfkd.nls [2009/01/07 19:20:36 | 000,059,342 | ---- | M] () -- C:\WINDOWS\System32\normidna.nls [2009/01/07 19:20:36 | 000,045,794 | ---- | M] () -- C:\WINDOWS\System32\normnfc.nls [2009/01/07 19:20:36 | 000,039,284 | ---- | M] () -- C:\WINDOWS\System32\normnfd.nls [2009/01/07 19:20:20 | 000,008,798 | ---- | M] () -- C:\WINDOWS\System32\icrav03.rat [2009/01/07 19:20:20 | 000,001,988 | ---- | M] () -- C:\WINDOWS\System32\ticrf.rat [2008/12/30 12:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys [2008/12/13 12:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys [2008/04/14 10:36:42 | 000,621,056 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys [2008/04/14 04:50:20 | 000,001,804 | ---- | M] () -- C:\WINDOWS\System32\dcache.bin [2008/04/14 04:34:31 | 000,239,616 | ---- | M] () -- C:\WINDOWS\System32\wstrenderer.ax [2008/04/14 04:34:31 | 000,164,352 | ---- | M] () -- C:\WINDOWS\System32\wstpager.ax [2008/04/14 04:34:31 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax [2008/04/14 04:34:31 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax [2008/04/14 04:34:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\vbicodec.ax [2008/04/14 04:34:22 | 000,037,888 | R-S- | M] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\monmvr32.exe [2008/04/14 04:33:47 | 000,050,688 | ---- | M] (Groupe de travail Twain) -- C:\WINDOWS\twain_32.dll [2008/04/14 04:33:39 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll [2008/04/14 04:33:31 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\msdmo.dll [2008/04/14 04:33:23 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\encdec.dll [2008/04/14 04:33:21 | 000,253,440 | ---- | M] () -- C:\WINDOWS\System32\compatui.dll [2008/04/14 04:33:19 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\amstream.dll [2008/04/14 04:10:51 | 000,001,950 | ---- | M] () -- C:\WINDOWS\System32\pid.inf [2008/04/13 19:26:09 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\odbcconf.rsp [2008/04/13 19:21:32 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\qedwipes.dll [2008/02/29 11:09:58 | 000,265,948 | ---- | M] () -- C:\WINDOWS\System32\locale.nls [2007/08/18 09:54:28 | 000,380,928 | ---- | M] () -- C:\WINDOWS\System32\ac3filter.acm [2007/08/09 05:13:04 | 000,024,448 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys [2007/04/02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll [2006/12/29 20:08:31 | 000,023,044 | ---- | M] () -- C:\WINDOWS\System32\sorttbls.nls [2005/11/30 10:12:36 | 000,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys [2005/10/19 04:31:30 | 000,008,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaAHCI.cat [2005/10/19 04:13:02 | 000,008,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaStor.cat [2005/10/13 06:37:00 | 000,076,928 | ---- | M] (Fujitsu Siemens Computers) -- C:\WINDOWS\System32\drivers\OemSMDrv.sys [2005/10/13 06:37:00 | 000,025,449 | ---- | M] () -- C:\WINDOWS\PCInfo.ini [2005/10/13 06:37:00 | 000,019,027 | ---- | M] () -- C:\WINDOWS\Brdinfo.ini [2005/10/13 06:37:00 | 000,015,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\WINDOWS\System32\drivers\Snidmi.sys [2005/10/13 05:37:00 | 000,077,330 | ---- | M] () -- C:\WINDOWS\DeskMon.ini [2005/10/13 05:37:00 | 000,001,709 | ---- | M] () -- C:\WINDOWS\SmartMon.ini [2005/10/12 13:01:12 | 000,005,074 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaAHCI.inf [2005/10/12 13:01:02 | 000,003,846 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaStor.inf [2005/08/25 04:21:04 | 000,009,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\nvraid.cat [2005/08/18 17:50:36 | 000,005,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\nvraid.inf [2005/08/03 18:21:38 | 001,094,853 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys [2005/07/13 16:47:42 | 002,806,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2005/07/01 16:58:44 | 000,088,201 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe [2005/06/14 17:02:22 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat [2005/05/20 14:40:50 | 000,008,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\sisraid.cat [2005/05/18 14:38:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\ChCfg.exe [2005/05/06 18:29:56 | 000,001,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\SiSRaid.inf [2005/05/06 17:14:24 | 000,048,128 | ---- | M] (Silicon Integrated Systems) -- C:\WINDOWS\System32\drivers\SiSRaid.sys [2005/05/04 15:37:08 | 000,097,920 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112r.sys [2005/05/04 15:37:08 | 000,061,536 | ---- | M] () -- C:\WINDOWS\System32\drivers\Si3112r.inf [2005/05/04 15:37:08 | 000,022,835 | ---- | M] () -- C:\WINDOWS\System32\drivers\Si3112r.cat [2005/05/04 15:37:08 | 000,010,240 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\SiWinAcc.sys [2005/05/02 13:10:52 | 000,068,096 | ---- | M] (Agere Systems) -- C:\WINDOWS\agrsmdel.exe [2005/04/14 16:11:04 | 000,008,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\viamraid.cat [2005/04/08 11:45:50 | 000,001,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\viamraid.inf [2005/04/08 11:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\System32\drivers\viamraid.sys [2005/02/22 17:39:10 | 000,064,513 | ---- | M] () -- C:\WINDOWS\System32\igfxhtrk.lhp [2005/02/22 17:39:08 | 000,063,269 | ---- | M] () -- C:\WINDOWS\System32\igfxhsve.lhp [2005/02/22 17:39:08 | 000,062,836 | ---- | M] () -- C:\WINDOWS\System32\igfxhtha.lhp [2005/02/22 17:39:06 | 000,061,414 | ---- | M] () -- C:\WINDOWS\System32\igfxhrus.lhp [2005/02/22 17:39:04 | 000,062,465 | ---- | M] () -- C:\WINDOWS\System32\igfxhptg.lhp [2005/02/22 17:39:04 | 000,061,839 | ---- | M] () -- C:\WINDOWS\System32\igfxhptb.lhp [2005/02/22 17:39:02 | 000,063,208 | ---- | M] () -- C:\WINDOWS\System32\igfxhplk.lhp [2005/02/22 17:39:00 | 000,060,141 | ---- | M] () -- C:\WINDOWS\System32\igfxhnld.lhp [2005/02/22 17:39:00 | 000,060,085 | ---- | M] () -- C:\WINDOWS\System32\igfxhnor.lhp [2005/02/22 17:38:58 | 000,066,013 | ---- | M] () -- C:\WINDOWS\System32\igfxhkor.lhp [2005/02/22 17:38:56 | 000,062,578 | ---- | M] () -- C:\WINDOWS\System32\igfxhjpn.lhp [2005/02/22 17:38:54 | 000,068,112 | ---- | M] () -- C:\WINDOWS\System32\igfxhhun.lhp [2005/02/22 17:38:54 | 000,059,687 | ---- | M] () -- C:\WINDOWS\System32\igfxhita.lhp [2005/02/22 17:38:52 | 000,059,471 | ---- | M] () -- C:\WINDOWS\System32\igfxhheb.lhp [2005/02/22 17:38:50 | 000,062,740 | ---- | M] () -- C:\WINDOWS\System32\igfxhfrc.lhp [2005/02/22 17:38:50 | 000,062,454 | ---- | M] () -- C:\WINDOWS\System32\igfxhfra.lhp [2005/02/22 17:38:48 | 000,062,770 | ---- | M] () -- C:\WINDOWS\System32\igfxhfin.lhp [2005/02/22 17:38:46 | 000,060,786 | ---- | M] () -- C:\WINDOWS\System32\igfxhesp.lhp [2005/02/22 17:38:46 | 000,058,623 | ---- | M] () -- C:\WINDOWS\System32\igfxheng.lhp [2005/02/22 17:38:46 | 000,057,801 | ---- | M] () -- C:\WINDOWS\System32\igfxhenu.lhp [2005/02/22 17:38:44 | 000,061,831 | ---- | M] () -- C:\WINDOWS\System32\igfxhell.lhp [2005/02/22 17:38:42 | 000,062,339 | ---- | M] () -- C:\WINDOWS\System32\igfxhdeu.lhp [2005/02/22 17:38:42 | 000,060,244 | ---- | M] () -- C:\WINDOWS\System32\igfxhdan.lhp [2005/02/22 17:38:40 | 000,060,659 | ---- | M] () -- C:\WINDOWS\System32\igfxhcsy.lhp [2005/02/22 17:38:38 | 000,059,354 | ---- | M] () -- C:\WINDOWS\System32\igfxhcht.lhp [2005/02/22 17:38:38 | 000,058,430 | ---- | M] () -- C:\WINDOWS\System32\igfxhchs.lhp [2005/02/22 17:38:36 | 000,059,200 | ---- | M] () -- C:\WINDOWS\System32\igfxharb.lhp [2005/02/22 17:38:34 | 000,059,200 | ---- | M] () -- C:\WINDOWS\System32\igfxhara.lhp [2005/01/07 18:08:22 | 000,005,632 | ---- | M] (Fournisseur DDK Windows (R) Server 2003) -- C:\WINDOWS\System32\HdAudRes.dll [2004/12/29 12:50:36 | 000,001,120 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/11/09 18:31:46 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\drivers\verfile.tic [2004/10/18 16:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) -- C:\WINDOWS\System32\drivers\FUJ02E1.sys [2004/08/05 14:00:00 | 004,399,505 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2004/08/05 14:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\gm.dls [2004/08/05 14:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\dllcache\gm.dls [2004/08/05 14:00:00 | 003,374,512 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourW.exe [2004/08/05 14:00:00 | 001,685,606 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sam.spd [2004/08/05 14:00:00 | 001,355,776 | ---- | M] () -- C:\WINDOWS\System32\webfldrs.msi [2004/08/05 14:00:00 | 001,309,184 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.deu [2004/08/05 14:00:00 | 001,095,680 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.nld [2004/08/05 14:00:00 | 001,015,477 | ---- | M] () -- C:\WINDOWS\System32\esentprf.ini [2004/08/05 14:00:00 | 001,014,836 | ---- | M] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2004/08/05 14:00:00 | 000,957,440 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.enu [2004/08/05 14:00:00 | 000,956,990 | ---- | M] () -- C:\WINDOWS\System32\instcat.sql [2004/08/05 14:00:00 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve [2004/08/05 14:00:00 | 000,867,840 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.ita [2004/08/05 14:00:00 | 000,809,394 | ---- | M] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2004/08/05 14:00:00 | 000,786,944 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.fra [2004/08/05 14:00:00 | 000,750,080 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.esn [2004/08/05 14:00:00 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\mlang.dat [2004/08/05 14:00:00 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mlang.dat [2004/08/05 14:00:00 | 000,643,717 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2004/08/05 14:00:00 | 000,605,050 | ---- | M] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2004/08/05 14:00:00 | 000,399,670 | ---- | M] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2004/08/05 14:00:00 | 000,322,810 | ---- | M] () -- C:\WINDOWS\System32\perfi00C.dat [2004/08/05 14:00:00 | 000,272,128 | ---- | M] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/05 14:00:00 | 000,262,148 | ---- | M] () -- C:\WINDOWS\System32\sortkey.nls [2004/08/05 14:00:00 | 000,262,148 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sortkey.nls [2004/08/05 14:00:00 | 000,240,120 | ---- | M] () -- C:\WINDOWS\System32\setup.bmp [2004/08/05 14:00:00 | 000,218,003 | ---- | M] () -- C:\WINDOWS\System32\dssec.dat [2004/08/05 14:00:00 | 000,199,168 | ---- | M] () -- C:\WINDOWS\System32\ir32_32.dll [2004/08/05 14:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_950.nls [2004/08/05 14:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_950.nls [2004/08/05 14:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_949.nls [2004/08/05 14:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_949.nls [2004/08/05 14:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_936.nls [2004/08/05 14:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_936.nls [2004/08/05 14:00:00 | 000,195,618 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2004/08/05 14:00:00 | 000,189,986 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2004/08/05 14:00:00 | 000,187,938 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20005.nls [2004/08/05 14:00:00 | 000,186,402 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20001.nls [2004/08/05 14:00:00 | 000,185,378 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20003.nls [2004/08/05 14:00:00 | 000,180,770 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2004/08/05 14:00:00 | 000,180,258 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20004.nls [2004/08/05 14:00:00 | 000,180,258 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2004/08/05 14:00:00 | 000,177,698 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2004/08/05 14:00:00 | 000,177,698 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2004/08/05 14:00:00 | 000,173,602 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2004/08/05 14:00:00 | 000,173,602 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20002.nls [2004/08/05 14:00:00 | 000,173,602 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2004/08/05 14:00:00 | 000,168,731 | ---- | M] () -- C:\WINDOWS\System32\pagefileconfig.vbs [2004/08/05 14:00:00 | 000,168,731 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs [2004/08/05 14:00:00 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_932.nls [2004/08/05 14:00:00 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\c_932.nls [2004/08/05 14:00:00 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2004/08/05 14:00:00 | 000,157,696 | ---- | M] () -- C:\WINDOWS\System32\paqsp.dll [2004/08/05 14:00:00 | 000,152,844 | ---- | M] () -- C:\WINDOWS\System32\dllcache\framdit.ttf [2004/08/05 14:00:00 | 000,149,848 | ---- | M] () -- C:\WINDOWS\System32\noise.deu [2004/08/05 14:00:00 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20261.nls [2004/08/05 14:00:00 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\c_20261.nls [2004/08/05 14:00:00 | 000,135,984 | ---- | M] () -- C:\WINDOWS\System32\dllcache\framd.ttf [2004/08/05 14:00:00 | 000,127,213 | ---- | M] () -- C:\WINDOWS\System32\ega.cpi [2004/08/05 14:00:00 | 000,121,876 | ---- | M] () -- C:\WINDOWS\System32\net.hlp [2004/08/05 14:00:00 | 000,098,846 | ---- | M] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs [2004/08/05 14:00:00 | 000,098,846 | ---- | M] () -- C:\WINDOWS\System32\eventquery.vbs [2004/08/05 14:00:00 | 000,094,864 | ---- | M] (Groupe de travail Twain) -- C:\WINDOWS\twain.dll [2004/08/05 14:00:00 | 000,094,864 | ---- | M] (Groupe de travail Twain) -- C:\WINDOWS\System32\dllcache\twain.dll [2004/08/05 14:00:00 | 000,094,282 | ---- | M] () -- C:\WINDOWS\System32\msencode.dll [2004/08/05 14:00:00 | 000,093,702 | ---- | M] () -- C:\WINDOWS\System32\subrange.uce [2004/08/05 14:00:00 | 000,089,588 | ---- | M] () -- C:\WINDOWS\System32\unicode.nls [2004/08/05 14:00:00 | 000,089,588 | ---- | M] () -- C:\WINDOWS\System32\dllcache\unicode.nls [2004/08/05 14:00:00 | 000,083,748 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2004/08/05 14:00:00 | 000,083,748 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prc.nls [2004/08/05 14:00:00 | 000,082,944 | ---- | M] () -- C:\WINDOWS\clock.avi [2004/08/05 14:00:00 | 000,082,172 | ---- | M] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2004/08/05 14:00:00 | 000,081,408 | ---- | M] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2004/08/05 14:00:00 | 000,081,408 | ---- | M] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2004/08/05 14:00:00 | 000,072,365 | ---- | M] () -- C:\WINDOWS\System32\cmmgr32.hlp [2004/08/05 14:00:00 | 000,071,102 | ---- | M] () -- C:\WINDOWS\System32\edit.com [2004/08/05 14:00:00 | 000,066,728 | ---- | M] () -- C:\WINDOWS\System32\dllcache\big5.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_874.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_874.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_869.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_869.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_866.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_866.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_865.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_865.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_864.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_863.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_863.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_862.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_861.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_861.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_860.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_860.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_858.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_857.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_857.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_855.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_855.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_852.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_852.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_850.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_850.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_775.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_775.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_737.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_737.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_720.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_437.nls [2004/08/05 14:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_437.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_875.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_875.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_870.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_708.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_500.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_500.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28605.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28605.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28603.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28603.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28599.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28599.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28598.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28598.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28597.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28597.NLS [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28596.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28595.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28595.NLS [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28594.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28594.NLS [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28593.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28593.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28592.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28592.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28591.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28591.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_21866.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_21866.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_21025.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20924.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20905.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20905.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20880.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20871.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20866.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20866.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20838.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20833.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20424.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20423.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20420.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20297.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20285.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20284.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20280.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20278.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20277.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20273.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20269.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20127.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20127.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20108.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20107.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20106.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20105.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1258.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1258.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1257.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1257.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1256.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1256.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1255.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1255.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1254.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1254.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1253.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1253.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1252.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1252.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1251.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1251.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1250.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1250.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1149.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1148.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1147.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1146.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1145.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1144.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1143.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1142.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1141.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1140.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1047.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1026.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1026.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10082.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10082.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10081.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10081.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10079.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10079.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10029.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10029.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10021.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10017.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10017.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10010.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10010.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10007.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10007.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10006.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10006.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10005.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10004.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10000.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10000.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_037.nls [2004/08/05 14:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_037.nls [2004/08/05 14:00:00 | 000,065,978 | ---- | M] () -- C:\WINDOWS\Bulles de savon.bmp [2004/08/05 14:00:00 | 000,065,954 | ---- | M] () -- C:\WINDOWS\Vent de prairie.bmp [2004/08/05 14:00:00 | 000,065,832 | ---- | M] () -- C:\WINDOWS\Mur de Santa Fe.bmp [2004/08/05 14:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.sve [2004/08/05 14:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.nld [2004/08/05 14:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.ita [2004/08/05 14:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.fra [2004/08/05 14:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.esn [2004/08/05 14:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.enu [2004/08/05 14:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.deu [2004/08/05 14:00:00 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\wmimgmt.msc [2004/08/05 14:00:00 | 000,061,126 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm [2004/08/05 14:00:00 | 000,060,458 | ---- | M] () -- C:\WINDOWS\System32\ideograf.uce [2004/08/05 14:00:00 | 000,059,392 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe [2004/08/05 14:00:00 | 000,059,167 | ---- | M] () -- C:\WINDOWS\System\setup.inf [2004/08/05 14:00:00 | 000,057,862 | R--- | M] () -- C:\WINDOWS\System32\perfmon.msc [2004/08/05 14:00:00 | 000,056,286 | ---- | M] () -- C:\WINDOWS\System32\eventvwr.msc [2004/08/05 14:00:00 | 000,054,528 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2004/08/05 14:00:00 | 000,054,080 | ---- | M] () -- C:\WINDOWS\System32\dosx.exe [2004/08/05 14:00:00 | 000,054,080 | ---- | M] () -- C:\WINDOWS\System32\dllcache\dosx.exe [2004/08/05 14:00:00 | 000,053,478 | ---- | M] () -- C:\WINDOWS\System32\tcpmon.ini [2004/08/05 14:00:00 | 000,052,103 | ---- | M] () -- C:\WINDOWS\System32\command.com [2004/08/05 14:00:00 | 000,049,345 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm [2004/08/05 14:00:00 | 000,049,196 | ---- | M] () -- C:\WINDOWS\System32\noise.fra [2004/08/05 14:00:00 | 000,049,102 | -HS- | M] () -- C:\WINDOWS\winnt256.bmp [2004/08/05 14:00:00 | 000,049,102 | -HS- | M] () -- C:\WINDOWS\winnt.bmp [2004/08/05 14:00:00 | 000,048,794 | ---- | M] () -- C:\WINDOWS\System32\ntimage.gif [2004/08/05 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004/08/05 14:00:00 | 000,047,066 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2004/08/05 14:00:00 | 000,046,258 | ---- | M] () -- C:\WINDOWS\System32\mib.bin [2004/08/05 14:00:00 | 000,043,968 | R--- | M] () -- C:\WINDOWS\System32\rsop.msc [2004/08/05 14:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\key01.sys [2004/08/05 14:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\dllcache\key01.sys [2004/08/05 14:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\keyboard.sys [2004/08/05 14:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\dllcache\keyboard.sys [2004/08/05 14:00:00 | 000,041,990 | ---- | M] () -- C:\WINDOWS\System32\certmgr.msc [2004/08/05 14:00:00 | 000,041,847 | ---- | M] () -- C:\WINDOWS\System32\lusrmgr.msc [2004/08/05 14:00:00 | 000,041,461 | ---- | M] () -- C:\WINDOWS\System32\ciadv.msc [2004/08/05 14:00:00 | 000,041,131 | ---- | M] () -- C:\WINDOWS\System32\dfrg.msc [2004/08/05 14:00:00 | 000,040,736 | ---- | M] () -- C:\WINDOWS\System32\cmdlib.wsc [2004/08/05 14:00:00 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\wiasf.ax [2004/08/05 14:00:00 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wiasf.ax [2004/08/05 14:00:00 | 000,039,434 | ---- | M] () -- C:\WINDOWS\System32\mem.exe [2004/08/05 14:00:00 | 000,039,434 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mem.exe [2004/08/05 14:00:00 | 000,039,340 | ---- | M] () -- C:\WINDOWS\wmprfFRA.prx [2004/08/05 14:00:00 | 000,037,509 | ---- | M] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2004/08/05 14:00:00 | 000,037,357 | ---- | M] () -- C:\WINDOWS\System32\compmgmt.msc [2004/08/05 14:00:00 | 000,037,237 | ---- | M] () -- C:\WINDOWS\System32\winhelp.hlp [2004/08/05 14:00:00 | 000,036,178 | ---- | M] () -- C:\WINDOWS\System32\prncnfg.vbs [2004/08/05 14:00:00 | 000,036,178 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs [2004/08/05 14:00:00 | 000,035,719 | ---- | M] () -- C:\WINDOWS\System32\secpol.msc [2004/08/05 14:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\ntio411.sys [2004/08/05 14:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio411.sys [2004/08/05 14:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\ntio412.sys [2004/08/05 14:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio412.sys [2004/08/05 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio804.sys [2004/08/05 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio804.sys [2004/08/05 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio404.sys [2004/08/05 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio404.sys [2004/08/05 14:00:00 | 000,034,352 | ---- | M] () -- C:\WINDOWS\System32\gpedit.msc [2004/08/05 14:00:00 | 000,034,108 | ---- | M] () -- C:\WINDOWS\System32\perfd00C.dat [2004/08/05 14:00:00 | 000,034,000 | ---- | M] () -- C:\WINDOWS\System32\ntio.sys [2004/08/05 14:00:00 | 000,034,000 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio.sys [2004/08/05 14:00:00 | 000,033,311 | ---- | M] () -- C:\WINDOWS\System32\diskmgmt.msc [2004/08/05 14:00:00 | 000,033,075 | ---- | M] () -- C:\WINDOWS\System32\services.msc [2004/08/05 14:00:00 | 000,032,984 | ---- | M] () -- C:\WINDOWS\System32\prnmngr.vbs [2004/08/05 14:00:00 | 000,032,984 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs [2004/08/05 14:00:00 | 000,032,738 | ---- | M] () -- C:\WINDOWS\System32\devmgmt.msc [2004/08/05 14:00:00 | 000,032,590 | ---- | M] () -- C:\WINDOWS\System32\ntmsoprq.msc [2004/08/05 14:00:00 | 000,032,409 | ---- | M] () -- C:\WINDOWS\System32\fsmgmt.msc [2004/08/05 14:00:00 | 000,029,817 | ---- | M] () -- C:\WINDOWS\System32\prnport.vbs [2004/08/05 14:00:00 | 000,029,817 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnport.vbs [2004/08/05 14:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\ntdos411.sys [2004/08/05 14:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys [2004/08/05 14:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\ntdos412.sys [2004/08/05 14:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys [2004/08/05 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos804.sys [2004/08/05 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys [2004/08/05 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos404.sys [2004/08/05 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys [2004/08/05 14:00:00 | 000,028,626 | ---- | M] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/05 14:00:00 | 000,028,420 | ---- | M] () -- C:\WINDOWS\System32\bios1.rom [2004/08/05 14:00:00 | 000,028,288 | ---- | M] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2004/08/05 14:00:00 | 000,027,916 | ---- | M] () -- C:\WINDOWS\System32\ntdos.sys [2004/08/05 14:00:00 | 000,027,916 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos.sys [2004/08/05 14:00:00 | 000,027,768 | ---- | M] () -- C:\WINDOWS\System32\tslabels.ini [2004/08/05 14:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\dllcache\country.sys [2004/08/05 14:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\country.sys [2004/08/05 14:00:00 | 000,026,680 | ---- | M] () -- C:\WINDOWS\Rivière Sumida.bmp [2004/08/05 14:00:00 | 000,026,582 | ---- | M] () -- C:\WINDOWS\Granit vert.bmp [2004/08/05 14:00:00 | 000,025,901 | ---- | M] () -- C:\WINDOWS\System32\ntmsmgr.msc [2004/08/05 14:00:00 | 000,025,725 | ---- | M] () -- C:\WINDOWS\System32\prndrvr.vbs [2004/08/05 14:00:00 | 000,025,725 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs [2004/08/05 14:00:00 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\geo.nls [2004/08/05 14:00:00 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\dllcache\geo.nls [2004/08/05 14:00:00 | 000,024,124 | ---- | M] () -- C:\WINDOWS\System32\dllcache\marlett.ttf [2004/08/05 14:00:00 | 000,024,006 | ---- | M] () -- C:\WINDOWS\System32\gb2312.uce [2004/08/05 14:00:00 | 000,022,984 | ---- | M] () -- C:\WINDOWS\System32\bopomofo.uce [2004/08/05 14:00:00 | 000,021,822 | ---- | M] () -- C:\WINDOWS\System32\prnjobs.vbs [2004/08/05 14:00:00 | 000,021,822 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs [2004/08/05 14:00:00 | 000,021,232 | ---- | M] () -- C:\WINDOWS\System32\graphics.pro [2004/08/05 14:00:00 | 000,021,162 | ---- | M] () -- C:\WINDOWS\System32\dllcache\debug.exe [2004/08/05 14:00:00 | 000,021,162 | ---- | M] () -- C:\WINDOWS\System32\debug.exe [2004/08/05 14:00:00 | 000,020,727 | ---- | M] () -- C:\WINDOWS\System32\mqperf.ini [2004/08/05 14:00:00 | 000,019,902 | ---- | M] () -- C:\WINDOWS\System32\graphics.com [2004/08/05 14:00:00 | 000,019,684 | ---- | M] () -- C:\WINDOWS\System32\noise.esn [2004/08/05 14:00:00 | 000,019,618 | ---- | M] () -- C:\WINDOWS\System32\noise.ita [2004/08/05 14:00:00 | 000,018,832 | ---- | M] () -- C:\WINDOWS\System32\v7vga.rom [2004/08/05 14:00:00 | 000,017,362 | ---- | M] () -- C:\WINDOWS\Rhododendron.bmp [2004/08/05 14:00:00 | 000,017,336 | ---- | M] () -- C:\WINDOWS\Jour de pêche.bmp [2004/08/05 14:00:00 | 000,017,062 | ---- | M] () -- C:\WINDOWS\Tasse à café.bmp [2004/08/05 14:00:00 | 000,016,740 | ---- | M] () -- C:\WINDOWS\System32\shiftjis.uce [2004/08/05 14:00:00 | 000,016,730 | ---- | M] () -- C:\WINDOWS\Plume.bmp [2004/08/05 14:00:00 | 000,016,062 | ---- | M] () -- C:\WINDOWS\System32\prnqctl.vbs [2004/08/05 14:00:00 | 000,016,062 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs [2004/08/05 14:00:00 | 000,015,937 | ---- | M] () -- C:\WINDOWS\System32\rsvp.ini [2004/08/05 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\tsd32.dll [2004/08/05 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tsd32.dll [2004/08/05 14:00:00 | 000,014,841 | ---- | M] () -- C:\WINDOWS\System32\kb16.com [2004/08/05 14:00:00 | 000,014,073 | ---- | M] () -- C:\WINDOWS\System32\pschdprf.ini [2004/08/05 14:00:00 | 000,013,781 | ---- | M] () -- C:\WINDOWS\System32\edit.hlp [2004/08/05 14:00:00 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\noise.sve [2004/08/05 14:00:00 | 000,013,497 | ---- | M] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2004/08/05 14:00:00 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\win87em.dll [2004/08/05 14:00:00 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\dllcache\win87em.dll [2004/08/05 14:00:00 | 000,013,256 | ---- | M] () -- C:\WINDOWS\System32\noise.nld [2004/08/05 14:00:00 | 000,013,010 | ---- | M] () -- C:\WINDOWS\System32\edlin.exe [2004/08/05 14:00:00 | 000,013,010 | ---- | M] () -- C:\WINDOWS\System32\dllcache\edlin.exe [2004/08/05 14:00:00 | 000,012,876 | ---- | M] () -- C:\WINDOWS\System32\korean.uce [2004/08/05 14:00:00 | 000,012,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\append.exe [2004/08/05 14:00:00 | 000,012,642 | ---- | M] () -- C:\WINDOWS\System32\append.exe [2004/08/05 14:00:00 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\setver.exe [2004/08/05 14:00:00 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\scriptpw.dll [2004/08/05 14:00:00 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll [2004/08/05 14:00:00 | 000,009,522 | ---- | M] () -- C:\WINDOWS\Zapotec.bmp [2004/08/05 14:00:00 | 000,009,037 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ansi.sys [2004/08/05 14:00:00 | 000,009,037 | ---- | M] () -- C:\WINDOWS\System32\ansi.sys [2004/08/05 14:00:00 | 000,008,599 | ---- | M] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2004/08/05 14:00:00 | 000,008,484 | ---- | M] () -- C:\WINDOWS\System32\kanji_2.uce [2004/08/05 14:00:00 | 000,008,424 | ---- | M] () -- C:\WINDOWS\System32\exe2bin.exe [2004/08/05 14:00:00 | 000,008,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe [2004/08/05 14:00:00 | 000,008,386 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ctype.nls [2004/08/05 14:00:00 | 000,008,386 | ---- | M] () -- C:\WINDOWS\System32\ctype.nls [2004/08/05 14:00:00 | 000,008,191 | ---- | M] () -- C:\WINDOWS\System32\bios4.rom [2004/08/05 14:00:00 | 000,007,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services [2004/08/05 14:00:00 | 000,007,334 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2004/08/05 14:00:00 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\secupd.sig [2004/08/05 14:00:00 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\dllcache\secupd.sig [2004/08/05 14:00:00 | 000,007,116 | ---- | M] () -- C:\WINDOWS\System32\nlsfunc.exe [2004/08/05 14:00:00 | 000,007,116 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe [2004/08/05 14:00:00 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\l_intl.nls [2004/08/05 14:00:00 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\dllcache\l_intl.nls [2004/08/05 14:00:00 | 000,006,948 | ---- | M] () -- C:\WINDOWS\System32\kanji_1.uce [2004/08/05 14:00:00 | 000,006,708 | ---- | M] () -- C:\WINDOWS\System32\esentprf.hxx [2004/08/05 14:00:00 | 000,006,212 | ---- | M] () -- C:\WINDOWS\System32\rasctrs.ini [2004/08/05 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004/08/05 14:00:00 | 000,004,912 | ---- | M] () -- C:\WINDOWS\System32\himem.sys [2004/08/05 14:00:00 | 000,004,912 | ---- | M] () -- C:\WINDOWS\System32\dllcache\himem.sys [2004/08/05 14:00:00 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\secupd.dat [2004/08/05 14:00:00 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\dllcache\secupd.dat [2004/08/05 14:00:00 | 000,004,251 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam [2004/08/05 14:00:00 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm [2004/08/05 14:00:00 | 000,003,914 | ---- | M] () -- C:\WINDOWS\System32\msdtcprf.ini [2004/08/05 14:00:00 | 000,003,862 | ---- | M] () -- C:\WINDOWS\System32\pubprn.vbs [2004/08/05 14:00:00 | 000,003,862 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs [2004/08/05 14:00:00 | 000,003,577 | ---- | M] () -- C:\WINDOWS\System32\sysprtj.sep [2004/08/05 14:00:00 | 000,003,352 | ---- | M] () -- C:\WINDOWS\System32\redir.exe [2004/08/05 14:00:00 | 000,003,352 | ---- | M] () -- C:\WINDOWS\System32\dllcache\redir.exe [2004/08/05 14:00:00 | 000,003,286 | ---- | M] () -- C:\WINDOWS\System32\tslabels.h [2004/08/05 14:00:00 | 000,003,271 | ---- | M] () -- C:\WINDOWS\System32\rsaci.rat [2004/08/05 14:00:00 | 000,003,258 | ---- | M] () -- C:\WINDOWS\System32\nw16.exe [2004/08/05 14:00:00 | 000,003,258 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nw16.exe [2004/08/05 14:00:00 | 000,003,214 | ---- | M] () -- C:\WINDOWS\System32\sysprint.sep [2004/08/05 14:00:00 | 000,003,178 | ---- | M] () -- C:\WINDOWS\System32\rsvpcnts.h [2004/08/05 14:00:00 | 000,003,030 | ---- | M] () -- C:\WINDOWS\System32\perfci.ini [2004/08/05 14:00:00 | 000,003,010 | ---- | M] () -- C:\WINDOWS\System32\pschdcnt.h [2004/08/05 14:00:00 | 000,002,994 | ---- | M] () -- C:\WINDOWS\System32\perfwci.ini [2004/08/05 14:00:00 | 000,002,755 | ---- | M] () -- C:\WINDOWS\System32\mqprfsym.h [2004/08/05 14:00:00 | 000,002,656 | ---- | M] () -- C:\WINDOWS\System32\netware.drv [2004/08/05 14:00:00 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\dllcache\12520850.cpx [2004/08/05 14:00:00 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\12520850.cpx [2004/08/05 14:00:00 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\dllcache\12520437.cpx [2004/08/05 14:00:00 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\12520437.cpx [2004/08/05 14:00:00 | 000,001,896 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2004/08/05 14:00:00 | 000,001,818 | ---- | M] () -- C:\WINDOWS\System32\rasctrnm.h [2004/08/05 14:00:00 | 000,001,696 | ---- | M] () -- C:\WINDOWS\System32\noise.cht [2004/08/05 14:00:00 | 000,001,696 | ---- | M] () -- C:\WINDOWS\System32\noise.chs [2004/08/05 14:00:00 | 000,001,492 | ---- | M] () -- C:\WINDOWS\System32\mmdriver.inf [2004/08/05 14:00:00 | 000,001,405 | ---- | M] () -- C:\WINDOWS\msdfmap.ini [2004/08/05 14:00:00 | 000,001,293 | ---- | M] () -- C:\WINDOWS\System32\perffilt.ini [2004/08/05 14:00:00 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Rosace bleue 16.bmp [2004/08/05 14:00:00 | 000,001,263 | ---- | M] () -- C:\WINDOWS\System32\usrlogon.cmd [2004/08/05 14:00:00 | 000,001,187 | ---- | M] () -- C:\WINDOWS\System32\loadfix.com [2004/08/05 14:00:00 | 000,001,147 | ---- | M] () -- C:\WINDOWS\System32\vwipxspx.exe [2004/08/05 14:00:00 | 000,001,147 | ---- | M] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe [2004/08/05 14:00:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2004/08/05 14:00:00 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\homepage.inf [2004/08/05 14:00:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\protocol [2004/08/05 14:00:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2004/08/05 14:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\share.exe [2004/08/05 14:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\dllcache\share.exe [2004/08/05 14:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\fastopen.exe [2004/08/05 14:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\dllcache\fastopen.exe [2004/08/05 14:00:00 | 000,000,862 | ---- | M] () -- C:\WINDOWS\System32\termcap [2004/08/05 14:00:00 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\mscdexnt.exe [2004/08/05 14:00:00 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe [2004/08/05 14:00:00 | 000,000,790 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2004/08/05 14:00:00 | 000,000,768 | ---- | M] () -- C:\WINDOWS\System32\msdtcprf.h [2004/08/05 14:00:00 | 000,000,751 | ---- | M] () -- C:\WINDOWS\System32\noise.enu [2004/08/05 14:00:00 | 000,000,751 | ---- | M] () -- C:\WINDOWS\System32\noise.eng [2004/08/05 14:00:00 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\noise.dat [2004/08/05 14:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif [2004/08/05 14:00:00 | 000,000,697 | ---- | M] () -- C:\WINDOWS\System32\noise.tha [2004/08/05 14:00:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\System32\login.cmd [2004/08/05 14:00:00 | 000,000,457 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\networks [2004/08/05 14:00:00 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\perfwci.h [2004/08/05 14:00:00 | 000,000,427 | ---- | M] () -- C:\WINDOWS\System32\perfci.h [2004/08/05 14:00:00 | 000,000,363 | ---- | M] () -- C:\WINDOWS\System32\prodspec.ini [2004/08/05 14:00:00 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\l_except.nls [2004/08/05 14:00:00 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\dllcache\l_except.nls [2004/08/05 14:00:00 | 000,000,140 | ---- | M] () -- C:\WINDOWS\System32\perffilt.h [2004/08/05 14:00:00 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\pcl.sep [2004/08/05 14:00:00 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\dsound.vxd [2004/08/05 14:00:00 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf [2004/08/05 14:00:00 | 000,000,075 | ---- | M] () -- C:\WINDOWS\System32\Chaînes.scf [2004/08/05 14:00:00 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\cmos.ram [2004/08/05 14:00:00 | 000,000,051 | ---- | M] () -- C:\WINDOWS\System32\pscript.sep [2004/07/17 23:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2004/07/17 12:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2004/07/17 12:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2004/03/17 20:23:20 | 000,009,090 | ---- | M] () -- C:\WINDOWS\System32\drivers\adpu320.cat [2004/02/17 15:44:54 | 000,007,780 | ---- | M] () -- C:\WINDOWS\System32\drivers\adpu320.inf [2004/02/17 15:38:30 | 000,132,608 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\adpu320.sys [2004/01/17 22:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\System32\drivers\fuj02e3.sys [2003/07/30 11:48:28 | 000,007,506 | ---- | M] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2003/07/30 11:48:28 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\oembios.sig [2003/07/30 11:48:28 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.sig [2003/07/30 11:48:28 | 000,004,711 | ---- | M] () -- C:\WINDOWS\System32\oembios.dat [2003/07/30 11:48:28 | 000,004,711 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.dat [2003/07/30 10:49:22 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\oembios.bin [2003/07/30 10:49:22 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.bin [2002/02/19 17:14:48 | 000,017,638 | ---- | M] () -- C:\WINDOWS\System32\OEMLOGO.BMP [2001/08/23 19:21:42 | 000,036,937 | ---- | M] (SMC) -- C:\WINDOWS\System32\drivers\smcirda.sys [2001/08/01 22:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\System32\drivers\fuj02b1.sys [2001/03/30 22:58:36 | 000,135,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\Property.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/23 13:12:55 | 002,826,240 | ---- | C] () -- C:\Documents and Settings\Administrateur\ntuser.dat [2010/09/23 03:01:23 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\System32\spfid.bin [2010/09/23 03:01:23 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\spfid.bin [2010/09/19 21:45:38 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\SPYWAREfighter.lnk [2010/09/18 03:06:04 | 000,585,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\bjlpoijm.sys [2010/09/18 03:03:46 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\apiqfw.dat [2010/09/13 16:56:26 | 000,013,973 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\DEVIS ELECTROLUX.odt [2010/09/09 14:32:27 | 000,010,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\avfsfilter.sys [2010/08/30 22:44:41 | 000,467,136 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\tourendownload 2.pdf [2010/08/30 22:43:31 | 000,342,502 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\tourendownload 1.pdf [2010/07/07 17:54:37 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrateur-Scheduled.job [2010/07/01 16:47:46 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\SLOW-PCfighter.lnk [2010/06/30 22:04:07 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2010/06/30 22:04:07 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2010/06/30 22:03:59 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk [2010/06/13 18:48:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010/06/13 18:48:35 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm [2010/06/13 18:48:34 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/06/12 22:07:58 | 000,000,052 | ---- | C] () -- C:\WINDOWS\SNISTATE.INI [2010/06/11 15:21:15 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk [2010/05/31 00:25:26 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm [2010/05/30 18:00:09 | 004,219,203 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ffdshow-rev3233_20100128.zip [2010/05/27 00:35:40 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\DivX Movies.lnk [2010/05/27 00:34:26 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk [2010/05/27 00:33:40 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk [2010/05/18 14:33:43 | 000,320,176 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\PROMO 19+20+21.pdf [2010/05/18 03:47:31 | 000,023,401 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\MEDICOPTER [2010/05/18 03:46:49 | 000,024,410 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\hinter gittern 1- 150 [2010/05/18 03:46:30 | 000,023,575 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\hinter gittern [2010/05/18 03:46:10 | 000,015,305 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\alarmcobra 11!!!12-18 [2010/05/18 03:45:50 | 000,017,514 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\alarm cobra 11!!!1-12 [2010/05/12 23:47:27 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk [2010/05/06 00:37:33 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Promo ETE 2010-1.doc [2010/04/21 22:09:04 | 000,010,446 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\SCHWUCHTEL CARLO.odt [2010/04/09 15:36:33 | 000,134,879 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\DSC01064.JPG [2010/04/03 16:51:25 | 000,009,845 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\SOUTH PARK.odt [2010/03/28 17:00:14 | 000,000,462 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\vCard.vcf [2010/03/24 16:03:18 | 000,165,888 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Motorrad_Flyer (FR).ppt [2010/03/24 16:02:09 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Motorrad_Flyer (DE).ppt [2010/03/24 16:01:25 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\FitLine Gutschein.ppt [2010/03/24 16:00:14 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\BeautyLine Gutschein.ppt [2010/03/23 23:46:09 | 000,008,883 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\FILME.odt [2010/03/23 23:42:58 | 000,018,339 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\AUTOHAENDLER.odt [2010/03/23 23:39:54 | 000,015,565 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\FAMILY GUY.odt [2010/03/23 23:37:58 | 000,011,641 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\DRAWN TOGETHER.odt [2010/03/23 16:25:29 | 000,130,560 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\BeautyLine Bong.ppt [2010/03/23 16:22:40 | 000,224,768 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Motorrad_Flyer.ppt [2010/03/23 16:21:27 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\FitLine Bong.ppt [2010/03/19 20:54:09 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Bild.ppt [2010/03/19 20:46:41 | 000,130,560 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Motor.xls [2010/03/16 18:06:46 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2010/03/07 22:01:16 | 000,013,915 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\CARTE RESTAURANT HIVER 1ER PARTIE.odt [2010/03/07 20:59:33 | 000,014,872 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\MENU RESTAURANT 42 A 56.odt [2010/03/06 00:11:53 | 000,010,427 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\AMERICAIN DAD.odt [2010/03/06 00:05:13 | 000,014,729 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\RAUS AUS DEN SCHULDEN.odt [2010/03/05 19:05:54 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk [2010/03/05 01:00:26 | 000,013,314 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\DUE KUECHENCHEFS.odt [2010/03/02 23:43:54 | 000,011,309 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\DIE KOCHPROFIS NEXT GENERATION.odt [2010/03/01 16:39:15 | 000,516,096 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\CATALOGUE TARIF COGEL.xls [2010/02/28 16:41:13 | 000,021,654 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\DER RESTAURANTTESTER.odt [2010/02/28 16:26:30 | 000,018,995 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\NIKOLA.odt [2010/02/28 03:10:56 | 000,016,999 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\MEIN LEBEN UND ICH.odt [2010/02/28 02:52:52 | 000,022,666 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\ALLES ATZE.odt [2010/02/26 16:14:43 | 000,089,660 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\2dee04246cb1fd18d5bd46c607a1c890_89660.pdf [2010/02/16 16:28:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk [2010/02/12 16:56:14 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2010/02/12 16:55:50 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2010/02/12 16:55:07 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2010/02/09 01:06:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010/02/08 19:03:35 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/07 18:35:11 | 000,020,516 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\ALARM COBRA 11 ST 21.odt [2010/01/05 17:18:46 | 000,000,450 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{19168D32-670A-4885-83A2-4525E91AE3A9}.job [2009/12/30 18:16:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Tango Mobile.lnk [2009/12/18 10:52:42 | 000,010,282 | ---- | C] () -- C:\WINDOWS\SysInf.ini [2009/12/18 10:52:30 | 000,077,330 | ---- | C] () -- C:\WINDOWS\DeskMon.ini [2009/12/18 10:52:30 | 000,001,709 | ---- | C] () -- C:\WINDOWS\SmartMon.ini [2009/12/18 10:51:57 | 000,025,449 | ---- | C] () -- C:\WINDOWS\PCInfo.ini [2009/12/18 10:51:57 | 000,019,027 | ---- | C] () -- C:\WINDOWS\Brdinfo.ini [2009/12/18 10:46:11 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav [2009/12/18 10:46:11 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav [2009/12/18 10:44:08 | 004,271,442 | -H-- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db [2009/12/18 10:42:00 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat [2009/12/18 10:41:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009/12/18 10:40:59 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\drivers\verfile.tic [2009/12/18 10:40:44 | 000,068,112 | ---- | C] () -- C:\WINDOWS\System32\igfxhhun.lhp [2009/12/18 10:40:44 | 000,066,013 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp [2009/12/18 10:40:44 | 000,064,513 | ---- | C] () -- C:\WINDOWS\System32\igfxhtrk.lhp [2009/12/18 10:40:44 | 000,063,269 | ---- | C] () -- C:\WINDOWS\System32\igfxhsve.lhp [2009/12/18 10:40:44 | 000,063,208 | ---- | C] () -- C:\WINDOWS\System32\igfxhplk.lhp [2009/12/18 10:40:44 | 000,062,836 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp [2009/12/18 10:40:44 | 000,062,770 | ---- | C] () -- C:\WINDOWS\System32\igfxhfin.lhp [2009/12/18 10:40:44 | 000,062,740 | ---- | C] () -- C:\WINDOWS\System32\igfxhfrc.lhp [2009/12/18 10:40:44 | 000,062,578 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp [2009/12/18 10:40:44 | 000,062,465 | ---- | C] () -- C:\WINDOWS\System32\igfxhptg.lhp [2009/12/18 10:40:44 | 000,062,454 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp [2009/12/18 10:40:44 | 000,062,339 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp [2009/12/18 10:40:44 | 000,061,839 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp [2009/12/18 10:40:44 | 000,061,831 | ---- | C] () -- C:\WINDOWS\System32\igfxhell.lhp [2009/12/18 10:40:44 | 000,061,414 | ---- | C] () -- C:\WINDOWS\System32\igfxhrus.lhp [2009/12/18 10:40:44 | 000,060,786 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp [2009/12/18 10:40:44 | 000,060,659 | ---- | C] () -- C:\WINDOWS\System32\igfxhcsy.lhp [2009/12/18 10:40:44 | 000,060,244 | ---- | C] () -- C:\WINDOWS\System32\igfxhdan.lhp [2009/12/18 10:40:44 | 000,060,141 | ---- | C] () -- C:\WINDOWS\System32\igfxhnld.lhp [2009/12/18 10:40:44 | 000,060,085 | ---- | C] () -- C:\WINDOWS\System32\igfxhnor.lhp [2009/12/18 10:40:44 | 000,059,687 | ---- | C] () -- C:\WINDOWS\System32\igfxhita.lhp [2009/12/18 10:40:44 | 000,059,471 | ---- | C] () -- C:\WINDOWS\System32\igfxhheb.lhp [2009/12/18 10:40:44 | 000,059,354 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp [2009/12/18 10:40:44 | 000,059,200 | ---- | C] () -- C:\WINDOWS\System32\igfxharb.lhp [2009/12/18 10:40:44 | 000,059,200 | ---- | C] () -- C:\WINDOWS\System32\igfxhara.lhp [2009/12/18 10:40:44 | 000,058,623 | ---- | C] () -- C:\WINDOWS\System32\igfxheng.lhp [2009/12/18 10:40:44 | 000,058,430 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp [2009/12/18 10:40:44 | 000,057,801 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp [2009/12/18 10:37:29 | 000,018,488 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/12/18 10:33:56 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf [2009/12/18 10:33:49 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk [2009/12/18 10:33:09 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat [2009/12/18 10:32:08 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrateur\Application Data\desktop.ini [2009/12/18 10:31:56 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/18 10:31:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2009/12/18 10:30:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/12/18 10:30:11 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2009/12/18 10:29:36 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2009/12/18 10:29:36 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2009/12/18 10:29:14 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2009/12/18 10:28:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls [2009/12/18 10:28:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls [2009/12/18 10:28:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls [2009/12/18 10:28:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls [2009/12/18 10:28:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls [2009/12/18 10:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls [2009/12/18 10:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls [2009/12/18 10:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2009/12/18 10:28:39 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2009/12/18 10:28:39 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2009/12/18 10:28:39 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls [2009/12/18 10:28:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls [2009/12/18 10:28:38 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2009/12/18 10:28:38 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls [2009/12/18 10:28:38 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls [2009/12/18 10:28:38 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls [2009/12/18 10:28:38 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls [2009/12/18 10:28:38 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2009/12/18 10:28:38 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls [2009/12/18 10:28:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls [2009/12/18 10:28:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls [2009/12/18 10:28:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls [2009/12/18 10:28:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls [2009/12/18 10:28:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls [2009/12/18 10:28:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls [2009/12/18 10:28:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls [2009/12/18 10:28:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls [2009/12/18 10:28:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls [2009/12/18 10:28:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls [2009/12/18 10:28:36 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2009/12/18 10:28:36 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2009/12/18 10:28:36 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2009/12/18 10:28:36 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2009/12/18 10:28:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls [2009/12/18 10:28:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls [2009/12/18 10:28:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls [2009/12/18 10:28:35 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2009/12/18 10:28:35 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls [2009/12/18 10:26:43 | 000,017,638 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP [2009/12/18 10:26:43 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2009/12/18 10:24:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2009/12/18 10:24:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2009/12/18 10:24:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2009/12/18 10:24:07 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2009/12/18 10:24:07 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2009/12/18 10:23:58 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2009/12/18 10:23:14 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2009/12/18 10:23:14 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2009/12/18 10:23:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2009/12/18 10:22:59 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2009/12/18 10:22:52 | 000,049,102 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2009/12/18 10:22:52 | 000,049,102 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2009/12/18 10:22:51 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2009/12/18 10:22:24 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/12/18 10:22:09 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce [2009/12/18 10:22:09 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Bulles de savon.bmp [2009/12/18 10:22:09 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Vent de prairie.bmp [2009/12/18 10:22:09 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Mur de Santa Fe.bmp [2009/12/18 10:22:09 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce [2009/12/18 10:22:09 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Rivière Sumida.bmp [2009/12/18 10:22:09 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit vert.bmp [2009/12/18 10:22:09 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce [2009/12/18 10:22:09 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce [2009/12/18 10:22:09 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2009/12/18 10:22:09 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Jour de pêche.bmp [2009/12/18 10:22:09 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Tasse à café.bmp [2009/12/18 10:22:09 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce [2009/12/18 10:22:09 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Plume.bmp [2009/12/18 10:22:09 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce [2009/12/18 10:22:09 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp [2009/12/18 10:22:09 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce [2009/12/18 10:22:09 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce [2009/12/18 10:22:09 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2009/12/18 10:22:09 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Rosace bleue 16.bmp [2009/12/18 10:22:09 | 000,001,263 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2009/12/18 10:22:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2009/12/18 10:22:07 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2009/12/17 21:06:32 | 000,000,212 | -HS- | C] () -- C:\boot.ini [2009/12/17 21:03:47 | 001,206,508 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb [2009/12/17 21:03:35 | 000,252,240 | RHS- | C] () -- C:\ntldr [2009/12/17 21:03:35 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM [2009/12/17 21:03:23 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi [2009/12/17 21:03:21 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi [2009/12/17 21:03:17 | 000,445,016 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2009/12/17 21:03:17 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2009/12/17 21:03:17 | 000,063,614 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2009/12/17 21:03:17 | 000,039,340 | ---- | C] () -- C:\WINDOWS\wmprfFRA.prx [2009/12/17 21:03:17 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2009/12/17 21:03:17 | 000,004,952 | RHS- | C] () -- C:\Bootfont.bin [2009/12/17 21:03:09 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.cht [2009/12/17 21:03:09 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.chs [2009/12/17 21:03:08 | 000,013,781 | ---- | C] () -- C:\WINDOWS\System32\edit.hlp [2009/12/17 21:03:07 | 000,071,102 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2009/12/17 21:02:58 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha [2009/12/17 21:02:31 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax [2009/12/17 21:02:29 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/17 21:02:17 | 000,037,237 | ---- | C] () -- C:\WINDOWS\System32\winhelp.hlp [2009/12/17 21:02:16 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll [2009/12/17 21:02:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\wiasf.ax [2009/12/17 21:02:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wiasf.ax [2009/12/17 21:02:12 | 001,355,776 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi [2009/12/17 21:02:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm [2009/12/17 21:02:09 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld [2009/12/17 21:02:09 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve [2009/12/17 21:02:08 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita [2009/12/17 21:02:08 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra [2009/12/17 21:02:08 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn [2009/12/17 21:02:07 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu [2009/12/17 21:02:07 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu [2009/12/17 21:02:07 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve [2009/12/17 21:02:07 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld [2009/12/17 21:02:07 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita [2009/12/17 21:02:07 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra [2009/12/17 21:02:07 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn [2009/12/17 21:02:07 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu [2009/12/17 21:02:06 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu [2009/12/17 21:02:04 | 000,001,147 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe [2009/12/17 21:02:04 | 000,001,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe [2009/12/17 21:02:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax [2009/12/17 21:02:00 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom [2009/12/17 21:01:56 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls [2009/12/17 21:01:56 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\unicode.nls [2009/12/17 21:01:53 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll [2009/12/17 21:01:47 | 000,000,862 | ---- | C] () -- C:\WINDOWS\System32\termcap [2009/12/17 21:01:42 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep [2009/12/17 21:01:41 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep [2009/12/17 21:01:32 | 000,049,345 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm [2009/12/17 21:01:17 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls [2009/12/17 21:01:16 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls [2009/12/17 21:01:16 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sortkey.nls [2009/12/17 21:01:14 | 000,037,888 | R-S- | C] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\monmvr32.exe [2009/12/17 21:01:08 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2009/12/17 21:01:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2009/12/17 21:01:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\share.exe [2009/12/17 21:01:06 | 000,240,120 | ---- | C] () -- C:\WINDOWS\System32\setup.bmp [2009/12/17 21:01:06 | 000,059,167 | ---- | C] () -- C:\WINDOWS\System\setup.inf [2009/12/17 21:01:06 | 000,033,075 | ---- | C] () -- C:\WINDOWS\System32\services.msc [2009/12/17 21:01:06 | 000,007,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\services [2009/12/17 21:01:04 | 000,035,719 | ---- | C] () -- C:\WINDOWS\System32\secpol.msc [2009/12/17 21:01:04 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig [2009/12/17 21:01:04 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\secupd.sig [2009/12/17 21:01:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2009/12/17 21:01:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\dllcache\secupd.dat [2009/12/17 21:01:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll [2009/12/17 21:00:56 | 000,043,968 | R--- | C] () -- C:\WINDOWS\System32\rsop.msc [2009/12/17 21:00:56 | 000,003,178 | ---- | C] () -- C:\WINDOWS\System32\rsvpcnts.h [2009/12/17 21:00:55 | 000,003,271 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat [2009/12/17 21:00:50 | 000,003,352 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2009/12/17 21:00:50 | 000,003,352 | ---- | C] () -- C:\WINDOWS\System32\dllcache\redir.exe [2009/12/17 21:00:46 | 000,008,180 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaAHCI.cat [2009/12/17 21:00:46 | 000,005,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaAHCI.inf [2009/12/17 21:00:46 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\rasctrnm.h [2009/12/17 21:00:45 | 000,008,180 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.cat [2009/12/17 21:00:45 | 000,003,846 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.inf [2009/12/17 21:00:44 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll [2009/12/17 21:00:44 | 000,008,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\sisraid.cat [2009/12/17 21:00:44 | 000,008,006 | ---- | C] () -- C:\WINDOWS\System32\drivers\viamraid.cat [2009/12/17 21:00:44 | 000,001,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\SiSRaid.inf [2009/12/17 21:00:44 | 000,001,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\viamraid.inf [2009/12/17 21:00:43 | 000,009,619 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvraid.cat [2009/12/17 21:00:43 | 000,009,090 | ---- | C] () -- C:\WINDOWS\System32\drivers\adpu320.cat [2009/12/17 21:00:43 | 000,005,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvraid.inf [2009/12/17 21:00:42 | 000,061,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\Si3112r.inf [2009/12/17 21:00:42 | 000,022,835 | ---- | C] () -- C:\WINDOWS\System32\drivers\Si3112r.cat [2009/12/17 21:00:42 | 000,007,780 | ---- | C] () -- C:\WINDOWS\System32\drivers\adpu320.inf [2009/12/17 21:00:38 | 000,003,862 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs [2009/12/17 21:00:38 | 000,003,862 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs [2009/12/17 21:00:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep [2009/12/17 21:00:37 | 000,029,817 | ---- | C] () -- C:\WINDOWS\System32\prnport.vbs [2009/12/17 21:00:37 | 000,029,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnport.vbs [2009/12/17 21:00:37 | 000,016,062 | ---- | C] () -- C:\WINDOWS\System32\prnqctl.vbs [2009/12/17 21:00:37 | 000,016,062 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs [2009/12/17 21:00:37 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\pschdcnt.h [2009/12/17 21:00:37 | 000,000,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\protocol [2009/12/17 21:00:36 | 000,036,178 | ---- | C] () -- C:\WINDOWS\System32\prncnfg.vbs [2009/12/17 21:00:36 | 000,036,178 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs [2009/12/17 21:00:36 | 000,032,984 | ---- | C] () -- C:\WINDOWS\System32\prnmngr.vbs [2009/12/17 21:00:36 | 000,032,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs [2009/12/17 21:00:36 | 000,025,725 | ---- | C] () -- C:\WINDOWS\System32\prndrvr.vbs [2009/12/17 21:00:36 | 000,025,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs [2009/12/17 21:00:36 | 000,021,822 | ---- | C] () -- C:\WINDOWS\System32\prnjobs.vbs [2009/12/17 21:00:36 | 000,021,822 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs [2009/12/17 21:00:30 | 000,380,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/17 21:00:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2009/12/17 21:00:30 | 000,057,862 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc [2009/12/17 21:00:30 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\perfwci.h [2009/12/17 21:00:29 | 000,052,764 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/17 21:00:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2009/12/17 21:00:29 | 000,000,427 | ---- | C] () -- C:\WINDOWS\System32\perfci.h [2009/12/17 21:00:29 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\perffilt.h [2009/12/17 21:00:27 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep [2009/12/17 21:00:20 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig [2009/12/17 21:00:20 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig [2009/12/17 21:00:20 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2009/12/17 21:00:20 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat [2009/12/17 21:00:11 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2009/12/17 21:00:11 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin [2009/12/17 21:00:11 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp [2009/12/17 21:00:08 | 000,003,258 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe [2009/12/17 21:00:08 | 000,003,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nw16.exe [2009/12/17 21:00:05 | 000,032,590 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc [2009/12/17 21:00:05 | 000,025,901 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc [2009/12/17 21:00:04 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif [2009/12/17 21:00:04 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys [2009/12/17 21:00:04 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys [2009/12/17 21:00:04 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys [2009/12/17 21:00:04 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys [2009/12/17 21:00:04 | 000,034,000 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio.sys [2009/12/17 21:00:02 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys [2009/12/17 21:00:02 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys [2009/12/17 21:00:02 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys [2009/12/17 21:00:02 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys [2009/12/17 21:00:02 | 000,027,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys [2009/12/17 20:59:59 | 000,149,848 | ---- | C] () -- C:\WINDOWS\System32\noise.deu [2009/12/17 20:59:59 | 000,049,196 | ---- | C] () -- C:\WINDOWS\System32\noise.fra [2009/12/17 20:59:59 | 000,019,684 | ---- | C] () -- C:\WINDOWS\System32\noise.esn [2009/12/17 20:59:59 | 000,019,618 | ---- | C] () -- C:\WINDOWS\System32\noise.ita [2009/12/17 20:59:59 | 000,013,730 | ---- | C] () -- C:\WINDOWS\System32\noise.sve [2009/12/17 20:59:59 | 000,013,256 | ---- | C] () -- C:\WINDOWS\System32\noise.nld [2009/12/17 20:59:59 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.enu [2009/12/17 20:59:59 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.eng [2009/12/17 20:59:59 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2009/12/17 20:59:58 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2009/12/17 20:59:58 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe [2009/12/17 20:59:55 | 000,000,457 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\networks [2009/12/17 20:59:51 | 000,121,876 | ---- | C] () -- C:\WINDOWS\System32\net.hlp [2009/12/17 20:59:29 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2009/12/17 20:59:29 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe [2009/12/17 20:59:26 | 000,002,755 | ---- | C] () -- C:\WINDOWS\System32\mqprfsym.h [2009/12/17 20:59:25 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax [2009/12/17 20:59:24 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax [2009/12/17 20:59:19 | 000,001,492 | ---- | C] () -- C:\WINDOWS\System32\mmdriver.inf [2009/12/17 20:59:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2009/12/17 20:59:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat [2009/12/17 20:59:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2009/12/17 20:59:13 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2009/12/17 20:59:13 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe [2009/12/17 20:59:09 | 000,024,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf [2009/12/17 20:59:08 | 000,041,847 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc [2009/12/17 20:59:04 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls [2009/12/17 20:59:04 | 000,000,488 | ---- | C] () -- C:\WINDOWS\System32\login.cmd [2009/12/17 20:59:03 | 000,004,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam [2009/12/17 20:59:03 | 000,001,187 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2009/12/17 20:59:00 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\l_intl.nls [2009/12/17 20:59:00 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\l_intl.nls [2009/12/17 20:59:00 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\l_except.nls [2009/12/17 20:59:00 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\l_except.nls [2009/12/17 20:58:57 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys [2009/12/17 20:58:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys [2009/12/17 20:58:52 | 000,014,841 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2009/12/17 20:58:45 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql [2009/12/17 20:58:38 | 000,057,667 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf [2009/12/17 20:58:31 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/12/17 20:58:30 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf [2009/12/17 20:58:27 | 000,004,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys [2009/12/17 20:58:22 | 000,034,352 | ---- | C] () -- C:\WINDOWS\System32\gpedit.msc [2009/12/17 20:58:22 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro [2009/12/17 20:58:22 | 000,019,902 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2009/12/17 20:58:20 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls [2009/12/17 20:58:20 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\dllcache\gm.dls [2009/12/17 20:58:19 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\geo.nls [2009/12/17 20:58:19 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\geo.nls [2009/12/17 20:58:15 | 000,032,409 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc [2009/12/17 20:58:14 | 000,152,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf [2009/12/17 20:58:14 | 000,135,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf [2009/12/17 20:58:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2009/12/17 20:58:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe [2009/12/17 20:58:07 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf [2009/12/17 20:58:05 | 000,056,286 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc [2009/12/17 20:58:05 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2009/12/17 20:58:05 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe [2009/12/17 20:58:04 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx [2009/12/17 20:58:03 | 000,013,010 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2009/12/17 20:58:03 | 000,013,010 | ---- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe [2009/12/17 20:57:58 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2009/12/17 20:57:57 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd [2009/12/17 20:57:17 | 000,054,080 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2009/12/17 20:57:17 | 000,054,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe [2009/12/17 20:57:15 | 000,033,311 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc [2009/12/17 20:57:11 | 000,041,131 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc [2009/12/17 20:57:11 | 000,032,738 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc [2009/12/17 20:57:10 | 000,021,162 | ---- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe [2009/12/17 20:57:10 | 000,021,162 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2009/12/17 20:57:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2009/12/17 20:57:06 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ctype.nls [2009/12/17 20:57:06 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\ctype.nls [2009/12/17 20:57:03 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\country.sys [2009/12/17 20:57:01 | 000,052,103 | ---- | C] () -- C:\WINDOWS\System32\command.com [2009/12/17 20:57:01 | 000,037,357 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc [2009/12/17 20:56:58 | 000,072,365 | ---- | C] () -- C:\WINDOWS\System32\cmmgr32.hlp [2009/12/17 20:56:58 | 000,040,736 | ---- | C] () -- C:\WINDOWS\System32\cmdlib.wsc [2009/12/17 20:56:58 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram [2009/12/17 20:56:57 | 000,061,126 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm [2009/12/17 20:56:56 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax [2009/12/17 20:56:56 | 000,168,731 | ---- | C] () -- C:\WINDOWS\System32\pagefileconfig.vbs [2009/12/17 20:56:56 | 000,168,731 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs [2009/12/17 20:56:56 | 000,098,846 | ---- | C] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs [2009/12/17 20:56:56 | 000,098,846 | ---- | C] () -- C:\WINDOWS\System32\eventquery.vbs [2009/12/17 20:56:53 | 000,041,461 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc [2009/12/17 20:56:51 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\Chaînes.scf [2009/12/17 20:56:50 | 000,041,990 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc [2009/12/17 20:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_950.nls [2009/12/17 20:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_950.nls [2009/12/17 20:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_949.nls [2009/12/17 20:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_949.nls [2009/12/17 20:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_936.nls [2009/12/17 20:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_936.nls [2009/12/17 20:56:47 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_932.nls [2009/12/17 20:56:47 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_932.nls [2009/12/17 20:56:46 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20261.nls [2009/12/17 20:56:46 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\c_20261.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_874.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_874.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_865.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_865.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_863.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_863.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_861.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_861.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_860.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_860.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_850.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_850.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_775.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_775.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_437.nls [2009/12/17 20:56:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_437.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_500.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_500.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28605.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28605.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28598.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28598.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28593.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28593.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28592.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28592.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28591.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28591.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21866.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21866.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20905.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20905.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20866.nls [2009/12/17 20:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20866.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1258.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1258.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1257.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1257.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1256.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1256.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1255.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1255.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1254.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1254.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1253.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1253.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1252.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1252.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1251.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1251.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1250.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1250.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1026.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1026.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10079.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10079.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10000.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10000.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_037.nls [2009/12/17 20:56:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_037.nls [2009/12/17 20:56:41 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom [2009/12/17 20:56:40 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom [2009/12/17 20:56:30 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\append.exe [2009/12/17 20:56:30 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2009/12/17 20:56:29 | 000,009,037 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys [2009/12/17 20:56:14 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx [2009/12/17 20:56:14 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx [2009/12/17 20:56:13 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx [2009/12/17 20:56:13 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx [2009/12/17 20:56:13 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif [2009/12/17 16:19:08 | 000,063,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\Si3112r.PNF [2009/12/17 16:19:08 | 000,020,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\INFCACHE.1 [2009/12/17 16:19:08 | 000,012,228 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvraid.PNF [2009/12/17 16:19:08 | 000,009,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.PNF [2009/12/17 16:19:08 | 000,007,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\viamraid.PNF [2009/12/17 16:19:08 | 000,006,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SiSRaid.PNF [2009/12/17 16:19:07 | 000,012,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\adpu320.PNF [2009/12/17 16:19:07 | 000,010,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaAHCI.PNF [2009/12/17 14:12:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2009/12/17 14:12:52 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd [2009/12/17 14:12:52 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2009/12/17 14:12:52 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2009/12/17 14:12:52 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2009/12/17 14:12:51 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls [2009/12/17 14:12:51 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls [2009/12/17 14:12:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls [2009/12/17 14:12:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls [2009/12/17 14:12:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls [2009/12/17 14:12:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls [2009/12/17 14:12:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls [2009/12/17 14:12:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls [2009/12/17 14:12:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls [2009/12/17 14:12:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls [2009/12/17 14:12:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls [2009/12/17 14:12:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls [2009/12/17 14:12:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls [2009/12/17 14:12:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls [2009/12/17 14:12:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS [2009/12/17 14:12:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls [2009/12/17 14:12:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS [2009/12/17 14:12:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls [2009/12/17 14:12:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls [2009/12/17 14:12:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls [2009/12/17 14:12:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls [2009/12/17 14:12:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls [2009/12/17 14:12:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls [2009/12/17 14:12:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls [2009/12/17 14:12:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls [2009/12/17 14:12:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls [2009/12/17 14:12:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls [2009/12/17 14:12:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls [2009/12/17 14:12:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls [2009/12/17 14:12:47 | 000,001,896 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2009/12/17 14:12:43 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2009/12/17 14:12:41 | 000,809,394 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2009/12/17 14:12:41 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2009/12/17 14:12:41 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2009/12/17 14:12:41 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2009/12/17 14:12:41 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2009/12/17 14:12:41 | 000,007,506 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2009/12/17 14:12:41 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2009/12/17 14:12:40 | 001,014,836 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2009/12/17 14:12:16 | 000,116,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/12/17 14:11:35 | 000,000,579 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2009/02/12 23:20:42 | 000,007,466 | ---- | C] () -- C:\WINDOWS\System32\IE8Eula.rtf [2009/01/07 19:20:36 | 000,066,384 | ---- | C] () -- C:\WINDOWS\System32\normnfkc.nls [2009/01/07 19:20:36 | 000,060,294 | ---- | C] () -- C:\WINDOWS\System32\normnfkd.nls [2009/01/07 19:20:36 | 000,059,342 | ---- | C] () -- C:\WINDOWS\System32\normidna.nls [2009/01/07 19:20:36 | 000,045,794 | ---- | C] () -- C:\WINDOWS\System32\normnfc.nls [2009/01/07 19:20:36 | 000,039,284 | ---- | C] () -- C:\WINDOWS\System32\normnfd.nls [2009/01/07 19:20:20 | 000,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat [2009/01/07 19:20:20 | 000,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat [2008/04/14 04:10:51 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf [2001/08/23 19:47:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe < End of report > das war alles |
|
25.09.2010, 17:35
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rkit/Agent.biiu root kit Hast du Malwarebytes schon ausgeführt? Wenn ja bitte alle Logs davon posten.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.09.2010, 00:53
| #6 |
| | rkit/Agent.biiu root kit Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4696 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 26/09/2010 17:24:30 mbam-log-2010-09-26 (17-24-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 154234 Laufzeit: 32 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\drivers\bjlpoijm.sys (Rootkit.Bubnix) -> No action taken. C:\Documents and Settings\Administrateur\Application Data\apiqfw.dat (Malware.Trace) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Application Data\apiqfw.dat (Malware.Trace) -> No action taken. C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\monmvr32.exe (Trojan.Downloader) -> No action taken. PS"!!!!! die letzte datei konnte ich schon entfernen ( monmvr32.exe ) UND kommt bei einem erneuten scan nicht mehr vor mfg darkangel |
|
27.09.2010, 12:15
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rkit/Agent.biiu root kit Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - AutoRun File - [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/04 18:34:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6c7ff670-f55e-11de-aac9-00166f1e3f01}\Shell - "" = AutoRun
O33 - MountPoints2\{6c7ff670-f55e-11de-aac9-00166f1e3f01}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
[2010/09/24 03:43:54 | 000,585,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\bjlpoijm.sys
[2010/09/18 03:03:52 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\apiqfw.dat
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2010, 19:27
| #8 |
| | rkit/Agent.biiu root kit hier nun die otl logfile All processes killed ========== OTL ========== File E:\AutoRun.exe not found. File E:\AUTORUN.INF not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c7ff670-f55e-11de-aac9-00166f1e3f01}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c7ff670-f55e-11de-aac9-00166f1e3f01}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c7ff670-f55e-11de-aac9-00166f1e3f01}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c7ff670-f55e-11de-aac9-00166f1e3f01}\ not found. File E:\AutoRun.exe not found. File move failed. C:\WINDOWS\system32\drivers\bjlpoijm.sys scheduled to be moved on reboot. C:\Documents and Settings\Administrateur\Application Data\apiqfw.dat moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 2008087 bytes ->Temporary Internet Files folder emptied: 7980162 bytes ->Java cache emptied: 1055678 bytes ->Flash cache emptied: 19239 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: LocalService ->Temp folder emptied: 480 bytes ->Temporary Internet Files folder emptied: 36695 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 291729797 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3072 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 31244963 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 319,00 mb OTL by OldTimer - Version 3.2.14.1 log created on 09282010_183455 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\system32\drivers\bjlpoijm.sys scheduled to be moved on reboot. File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temp\tmp2.tmp not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temp\tmp5.tmp not found! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully. Registry entries deleted on Reboot... |
|
28.09.2010, 20:03
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rkit/Agent.biiu root kit Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2010, 20:51
| #10 |
| | rkit/Agent.biiu root kit Combofix Logfile: Code:
ATTFilter ComboFix 10-09-27.05 - Administrateur 28/09/2010 21:33:05.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.516 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Mes documents\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\driVERs\bjlpoijm.sys
c:\windows\TEMP\fiks1a8d.vbt
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_bjlpoijm
-------\Service_bjlpoijm
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-28 au 2010-09-28 ))))))))))))))))))))))))))))))))))))
.
2010-09-28 19:13 . 2010-09-28 19:13 -------- d-----w- c:\program files\CCleaner
2010-09-28 16:34 . 2010-09-28 16:34 -------- d-----w- C:\_OTL
2010-09-26 21:44 . 2010-09-26 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-26 21:44 . 2010-09-26 21:57 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\NPE
2010-09-24 13:51 . 2010-09-24 13:51 388096 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-24 13:51 . 2010-09-24 13:51 -------- d-----w- c:\program files\Trend Micro
2010-09-23 17:55 . 2010-09-23 17:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-23 01:01 . 2010-09-23 01:01 39 ---ha-w- c:\windows\system32\spfid.bin
2010-09-23 01:01 . 2010-09-23 01:01 39 ---ha-w- c:\windows\spfid.bin
2010-09-19 20:13 . 2010-09-19 20:13 963200 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent4.sys
2010-09-19 20:13 . 2010-09-19 20:13 961312 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent.sys
2010-09-19 20:13 . 2010-09-19 20:13 1129120 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent.dll
2010-09-19 20:12 . 2010-09-19 20:12 1324512 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent-x64.sys
2010-09-19 20:12 . 2010-09-19 20:12 1503904 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent-x64.dll
2010-09-19 19:45 . 2010-09-09 12:50 3003576 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\SPYWAREfighter.exe
2010-09-19 19:45 . 2010-09-19 19:45 -------- d-----w- c:\program files\Fichiers communs\Common Toolkit Suite
2010-09-19 19:45 . 2010-09-19 19:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}
2010-09-18 01:05 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-09-18 01:05 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-09-18 01:04 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-09-18 01:04 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-09-09 12:32 . 2010-09-09 12:32 10264 ----a-w- c:\windows\system32\drivers\avfsfilter.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 19:27 . 2010-03-16 16:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Spyware Terminator
2010-09-28 13:30 . 2010-01-01 21:53 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-23 20:33 . 2010-03-16 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-09-23 17:41 . 2010-03-16 16:06 -------- d-----w- c:\program files\Spyware Terminator
2010-09-22 20:31 . 2010-06-30 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\clp
2010-09-19 19:45 . 2010-07-01 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-19 19:45 . 2010-06-30 21:10 -------- d-----w- c:\program files\Fighters
2010-09-19 19:45 . 2010-06-30 21:09 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Fighters
2010-09-19 19:45 . 2010-06-30 21:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Common Toolkit Suite
2010-09-19 19:45 . 2010-06-30 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite
2010-09-18 13:31 . 2010-09-18 13:31 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\apiqfw.dat
2010-09-10 21:47 . 2010-05-12 22:00 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2010-09-09 12:49 . 2010-09-19 19:44 2425480 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\27467486\40374F81\sfhtml.dll
2010-09-09 12:49 . 2010-09-19 19:44 994440 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\7B4591B7\40374F81\MsgSys.exe
2010-09-09 12:49 . 2010-09-19 19:44 1122952 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\DB5AB443\40374F81\FighterSuiteService.exe
2010-09-09 12:49 . 2010-09-19 19:44 706696 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\1B2BFE9\40374F81\FighterLauncher.exe
2010-09-09 12:49 . 2010-09-19 19:44 1192584 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\81CDDA48\18732F2A\swpro.dll
2010-09-09 12:49 . 2010-09-19 19:44 2425480 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\EC669005\18732F2A\sfhtml.dll
2010-09-09 12:49 . 2010-09-19 19:44 979592 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\6ED4E8D4\18732F2A\swproTray.exe
2010-09-09 12:32 . 2010-09-19 19:44 13720 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\4B2E2F92\B17F3E1E\avfsfilter.sys
2010-09-09 12:32 . 2010-09-19 19:44 10264 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\31C23F9\7C25F986\avfsfilter.sys
2010-09-09 12:32 . 2010-09-19 19:44 318112 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\vbengnt.dll
2010-09-09 12:32 . 2010-09-19 19:44 221048 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\VBAdapter.dll
2010-09-09 12:32 . 2010-09-19 19:44 909312 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\9BB8FD70\CB4D3653\QtNetwork4.dll
2010-09-09 12:32 . 2010-09-19 19:44 909312 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\QtNetwork4.dll
2010-09-09 12:32 . 2010-09-19 19:44 344064 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\9BB8FD70\CB4D3653\QtXml4.dll
2010-09-09 12:32 . 2010-09-19 19:44 344064 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\QtXml4.dll
2010-09-09 12:32 . 2010-09-19 19:44 2121728 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\9BB8FD70\CB4D3653\QtCore4.dll
2010-09-09 12:32 . 2010-09-19 19:44 2121728 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\QtCore4.dll
2010-09-09 12:32 . 2010-09-19 19:44 760768 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\B510A09A\CB4D3653\AVScanningService.exe
2010-09-09 12:32 . 2010-09-19 19:44 274608 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\AVEngine.dll
2010-08-17 13:17 . 2009-12-17 18:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:48 . 2009-12-17 19:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 19:56 . 2009-12-17 19:03 63614 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-30 19:56 . 2009-12-17 19:03 445016 ----a-w- c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-16 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SWPROguard"="c:\program files\Fighters\SPYWAREfighter\SWPROTray.exe" [2010-09-09 979592]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-14 2176512]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 14679552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1781:UDP"= 1781:UDP:Windows Media Format SDK (iexplore.exe)
"1780:UDP"= 1780:UDP:Windows Media Format SDK (iexplore.exe)
"1784:UDP"= 1784:UDP:Windows Media Format SDK (iexplore.exe)
R1 snidmi;DMI BIOS;c:\windows\system32\drivers\Snidmi.sys [18/12/2009 10:50 15104]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16/03/2010 18:06 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/06/2010 15:21 135336]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\program files\Fichiers communs\Common Toolkit Suite\AVEngine\AVScanningService.exe [09/09/2010 14:32 760768]
R2 DeskView Agent;DeskView Agent;c:\progra~1\DeskView\DNAgent\DNAgent.Exe [18/12/2009 10:52 163941]
R2 DVAnPMan;DeskView AnP Manager;c:\progra~1\DeskView\DVAnPMan\DVAnPMan.exe [18/12/2009 10:52 53340]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [09/09/2010 14:49 1122952]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [09/09/2010 14:32 10264]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [18/12/2009 10:40 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [18/12/2009 10:40 4864]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [30/12/2009 18:16 102656]
S3 MTAlerting;DeskView MT Alerting Service;c:\progra~1\DeskView\DVCC\MTALER~1.EXE [18/12/2009 10:52 114688]
S3 SNIF0010;FSC Flash Update Driver B;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SniF0010.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SniF0010.sys [?]
S3 SNIF0011;FSC Flash Update Driver A;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SniF0011.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SniF0011.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2010-09-02 c:\windows\Tasks\SLOW-PCfighter-Administrateur-Scheduled.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2010-03-18 15:41]
2010-09-28 c:\windows\Tasks\User_Feed_Synchronization-{19168D32-670A-4885-83A2-4525E91AE3A9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.lepostillon.lu/webmail
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-28 21:39
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Fichiers communs/Common Toolkit Suite/AVEngine/AVScanningService.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Fichiers communs/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-484763869-1275210071-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,65,7e,f2,12,a9,ca,4a,95,a0,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,ed,9c,21,ed,d3,c6,48,a6,8e,8e,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(4064)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\RTHDCPL.EXE
c:\program files\Adobe\Reader 9.0\Reader\LogTransport2.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2010-09-28 21:43:42 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-28 19:43
Avant-CF: 51*001*188*352 octets libres
Après-CF: 50*904*870*912 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 9B8E2C4AC3FD70698B6F3B0DFFC9E77E
|
|
28.09.2010, 21:25
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rkit/Agent.biiu root kit Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\windows\system32\config\systemprofile\Application Data\apiqfw.dat
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2010, 21:54
| #12 |
| | rkit/Agent.biiu root kit Combofix Logfile: Code:
ATTFilter ComboFix 10-09-27.05 - Administrateur 28/09/2010 22:36:38.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.498 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Mes documents\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Mes documents\cfscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\system32\config\systemprofile\Application Data\apiqfw.dat"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\config\systemprofile\Application Data\apiqfw.dat
c:\windows\TEMP\9xlyv579.vbt
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-28 au 2010-09-28 ))))))))))))))))))))))))))))))))))))
.
2010-09-28 19:13 . 2010-09-28 19:13 -------- d-----w- c:\program files\CCleaner
2010-09-28 16:34 . 2010-09-28 16:34 -------- d-----w- C:\_OTL
2010-09-26 21:44 . 2010-09-26 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-26 21:44 . 2010-09-26 21:57 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\NPE
2010-09-24 13:51 . 2010-09-24 13:51 388096 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-24 13:51 . 2010-09-24 13:51 -------- d-----w- c:\program files\Trend Micro
2010-09-23 17:55 . 2010-09-23 17:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-23 01:01 . 2010-09-23 01:01 39 ---ha-w- c:\windows\system32\spfid.bin
2010-09-23 01:01 . 2010-09-23 01:01 39 ---ha-w- c:\windows\spfid.bin
2010-09-19 20:13 . 2010-09-19 20:13 963200 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent4.sys
2010-09-19 20:13 . 2010-09-19 20:13 961312 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent.sys
2010-09-19 20:13 . 2010-09-19 20:13 1129120 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent.dll
2010-09-19 20:12 . 2010-09-19 20:12 1324512 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent-x64.sys
2010-09-19 20:12 . 2010-09-19 20:12 1503904 ----a-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Defs\vbcorent-x64.dll
2010-09-19 19:45 . 2010-09-09 12:50 3003576 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\SPYWAREfighter.exe
2010-09-19 19:45 . 2010-09-19 19:45 -------- d-----w- c:\program files\Fichiers communs\Common Toolkit Suite
2010-09-19 19:45 . 2010-09-19 19:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}
2010-09-18 01:05 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-09-18 01:05 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-09-18 01:04 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-09-18 01:04 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-09-09 12:32 . 2010-09-09 12:32 10264 ----a-w- c:\windows\system32\drivers\avfsfilter.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 20:32 . 2010-03-16 16:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Spyware Terminator
2010-09-28 13:30 . 2010-01-01 21:53 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-23 20:33 . 2010-03-16 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-09-23 17:41 . 2010-03-16 16:06 -------- d-----w- c:\program files\Spyware Terminator
2010-09-22 20:31 . 2010-06-30 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\clp
2010-09-19 19:45 . 2010-07-01 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-19 19:45 . 2010-06-30 21:10 -------- d-----w- c:\program files\Fighters
2010-09-19 19:45 . 2010-06-30 21:09 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Fighters
2010-09-19 19:45 . 2010-06-30 21:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Common Toolkit Suite
2010-09-19 19:45 . 2010-06-30 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite
2010-09-10 21:47 . 2010-05-12 22:00 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2010-09-09 12:49 . 2010-09-19 19:44 2425480 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\27467486\40374F81\sfhtml.dll
2010-09-09 12:49 . 2010-09-19 19:44 994440 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\7B4591B7\40374F81\MsgSys.exe
2010-09-09 12:49 . 2010-09-19 19:44 1122952 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\DB5AB443\40374F81\FighterSuiteService.exe
2010-09-09 12:49 . 2010-09-19 19:44 706696 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\1B2BFE9\40374F81\FighterLauncher.exe
2010-09-09 12:49 . 2010-09-19 19:44 1192584 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\81CDDA48\18732F2A\swpro.dll
2010-09-09 12:49 . 2010-09-19 19:44 2425480 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\EC669005\18732F2A\sfhtml.dll
2010-09-09 12:49 . 2010-09-19 19:44 979592 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\6ED4E8D4\18732F2A\swproTray.exe
2010-09-09 12:32 . 2010-09-19 19:44 13720 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\4B2E2F92\B17F3E1E\avfsfilter.sys
2010-09-09 12:32 . 2010-09-19 19:44 10264 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\31C23F9\7C25F986\avfsfilter.sys
2010-09-09 12:32 . 2010-09-19 19:44 318112 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\vbengnt.dll
2010-09-09 12:32 . 2010-09-19 19:44 221048 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\VBAdapter.dll
2010-09-09 12:32 . 2010-09-19 19:44 909312 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\9BB8FD70\CB4D3653\QtNetwork4.dll
2010-09-09 12:32 . 2010-09-19 19:44 909312 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\QtNetwork4.dll
2010-09-09 12:32 . 2010-09-19 19:44 344064 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\9BB8FD70\CB4D3653\QtXml4.dll
2010-09-09 12:32 . 2010-09-19 19:44 344064 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\QtXml4.dll
2010-09-09 12:32 . 2010-09-19 19:44 2121728 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\9BB8FD70\CB4D3653\QtCore4.dll
2010-09-09 12:32 . 2010-09-19 19:44 2121728 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\QtCore4.dll
2010-09-09 12:32 . 2010-09-19 19:44 760768 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\B510A09A\CB4D3653\AVScanningService.exe
2010-09-09 12:32 . 2010-09-19 19:44 274608 -c--a-w- c:\documents and settings\All Users\Application Data\{8CBA531F-CF80-42B7-8ECC-8755F36438F8}\OFFLINE\384C3814\CB4D3653\AVEngine.dll
2010-08-17 13:17 . 2009-12-17 18:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:48 . 2009-12-17 19:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-28_19.40.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-28 20:42 . 2010-09-28 20:42 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-16 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SWPROguard"="c:\program files\Fighters\SPYWAREfighter\SWPROTray.exe" [2010-09-09 979592]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-14 2176512]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 14679552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1781:UDP"= 1781:UDP:Windows Media Format SDK (iexplore.exe)
"1780:UDP"= 1780:UDP:Windows Media Format SDK (iexplore.exe)
"1784:UDP"= 1784:UDP:Windows Media Format SDK (iexplore.exe)
R1 snidmi;DMI BIOS;c:\windows\system32\drivers\Snidmi.sys [18/12/2009 10:50 15104]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16/03/2010 18:06 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/06/2010 15:21 135336]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\program files\Fichiers communs\Common Toolkit Suite\AVEngine\AVScanningService.exe [09/09/2010 14:32 760768]
R2 DeskView Agent;DeskView Agent;c:\progra~1\DeskView\DNAgent\DNAgent.Exe [18/12/2009 10:52 163941]
R2 DVAnPMan;DeskView AnP Manager;c:\progra~1\DeskView\DVAnPMan\DVAnPMan.exe [18/12/2009 10:52 53340]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [09/09/2010 14:49 1122952]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [09/09/2010 14:32 10264]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [18/12/2009 10:40 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [18/12/2009 10:40 4864]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [30/12/2009 18:16 102656]
S3 MTAlerting;DeskView MT Alerting Service;c:\progra~1\DeskView\DVCC\MTALER~1.EXE [18/12/2009 10:52 114688]
S3 SNIF0010;FSC Flash Update Driver B;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SniF0010.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SniF0010.sys [?]
S3 SNIF0011;FSC Flash Update Driver A;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SniF0011.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SniF0011.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2010-09-02 c:\windows\Tasks\SLOW-PCfighter-Administrateur-Scheduled.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2010-03-18 15:41]
2010-09-28 c:\windows\Tasks\User_Feed_Synchronization-{19168D32-670A-4885-83A2-4525E91AE3A9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.lepostillon.lu/webmail
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-28 22:43
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Fichiers communs/Common Toolkit Suite/AVEngine/AVScanningService.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Fichiers communs/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-484763869-1275210071-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,65,7e,f2,12,a9,ca,4a,95,a0,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,ed,9c,21,ed,d3,c6,48,a6,8e,8e,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3504)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\RTHDCPL.EXE
c:\program files\Adobe\Reader 9.0\Reader\LogTransport2.exe
.
**************************************************************************
.
Heure de fin: 2010-09-28 22:47:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-28 20:47
ComboFix2.txt 2010-09-28 19:43
Avant-CF: 50*909*392*896 octets libres
Après-CF: 50*897*616*896 octets libres
- - End Of File - - 79E9A1C389DF06E659DC5F92C0865DCB
|
|
28.09.2010, 21:58
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rkit/Agent.biiu root kit Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2010, 02:55
| #14 |
| | rkit/Agent.biiu root kit Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 03:36:50 on 29.09.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks "SLOW-PCfighter-Administrateur-Scheduled.job" "SLOW-PCfighter" C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe File exists Control Panel Objects %SystemRoot%\system32 || "DivXControlPanelApplet.cpl" "DivX, Inc." C:\WINDOWS\system32\DivXControlPanelApplet.cpl File exists |||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "Avira AntiVir Personal" "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists "AXIS Media Control" C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll File not found Drivers HKLM\SYSTEM\CurrentControlSet\Services || "AVFSFilter" (AVFSFilter) C:\WINDOWS\System32\DRIVERS\avfsfilter.sys File signed by Microsoft | File found, but it contains no detailed information |||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists "catchme" (catchme) C:\ComboFix\catchme.sys File not found "DMI BIOS" (snidmi) "Fujitsu Siemens Computers" C:\WINDOWS\System32\Drivers\SNIDMI.sys File exists "FSC Flash Update Driver A" (SNIF0011) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SniF0011.sys File not found "FSC Flash Update Driver B" (SNIF0010) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SniF0010.sys File not found "lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found "PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found "PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found "PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found "PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found "PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found |||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists |||||| "Spyware Terminator Driver 2" (sp_rsdrv2) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys File exists |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists "uwtyapow" (uwtyapow) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtyapow.sys Hidden registry entry, rootkit activity | File not found "WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found Explorer HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components |||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists HKLM\Software\Classes\Protocols\Handler |||| {4D25FB7A-8902-4291-960E-9ADA051CFBBF} "tbr" "Crawler.com" C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {42071714-76d4-11d1-8b24-00a0c9068ff3} "Extension Affichage Panorama du Panneau de configuration" deskpan.dll File not found {764BF0E1-F219-11ce-972D-00AA00A14F56} "Extensions de l'environnement de compression de fichiers" File not found | COM-object registry key not found |||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Menu contextuel de cryptage" File not found | COM-object registry key not found |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists |||||| {BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" "Crawler.com" C:\Program Files\Spyware Terminator\sptcontmenu.dll File exists {2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" File not found | COM-object registry key not found |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser |||| "Barre d'outils &Crawler" "Crawler.com" C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File exists ITBar7Height "ITBar7Height" File not found | COM-object registry key not found "ITBar7Layout" File not found | COM-object registry key not found "ITBarLayout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units {745395C8-D0E1-4227-8586-624CA9A10A8D} "AxisMediaControl Class" https://static.visiomobile.eu/static_200901/activex/AMC.cab "Axis Communications" C:\Program Files\Axis Communications\Components\AxisMediaControl.dll File exists |||| {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.5.0_05" hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll File exists |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_18.dll File exists |||| {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_18.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_18.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar |||| "Barre d'outils &Crawler" "Crawler.com" C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists |||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists |||| {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" "Crawler.com" C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File exists Logon %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage |||||| "desktop.ini" C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini File exists %UserProfile%\Menu Démarrer\Programmes\Démarrage |||||| "desktop.ini" C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run || "SpywareTerminatorUpdate" "Crawler.com" "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||||| "SpywareTerminator" "Crawler.com" "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" File exists "SWPROguard" "SPAMfighter" C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe File exists Services HKLM\SYSTEM\CurrentControlSet\Services "AV Engine Scanning Service" (AV Engine Scanning Service) "Preventon Technologies Limited" C:\Program Files\Fichiers communs\Common Toolkit Suite\AVEngine\AVScanningService.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Scheduler" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists "DeskView Agent" (DeskView Agent) "Fujitsu Siemens Computers" C:\PROGRA~1\DeskView\DNAgent\DNAgent.Exe File exists "DeskView AnP Manager" (DVAnPMan) "Fujitsu Siemens Computers" C:\PROGRA~1\DeskView\DVAnPMan\DVAnPMan.exe File exists "DeskView MT Alerting Service" (MTAlerting) "Fujitsu Siemens Computers" C:\PROGRA~1\DeskView\DVCC\MTALER~1.EXE File exists |||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jqs.exe File exists |||||| "Service d'état ASP.NET" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe File exists |||||| "Spyware Terminator Realtime Shield Service" (sp_rssrv) "Crawler.com" C:\Program Files\Spyware Terminator\sp_rsser.exe File exists "Suite Service" (Suite Service) "SPAMfighter ApS" C:\Program Files\Fighters\FighterSuiteService.exe File exists Winlogon HKCU\Control Panel\IOProcs "MVB" mvfs32.dll File not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify |||| "WgaLogon" "Microsoft Corporation" C:\WINDOWS\system32\WgaLogon.dll File exists If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
29.09.2010, 02:56
| #15 |
| | rkit/Agent.biiu root kit GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-29 03:04:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtyapow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA0DBF88E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA0DBF0EC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA0DBEDCE]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA0DC0938]
SSDT F7D3FABC ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA0DBEED8]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA0DBEFC2]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA0DBFBBC]
SSDT F7D3FADA ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA0DBF3F4]
SSDT F7D3FAA8 ZwOpenProcess
SSDT F7D3FAAD ZwOpenThread
SSDT F7D3FAE4 ZwReplaceKey
SSDT F7D3FADF ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA0DBF526]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA0DBEBFC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA0DBFB04]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA0DBF70C]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF611EEBF]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!GetSysColor 7E398E78 5 Bytes JMP 00452440 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!GetSysColorBrush 7E398EAB 5 Bytes JMP 004524A0 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!SetScrollInfo 7E399056 7 Bytes JMP 00452330 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!GetScrollInfo 7E3ADFE2 7 Bytes JMP 00452280 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!ShowScrollBar 7E3AF2F2 5 Bytes JMP 00452400 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!GetScrollPos 7E3AF704 5 Bytes JMP 004522C0 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!SetScrollPos 7E3AF750 5 Bytes JMP 00452370 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!GetScrollRange 7E3AF787 5 Bytes JMP 004522F0 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!SetScrollRange 7E3AF99B 5 Bytes JMP 004523B0 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Tango Mobile\Tango Mobile.exe[3108] USER32.dll!EnableScrollBar 7E3E8005 7 Bytes JMP 00452240 C:\Program Files\Tango Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu rkit/Agent.biiu root kit |
| andere, anderen, datei, eingefangen, explorer, free, gefangen, gen, laptop, logdateien, malware, microsoft, person, poste, postet, quick, rkit/agent.biiu, root kit, scan, software, troja, trojaner, trojaner eingefangen, users, version |
Linear-Darstellung
